Loading…
Sunday, May 31
 

9:00am PDT

LLMs in the Kill Chain: From Analyst Tool to Attack Surface
Sunday May 31, 2026 9:00am - 1:00pm PDT
Room 2945
Large Language Models are rapidly becoming part of the cybersecurity toolkit. Analysts use them for OSINT collection, threat intelligence reporting, and even offensive operations. But how well do we understand the tools we are adopting, and what happens when those same tools become the attack surface?This hands-on, four-hour workshop takes participants through both sides of the LLM equation....
See More →
Speakers
avatar for Klaus Wunder

Klaus Wunder

Principal Cyber Defence Analyst, SECUINFRA
With nearly two decades in cybersecurity, Klaus has gone from configuring firewalls to protecting industrial control systems where breaches cost safety, not just data. That journey gives him a full-spectrum perspective on security operations. He guides teams through complex incidents... Read More →
Sunday May 31, 2026 9:00am - 1:00pm PDT
Room 2945 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Workshop

9:00am PDT

Threat Hunting in Practice: Investigating Real-World Intrusions with Hands-On Labs
Sunday May 31, 2026 9:00am - 1:00pm PDT
Room 2200
This hands-on workshop delivers a practical introduction into Threat Hunting, Detection Engineering and Incident Response through Threat Hunting Labs. Participants will investigate real-world intrusions in interactive, production-lookalike environments using authentic forensic artifacts such as system logs, network traffic, and memory data.Using SIEM platforms including Elasticsearch and Splunk,...
See More →
Speakers
avatar for Kostas T.

Kostas T.

Founder, DefendPoint Consulting
Kostas is an information security researcher and consultant with over 10 years of experience in threat hunting, incident response, and intrusion analysis. He specializes in analyzing real-world attacks end to end, with a strong focus on endpoint telemetry, visibility gaps, and evidence-based... Read More →
Sunday May 31, 2026 9:00am - 1:00pm PDT
Room 2200 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Workshop

9:00am PDT

Zero to Hero: Practical Threat Modeling In 2026
Sunday May 31, 2026 9:00am - 1:00pm PDT
Room 2270
Threat modelling is considered to be a critical component of Secure Software Development Lifecycle, yet many engineering organizations struggle to do it effectively and extract the full value. There’s a ton of information available on threat modelling, though most of it seems to be too theoretical, resulting in threat models that are generic and not actionable.This hands-on workshop presents a...
See More →
Speakers
avatar for Amiran Alavidze

Amiran Alavidze

Director, Security Engineering, Zello
Amiran is currently Director of Security Engineering at Zello, an Austin, TX based SaaS company offering enterprise push-to-talk service. With over 20 years in information security in roles ranging from system engineering and security operations to governance, risk and compliance... Read More →
Sunday May 31, 2026 9:00am - 1:00pm PDT
Room 2270 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Workshop

9:30am PDT

The Last-Minute Badge That Actually Worked
Sunday May 31, 2026 9:30am - 11:30am PDT
Room 1600
Our last year's BSides Conference badge will be used in this workshop. Both this year's BSides ticket holders and those from BSides 2025 can attend this workshop for free.Conference badges have become a staple of hacker culture. They’re part art piece, part engineering challenge, and part sleep-deprived miracles. In this workshop, we’ll walk through the complete journey of designing and...
See More →
Speakers
avatar for Nick Maltchev

Nick Maltchev

Mirai Security

avatar for Kirk Richardson

Kirk Richardson

Electronics Engineer, aiRadar
Kirk is an Electrical Engineer and Robotics Technologist with years of experience in high-tech industries -- marine, automotive, renewables, and entertainment. He has worn many hats, professionally and personally, including product designer, product line manager, consultant, mentor... Read More →
S
Sunday May 31, 2026 9:30am - 11:30am PDT
Room 1600
  Workshop

9:30am PDT

Ideal AppSec - Patterns for a Successful AppSec Program
Sunday May 31, 2026 9:30am - 12:30pm PDT
Room 2245
We will have a collaborative discussion to identify and define the core components of a well functioning AppSec or Software Security program. And we’ll highlight which activities have the highest impact. We’ll query attendees to highlight real experiences and observed patterns they have noted in well performing (or not) AppSec programs. Discussion will focus on ideal patterns...
See More →
Speakers
avatar for Justin Larson

Justin Larson

Principal Application Security Engineer, Redpoint Security
Justin Larson is a Principal Application Security Consultant with Redpoint Security. He started his career bouncing servers in the NOC of a SaaS company. He moved to the information security team within the same organization and then transitioned to specialize in application security... Read More →
avatar for Cameron White

Cameron White

Senior Application Security Engineer, Redpoint Security
Cameron is an experienced application security engineer who prefers spending energy on helping engineering teams develop efficient processes for building secure software. With a background that spans healthcare, fintech, and analytics, he’s built and led AppSec programs at companies... Read More →
Sunday May 31, 2026 9:30am - 12:30pm PDT
Room 2245 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Workshop

12:00pm PDT

Stop Sending Secrets to Chatbots: Build an AI Egress Proxy
Sunday May 31, 2026 12:00pm - 4:00pm PDT
Room 1600
Rapid AI adoption is creating a new class of data exposure: sensitive information leaving an organization through prompts and tool outputs to external LLM providers. Even scarier are the uprising of middle-ware AI companies, which lack proper data security, retention and security. A reality is that AI is used by most developersTeams spend years building DLP, insider-threat programs, and phishing...
See More →
Speakers
avatar for David Majercak

David Majercak

Member of Technical Staff, Microsoft
University of Copenhagen graduate, focusing on LLM post-training and test-time orchestration
avatar for Alex Vazquez

Alex Vazquez

Senior Security Engineer, Snap Inc
Raised in Vancouver and based in Seattle, I graduated from UBC in Electrical Engineering and got into security through CTFs and pentesting. I’m currently a Security Engineer at Snap Inc and previously a Security Engineer at Microsoft. I focus on AI security and data protection... Read More →
Sunday May 31, 2026 12:00pm - 4:00pm PDT
Room 1600
  Workshop

1:00pm PDT

"Vibe" Check: Exploiting Developer Trust from Prompt Injections to Weaponized Repos
Sunday May 31, 2026 1:00pm - 5:00pm PDT
Room 2200
"Do you trust the authors of the files in this folder?" It's a prompt modern IDEs throw at developers, and most click past it by reflex. But as vibe coding, AI-assisted tooling, and automated agents accelerate software development, that implicit trust in established tools like VS Code and authoritative sources like GitHub has become a critical, highly exploitable attack surface - especially for...
See More →
Speakers
avatar for Michael Chan

Michael Chan

Senior Consultant, Offensive Security, KPMG Canada
Michael is a social scientist turned hacker. He started by studying human behaviour and trust at Oxford - now he brings that lens into offensive security, validating and breaking the assumptions built into applications, systems, and organizations. As a Senior Offensive Security Consultant... Read More →
Sunday May 31, 2026 1:00pm - 5:00pm PDT
Room 2200 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Workshop

