SAINTCON 2025

October 21-24, 2025 · Provo, UT · 61 talks

Utah's premiere cybersecurity conference bringing together security professionals for four days of talks, training, and community.

→ See editor’s top picks at SAINTCON 2025

• Keynote - John Hammond — John Hammond

  John Hammond's keynote at SAINTCON, titled "The Infosec Yard Sale or Overabundance of Everything," delivers a thought-provoking exploration of the overwhelming volume of information, tools…

• Adopting the Analyst Mindset: Uncovering Fraud Through Curiosity and Action — Layne Hanson

  Layne Hanson, a **cybersecurity threat analyst** and officer at Labs, delivered a compelling talk at SAINTCON detailing her journey from feeling lost in her career to successfully mitigating…

• Building Safer AI Systems: The OWASP Top 10 for Large Language Models — Doug Hubbard

  Doug Hubbard, a cloud application and AI security engineer at a biotech company, delivered a compelling talk at SAINTCON on the critical need for robust security in the rapidly evolving landscape of…

• Client-Side Chaos: What Security Pros Must Know About Modern Front-Ends — Jayton Birch

  In the rapidly evolving landscape of web development, the front end often presents a deceptive simplicity. Behind the user-friendly interfaces of buttons, colors, and images lies a complex and…

• Dark Prompts, Dirty Outputs: Jailbreaking LLMs for Red Team Ops — Val Saengphaibul

  In this insightful SAINTCON talk, Val Saengphaibul, Director of Threat Response at Fortinet, navigates the rapidly evolving landscape of Large Language Models (LLMs) from a cybersecurity…

• How AI Assistants Are Rewriting the Rules of End-to-End Encryption — Lauren Stemler

  In an era increasingly defined by the integration of artificial intelligence into everyday applications, Lauren Stemler, an AI Security Strategist at Cisco Foundation AI, delivered a critical talk…

• Imposter to Hunter: My First Year as a Threat Hunter — Allyn Roberts

  In "Imposter to Hunter: My First Year as a Threat Hunter," Allyn Roberts, a Threat Hunt Analyst at Intermountain Health, shares his deeply personal and highly relatable journey from feeling like an…

• Defense Against the Dark Arts, training your organization against ransomware. — Paige Ishii

  Paige Ishii, a Cybersecurity Analyst Senior at Intermountain Healthcare, delivered a compelling talk at SAINTCON titled "Defense Against the Dark Arts, training your organization against…

• How to not fumble your Table Top Exercise — klipper

  In a departure from typical conference presentations, "How to not fumble your Table Top Exercise" at SAINTCON transformed the concept of a tabletop exercise into a dynamic, live-action competition…

• The Evolving Standard of Trust: A History of Broken Trust in Authentication (1980 - 2025) — Nathan Cooper

  In "The Evolving Standard of Trust: A History of Broken Trust in Authentication (1980 - 2025)," Nathan Cooper, Director of Information Security, and Jake Bingham, an IT Technician, both from Lucid…

• Guerilla GRC — Joshua Boyles

  In his SAINTCON talk, "Guerilla GRC," Joshua Boyles, VP of Cybersecurity at the Larry H. Miller Company, introduces an innovative and pragmatic approach to addressing two pressing challenges in the…

• No Agent, No Problem: Discovering Remote EDR — Jonathan Johnson

  In the SAINTCON talk "No Agent, No Problem: Discovering Remote EDR," Jonathan Johnson, a Principal Windows Product Researcher at Huntress, unveiled groundbreaking research demonstrating the…

• From Blueprint to Fortress: Securing System Design with Threat Modeling — Hadley Westover

  In the rapidly evolving landscape of cybersecurity, the adage "an ounce of prevention is worth a pound of cure" has never been more relevant. Hadley Westover, a Cyber Engineer at the Space Dynamics…

• Get Your Rubber Duckies In A Row — Madeline Kaye (5NCX)

  Madeline Kaye, known as "Snacks," presented an engaging and highly practical talk at SAINTCON titled "Get Your Rubber Duckies In A Row," focusing on the creation of **USB rubber duckies** using the…

