Incident Readiness You and Your Leaders Will Actually Trust
Shachar Hirshberg, Hadar Waldman
BSidesSF 2026 · Day 1 · AMC Theatre 13
In an era where production environments are increasingly complex and dynamic, ensuring robust incident readiness and maintaining visibility into operational realities has become a critical challenge for cybersecurity teams. Shachar Hirshberg and Hadar Waldman from Artemis tackled this pressing issue in their BSides SF talk, "Incident Readiness You and Your Leaders Will Actually Trust." Their presentation highlights a significant disconnect between an organization's security policies and the actual state of its production systems, proposing an innovative, data-driven solution leveraging **Large Language Models (LLMs)** to bridge this gap.
AI review
A competent BSides-level case study on using LLMs to surface the policy-vs-reality gap in production environments. The methodology is practical and the speakers have genuine operational credibility, but this is applied tooling guidance dressed up as novel research — the core insight (your CSPM lies to you, go look at actual logs) predates LLMs by a decade.