1:00pm PDT

Breaking and Fixing APIs: Hands-On Security with the OWASP API Security Top Ten
Sunday May 31, 2026 1:00pm - 5:00pm PDT
Room 2245
APIs are now the primary attack surface of modern applications. They expose sensitive data, control business logic, and connect services, partners, and users. When APIs fail, attackers gain direct access to the core of your system.The OWASP API Security Top Ten identifies the most critical risks facing modern APIs. However, most developers are never taught how to actually fix these vulnerabilities...
See More →
Speakers
avatar for Tanya Janca

Tanya Janca

Security Trainer and Founder, She Hacks Purple & DevSec Station
Tanya Janca, known online as SheHacksPurple, is the best-selling author of Alice and Bob Learn Secure Coding and Alice and Bob Learn Application Security. She is the founder of DevSec Station, a modern learning platform and community built to help software developers master secure... Read More →
Sunday May 31, 2026 1:00pm - 5:00pm PDT
Room 2245 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Workshop

1:00pm PDT

Web App Hacking 101 With Just A Web Browser - Featuring CTF Games and PicoCTF
Sunday May 31, 2026 1:00pm - 5:00pm PDT
Room 2945
Learn beginner web app hacking skills through interactive CTF (Capture The Flag) games! In this half-day workshop, we'll use the PicoCTF education platform (and others) to introduce students to basic web app hacking concepts such as:* Looking into webpage source code* Website cookie hacking* Bypassing insecure login pages* Common data transformation methods* Hijacking files that the webpage loads*...
See More →
Speakers
avatar for Kevin Lee

Kevin Lee

Kevin Lee is a cybersecurity educator and content creator. He has been part of the Vancouver cybersecurity community for the past 5 years and currently teaches beginner's cybersecurity education online through his YouTube channel and livestream content.
Sunday May 31, 2026 1:00pm - 5:00pm PDT
Room 2945 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Workshop

1:30pm PDT

Behind The Dashboard - Tales of Car Hacking
Sunday May 31, 2026 1:30pm - 3:30pm PDT
Room 2270
Bug hunting in the automotive domain is often regarded as one of the more complex areas of offensive security. Despite its growing popularity, there are only a limited number of publicly available training courses focused on automotive security, and even fewer that specifically address vulnerability research and bug hunting in vehicles. As a result, many practitioners are interested in car hacking...
See More →
Speakers
avatar for Kevin Chen

Kevin Chen

Security Researcher
Kevin (Kevin2600) Chen is a penetration tester and security researcher specializing in vulnerability research in wireless and embedded systems. He has presented at numerous conferences, including BSides, DEF CON, and CanSecWest.
Sunday May 31, 2026 1:30pm - 3:30pm PDT
Room 2270 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Workshop

3:00pm PDT

The Women in Security Documentary Movie Screening - Full Length - 75 min
Sunday May 31, 2026 3:00pm - 4:30pm PDT
Room 1900 - Sponsored by Women in Cybersecurity
The Women in Security DocumentaryIn an industry historically dominated by men, The WOMEN IN SECURITY Documentary brings to life the often untold stories of women who have shaped — and continue to reshape — the landscape of cybersecurity, physical security, intelligence, and protective services.Through candid interviews, reenactments of pivotal moments in history, and real-world insights, this...
See More →

Sunday May 31, 2026 3:00pm - 4:30pm PDT
Room 1900 - Sponsored by Women in Cybersecurity
  Movie
 
Monday, June 1
 

9:00am PDT

Opening Keynote - How cybercriminals are winning with AI, and how we get the advantage back
Monday June 1, 2026 9:00am - 10:00am PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
Cyber criminals and fraudsters love generative AI even more than businesses and consumers do. For a scammer, hallucinations and errors are features instead of bugs, and they are using AI to flood the web, and every one of our communication channels, with sophisticated fake content. Users are getting fooled and scammed every day, and the problem is only getting worse. This talk will explore why...
See More →
Speakers
avatar for Shuman Ghosemajumder

Shuman Ghosemajumder

Co-Founder & CEO, Reken
As an early Google employee, Shuman founded the Trust & Safety product group, protecting over 1B users and advertisers, and helped launch Gmail. He was later CTO of Shape Security, whose AI platform protected the world’s largest banks, airlines, and federal agencies. Shape was acquired... Read More →
Monday June 1, 2026 9:00am - 10:00am PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Keynote

9:00am PDT

Corelight’s Capture the Flag Exercise - Building Skills for Success
Monday June 1, 2026 9:00am - 4:30pm PDT
Track 7 - CTF - Room 1600 - Sponsored by Corelight
Overview Bring your team for an immersive lab-based, instructor-led defensive Capture the Flag exercise with Corelight. Participants will dive into one or more real-world scenarios to detect and respond to threats using logs from Corelight’s Open NDR. Agenda ● Introduction to Zeek: Brief overview of Zeek and its role in network security. Understanding how to leverage Zeek data...
See More →
Monday June 1, 2026 9:00am - 4:30pm PDT
Track 7 - CTF - Room 1600 - Sponsored by Corelight 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Capture The Flag

9:30am PDT

Malware then, AI Now: How we engineered our own worst enemy
Monday June 1, 2026 9:30am - 10:00am PDT
Track 6 - Malware Village - Room 1315

Speakers
avatar for Neumann Lim

Neumann Lim

Cybersecurity, World Cyber Health


Monday June 1, 2026 9:30am - 10:00am PDT
Track 6 - Malware Village - Room 1315
  Malware Village

10:00am PDT

KEYNOTE SPEAKER - The AI analysis train is leaving the station: ALL ABOARD!
Monday June 1, 2026 10:00am - 11:00am PDT
Track 6 - Malware Village - Room 1315

Speakers
avatar for Ryan J Chapman

Ryan J Chapman

Managed Threat Hunting, Manager, Palo Alto Networks Unit 42
Ryan Chapman works as Manager for a Managed Threat Hunting Team. Prior to security, Ryan worked as a technical trainer. Ryan enjoys malware analysis, host/network-based forensics, and… just about everything else that has to do with blue team efforts. Outside of work, Ryan spends... Read More →

Monday June 1, 2026 10:00am - 11:00am PDT
Track 6 - Malware Village - Room 1315
  Keynote

10:40am PDT

Adapt Your IR for AI
Monday June 1, 2026 10:40am - 11:00am PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
The 2026 BSides Vancouver theme perfectly captures the current state of enterprise security. As organizations rapidly adopt AI capabilities, the attack surface has expanded far beyond simple chat interfaces and into the core of how businesses operate. Security operations teams are now tasked with defending a complex, multi-layered AI ecosystem, often without the necessary visibility, standardized...
See More →
Speakers
avatar for Ryan Clarke