• Smashing Smishing by Quashing Quishing — Andrew Brandt

  In his compelling SAINTCON talk, "Smashing Smishing by Quashing Quishing," Andrew Brandt, Principal Threat Researcher at Netcraft, sheds light on the escalating threat landscape dominated by…

• Controlling Developers Minds Through First Principles and Engineering Models — DrydenMaker

  This talk, presented by Alton Crossley (DrydenMaker), delves into a novel, Inception-themed approach to resolving the perennial friction between security teams and software developers. Crossley…

• How to brief Execs on Threat Landscape — Devin Shelley

  In the current volatile cyber threat climate, effective communication between security professionals and executive leadership is paramount. Devin Shelley, Senior Manager of Information Security at…

• Lessons Learned from the Fires of Response — Lauren Proehl

  Lauren Proehl, Global Head of Detection Response at Marsh McLennan, delivered a candid and insightful presentation at SAINTCON, drawing upon her 11 years of experience in blue team operations, from…

• Malicious Actors Depend on Your Unknowns. Disappoint Them! — Brian Contos

  In an era of rapidly evolving technology and expanding digital attack surfaces, Brian Contos, Field CISO at Mitiga, and Patrick "Pio" Zakowski, an expert in security automation, delivered a…

• Keynote - Jeff Moss — Jeff Moss

  In a candid and insightful keynote address at SAINTCON, Jeff Moss, widely known as "The Dark Tangent" and the visionary founder of both **Defcon** and **Black Hat**, offered a sweeping retrospective…

• Death by Critical CVE: Escaping the Flood of Score-Based Remediation — Courtney Burr

  In the realm of cybersecurity, organizations are perpetually overwhelmed by an ever-increasing deluge of vulnerabilities, each demanding attention and remediation. Courtney Burr, a Senior Security…

• Modern Cryptography 101 — Thomas Rose

  In "Modern Cryptography 101," Thomas Rose, a Security Analyst at 70y8047 (Solutionreach), demystifies the fundamental principles underpinning modern cryptographic systems. Rose delivers an…

• PIRs & Battle Scars - Lessons Learned from Implementing Intelligence Requirements — Andy Piazza

  In his SAINTCON talk, "PIRs & Battle Scars - Lessons Learned from Implementing Intelligence Requirements," Andy Piazza, Senior Director for Threat Research at Unit42, delivers a candid and…

• Navigating the Vulnerability Landscape: A Beginners Guide to Tracking Software Flaws — Gerrit Gerritsen

  In his SAINTCON presentation, "Navigating the Vulnerability Landscape: A Beginners Guide to Tracking Software Flaws," Gerrit Gerritsen, an Application Security Engineer, addresses a pervasive…

• Ligolo-ng: A guide to simple pivoting into an internal network — Jacob Smith

  In the realm of ethical hacking and penetration testing, gaining initial access to a target system is often just the first step. The real challenge, and often the most rewarding part, lies in…

• Red + Blue = Better Security: Adobe's Purple Team Success Story — Ivan Koshkin

  In this insightful talk from SAINTCON, Ivan Koshkin, Detection Engineering Lead at Adobe, delves into the transformative power of **purple teaming**, illustrating how a collaborative approach…

• Measure What Matters — Mark Overholser

  In his SAINTCON talk, "Measure What Matters," Mark Overholser, a Technical Marketing Engineer and Threat Hunter at Corelight, delivers a foundational yet critical message for blue teams and Security…

• ScreenConnect: Restriction Bypass for RCE — Paul Whiting

  In his SAINTCON talk, "ScreenConnect: Restriction Bypass for RCE," Paul Whiting of UltraViolet Cyber detailed a novel method to achieve **remote code execution (RCE)** on ConnectWise ScreenConnect…

• Outnumbered, Not Outmatched: Smarter Cybersecurity by Following Compliance Frameworks — Paul Whittier

  In an era where cyberattacks are a constant threat, Paul Whittier, a Principal Cybersecurity Advisor at Enable (formerly Ad Lumen), delivered a compelling talk at SAINTCON titled "Outnumbered, Not…

