BSidesSF 2024

May 4-5, 2024 · San Francisco, CA · 61 talks

Security BSides San Francisco is an annual information security conference. It is a conference by the community for the community.

→ See editor’s top picks at BSidesSF 2024

• Opening Remarks — Reed Loden

  This session, delivered by Reed Loden, President and Lead Organizer for BSides San Francisco, served as the opening remarks for the 2024 conference. The address welcomed attendees, outlined the…

• Navigating the AI Frontier: Investing in AI in the Evolving Cyber... — Chenxi Wang

  Dr. Chenxi Wang, a distinguished computer scientist, former academic, and now a prominent investor, delivered a keynote address at BSidesSF 2024, focusing on the transformative impact of Artificial…

• Hook, Line, and Tinker: A Dive into Phishing Campaign Sites — Rick Ramgattie

  In his BSidesSF 2024 talk, "Hook, Line, and Tinker: A Dive into Phishing Campaign Sites," Rick Ramgattie, an ABC Engineer at Gemini Trust Company, presented a compelling and practical exploration…

• Beyond Quick Cash: Rethinking Bug Bounties for... — Jayson Grace, Farah Hawa

  This talk, "Beyond Quick Cash: Rethinking Bug Bounties for Greater Impact," delivered by Jayson Grace and Farah Hawa at BSidesSF 2024, advocates for a significant evolution in the bug bounty…

• Skynet the CTI Intern: Building Effective Machine Augmented... — Scott J Roberts

  This talk, "Skynet the CTI Intern: Building Effective Machine Augmented Intelligence," delivered by Scott J Roberts, Head of Threat Research at Interpres, delves into the practical application of…

• Protecting data vs systems: practicality, performance, and problems... — Dan Draper

  This talk, presented by Dan Draper, Founder and CEO at CyStash, delves into the critical distinction between protecting systems and protecting data directly. Draper argues that traditional security…

• Getting over the finish line: Loom Security Journey. — Narayan Gowraj, Nishant Jain

  This talk, "Getting over the finish line: Loom Security Journey," delivered by Narayan Gowraj, Head of Security at Loom, and Nishant Jain, Security Engineer at Loom, provides a comprehensive look…

• The Secret Life of Secrets — Dylan Ayrey, Hon Kwok

  This talk, "The Secret Life of Secrets," delivered by Dylan Ayrey and Hon Kwok at BSidesSF 2024, delves into the often-overlooked yet critical impact of user experience (UX) and design choices on…

• Security Considerations for Services Using AI Models — Shrey Bagga

  This talk, presented by Shrey Bagga at BSidesSF 2024, delves into the critical security considerations for services leveraging Artificial Intelligence (AI) models. As AI and Large Language Models…

• Heard you liked access, so we built Access to... — Peter Collins, Elisa Guerrant

  This talk, "Heard you liked access, so we built Access to...", presented by Peter Collins and Elisa Guerrant from Discord, details their journey in building a new internal access control system for…

• Advanced Persistent Teenagers: Understanding the Lapsus$ Playbook — Benjamin Hering

  This talk, "Advanced Persistent Teenagers: Understanding the Lapsus$ Playbook," delivered by Benjamin Hering, delves into the tactics, techniques, and procedures (TTPs) employed by the notorious…

• Combating Generative AI's Privacy Abuses

  This article delves into the critical privacy, security, and ethical challenges posed by the rapid proliferation of Generative AI (GenAI) and Large Language Models (LLMs). Presented as a panel…

• TL;DR: Applying AI to Security — Clint Gibler

  Clint Gibler, Head of Security Research at Semgrep, delivered a comprehensive and fast-paced talk titled "TL;DR: Applying AI to Security" at BSidesSF 2024. The presentation aimed to provide both a…

• Six Years in Review: Transforming Company Culture to Embrace Risk — Ariel Shin

  This talk, "Six Years in Review: Transforming Company Culture to Embrace Risk," delivered by Ariel Shin, Product Security Engineering Manager at Twilio, details a transformative journey in…

• Startups: SOC 2 ... Now or Later? — Elyse Libetti

  In her BSidesSF 2024 talk, "Startups: SOC 2 ... Now or Later?", Elyse Libetti, a seasoned software engineer with extensive experience in the cybersecurity SaaS space, addresses a critical dilemma…