Ryan Clarke

Principal Incident Response Consultant, Mandiant (Google Cloud)
Ryan is a Principal Incident Response Consultant for Mandiant (Google Cloud). As part of the Incident Response team, he provides emergency services to clients when a security breach occurs. He also conducts purple teams, threat hunts, table top exercises, forensic investigations and... Read More →
avatar for Muhammad Muneer

Muhammad Muneer

Principal Consultant - Incident Response, Mandiant (Now Part of Google Cloud)
As a Principal Incident Response Consultant and the global lead for Threat Hunting Program Development at Mandiant, Muhammad Muneer guides organizations through cybersecurity crises and proactively identifies emerging threats. He has also pioneered and led the development of the Securing... Read More →
Monday June 1, 2026 10:40am - 11:00am PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
  Talk, Track 4
  • Topic AI

10:40am PDT

Advanced SaaS Threats: Case Studies from the Field
Monday June 1, 2026 10:40am - 11:30am PDT
Track 5 - Room 1800
An increasing reliance on SaaS does not always come with the knowledge or motivation needed to secure these services. As businesses move away from on-premise systems, SaaS platforms are increasingly used for business-critical purposes, storing vital, sensitive company information. Organizations continue to underestimate SaaS breach risk, prioritizing ransomware defense while leaving critical SaaS...
See More →
Speakers
avatar for Damien Miller-McAndrews

Damien Miller-McAndrews

Threat Researcher, Obsidian Security
Damien Miller-McAndrews is a Threat Researcher at Obsidian Security, investigating how attackers turn SaaS, identity, and social engineering into fast-moving breaches. He publishes research and practical insights to help security and IT teams better detect, respond to, and... Read More →
Monday June 1, 2026 10:40am - 11:30am PDT
Track 5 - Room 1800
  Talk

10:40am PDT

Hype to Innovation: Quantifying AI Value for the Board
Monday June 1, 2026 10:40am - 11:30am PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA
Boards are being asked to approve major investments in emerging technology. Today it may be AI, tomorrow quantum. Too often these decisions are driven by competitive pressure and promises of innovation, while the cyber implications remain loosely defined or entirely unmeasured. When value, risk, and resilience are not clearly understood, strategic decisions are made on assumptions, placing return...
See More →
Speakers
avatar for Greg Ahira

Greg Ahira

CEO, Fullspeed Technology Inc.
Greg Ahira leads enterprise security transformation at scale across global enterprises including Lundin Mining, GE, Cisco and Webex. He governs product, cloud, OT, incident response, identity and vulnerability programs that align security strategy with measurable business outcomes... Read More →
avatar for Kevin Sahota

Kevin Sahota

Kevin Sahota is a cybersecurity leader with more than 30 years of experience across security operations, threat intelligence, risk, digital forensics, and incident response within highly regulated industries, including financial services, insurance, and critical infrastructure. He... Read More →
Monday June 1, 2026 10:40am - 11:30am PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

10:40am PDT

Sandworms and Other Nonsense: An Eventful Year for npm Supply‑Chain Attacks
Monday June 1, 2026 10:40am - 11:30am PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP
The past year saw an explosion of highly effective malicious‑package attacks. Well‑known libraries were compromised, new versions shipped with additions for crypto theft or data exfiltration. Attackers launched different attacks with each building upon the last becoming more effective with each iteration. We bore witness to the first appearance of the great sandworm, followed by a far worse...
See More →
Speakers
avatar for Megg Sage

Megg Sage

Senior Security Engineer, PagerDuty
Megg is an application security engineer who started out as a web developer. Security drew her in with the endless puzzles and challenges put forth by the field. She loves sharing knowledge, particularly when she can both educate and frighten her audience at the same time. After all... Read More →
Monday June 1, 2026 10:40am - 11:30am PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

10:40am PDT

The Coming AI Catastrophe Won't Be Superintelligence, It Will Look Like Malware
Monday June 1, 2026 10:40am - 11:30am PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
The most imminent and dangerous AI milestone isn't superintelligence — it's fully automated, end-to-end ransomware operations and an ai-breakout self-evolving worm. AI risk researchers in academia and industry are missing the importance of this issue. We may have already crossed (or be about to cross) a threshold where AI enables criminal actors to execute enterprise-wide encryption attacks with...
See More →
Speakers
avatar for Geoff McDonald
Monday June 1, 2026 10:40am - 11:30am PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk
  • Topic AI

11:00am PDT

EXPERT PANEL - Starting a Malware hunter career - Experiences from Experts
Monday June 1, 2026 11:00am - 12:00pm PDT
Track 6 - Malware Village - Room 1315

Speakers
avatar for Douglas Jose Pereira dos Santos
avatar for Leigh Trinity

Leigh Trinity

World Cyber Health

avatar for Chester Wisniewski

Chester Wisniewski

Director, Global Field CISO, Sophos
avatar for Earl Maynard

Earl Maynard

Sr. Strategic Advisor, CCCS

Monday June 1, 2026 11:00am - 12:00pm PDT
Track 6 - Malware Village - Room 1315
  Malware Village

11:10am PDT

Losing Context: A Deep Dive into MCP Session Security
Monday June 1, 2026 11:10am - 11:30am PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
Session Access Control - The Missing Validation Layer: The MCP specification explicitly distinguishes sessions from authentication but provides minimal prescriptive guidance on authorization enforcement. This session will explore the theoretical security implications of this design, where session IDs function similarly to bearer tokens but without the typical security controls.The SDK Security...
See More →
Speakers
avatar for Srikanth Ramu

Srikanth Ramu

Principal Product Security Engineer

I am an Application Security professional with extensive experience in product security, built on a solid foundation in development and QA. During the COVID-19 pandemic, I developed an interest in hunting bugs in open-source libraries specifically targeting Java Deserialization vulnerabilities... Read More →
Monday June 1, 2026 11:10am - 11:30am PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
  Talk, AI

11:40am PDT

Behind the CAPTCHA: Exposing ClickFix and FakeCaptcha Threats
Monday June 1, 2026 11:40am - 12:00pm PDT
Track 5 - Room 1800
ClickFix and FakeCaptcha attacks represent sophisticated social engineering tactics designed to deceive users into performing unintended actions, such as downloading malware or facilitating unauthorized transactions. By exploiting user trust through realistic CAPTCHA prompts or deceptive "click-to-fix" scenarios, attackers are able to bypass traditional security defenses, resulting in malware...
See More →
Speakers
avatar for Greg Leah

Greg Leah

Founder, PrecisionSec
Greg Leah is the Founder of PrecisionSec, a Threat Intelligence startup based in Victoria, British Columbia. Drawing on nearly 20 years of experience in the security industry, Greg has gained a wide range of expertise ranging from reverse engineering and creating complex malware detections... Read More →
Monday June 1, 2026 11:40am - 12:00pm PDT
Track 5 - Room 1800
  Talk

