Into The Dragon's Den
Jacob Salassi, Michele Freschi
BSidesSF 2025 — Here Be Dragons · Day 1 · Main
After years leading product security at a major SaaS database company during its China expansion, Jacob Salassi and Michele Freschi share the hard-won mental models they developed for operating in a strategically hostile environment. The core insight: entering China means accepting that certain threats — operating partner coercion, constant surveillance, legally mandated insider risk — cannot be eliminated, only understood. Security success lies in building cryptographically and physically isolated deployments, fully automated operations, and a structured insider risk program before the first line of code lands in a Chinese data center. ---
AI review
Salassi and Freschi have done the rare thing: built genuinely novel security architecture from operational necessity under adversarial conditions and lived to explain it clearly. The China operating environment is a masterclass in accepting what you cannot change before designing what you can — and the technical prescriptions (cryptographic isolation, HAL 9000 automation, travel mode, behavior-focused insider risk) are specific enough to implement. This is one of the most useful talks at the conference.