• WhizBangLambdaFix: where AWS Misconfigurations... — Lily Chau, Lakshmanan Murthy

  This talk, "WhizBangLambdaFix: where AWS Misconfigurations...", presented by Lily Chau and Lakshmanan Murthy from Roku, introduces a novel framework for automated remediation of AWS…

• Titans of Scale: Strategies to Scale Security in Expanding Organizations

  This panel discussion, "Titans of Scale: Strategies to Scale Security in Expanding Organizations," brought together security leaders from prominent technology companies—Netflix, Chime, Rippling, and…

• LLMs at the Core: From Attention to Action in... — Fotis Chantzis, Paul McMillan

  This technical article delves into the practical applications of Large Language Models (LLMs) in enhancing cybersecurity workflows, as presented by Fotis Chantzis and Paul McMillan from OpenAI at…

• Reinventing ETL for Detection and Response Teams — Josh Liburdi

  In his BSidesSF 2024 talk, "Reinventing ETL for Detection and Response Teams," Josh Liburdi tackles a topic he admits is often considered "boring" but is, in his view, critically important…

• Insecurity protocols: an overview of modern authentication — Eric Chiang

  This talk, "Insecurity protocols: an overview of modern authentication," delivered by Eric Chiang at BSidesSF 2024, provides a comprehensive and often critical "whirlwind" tour of various…

• Snow Nor Rain Nor Dependency Confusion: How to... — Jessica Smith, Justin Engler

  This talk, "Snow Nor Rain Nor Dependency Confusion: How to...", delivered by Jessica Smith and Justin Engler, engineers on the offensive security (red team) at Block, delves into the intricacies of…

• Please Pick Up: Crafting and Executing Successful Vishing Attacks — Jason Puglisi

  This talk, "Please Pick Up: Crafting and Executing Successful Vishing Attacks," delivered by Jason Puglisi at BSidesSF 2024, delves into the art and science of **vishing**, or voice phishing…

• LLM Privacy Paradox: Balancing Data Utility... — Rob Ragan, Aashiq Ramachandran

  This article delves into the critical and often overlooked security implications of fine-tuning Large Language Models (LLMs), specifically focusing on the risk of **data leakage**. Presented by Rob…

• Attacking & Defending Supply Chains. How we got Admin in your Cloud,... — Mike Ruth

  This talk, presented by Mike Ruth, a Security Engineer at Rippling, delves into the critical and often overlooked security vulnerabilities within modern software supply chains, specifically focusing…

• From Hacking to C-Suite: Navigating the Labyrinth of Security Careers

  This panel discussion, "From Hacking to C-Suite: Navigating the Labyrinth of Security Careers," offered a multifaceted exploration of career paths within the cybersecurity industry. Moderated by…

• Temporary Access to the Cloud: A Case Study — Tomas Rabczak

  This talk, presented by Tomas Rabczak, a Staff Software Engineer at Chime, delves into the critical security challenge of managing employee access to cloud resources and the development of an…

• Decoding Fraud: The Evolution and Impact of Netflix's... — Aditi Gupta, Yue Wang

  This article delves into the critical work undertaken by Netflix's Trust and Safety team to develop a robust, multi-layered fraud metrics framework. Presented by Aditi Gupta and Yue Wang at BSidesSF…

• Effective building blocks for securing... — Shrikant Pandhare, Sagiv Sheelo

  This talk, presented by Shrikant Pandhare and Sagiv Sheelo from Snap, delves into the intricate journey of evolving a cloud-native infrastructure from a monolithic application to a highly secure…

• Securing Azure Open AI apps in the Enterprise — Karl Ots

  This talk, presented by Karl Ots at BSidesSF 2024, delves into the critical and often complex task of securing Azure OpenAI applications within an enterprise environment. As a consultant…

• One-Click Code Fix: Securing Code Using AI — Chandrani Mukherjee, Joseph Seasly

  This talk, presented by Chandrani Mukherjee and Joseph Seasly at BSidesSF 2024, explores the ambitious goal of leveraging Artificial Intelligence (AI) to automatically identify and remediate code…