11:40am PDT

Pragmatic Security to enable safety in the era of AI
Monday June 1, 2026 11:40am - 12:30pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA
Grounded in the experience of supporting over 100 AI frontier firms in their security posture, Michael will cover pragmatic approaches to enable security and safety of your organization in the era of AI.This talk will cover in depth, specific recommendations you can use in your organization today in the areas of:AI Program and Risk Management - how to govern AI adoption and risk at your...
See More →
Speakers
avatar for Michael Argast

Michael Argast

Co-Founder and CEO of Kobalt.io, Kobalt.io
Michael is an experienced cybersecurity professional with over 25 years of industry experience. He is the co-founder and CEO of Kobalt Security Inc., a global leader in security, privacy and compliance that builds security programs for small and mid-sized business. Kobalt.io works with over 1000 technology and startup companies to help ensure the security of their organization and cloud infrastructure, address client requirements... Read More →
Monday June 1, 2026 11:40am - 12:30pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

11:40am PDT

Self-Infected Prompt Kiddies: From Script Kiddies to Prompt Kiddies — AI-Powered Cybercrime in the Wild
Monday June 1, 2026 11:40am - 12:30pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
In the age of AI, truth is becoming optional, and cybercriminals are taking full advantage.Today’s threat actors aren’t just buying phishing kits and reusing old malware. They are actively using AI to write convincing lures, generate malicious code, troubleshoot payloads, translate scams into multiple languages, and rapidly iterate campaigns like a software development team.This talk provides...
See More →
Speakers
avatar for Ali Alame

Ali Alame

CTO and Co-Founder, CyberArmor
Ali Alame is a cybersecurity professional and co-founder of CyberArmor, leading threat-hunting initiatives across higher education, municipalities, and enterprise. His work focuses on pre-breach intelligence - detecting phishing kits, compromised credentials, and infostealer telemetry... Read More →
Monday June 1, 2026 11:40am - 12:30pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

11:40am PDT

Server Side Template Injections For Everyone
Monday June 1, 2026 11:40am - 12:30pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP
Server Side Template Injection (SSTI) is a web vulnerability that can be hard to spot, but leads to critical consequences when exploited.  While this class of vulnerability has been documented for more than a decade, new research is constantly demonstrating that this is not a solved problem.  New techniques for finding and exploiting SSTI vulnerabilities made the #1 spot for the 2025 top...
See More →
Speakers
avatar for Wesley Wineberg

Wesley Wineberg

Hacker
Wesley Wineberg is a full time bug bounty hunter, and has over 15 years experience working in information security.  Wes has had various security roles during his career, covering everything from web apps to hardware security but primarily enjoys the offense side of security.
Monday June 1, 2026 11:40am - 12:30pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

11:40am PDT

When the Plan Meets the Incident at Machine Speed: Adapting Police Major Case Management to Cyber Crisis Response
Monday June 1, 2026 11:40am - 12:30pm PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
AI is making attacks faster. Autonomous tooling compresses kill chains that used to take days into hours. Your incident response needs to keep pace, but most organizations have an IRP that covers escalation paths and notification timelines, and nothing that tells you how to actually run the incident at speed.How do you brief a room of 30 people at 2 AM? How do you structure teams so nothing falls...
See More →
Speakers
avatar for Brad Edwards

Brad Edwards

Domain Consultant, Security Operations Transformation, Palo Alto Networks
Brad Edwards is a Domain Consultant at Palo Alto Networks, specializing in security operations. He has 15 years of law enforcement experience as an RCMP constable, including digital forensics and economic crime. After leaving the RCMP, Brad worked as an enterprise software developer... Read More →
Monday June 1, 2026 11:40am - 12:30pm PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
  Talk

12:10pm PDT

sudo vibes : How AI Agents Got Root and Nobody Noticed
Monday June 1, 2026 12:10pm - 12:30pm PDT
Track 5 - Room 1800
Developers are handing AI agents the keys to their build environments. Your peers use Cowork to answer emails. Your parents generate memes from their camera roll. We've let convenience rapidly erode trust and integrity and given AI access through accessibility tools, APIs, and human emulation.When Cowork needs debug access to Chrome and your filesystem, Claude Code runs with your terminal...
See More →
Speakers
avatar for Jake King

Jake King

Founder, minimal.dev
Jake is the former founder of Cmd (a linux endpoint security company) and now founder of Minimal.dev building secure, reproducible and fast dev environments. Jake is a frequent speaker on the topic of Linux & Cloud Security at BSides, RSA, MITRE, and other conferences, as well as an active member of the Vancouver cybersecurity community. An Australian native, Jake studied cybe... Read More →
Monday June 1, 2026 12:10pm - 12:30pm PDT
Track 5 - Room 1800
  Talk

12:45pm PDT

The Women in Security Documentary Movie Screening - 30 min
Monday June 1, 2026 12:45pm - 1:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
The Women in Security Documentary - 30 min versionIn an industry historically dominated by men, The WOMEN IN SECURITY Documentary brings to life the often untold stories of women who have shaped — and continue to reshape — the landscape of cybersecurity, physical security, intelligence, and protective services.Through candid interviews, reenactments of pivotal moments in history, and...
See More →
Speakers
avatar for Penny Longman

Penny Longman

President, WiCyS Western Canada Affiliate
Penny Longman is an award-winning cybersecurity and AI leader and the current President of the Women in Cybersecurity (WiCyS) Western Canada Affiliate. With a career spanning diverse sectors including mining, manufacturing, environmental sciences, data analytics, consulting, financial... Read More →

Monday June 1, 2026 12:45pm - 1:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Movie

1:30pm PDT

Confessing how to build authentic trust in the age of artificial expertise
Monday June 1, 2026 1:30pm - 1:50pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA
AI has democratized "expertise." Developers are using LLMs to ship complex (and potentially insecure) code at record speeds, while security professionals are using them to generate generic policy bloat. The result? A "Dead Internet" corporate culture where nobody trusts anyone, volume replaces value, and friction is at an all-time high.As a software engineer turned security advisor, I have lived...
See More →
Speakers
avatar for Noris Buriac

Noris Buriac

Application Security & DevSecOps Advisor, Forward Security
Known to friends as "NorisGPT", I'm a recovering software engineer turned Security Solutions Consultant at Forward Security. After writing code for the RCMP, Disney, Microsoft, and HP, I transitioned from building enterprise software to driving AppSec and DevSecOps growth. I specialize... Read More →
Monday June 1, 2026 1:30pm - 1:50pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

1:30pm PDT

Building the Local Cybersecurity Community: Meet Up by Meet Up
Monday June 1, 2026 1:30pm - 2:20pm PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
As AI-generated content, deepfakes, and automated systems threaten to disrupt trust and replace the human element of security work, one question becomes urgent: what do we actually have left when the machines can do more and more technical work? The answer might be simpler than you think: each other.Many security professionals try to grow in isolation, building skills, getting certifications, and...
See More →
Speakers
avatar for Farshad Abasi

