Preparing for Dragons: Don't Sharpen Swords. Set Traps, Gather Intel.
Adrian Sanabria
BSidesSF 2025 — Here Be Dragons · Day 2 · Main
Most organizations are overwhelmed not by sophisticated adversaries but by distraction — an ever-expanding threat landscape amplified by vendor marketing, exotic CVEs, and side-channel attacks that will never materialize in their environment. Adrian Sanabria's BSidesSF 2025 keynote argues for a resilience-first, fundamentals-focused security strategy: reduce attack surface, build passive defenses, understand what attackers are actually doing from public data, and measure everything — including your vendors. ---
AI review
Sanabria is one of the few people at this conference who will stand in front of an audience and say out loud that most of their security stack has negative value — and then hand them a spreadsheet methodology to measure it. The eight-step resilience framework is not revolutionary, but the delivery is blunt enough to actually land. The deception technology argument is the sharpest specific recommendation, and he's right that it is severely underused.