How Offensive Security Made Me Better at Defense
Dino Dai Zovi
OffensiveCon 2025 · Day 2 · Main
In the closing keynote of OffensiveCon 2025, Dino Dai Zovi — veteran of Pwn2Own, Defcon CTF, and co-author of multiple security books — argues that deep offensive expertise is not just complementary to defense work but a prerequisite for building effective security engineering organizations. Drawing on two decades of experience from writing browser exploits and winning hacking competitions to running the Applied Security Engineering team at Block (formerly Square), Dai Zovi frames security as an economics problem where attacker resource constraints, attack graph reasoning, and threat model precision — skills intrinsic to exploit development — determine whether defenders spend effort where it actually matters. ---
AI review
Dai Zovi is one of the few people alive who can give a 'lessons from 25 years of hacking' talk without it sounding like a LinkedIn post, and he mostly succeeds. The attacker economics and attack graph reasoning content is genuinely useful framing. But this is a closing keynote, not a technical research talk, and OffensiveCon should be judged accordingly.