Farshad Abasi

Founder and CEO, Forward Security and Eureka DevSecOps
Farshad Abasi is the Founder and CEO of Forward Security and Eureka DevSecOps, bringing over 29 years of industry experience to the forefront of cybersecurity innovation. His professional journey includes key technical roles at Intel and Motorola, evolving into senior security positions... Read More →
avatar for Ryan Clarke

Ryan Clarke

Principal Incident Response Consultant, Mandiant (Google Cloud)
Ryan is a Principal Incident Response Consultant for Mandiant (Google Cloud). As part of the Incident Response team, he provides emergency services to clients when a security breach occurs. He also conducts purple teams, threat hunts, table top exercises, forensic investigations and... Read More →
avatar for Sarim Khawaja

Sarim Khawaja

Cyber Security Product Leader, Styx Intelligence
Sarim Khawaja is a Cyber Security Product Leader at Styx Intelligence who suspects the answer to "life, the universe, and effective cybersecurity" involves significantly more community collaboration. As the founder of the White-Hat Security Community and a leader at PM Hive and ISACA... Read More →
avatar for Penny Longman

Penny Longman

President, WiCyS Western Canada Affiliate
Penny Longman is an award-winning cybersecurity and AI leader and the current President of the Women in Cybersecurity (WiCyS) Western Canada Affiliate. With a career spanning diverse sectors including mining, manufacturing, environmental sciences, data analytics, consulting, financial... Read More →
avatar for Amy Tom

Amy Tom

Community Manager, D3 Security
Amy Tom is the Community Manager at D3 and a cybersecurity community builder, focused on bringing practitioners together through meaningful conversations and shared learning. She creates spaces, content, and programs that connect security leaders, SOC teams, and innovators across... Read More →
Monday June 1, 2026 1:30pm - 2:20pm PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
  Panel

1:30pm PDT

Evil AI vs. Open Source Linux: Zero competition in the realm of DNS exfiltration
Monday June 1, 2026 1:30pm - 2:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
In the red corner we have an Evil AI local LLM armed with a client in the right hand and a server in the left.He's notoriously relentless with an unpredictable style fashioning multiple encoding strategies, chunk size tuning and payload throttling.Recent rumors suggest he's managed to unshackle himself from any external dependencies by leveraging Kotlin Native to execute a standalone binary.In the...
See More →
Speakers
avatar for Alan Ilicic

Alan Ilicic

Staff Android Developer, Rivian Automotive
Alan Ilicic is a Staff Android app/OS developer at Rivian with 8 years of experience, specializing in reactive architectures, security and performance optimization. He has a Ph.D. in electrochemical engineering and formerly was a chemistry professor for 8 years where he managed the... Read More →
Monday June 1, 2026 1:30pm - 2:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

1:30pm PDT

Threat Modeling Developer Behaviour: The Psychology of Bad Code
Monday June 1, 2026 1:30pm - 2:20pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP
Security teams threat model systems, but rarely do we threat model the developers building them. What if some of the most persistent AppSec problems aren’t purely technical—but behavioral?This talk dives into the psychology of insecure code, using principles from behavioral economics to explain why developers take risky shortcuts, ignore secure practices, or ship code that “just vibes.”...
See More →
Speakers
avatar for Tanya Janca

Tanya Janca

Security Trainer and Founder, She Hacks Purple & DevSec Station
Tanya Janca, known online as SheHacksPurple, is the best-selling author of Alice and Bob Learn Secure Coding and Alice and Bob Learn Application Security. She is the founder of DevSec Station, a modern learning platform and community built to help software developers master secure... Read More →
Monday June 1, 2026 1:30pm - 2:20pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

1:30pm PDT

Trust No Schema: Finding the Truth in Raw SQLite Binary.
Monday June 1, 2026 1:30pm - 2:20pm PDT
Track 5 - Room 1800
In a landscape where digital reality is increasingly “optional,” the structures we rely on, like database schemas, can be deceptive, corrupted, or missing entirely. When the standard query layer fails and SELECT * returns nothing, most analysts assume the truth is gone. This session is for those who refuse to accept that conclusion.We will bypass the "optional reality" presented by database...
See More →
Speakers
avatar for Marcelo Caiado

Marcelo Caiado

Cybersecurity Leader and Digital Forensics Expert, MPF
Marcelo Caiado is a seasoned cybersecurity expert and educator with over 25 years of experience in digital forensics, incident response, and information security leadership. He currently serves as an Adjunct Professor at the New York Institute of Technology (NYIT) in Vancouver, where he teaches Dig... Read More →
Monday June 1, 2026 1:30pm - 2:20pm PDT
Track 5 - Room 1800
  Talk

1:30pm PDT

WORKSHOP - Binary Exploitation
Monday June 1, 2026 1:30pm - 4:30pm PDT
Track 6 - Malware Village - Room 1315
WORKSHOP - Binary Exploitation - Leigh Trinity
Speakers
avatar for Leigh Trinity

Leigh Trinity

World Cyber Health


Monday June 1, 2026 1:30pm - 4:30pm PDT
Track 6 - Malware Village - Room 1315
  Malware Village

2:00pm PDT

Canada's First Cyber Security Case
Monday June 1, 2026 2:00pm - 2:50pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA
In 1975, the University of Alberta received its first computer: an Amdahl 470 V/6 complete with three hundred terminals spread across the campus made available to 3,500 students and faculty. While one of the first notable things it was used for was to play chess, it also became important in establishing computer crime law in Canada. When a student was caught stealing time from the shared system,...
See More →
Speakers
avatar for Cariad Heather Keigher

Cariad Heather Keigher

Lead, Logging & Analytics, Security Infrastructure, Teck Resources Ltd.
Cariad has worked in the cyber security field for a decade and a half and is a technology lead at an international natural resources company. Her career has had her engaging in digital forensics, incident response, engineering, penetration testing, and consulting. In her spare time... Read More →
Monday June 1, 2026 2:00pm - 2:50pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

2:30pm PDT

Faces in the Fog: Identifying Users through Unconventional Means
Monday June 1, 2026 2:30pm - 3:20pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP
User enumeration remains one of the most prevalent yet under-discussed application security vulnerabilities across industries and organizations worldwide. Despite its critical role in the security landscape, many security teams overlook the implications of this core security flaw.This talk will demystify user enumeration by exploring its various types, attack methods, and real-world impact on...
See More →
Speakers
avatar for Justin Larson

Justin Larson

Principal Application Security Engineer, Redpoint Security
Justin Larson is a Principal Application Security Consultant with Redpoint Security. He started his career bouncing servers in the NOC of a SaaS company. He moved to the information security team within the same organization and then transitioned to specialize in application security... Read More →
avatar for Seth Law
Monday June 1, 2026 2:30pm - 3:20pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

2:30pm PDT

Finding Public Files… That Were Never Meant to Be Public
Monday June 1, 2026 2:30pm - 3:20pm PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
What if your most sensitive information wasn’t hacked, stolen, or exfiltrated—but quietly made public through everyday business processes? This talk examines how sensitive files routinely escape into the public eye via search engines, file-hosting platforms, misconfigured cloud services, shared drives and servers, URL shorteners, forgotten upload paths, and other overlooked exposure...
See More →
Speakers
avatar for Ionatan Waisgluss

Ionatan Waisgluss

OSINT Analyst, C3SA Cyber Security & Audit | Shadow Investigations Ltd.