• Opening Remarks — Reed Loden

  This talk, delivered by Reed Loden, President and Lead Organizer for BSidesSF, served as the opening remarks for the BSidesSF 2024 conference. It welcomed attendees, set the tone for the event, and…

• Unlocking the Future: AI is the Key to CISOs Top Challenges — Caleb Sima

  Caleb Sima delivered a keynote address at BSidesSF 2024, offering a positive and hopeful perspective on the role of Artificial Intelligence (AI) in solving the most pressing challenges faced by…

• Effective Detection in Kubernetes Clusters — Shay Berkovich, Oren Ofer

  This presentation, delivered by Shay Berkovich and Oren Ofer at BSidesSF 2024, delves into the complexities of detecting sophisticated attacks within Kubernetes and cloud-native environments. The…

• Finetuning Large Language Models (LLMs) for Security Log Detections — Wilson Tang

  This talk, presented by Wilson Tang, a Machine Learning Engineer on the threat hunting team at Adobe, delves into the innovative application of Large Language Models (LLMs) for security log…

• Startup Security, 2nd Edition — Evan Johnson

  Evan Johnson, co-founder and CEO of Run Reveal, delivered an insightful and practical talk titled "Startup Security, 2nd Edition" at BSidesSF 2024. This presentation served as an updated and…

• Beyond Code and Clicks: UX Insights to Security Software — Hon Kwok, Miccah

  In their BSidesSF 2024 talk, "Beyond Code and Clicks: UX Insights to Security Software," Hon Kwok and Miccah, engineers at Truffle Security, presented a compelling argument for integrating user…

• Beyond Labels: Evolving Data Classification — Rob Oden

  In this insightful talk at BSidesSF 2024, Rob Oden, Senior Data Classification Specialist on the Roblox Information Security Team, presented a comprehensive framework for evolving data…

• AiIAM: Transforming the Democratized AWS IAM... — Anthony Scheller, Jorge L Gomez

  This talk introduces **Vapor Lock**, an innovative open-source project formerly known as AiIAM, designed to tackle the pervasive challenge of managing Identity and Access Management (IAM) policies…

• How to Secure Cloud Machine Identities — Komal Dhull, Nathan Brahms

  This technical article delves into the critical and often overlooked domain of securing **cloud machine identities**. Presented by Komal Dhull, a Founding Backend Engineer, and Nathan Brahms…

• PirOps: What 18th-Century Piracy can Teach Us about SecOps — Aron Eidelman

  In his BSidesSF 2024 talk, "PirOps: What 18th-Century Piracy can Teach Us about SecOps," Aron Eidelman draws a compelling and unexpected parallel between the operational practices of 18th-century…

• GRC Engineering - Bringing GRC to a repository near you — Varun Gurnaney

  In this insightful talk at BSidesSF 2024, Varun Gurnaney, a security engineer, presented a compelling vision for **GRC Engineering**, an approach that seeks to bridge the historical chasm between…

• Phish & Furious: Campaign Builder Vulnerabilities in a Blink &... — Raae Wolfram

  This talk, "Phish & Furious: Campaign Builder Vulnerabilities in a Blink &...", presented by Raae Wolfram, a Senior Product Manager at Microsoft, delves into the often-overlooked security…

• Army of Proxies! How Netflix scales identity based zero trust... — Grant Callaghan

  This talk, presented by Grant Callaghan, a Staff Security Software Engineer at Netflix, delves into the intricate architecture and operational strategies Netflix employs to scale **identity-based…

• Effective security on a tight budget — Felix Matenaar

  In an era characterized by persistent budget constraints, amplified by recent tech downturns and increasing regulatory pressures, security organizations often find themselves in a precarious…

• Next-Gen Detection: Harnessing LLMs for Sigma Rule Automation — Dave Johnson

  This talk, presented by **Dave Johnson**, a Threat Intelligence Advisor at **Feedly**, delves into the innovative application of **Large Language Models (LLMs)** to automate the creation of **Sigma…

• CISO Series Podcast (Live)

