BSides Seattle 2026

2026 · Seattle, WA · 37 talks

A community-driven security conference in Seattle fostering collaboration and knowledge sharing across offensive, defensive, and governance disciplines.

→ See editor’s top picks at BSides Seattle 2026

• Social Engineering at Machine Speed — Eva Benn

  This talk traces the evolution of social engineering from Kevin Mitnick's analog-era phone pretexting through to the current AI-driven landscape where autonomous agents can execute full-chain social…

• Attacking AI — Jason Haddix

  Jason Haddix, founder of Arcanum and a veteran offensive security researcher, delivers a practitioner's guide to hacking enterprise AI systems. Drawing from three years of real-world AI penetration…

• The Antisocial Engineer's Guide to Community Building: Deploying a Neighborhood Honeypot — John Ford

  John Ford, a self-described extreme introvert with 20 years in the tech industry (mostly at Microsoft) who left to become a mental health counselor, presents a deeply personal project: building a…

• Don't Run Six Checklists: A 25-Minute Sane Guide to AI + Healthcare GRC — Pran Mata

  Pran Mata, a senior security and compliance analyst at Headspace (the mental health app offering meditation, therapy, and psychiatry), presents a practical framework for collapsing the alphabet soup…

• Securing Non-Human Identities in CI/CD Pipelines: The Next Major Attack Vector — Diva Bala Subramanion, Vikas

  Diva Bala Subramanion (Diva/Divs), a cybersecurity leader at Southwest Airlines specializing in identity and access management, and her co-presenter Vikas deliver a comprehensive beginner-friendly…

• Ghosts in the Hypervisor: Dissecting TTPs Behind Ransomware Attacks on Virtualization Infrastructure — Austin Gaton

  Austin Gaton, CTO and co-founder of Valley Cyber (a Linux and hypervisor security company), delivers a technically dense talk on how attackers are targeting VMware ESXi hypervisors for both…

• No Time to Spy: Uncovering Domains Distributing SpyNote Malware — Dana Schwabby

  Dana Schwabby, Head of Investigations and CISO at DomainTools, delivered a detailed walkthrough of how the **SpyNote** Android remote access Trojan (RAT) is distributed through fake Google Play…

• The Algorithm of Deception: Inside AI-Powered Social Engineering — Amamira Muhammad

  Amamira Muhammad, an IT specialist at the Smithsonian Institution in Washington DC, delivered an accessible and engaging talk on how artificial intelligence is supercharging social engineering…

• Signed Twice, Broken Never: The Rise of Hybrid PKI — Ganesh Mallaya

  Ganesh Mallaya, who works at Appux and contributes to the **CA/Browser Forum** and **IETF** standards bodies on post-quantum cryptography signature standards, delivered a dense technical briefing on…

• Drone Blind Spots: Pentesting the Airspace Above Critical Infrastructure — Alec Hunter

  Alec Hunter, who operates under the moniker "breathadare," delivered a compelling talk on a security domain most cybersecurity professionals never consider: the airspace above critical…

• When Home Isn't Safe: Detecting Malicious Networks Hidden Behind Residential Proxies — Duong Dinh

  A software engineer who runs a small SaaS company delivered a practitioner-focused talk on the challenge of detecting malicious traffic originating from residential proxy networks. The talk was…

• Acts of God: How Cybercriminals Leverage AI to Exploit Breaking News — Andre Piazza
• Android Security and Countersurveillance With GrapheneOS — Andrew Lebedinsky

  Andrew, a security engineer with a background in web application pentesting and a passion for researching surveillance technologies, delivered an exhaustive briefing on GrapheneOS as a practical…

• Before the Breach: How AI-Driven Information Operations Create the New Cyber Pre-Attack Surface — Ksenia Iliuk

  A specialist with a national security background in countering hostile state information operations presented a compelling case that social media has become a critical cyber pre-attack surface…

• The Internet Is Fraying, But Maybe Security Can Hold It Together — Heather Flanigan

  Heather Flanigan, a 16-year veteran of digital identity and internet standards development, presented a strategic analysis of how the global internet is fragmenting under the weight of diverging…

• From Application to Access: Detecting DPRK IT Workers Before They Become Insider Threats — Jesse Buonanno

  A security engineer presented a comprehensive defensive framework for detecting and blocking DPRK (North Korean) IT worker infiltration attempts across the entire hiring lifecycle -- from initial…

• From Chaos to Control: A Modern Approach to UAF Attack Detection — Nader Ammari

  Mari, a product security researcher at Microsoft and co-director at the University of Montreal, presented a three-year research project developing a novel dynamic detection method for…

• From Infodump to Transformation: Re-imagining Digital Security Training — Izebel

  Isabelle, a security and privacy consultant with a background in public health education who has trained thousands of people over 15 years, delivered an interactive session challenging the security…