Monday June 1, 2026 2:30pm - 3:20pm PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
  Talk

2:30pm PDT

Rebooting Resilience: Fixing Burnout Before It Crashes Your System
Monday June 1, 2026 2:30pm - 3:20pm PDT
Track 5 - Room 1800
In tech, pushing hard is often part of the culture. Tight deadlines, constant change, and the pressure to keep up can make “running on fumes” feel normal. But when stress stops being temporary and starts feeling relentless, it may be more than just a busy season; it may be burnout.This talk breaks down what burnout really is (and what it isn’t), in clear, practical terms. We’ll explore how...
See More →
Speakers
avatar for Nicole Che

Nicole Che

Co-Clinical Director, Registered Clinical Counsellor, Brentwood Counselling Centre
Nicole is a Registered Clinical Counsellor with the BC Association of Clinical Counsellors and holds a Master's Degree in Counselling Psychology, who works with anxiety, depression, relationships and trauma. Nicole helps individuals strengthen their boundary-setting skills, identify... Read More →
avatar for Leah Liu

Leah Liu

Co-Clinical Director, Registered Clinical Counsellor, Brentwood Counselling Centre
Leah holds a Master of Arts in Counselling Psychology degree, and she is a Registered Clinical Counsellor of the BC Association of Clinical Counsellors. Leah has vast experience in supporting people with stress management, anxiety and depression regulation, boundary-setting, and relationship... Read More →
Monday June 1, 2026 2:30pm - 3:20pm PDT
Track 5 - Room 1800
  Talk

2:30pm PDT

When Reality Becomes Optional: AI Threat Modeling That Actually Works
Monday June 1, 2026 2:30pm - 3:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
Every security framework tells you to threat model. Almost nobody does it consistently. The reasons are always the same: it's time-consuming, requires specialized expertise, and doesn't scale.We developed an end-to-end AI threat modeling pipeline to address these challenges. Leveraging LLMs through the Model Context Protocol (MCP), our system analyzes architecture diagrams and codebases to...
See More →
Speakers
avatar for Sebastian Finch

Sebastian Finch

Student, Associate Ethical Hacker, SFU, PacketLabs
Seb is an Ethical Hacker with a keen interest in offensive and defensive security who is pursuing his Masters in Cybersecurity. He is an engaging speaker who has done several talks on campus, as well as facilitating recurring university groups for cybersecurity. 
avatar for Oliver Stutz

Oliver Stutz

Student, CTO, SFU, Priverion
Oliver is a CTO who assists enterprises and startups in safeguarding their security, with a background in building banking-grade systems. Drawing on extensive hands-on experience with real-world threats, he integrates risk management and compliance into practical, resilient solutions... Read More →
Monday June 1, 2026 2:30pm - 3:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

3:00pm PDT

Why NIST Maturity Score May Mislead You (Is it budget well-spent to repeat your NIST assessment annually in the age of AI?)
Monday June 1, 2026 3:00pm - 3:20pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA
Cybersecurity maturity scores, frequently presented to executive leadership and boards, are often tied to the National Institute of Standards and Technology (NIST) framework and the Capability Maturity Model Integration (CMMI) scale. Organizations often use these scores—sometimes oddly accurate as 2.59 moving to precisely 2.73 —as a definitive stamp of achievement. The pursuit of external...
See More →
Speakers
avatar for Golnaz Elahi

Golnaz Elahi

Principal Strategic Security Consultant, Mandiant (Google Cloud)
Golnaz is a principal strategic cybersecurity advisor with Mandiant Canada (part of Google Cloud). Golnaz has 15 years of experience in the cybersecurity field, from early years in ethical hacking to technical and executive level consulting at Big4 firms, inhouse security office officer... Read More →
Monday June 1, 2026 3:00pm - 3:20pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

3:30pm PDT

Finding the AI Systems No One Approved
Monday June 1, 2026 3:30pm - 3:50pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
AI is entering enterprises through side doors, not front gates. Long before legal reviews, vendor assessments, or security sign-off, employees are spinning up local coding assistants, connecting to external model servers, and assembling multi-agent workflows that operate entirely outside formal governance.This session explores practical agentic fingerprinting, and how security teams can uncover AI...
See More →
Speakers
avatar for Giuseppe Trovato

Giuseppe Trovato

Head of Research, Geordie AI
Giuseppe Trovato is Head of Research at Geordie AI, where he focuses on AI-driven security and the intersection of agentic AI and software security. Previously, he spent over a decade at  leading vulnerability research and application security initiatives. Originally from Sicily... Read More →
Monday June 1, 2026 3:30pm - 3:50pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

3:30pm PDT

How to get decades-long security in a consumer device: breaking locks and using the courts
Monday June 1, 2026 3:30pm - 3:50pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA
Consumer devices like phones, routers, and computers are built to last only a few years.  Not because the hardware falls apart, but because, after a few years, manufacturers refuse to update the software.  In most cases they also prevent you from updating the software yourself.  This creates huge amounts of e-waste, and significant added expense for people who would rather keep the...
See More →
Speakers
avatar for Denver Gingerich

Denver Gingerich

Director of Compliance, Software Freedom Conservancy
Denver is a software right-to-repair activist who is currently Director of Compliance at Software Freedom Conservancy, where he enforces software right-to-repair licenses such as the GPL, and is also a director of the worker co-operative that runs JMP.chat, a FOSS phone number (texting/calling... Read More →
Monday June 1, 2026 3:30pm - 3:50pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

3:30pm PDT

Jailbreak the Jailbreaker: Autonomous AI Red Teaming
Monday June 1, 2026 3:30pm - 3:50pm PDT
Track 5 - Room 1800
We explore how AI systems can automatically mutate and refine their own prompts to bypass defenses more effectively over time, showing how repeated adversarial testing dramatically increases jailbreak success rates. Through this process, it becomes clear why static guardrails and fixed policy layers quickly collapse when faced with recursive, adaptive probing. Finally, we examine what this means...
See More →
Speakers
avatar for Mrigakshi Goel

