Security talks that are equal parts edge-of-your-seat and actionable. No death by PowerPoint. Real stories, live demos, and takeaways your team can use Monday morning.
Each talk is tailored to your audience. These are starting points, not scripts. I also build custom CTFs and training programs from scratch.
AI is changing the speed and scale of attacks. I walk through real examples of AI-powered phishing, reconnaissance, and vulnerability discovery, drawing on my background in AI security research and the tools I build and use daily.
How AI tools change the pen testing workflow. From automated recon to AI-assisted exploit development. Live demos of tools I've built and use in real engagements, informed by hundreds of pen tests across every assessment type.
How attackers compromise the software you trust before it ever reaches your environment. I cover real supply chain attacks, the growing role of AI in both attacking and defending the pipeline, and what your team should be watching for.
The elevator that locked me between floors. The badge clone that worked a little too well. 20 years of breaking into companies means 20 years of things not going to plan. Your audience will laugh, cringe, and leave thinking differently about their own security.
Phishing, pretexting, physical infiltration. I've cloned badges, talked my way past front desks, and built phishing campaigns that bypassed every technical control. I show your audience exactly how it works and what makes people fall for it.
What happens when you test privacy controls at massive scale. Offensive privacy testing methodologies, the gaps most companies don't know they have, and what it takes to find them before regulators do.
Your CEO and your SOC analyst should both walk away understanding exactly what happened and what to do about it. That only works if you can tell the story right.
Kerberoasting attack via SPN- associated service account with weak RC4-HMAC encryption yielded a TGS ticket that was cracked offline, providing cleartext credentials to a domain service account with DCSync privileges on the primary domain controller.
Your company has an internal system that hands out temporary passes to employees so they can access different services. We asked for one of those passes, took it home, and figured out the password it was based on. That password belonged to an account with the keys to the entire building. We used it to make a copy of every employee's credentials in the company. The fix is straightforward: stronger passwords on service accounts and disabling the outdated encryption that made the pass easy to crack.
The talk your attendees will be quoting in the hallway afterward. Real demos, real attack scenarios, real stakes.
Laptops open, code running. Your team leaves with working tools and a new way of thinking about security problems.
Behind closed doors with your leadership team. Your threat landscape, your blind spots, your action plan. NDA available.
Every engagement is tailored to your audience, your industry, and your objectives. Tell me who's in the room and what keeps them up at night. I'll handle the rest.