ATLSECCON 2025

In the cybersecurity industry, people are described as a weak link leading to cyber-attacks, and the most effective way to reduce risk is to implement the latest and greatest technology. But on average, more than 1 in 5, or 20%, malicious phishing emails leak through filters and into people’s inboxes. Coupling this with Verizon’s Data Breach Report findings that 82% of all cyber breaches involve the human element led by social engineered attacks, focusing on motivating people to spot and stop these attacks has never been more relevant.  


It’s time to change the narrative that people are the problem – they’re your organizations’ best asset to spotting and stopping cyber-attacks that evade technology controls.  


To effectively manage risk, you must understand further than the technology implemented when creating successful cybersecurity programs. If humans are the target of attacks, then the best way to stay ahead of social engineering antics is to know how humans are programmed to think.  


Our brains are wired with mental shortcuts that have, over the millennia, helped us conserve resources and implement survival strategies. However, leaning too heavily on these shortcuts creates biases that can lead to flawed decision-making – particularly when it comes to cyber risk. One of the riskiest groups of employees is new hires. They possess preconceived notions like "Beginner's Bubble" (the Dunning-Kruger Effect), anchoring or optimism bias. The solution to lowering that risk is to apply a motivation-based approach supported by proven frameworks in neuroscience, biology, psychology, and behavioral economics. 


This presentation will provide security professionals, leaders, and program administrators with proven frameworks and methodologies like SCARF that they can integrate into awareness programs without additional tools or solutions. We will share what we’ve uncovered in our work with independent cybersecurity researchers and organizations worldwide, provide actionable insights for attendees to bring back to their programs, and challenge ideas to help drive the next evolution of cybersecurity awareness. 

Teamwork makes the dream work. Unfortunately, for cyber teams, we prioritize technical skill over all else.

As expectations and stakes have grown, we need technical experts to function in a team more then ever. In this session, a cyber leader and former NFL Linebacker, will discuss:

1. The details of great teamwork and how this could apply to our current cyber culture. 
2. A poll of 1,500 cyber consultants were polled to get a "current" state of our teams.
3. Advice for how to build culture in a positive manner.

Through the journey of a Cyber Curious Business Analyst (BA), you’ll have an introduction to some of the tools, techniques and approaches that can be used to bring visibility to and acceptance of, security & privacy needs, controls and requirements starting at the discovery stage and onward throughout the lifecycle of a project. This talk will discuss some of the benefits of building an alliance with a Cyber Curious BA who already speaks the language of the business and who can help build a security and privacy aware culture from the middle outward in ways you may not have seen before. This presentation will be of interest to C-Suite, Project / Program Leadership, Security & Privacy Leads and their team, students looking to break into the industry, professionals wanting to pivot into the industry from other roles and of course, other Cyber Curious Business Analysts!

Modern project management and delivery practices struggle to find value when it comes to security's role in delivering initiatives for clients and organizations. Too often, we are added too late in the project and design lifecycle where any controls become too costly, or drive schedules too far right, to implement. So how can we fix this?

System Security Engineering (SSE)! By using a system engineering based methodology, and applying sound engineering principles, there is a more effective, cost efficient and schedule friendly approach we can apply that provides better security assurance to our clients and employers.

This presentation will look at the fundamental, guiding principles of the SSE in engineering trustworthy and secure systems. Pulling from the principles of NIST SP 800-160 rev.2, vol.1, this presentation will look at how integration of security within the different lifecycle phases of a design or project can help remedy this age old question plaguing security professionals.

In cybersecurity, we often focus on tools, tactics, and technical skills, but the heart of our field lies in its people. Community and culture are the often-overlooked forces driving innovation, resilience, and collaboration. In this talk,I’ll share how, in my experience, community is key to helping individuals grow and groups thrive, and how cybersecurity’s unique culture of support can help you grow both personally and professionally. Drawing from years of experience in community building, I’ll share lessons learned, practical strategies, and real-world examples to highlight why investing in relationships—both within and beyond the workplace—is an investment in the future of cybersecurity.