• The Art of Cybersecurity Mastery: From Entry-Level to Staff+ — Florian Noeding

  In "The Art of Cybersecurity Mastery: From Entry-Level to Staff+", Florian Noeding, a Principal Security Architect at Adobe, delivers an insightful and pragmatic guide for navigating a career in…

• Give me the Green Light: An Intro to Hacking Traffic Systems — Andrew Lemon

  In "Give me the Green Light: An Intro to Hacking Traffic Systems," Andrew Lemon, CEO of Red Threat, delivers a high-octane exploration into the vulnerabilities of intelligent transportation systems…

• He’s Inside The House! — Chris Mather

  In his SAINTCON presentation, "He’s Inside The House!", Chris Mather of Whitecap Cybersecurity delivers a compelling argument for broadening the traditional scope of cybersecurity to encompass a…

• The Death of the Analyst: Why Security Careers Need a Culture Shift — Bronson Peto

  Bronson Peto’s talk, "The Death of the Analyst: Why Security Careers Need a Culture Shift," delivers a provocative and essential critique of the modern cybersecurity industry. Peto, a seasoned…

• Maximizing the ROI of Your Pentest — Xync

  In this insightful SAINTCON talk, a unique panel consisting of two brothers who are experienced **pentesters** (Xync and John) and their younger brother, a **CISO** (Brian), converge to discuss how…

• Every Day Carry (EDC) Showdown — klipper

  The SAINTCON talk "Every Day Carry (EDC) Showdown" was a highly engaging and unconventional presentation that transformed a typical security conference session into a live, competitive game show…

• Findings From Real-World AI Application Assessments — Jake Williams

  In this insightful talk from SAINTCON, security expert Jake Williams, widely known as MalwareJake, dissects the complex and often overlooked security challenges inherent in the burgeoning field of…

• How I Built Them: Custom Hardware Implants — c4m0ufl4g3

  In this insightful SAINTCON presentation, c4m0ufl4g3, a Cyber Security Principal Engineer, walks the audience through the arduous yet rewarding journey of developing a custom hardware implant from…

• Keynote - John Strand — John Strand

  John Strand's keynote address at SAINTCON, provocatively titled "Onions, Belts, and Fashion," transcends the typical cybersecurity discourse, urging the audience to look beyond the prevailing…

• Security != Compliance...But It Should — Chris Honda

  In his SAINTCON presentation, "Security != Compliance...But It Should," Chris Honda, a seasoned professional in risk and compliance at Plotly, tackles a pervasive and often contentious issue within…

• The Real Risks of AI in 2025: Beyond the Hype — Michael Fischer

  In his SAINTCON talk, "The Real Risks of AI in 2025: Beyond the Hype," Michael Fischer, Senior Director of Information Security at Arctic Wolf, challenges the prevailing narrative surrounding…

• Grand Theft API — Neiko (Specters) Rivera

  In the SAINTCON talk "Grand Theft API," Neiko Rivera, a seasoned bug bounty hunter and former Red Teamer at Rivian Automotive, exposes a series of critical vulnerabilities in the **Application…

• Make Your Point: Crafting Compelling Cyber Narratives — Joe Nay

  In the fast-paced and technically complex world of cybersecurity, the ability to uncover vulnerabilities and identify threats is paramount. However, as Joe Nay, a seasoned pentester and solutions…

• Sweet Deception: Deploying Honeypots and Honey Tokens in Microsoft 365 — Ryan O'Donnell

  In an era where cyber threats increasingly target cloud environments, Ryan O'Donnell's SAINTCON talk, "Sweet Deception: Deploying Honeypots and Honey Tokens in Microsoft 365," offers a compelling…

• A Security Program From Scratch — Jesse Harris

  In this insightful SAINTCON talk, Jesse Harris, an Application Security Engineer at Filevine, shares a pragmatic blueprint for establishing a security program from the ground up within an…

• Super Cool Presentation by Jup1t3r — Jup1t3r

  In a refreshing departure from typical technical conference talks, Jup1t3r, a prominent figure in the cybersecurity community and a founder of SAINTCON, delivered a deeply personal and engaging…

• Mobile Pentesting with Kali Netunter — Brayden Houston

  In this insightful talk titled "Mobile Pentesting with Kali NetHunter" at SAINTCON, cybersecurity engineer Brayden Houston demystifies Kali NetHunter, a powerful mobile penetration testing platform…