• Structured Defense: Martial Arts as a Blueprint for Cybersecurity Training — Travis Van Winkle

  This talk proposes a training framework for cybersecurity professionals drawn directly from the pedagogy of traditional martial arts. The speaker, who has a cross-section background in IT…

• From Shadow AI to Secure Agents: The C.H.A.N.G.E. Playbook — Barath Subramaniam

  Barrett, a staff product security and AI engineer at Adobe, delivers a talk focused not on which AI model or tool is best, but on why well-meaning security teams keep failing to adopt AI securely --…

• Career Village: Hacked My Way Here: Real Stories into Security — Grady Lancaster, Ryan Makababad, Jason Lee, Mayas Karaga, Jifon Satpati

  This 56-minute career panel brings together four security operators at different career stages -- a principal security TPM at Microsoft, a retired multi-time CISO (Splunk, Zoom, Salesforce), a…

• The Artistic Science of Building Lean-and-Mighty Security Teams — Santosh Kandala

  Santosh, who has built and scaled six security startups and is working on his seventh, delivers a talk on the art and science of building effective security teams -- particularly in startup and…

• The Security Policy Rollout Survival Guide — Maya Gatski

  Maya Gatski, founder and CEO of Oblique (an access and group management solution), delivers a comprehensive operational guide to rolling out security policies in enterprise environments. Gatski's…

• Usable Security: Bridging Research and Industry Practices — Iulia Ion

  Julia, who completed her PhD in usable security at ETH Zurich and has spent 13 years in industry at Google and Snowflake, delivers a talk that bridges academic usable security research with…

• The First Security Hire's Survival Guide — Chris Honda

  Chris Honda, currently the sole security person at Plotly and a veteran of BSides Seattle (fourth year attending), delivers an honest and personal talk about surviving as the first and only security…

• Career Village: WTF is an Org Chart? Building Security Teams — Matt Damco

  Matt Damco, Head of Security at Zenity, delivers a practical guide on how to build and scale security teams from the ground up. Drawing from his experience advising startup founders and working…

• MX Has a Story to Tell: Hacking MX Records for Fun, Profit and Data — Dylan

  Dylan, an offensive security practitioner based in Seattle, presents original research on exploiting electromagnetic emanations from LCD monitors to exfiltrate data from air-gapped networks…

• These Are NOT the Vulnerabilities You Are Looking For: Hiding Vulnerabilities in Containers — Kyle Quest

  Kyle Quest, creator of the popular open-source tool **DockerSlim** (now called **MinToolkit**), demonstrates how container vulnerability scanners can be trivially deceived by removing or mutating…

• Pwning Electric Motorcycles — Mitchell Marasch, Panie

  Mitchell and Panie, security researchers sponsored by Veraritoss, present their deep-dive into the firmware security of an electric motorcycle manufacturer they pseudonymously call "Moto…

• The Phantom of the Infrastructure: Investigating the Hidden IAM Risks in Bedrock API Keys — Sergio Garcia

  Sergio Garcia, a security researcher at BeyondTrust and former founding engineer at Prowler, reveals a significant security design flaw in **Amazon Bedrock API Keys** -- a new credential type AWS…

• United in Defense: Architecting Safe and Trustworthy AI Agents — Rabimba Karanjai

  Rabimbo, a Google Developer Expert and scientist at PayPal, presents a comprehensive security framework for AI agent systems, covering the full lifecycle from training data provenance through model…

• Zero Trust in the Matrix: Hardening Kubernetes for the AI Frontier — Apoorv Dayal

  As every company races to become an AI company, the infrastructure running large language models is rapidly becoming the most attractive target on the network. In this fast-paced closing talk at…

• Evading Detection with Dynamic AI Mimicry — Darren, Mosam

  What happens when you take polymorphic AI malware and teach it to blend into the victim's own cloud traffic? Darren and Mosam presented their research on a framework called **LL MALJ** that advances…

• Securing Space: The Next Frontier for Security Engineers — Ankush Gupta

  Ankusha, an enterprise architect at one of the largest telecom organizations in the United States, presented on red teaming AI systems for security validation. Despite the session title referencing…

• Breaking BOTS: Cheat Blue Team CTFs by Building AI Agents That Investigate — Leo Meyerovich

  Leo from Graphistry presented a deeply practical talk on using AI agents to solve blue team CTFs — specifically Splunk's Boss of the SOC (BOTS) — and what that tells us about the future of…

• Identity Crisis: IAM's Wild Ride in the AI Jungle — Sarah

  The identity community is building under fire. With the ratio of non-human identities (NHI) to humans reaching 144:1 in H1 2025 (up from 92:1 just a year earlier) and 44% year-over-year growth…

• Teenagers' Ability to Detect Synthetic Media — Aaliya Nagori

  In a standout presentation from a high school senior, Aaliyah shared original research on how well teenagers can detect AI-generated synthetic videos — a question that had not been studied before…