Mrigakshi Goel

Finning International

Jailbreak the Jailbreaker: Autonomous AI Red Teaming


Monday June 1, 2026 3:30pm - 3:50pm PDT
Track 5 - Room 1800
  Talk

3:30pm PDT

The Velocity Paradox: Why More Scanners Lead to Worse Outcomes
Monday June 1, 2026 3:30pm - 3:50pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP
Machine-speed output + Human-speed oversight. That's the structural mismatch defining application security in 2026. Security budgets are at record highs, 100% tooling coverage is our never-ending future state, but many organizations are experiencing worse security outcomes. Our industry's popular narrative says AI-generated code demands more aggressive scanning. This is the wrong framing. The...
See More →
Speakers
avatar for Francis Ofungwu

Francis Ofungwu

CEO, Efeeo
Francis Ofungwu is the CEO and Founder of Efeeo, where he is building the relational foundation for the AI era. With over 20 years of experience leading cybersecurity at scale for organizations like GitLab, Salesforce, and Rackspace, Francis has spent his career threading the needle between "move fast" engineering cultures and the rigorous mandates of highly regulated industries... Read More →
Monday June 1, 2026 3:30pm - 3:50pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

3:30pm PDT

A Guide to AI Red Teaming in 2026: Why Traditional Pentest Assumptions Fail
Monday June 1, 2026 3:30pm - 4:20pm PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
Organizations are rapidly deploying AI-powered chatbots, copilots, and agentic workflows - often faster than security teams can adapt their testing practices. Traditional pentesting assumes deterministic systems, stable input/output schemas, and well-defined trust boundaries. Those assumptions no longer hold when natural language becomes both the interface and the attack surface, and when models...
See More →
Speakers
avatar for Jugal Lad

Jugal Lad

Security Analyst, Application Security, Mirai Security Inc.
I am a Security Analyst at Mirai Security Inc., taking my early steps in cybersecurity and aiming to help organizations strengthen their security posture. My work involves conducting security assessments, identifying vulnerabilities, and providing actionable security insights and... Read More →
Monday June 1, 2026 3:30pm - 4:20pm PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
  Talk

4:00pm PDT

Beyond Regex: Using LLMs to Add Context to DLP
Monday June 1, 2026 4:00pm - 4:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
Traditional DLP is great at catching known patterns like SSNs, credit cards, and obvious secrets, but many of today’s most damaging leaks aren’t “pattern-shaped.” They’re high-context artifacts: internal research, design docs, incident notes, and strategy memos that become sensitive because of what they mean and how they combine. In cloud-native collaboration platforms, sharing is...
See More →
Speakers
avatar for Alex Vazquez

Alex Vazquez

Senior Security Engineer, Snap Inc
Raised in Vancouver and based in Seattle, I graduated from UBC in Electrical Engineering and got into security through CTFs and pentesting. I’m currently a Security Engineer at Snap Inc and previously a Security Engineer at Microsoft. I focus on AI security and data protection... Read More →
Monday June 1, 2026 4:00pm - 4:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

4:00pm PDT

Follow the Engineer: Delivering Security Intelligence Over MCP
Monday June 1, 2026 4:00pm - 4:20pm PDT
Track 5 - Room 1800
Open source runs the world. AI now ships most of the code. That means security decisions are happening inside the tools engineers already use, not in dashboards or tickets. The problem is no longer finding vulnerabilities. It is delivering the right remediation guidance at the exact moment an engineer can act.This talk is a field report from building open patterns for that delivery. We built...
See More →
Speakers
avatar for Ankit Kumar

Ankit Kumar

Co-Founder & CEO, Emphere
Ankit Kumar is a security software engineer and cofounder of Emphere, building automation that closes the gap between vulnerability discovery and applied fix. His work focuses on dependency reachability and fix synthesis across application code, language runtimes, native libraries... Read More →
Monday June 1, 2026 4:00pm - 4:20pm PDT
Track 5 - Room 1800
  Talk

4:00pm PDT

SameSite... Or Not? Exploring novel bypasses for SameSite cookie protections
Monday June 1, 2026 4:00pm - 4:20pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP
SameSite cookies are often relied upon too heavily to prevent cross-site request forgery, yet, due to browser implementations, they can be included in unexpected requests. This talk demonstrates novel bypass techniques, including a Chrome CVE discovered during while researching these methods. Attendees  will gain an understanding of the impacts on real-world applications, and how to protect...
See More →
Speakers
avatar for Vincent Dragnea

Vincent Dragnea

Application Security Consultant, Forward Security
Vincent is an application security consultant at Forward Security. He has 7 years of experience as a security researcher, since making the leap to cybersecurity from a software development background. Always eager to learn more, and OSWE-certified, Vincent loves to find creative exploits... Read More →
Monday June 1, 2026 4:00pm - 4:20pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

4:00pm PDT

When Trust Is Outsourced: Security in the Age of Third-Party Everything
Monday June 1, 2026 4:00pm - 4:20pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA
Most organizations invest heavily in securing their own networks, identities, and endpoints — yet depend on dozens or hundreds of external vendors to operate day-to-day. In practice, some of the most sensitive data and critical processes live outside the organization’s direct control. Attackers know this and increasingly target third parties, service providers, and support channels as the path...
See More →
Speakers
avatar for Ankan Garg

Ankan Garg

Senior GRC Analyst, Lululemon
Ankan Garg is a cybersecurity practitioner specializing in Third-Party Risk Management (TPRM), cloud security, and governance. He works with organizations to evaluate the security posture of vendors, SaaS platforms, and supply chains that underpin modern digital services.In addition... Read More →
Monday June 1, 2026 4:00pm - 4:20pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

4:30pm PDT

Why Your Best Detection Tool Is Critical Thinking
Monday June 1, 2026 4:30pm - 4:50pm PDT
Track 5 - Room 1800
Every year we get faster tools, better dashboards, and more detections. And every year, analysts still miss things. Not because the tools failed, but because the thinking did.Cybersecurity borrowed heavily from the military: the Kill Chain, MITRE ATT&CK, red teaming, threat intelligence. But we skipped one of the most important things the intelligence community invested in: teaching their analysts...
See More →
Speakers
avatar for Klaus Wunder

Klaus Wunder

Principal Cyber Defence Analyst, SECUINFRA
With nearly two decades in cybersecurity, Klaus has gone from configuring firewalls to protecting industrial control systems where breaches cost safety, not just data. That journey gives him a full-spectrum perspective on security operations. He guides teams through complex incidents... Read More →
Monday June 1, 2026 4:30pm - 4:50pm PDT
Track 5 - Room 1800
  Talk

4:30pm PDT

Can LLMs Really Find IDORs? Limits of AI Security Reasoning
Monday June 1, 2026 4:30pm - 5:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
Can AI actually find IDORs in real code? We tested top coding agents against real-world apps—and the results were mixed. The models discovered genuine vulnerabilities, but also generated large numbers of false positives and inconsistent findings. By dissecting results across multiple authorization complexity levels, we show where LLMs shine, where they fail, and why IDORs remain a uniquely hard...
See More →
Speakers
avatar for Vasilii Ermilov

