Disobey 2026
Disobey is the Nordic region's flagship hacker-culture security event, held annually at the Cable Factory in Helsinki. The 2026 edition ran February 13-14 and featured keynotes from Joe Grand and Chantal Stekelenburg, with talks spanning offensive research, hardware/IC vulnerabilities, EU privacy policy, Linux hardening, adversary simulation (TIBER), passkey security, agentic AI malware, and physical red team tradecraft.
→ See editor’s top picks at Disobey 2026
- KEYNOTE: A Lifetime of Disobedience - Joe Grand
In his keynote address at Disobey, renowned hardware hacker Joe Grand delivered a compelling narrative centered on the indispensable role of **disobedience** in the world of hacking and personal…
- Data Honeytokens for the Cloud Era - Petrus Vasenius
In an era where organizational data is increasingly decentralized across vast cloud ecosystems, traditional perimeter and identity-centric security controls often fall short when confronted with an…
- EU's active war against data-privacy - Markus Hölsä
Markus Hölsä's talk, "EU's Active War Against Data Privacy," delivers a stark warning about the European Union's escalating legislative efforts that, under the guise of security and child…
- IC vulnerabilities - Jarno Niemelä
Jarno Niemelä, a Principal Researcher at VitScure (the former F-Secure business side), delivered a compelling talk at Disobey on a class of Windows privilege escalation vulnerabilities that often go…
- From Chaos to Clarity: Designing AppSec from First Principles - Mikael Nilsson
In his compelling Disobey talk, "From Chaos to Clarity: Designing AppSec from First Principles," Mikael Nilsson, Product Security Lead for Customer Intelligence R&D at SAS, addresses the pervasive…
- One Breach to Crack 'Em All! Insights from Password Breaches - Jarkko Vesiluoma
Jarkko Vesiluoma's Disobey talk, "One Breach to Crack 'Em All! Insights from Password Breaches," delves into the profound lessons that can be gleaned from analyzing vast datasets of compromised…
- Linux Hardening: It Doesn't Have To Be Hard - Esa Jääskelä
In his Disobey talk, "Linux Hardening: It Doesn't Have To Be Hard," Esa Jääskelä, an embedded systems engineer at Netum, delves into the essential practices for securing Linux environments. The…
- Releasing Your Inner TIBER in Regulated Adversary Simulations - Marko Buuri
This talk by Marko Buuri, an expert from the Central Bank of Finland, provides an in-depth look into the **TIBER** (Threat Intelligence-Based Ethical Red Teaming) framework. TIBER is a sophisticated…
- Exclusion Is a Vulnerability: Patching the Gender Gap in Tech - Willem
- From Zero to Hero With z/OS - Jack Fitzsimons
In his Disobey talk, "From Zero to Hero With z/OS," Jack Fitzsimons, a security consultant at DNV, tackles the persistent misconception that mainframes are obsolete relics of a bygone era…
- Admin Rights are not Human Rights - Sami Laiho
In his compelling talk, "Admin Rights are not Human Rights," Sami Laiho, a seasoned Microsoft Windows MVP and security auditor, delivers a stark warning about the futility of reactive security…
- Waves of Chaos: From Rogue Signals to The Supervillain Scenario - Tom Van de Wiele
Tom Van de Wiele's Disobey talk, "Waves of Chaos: From Rogue Signals to The Supervillain Scenario," delves into the alarming potential for low-cost, high-impact disruptive attacks that can cripple…
- One Request to Kill Them All: Amplification, Data Landmines and Parser Killers - Patrik Jokela
Patrik Jokela, also known as Queso, delivered a compelling presentation at Disobey, dissecting the often-underestimated threat of **application-level denial of service (DoS)** attacks. Titled "One…
- Are passkeys as secure as you think? - Fabian Bader
In an era increasingly plagued by phishing and credential theft, passkeys have emerged as a promising, phishing-resistant alternative to traditional passwords. Fabian Bader's talk at Disobey, "Are…
- How playing D&D at work can improve your incident response? - Hans Metsoja
In this insightful talk from Disobey, Hans Metsoja of Opera presented a compelling case for leveraging tabletop simulations, inspired by games like Dungeons & Dragons, to dramatically enhance an…
- SquarePhish 2.0 - Nevada Romsdahl & Kam Talebzadeh
In this Disobey conference talk, CrowdStrike security researchers Nevada Romsdahl and Kam Talebzadeh unveiled SquarePhish 2.0, an advanced open-source tool designed to streamline and enhance device…
- KEYNOTE: This conference was not built for you - Chantal Stekelenburg
Chantal Stekelenburg's keynote at Disobey 2026 delivers a powerful and analytically sharp critique of the systemic barriers preventing **diversity** and **inclusion** in cybersecurity conferences…
- Committing CSS Crimes for fun and profit - Lyra Rebane
In her engaging Disobey talk, "Committing CSS Crimes for fun and profit," Lyra Rebane, also known as Ray Bane, takes the audience on a journey from playful web styling exploits to discovering…
- CARF - Hacking the Android Settings App - Anton Helin
In this insightful talk, Anton Helin, a security engineer at Oversecured, dissects a sophisticated vulnerability he uncovered within the fundamental Android Settings application. Titled "CARF -…
- Analyzing Adversary Botnets for Offensive Cyber Operations - Joseph Slowik
Joseph Slowik's talk, "Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber Operations," delves into the evolving landscape of cyber threats, specifically focusing on how…
- Beyond the Green Checkmark: Security IN and OF Your CI Pipeline - Derek Fisher
In his Disobey talk, "Beyond the Green Checkmark: Security IN and OF Your CI Pipeline," Derek Fisher dissects the critical, yet often misunderstood, role of security within the Continuous…
- Behind Closed Doors: Physical Red Team Tactics - Firat Acar & Moritz Thomas
In an era where cyber threats dominate headlines, the foundational layer of physical security often receives less attention than it deserves. This talk, "Behind Closed Doors: Physical Red Team…
- Safety is not an option, Part-IS - Ben Nagel
Ben Nagel's talk, "Safety is not an option, Part-IS," delves into the critical and often overlooked intersection of information security and aviation safety, focusing specifically on the new…
- Take a Risk - Ville Rantamäki
Ville Rantamäki's talk, "Take a Risk," presented at Disobey, offers a critical re-evaluation of **information security risk management**. While the conference theme, "first principles," might…
- No more speedruns: Better security training (with what you have) - Susanna Haavisto
In this insightful talk from Disobey, Susanna Haavisto, Customer Education Manager at Hoxhunt, tackles a pervasive challenge in organizational security: the "speedrunning" of cybersecurity awareness…
- Big case handling @ NCSC-FI - Matias Mesiä
Matias Mesiä, Head of Operations at the National Cyber Security Centre Finland (NCSC-FI), delivered a compelling talk at Disobey, offering an insider's perspective on the complexities and critical…
- Inside the Hacker's Playbook - How We Stopped a €20M Ransomware Payout - Joseph Carson
Joseph Carson, a seasoned security researcher and Chief Security Evangelist at Sigura, delivered a compelling talk at Disobey, taking the audience on an immersive journey through a real-world…
- A New Era of Threats: Lessons from Agentic AI Malware - Candid Wuest
In his compelling talk at Disobey, Candid Wuest, a seasoned veteran of the antivirus industry, meticulously dissects the pervasive hype surrounding "AI malware" and rigorously separates it from the…