• Common Web Vulnerabilities and Escalating Impact — Garrett Adler

  In this insightful talk from SAINTCON, Garrett Adler, a Senior Penetration Tester at SecurityMetrics and an active bug bounty hunter, delves into the often-underestimated impact of common web…

• Attacking AI — @jhaddix

  In this insightful talk, "Attacking AI," Jason Haddix, CEO and Hacker at Arcanum Security, delves into the critical and rapidly evolving field of AI security testing. As organizations globally rush…

• How We Own Your World — Sam Moses

  In his SAINTCON presentation, "How We Own Your World," Sam Moses, a seasoned security consultant and penetration tester from Rapid7, offers a candid look into the most prevalent internal network…

• Adversarial Techniques for Bypassing Graph Neural Networks Based Network Defense — Kartikeya Sharma

  In the realm of modern cybersecurity, **Graph Neural Networks (GNNs)** have emerged as a promising technology for detecting sophisticated network intrusions, particularly Distributed Denial of…

• Jurrasic RFID World! — Iceman

  In his captivating talk, "Jurrasic RFID World!", the renowned RFID hacker Iceman delves into the intricacies and vulnerabilities of **HID Secure Identity Objects (SIO)**, HID's flagship "secure"…

• A Brief(ish) Introduction to Linux Evasion Techniques — Landon Rice

  Landon Rice's talk, "A Brief(ish) Introduction to Linux Evasion Techniques," delivers a highly technical exploration into the specialized world of Linux malware and the sophisticated methods…

• Hackers don’t break in, they login: Why Identity Security Requires Your Attention — Dhivya Balasubramanian

  In this compelling SAINTCON presentation, Dhivya Balasubramanian, Cybersecurity IAM Manager at Southwest Airlines, dissects the critical, yet often underestimated, domain of identity security. Her…

• Lessons Learned from Doing Things the Hard Way… Every… Single… F'n... Time. — Rob Fuller

  In his SAINTCON talk, "Lessons Learned from Doing Things the Hard Way… Every… Single… F'n... Time.", Rob Fuller, VP Cybersecurity & Digital Risk, delivers a refreshingly candid and introspective…

• A SAINTCON Crash Course on the History of Hacking and Artificial Intelligence — Ray [REDACTED]

  Ray [REDACTED]'s SAINTCON talk delivers a captivating and comprehensive whirlwind tour through the intertwined histories of hacking and artificial intelligence. This presentation goes beyond mere…

• UtahSAINT/SAINTCON, past, present, and future — Jup1t3r

  This talk, delivered by Jup1t3r, a foundational figure within the **UtahSAINT** organization, offers a candid, behind-the-scenes look at the evolution, challenges, and future trajectory of…

• The Badge Talk — compukidmike

  The "Badge Talk" at SAINTCON 2023, presented by compukidmike (MK Factor) and featuring contributions from Redacted Vortex and a dedicated team, offered a candid, behind-the-scenes look at the…

• KEVs Open the Door, Ransomware Kicks It In: The Lifecycle of a Known Exploited Vulnerability — kimb3r

  In this insightful SAINTCON presentation, Kimber, Director of Product at VulnCheck and President of 801 Labs, dissects the multifaceted **lifecycle of a Known Exploited Vulnerability (KEV)**…

• Tales from the Black Hat NOC — pope

  James "Pope" Pope's "Tales from the Black Hat NOC" delivers a candid and eye-opening account of the real-world security challenges observed by the Network Operations Center (NOC) at one of the…

• Hackers Challenge Shakedown — Santiago Gimenez Ocano

  This article provides a detailed technical retrospective of the SAINTCON 2025 Hackers Challenge, presented by GameMaster Santiago Gimenez Ocano (Santi) and several key challenge creators. The talk…

• Keynote - Jack Rhysider — Jack Rhysider

  In his captivating SAINTCON keynote, Jack Rhysider, host of the widely acclaimed Darknet Diaries podcast, delivers a masterclass not just in cybersecurity narratives, but in the very mechanics of…