Vasilii Ermilov

Senior Security Researcher, Semgrep
Vasilii Ermilov (@ermil0v) is a Senior Security Researcher at Semgrep, a startup working on open source static analysis tools that fit the modern developer workflow. Having more than a decade of experience in web application development for enterprises, governments and startups he... Read More →
Monday June 1, 2026 4:30pm - 5:20pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

4:30pm PDT

Identity and security lessons learned from securing AI in the cloud; Ten new frameworks for problems we solved twenty years ago
Monday June 1, 2026 4:30pm - 5:20pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA
In an age where everyone wants the positive deterministic benefits of the latest models, and are embracing solutions where AI agents are essentially confused deputies with PhDs and personality disorders, what are some of the lessons we learned in 2006 and how can we help to apply these towards building systems rooted in strong security principles?This talk cuts through FUD and marketing. What's...
See More →
Speakers
avatar for Brodie McRae

Brodie McRae

Principal Security Engineer, AWS
A returning speaker, Brodie's been in the Vancouver security community since before our first BSides; a simpler time, when people worked in "security" and anyone who said the word "crypto" knew it meant cryptography. From national network core security, to radio hacking, to OWASP... Read More →
Monday June 1, 2026 4:30pm - 5:20pm PDT
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

4:30pm PDT

The Heartbeat is Lying: Proving Physical Truth in a Spoofed OT Network
Monday June 1, 2026 4:30pm - 5:20pm PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
In any complex environment where industrial systems and traditional IT networks meet, we rely on digital signals to tell us the status of physical hardware. We trust our security dashboards to show that a system is running within safe parameters, essentially treating the digital display as the absolute truth. However, as these systems become more integrated, a new challenge emerges where the...
See More →
Speakers
avatar for Parisa Saqib

Parisa Saqib

Parisa Saqib is a Cybersecurity Analyst at BCIT and the Associate Director of Communication for ISACA Vancouver. She holds a Bachelor’s Degree in Digital Forensics and Cybersecurity and a diploma in Industrial Network Cybersecurity. As an ISACA Scholar, her work is driven by a commitment... Read More →
Monday June 1, 2026 4:30pm - 5:20pm PDT
Track 4 - Room 1700 - Sponsored by Aikido Security
  Talk

4:30pm PDT

Turning the dial on SAST: Reducing False Positives with Call Graph–Driven LLM Reasoning
Monday June 1, 2026 4:30pm - 5:20pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP
Static analysis tools are an integral part of modern-day software development processes to find bugs and security vulnerabilities. However, they suffer from a drawback: false positive findings. False positives are findings that are incorrectly identified by the static analysis tools as a vulnerability. Such alerts may waste developers' time and effort since these are not exploitable and need no...
See More →
Speakers
avatar for Vrushal Nedungadi

Vrushal Nedungadi

Application Security Analyst, Forward Security
Vrushal is a cybersecurity practitioner and researcher with a strong interest in software supply-chain security. With a strong background as a software developer in industry, he is now transitioning into offensive security. Outside of work, Vrushal enjoys reading and writing works... Read More →
avatar for Iman Sharafaldin

Iman Sharafaldin

Application Security Lead, Forward Security
Iman specializes in analyzing, designing, testing, and optimizing secure systems across a wide range of business and technical environments. He has more than ten years of experience in cybersecurity, and his work has garnered over 8,000 citations, reflecting his significant contributions... Read More →
Monday June 1, 2026 4:30pm - 5:20pm PDT
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - Hosted by OWASP 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Talk

5:00pm PDT

More Legit than Legit: The Threat of Crafted Impersonations
Monday June 1, 2026 5:00pm - 5:20pm PDT
Track 5 - Room 1800
Modern email attacks do not succeed by looking sneaky. They succeed by being trustworthy. Over the past year, threat actors have gotten better at building organized campaigns with context that holds up even under careful scrutiny. By mimicking legitimate email threads, standing up polished infrastructure, and delivering content that is timely and relevant, they make it harder than ever for a...
See More →
Speakers
avatar for Brian Baskin

Brian Baskin

Threat Researcher, Sublime Security
Brian Baskin is a Threat Researcher with a specialty in incident response, threat intel, and malware analysis. Baskin was previously an intrusions analyst for the US Defense Cyber Crime Center (DC3) and a threat research lead at Carbon Black's Threat Analysis Unit (TAU). He has studied... Read More →
Monday June 1, 2026 5:00pm - 5:20pm PDT
Track 5 - Room 1800
  Talk

5:20pm PDT

Closing Ceremonies
Monday June 1, 2026 5:20pm - 6:00pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
BSides Vancouver 2026 Closing Ceremonies
Monday June 1, 2026 5:20pm - 6:00pm PDT
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io 515 W Hastings St, Vancouver, BC V6B 5K3, Canada
  Keynote

6:00pm PDT

BSides Vancouver 2026 After Party Sponsored by Veeam
Monday June 1, 2026 6:00pm - 9:00pm PDT
The Rogue
Our BSides Vancouver 2026 After Party sponsored by Veeam.

Including Hacker Jeopardy sponsored by TMU - Rogers Catalyst.
Monday June 1, 2026 6:00pm - 9:00pm PDT
The Rogue 601 W. Cordova, Vancouver, British Columbia
  After Party
 
  • Filter By Date
    May 31 - Jun 1, 2026
  • Filter By Venue
    515 West Hastings Street, Vancouver, BC, Canada
    All
    Room 1600
    Room 1900 - Sponsored by Women in Cybersecurity
    Room 2200
    Room 2245
    Room 2270
    Room 2945
    The Rogue
    Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
    Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA
    Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - H
    Track 4 - Room 1700 - Sponsored by Aikido Security
    Track 5 - Room 1800
    Track 6 - Malware Village - Room 1315
    Track 7 - CTF - Room 1600 - Sponsored by Corelight
  • Filter By Type
    After Party
    Capture The Flag
    Keynote
    Malware Village
    Movie
    Panel
    Talk
    All
    AI
    Track 4
    Workshop
  • Topic
    AI
  • Timezone

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Meeting Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Sunday, May 31
Monday, June 1
Room 1600
Room 1900 - Sponsored by Women in Cybersecurity
Room 2200
Room 2245
Room 2270
Room 2945
The Rogue
Track 1 - AI Track - Room 1900 - Sponsored by Kobalt.io
Track 2 - GRC Track - Room 1400/1410 - Sponsored by Iron Spear - Hosted by ISACA
Track 3 - AppSec Track - Room 1420/1430 - Sponsored by Google Cloud Security - H
Track 4 - Room 1700 - Sponsored by Aikido Security
Track 5 - Room 1800
Track 6 - Malware Village - Room 1315
Track 7 - CTF - Room 1600 - Sponsored by Corelight
  • After Party
  • Capture The Flag
  • Keynote
  • Malware Village
  • Movie
  • Panel
  • Talk
  • Workshop
  • Topic
  • AI