  This article details a live recording of the popular CISO Series podcast, held at BSidesSF 2024. Hosted by David Spark, with co-host Mike Johnson (CEO of Rivian) and special guest Steve Zooki (host…

• Pushing Boundaries: Journeys to the top of Security... — Lea Snyder, Devina Dhawan

  This talk, "Pushing Boundaries: Journeys to the top of Security...", delivered by Lea Snyder and Devina Dhawan at BSidesSF 2024, offers a candid and insightful exploration into the career paths of…

• Insane in the Supply Chain: Threat modeling for... — Eoin Wickens, Marta Janus

  This talk, "Insane in the Supply Chain: Threat modeling for attacks on AI systems," delivered by Eoin Wickens and Marta Janus, researchers at Hidden Layer's Synaptic Adversarial Intelligence (SAI)…

• Securing Generative AI: Is it all an Illusion? — Rachana Doshi, Michael Samson

  This talk, "Securing Generative AI: Is it all an Illusion?", delivered by Rachana Doshi and Michael Samson from Salesforce, addresses the critical and rapidly evolving challenge of securing…

• Ransomware and Backups: A Multi-Layered Defense Strategy — Amol Sarwate

  Amol Sarwate, Cyber Resilience Leadership at Veritas Technologies, presented a critical talk at BSidesSF 2024 titled "Ransomware and Backups: A Multi-Layered Defense Strategy." The presentation…

• Founders R Us: Tales from recent security CEOs

  This panel discussion, "Founders R Us: Tales from recent security CEOs," offered a candid and insightful look into the challenging yet rewarding journey of building and scaling cybersecurity…

• Imperfect Security: Doing Less to Achieve Better Security — Kevin Hanaford

  In his BSidesSF 2024 talk, "Imperfect Security: Doing Less to Achieve Better Security," Kevin Hanaford, Trust Engineering Lead at Discord, challenges the conventional pursuit of "perfect security."…

• Faux Data, Real Defense: ML advancements in data synthesis — Arjun Chakraborty

  Arjun Chakraborty, a member of the detection engineering team at Databricks, presented a compelling talk titled "Faux Data, Real Defense: ML advancements in data synthesis" at BSidesSF 2024. The…

• The road to developers' hearts — Sing Ambikapathi

  This talk, "The road to developers' hearts," delivered by Sing Ambikapathi at BSidesSF 2024, addresses the critical challenge of fostering productive and peaceful collaboration between security…

• AI: Best Janitor or Worst Superhero? — Adrian Sanabria

  Adrian Sanabria's talk, "AI: Best Janitor or Worst Superhero?", delivered at BSidesSF 2024, critically examines the current state of **generative AI**, particularly **large language models (LLMs)**…

• Your voice confirms my identity — Ethan McKee-Harris

  In his BSidesSF 2024 talk, "Your voice confirms my identity," Ethan McKee-Harris, a security consultant at Pan Security Group, delved into the alarming vulnerabilities of voice biometrics as a…

• Cybersecurity meets Generative AI: Automating Your Compliance... — Rafae Bhatti

  This talk, presented by Rafae Bhatti at BSidesSF 2024, delves into the transformative potential of Generative AI to revolutionize the traditionally arduous and manual processes of cybersecurity…

• Long Live Short Lived Credentials - Auto-rotating Secrets At Scale — Dwayne McDaniel

  In an era where digital security incidents are increasingly common, the management of credentials has emerged as a critical vulnerability. Dwayne McDaniel, a Developer Advocate at G Guardian…

• Please Don't Discard - Security Data — Rishabh Gupta, Hrushikesh Paralikar

  This article delves into a novel approach for tackling security review challenges by systematically persisting, storing, and structuring security data. Presented by Rishabh Gupta, a Senior Security…

• 5 security startup pitches to raise money and eyebrows — Maya Kaczorowski

  This talk, presented by Maya Kaczorowski at BSidesSF 2024, delves into the challenging yet opportune landscape of security startup innovation. Kaczorowski, an experienced security professional with…

• Closing Ceremony — Reed Loden

  The "Closing Ceremony" at BSidesSF 2024, led by **Reed Loden**, served as a comprehensive retrospective on the conference's operational success, community engagement, and overall impact. Far from a…