It’s that time of year again: hackers, infosec enthusiasts, vendors, security professionals, journalists, cyber aficionados, government officials, researchers, and students alike are converging on Las Vegas, NV for what’s known as “Hacker Summer Camp.”
The triad conferences of Black Hat, DEF CON, and BSidesLV bring together thousands of cyber and security stakeholders for panels, workshops, trainings, and more to exchange information and insights on the digital ecosystem. The Institute for Security and Technology (IST) joins our colleagues in the desert each year to share our research, learn from technical experts, and connect with our growing network of stakeholders and partners from across the cyber ecosystem.
Here’s where you can find IST and partners this August.
BSides LV
From Me to We
Monday, August 4 at 9:30 AM PDT
Track: Breaking Ground
You break into a cybersecurity career by trying to be the best you, but it is your team, users, and the community that will make you truly great: why security works the way it does (or doesn’t), technical and organizational approaches that do work, and how to take care of yourself through it all. IST Senior Adjunct Technical Advisor Bryson Bort hosts an interactive keynote – come with your questions!
Setting the Table – WarGames 2027 & Maslow’s Hierarchy of Needs as Hybrid Warfare Nears
Monday, August 4 at 10:00 AM PDT
Track: I Am The Cavalry
Shall we play a game? This “choose your own adventure” session with IST Executive in Residence for Public Safety and Resilience Joshua Corman and Bryson Bort tackles the fast approaching reality of destructive cyberattacks on Lifeline Critical Functions like water, power, and emergency care.
Power Play: AI Dominance Depends on Energy Resilience
Tuesday, August 5 at 11:00 AM PDT
Track: I Am The Cavalry
IST Adjunct Senior Advisor for Cyber and Supply Chain Risk Munish Walther-Puri and Idaho National Lab Chief Scientist Dr. Emma Stewart explore how energy infrastructure forms the backbone of resilient and robust AI ecosystems and challenges like transformer shortages and foreign dependencies threaten AI ecosystems and national security. We’ll examine how disruptions in the energy sector can cascade across AI development, national security, and global competitiveness. By focusing on the often-overlooked role of power infrastructure, including the critical shortage of domestic sourced electrical equipment such as transformers, they’ll reveal how energy resilience is the true key to AI dominance beyond algorithms and computing power.
What should CVE be when it grows up?
Tuesday, August 5 at 1:00 PM PDT
Track: Breaking Ground
The CVE Program is a pillar of the cybersecurity ecosystem. For more than a quarter century, it has provided an authoritative source of data about vulnerabilities for software users. It is also critical for continuing to drive security into the design and development process. However, over the last 18 months, both the CVE Program and the U.S. National Vulnerability Database have faced funding challenges. And despite its criticality and the large community both active in and reliant on the program, it has been subject to persistent criticisms over a lack of accountability and communication. At the same time, developments in the European Union have led to the creation of the EU Vulnerability Database. Congress has taken note, and in June, members requested a formal audit of the program. In a keynote panel IST Senior Vice President for Digital Security Strategy Bob Lord moderates a conversation with Github Senior Security Manager at Github Madison Oliver, CISA Senior Technical Director Chris Butera, Cisco Security Principal Engineer in the Threat Detection & Response Business Group Jerry Gamblin, and runZero Vice President of Security Research Tod Beardsley. What are the challenges facing the CVE Program and how can they be overcome? What should policymakers and auditors consider as they evaluate paths forward? How do we avoid international balkanization of the CVE Program? What are new governance models that should be considered?
End of Life (EOL) Equipment should not mean End of Life (Your Life)
Tuesday, August 5 at 6:00 PM PDT
Track: I Am The Cavalry
As digital infrastructure ages, a growing number of critical systems across sectors—from healthcare and manufacturing to energy and transportation—continue to rely on end-of-life (EOL) equipment that no longer receives security updates or vendor support. These legacy systems often harbor “forever-day” vulnerabilities: known flaws for which no patches exist and none are forthcoming. The persistence of these unfixable weaknesses poses a significant and growing threat to national security, public safety, and economic stability. IST Adjunct Senior Threat Advisor Silas Cutler, Paul Roberts, and Consumer Reports Policy Fellow Stacey Higginbotham discuss.
Cyber Civil Defense: Volunteers to the Rescue
Wednesday, August 6 at 10:00 AM PDT
Track: I Am The Cavalry
Nonprofits, frequently overlooked and unprotected, are embedded in critical sector supply chains, creating cascading failures across critical services that threaten the communities that rely on them. This presentation by UC Berkeley Center for Long-Term Cybersecurity (CLTC) Public Interest Cybersecurity Fellow Grace Menna will discuss nonprofits’ growing cybersecurity challenges, highlight their needs for cybersecurity investment and policy support from more capable actors, share the creative workarounds nonprofits currently employ to secure their systems with limited resources, and outline how hackers and security researchers can get involved in the fight to protect them.
Time is Running Out – Tying it All Together – What Will You Do in the Near Term?
Wednesday, August 6 at 11:00 AM PDT
Track: I Am The Cavalry
Hosted by Joshua Corman, this portion of the I Am The Cavalry track at BSidesLV is focused on no-kidding short-term measures to take to reduce risk. We have discussed water, urgent and emergency care, energy, public safety, household resilience and more. What actions can you take this month to protect your community, your family, yourself? What about next month? What about October? Ongoing, incremental steps can materially reduce risk.
Manufacturing Breakthroughs: How Conflict Leads to Innovation
Wednesday, August 6 at 11:30 AM PDT
Track: Ground Truth
What if cybersecurity’s biggest challenges—supply chain vulnerabilities, dark web economies, critical infrastructure risks—already have solutions? The problem isn’t finding new answers; it’s identifying existing ones systematically. This talk by Munish Walther-Puri introduces TRIZ (Theory of Inventive Problem Solving), an engineering-based methodology that resolves contradictions and forecasts innovation patterns to tackle complex problems effectively. Think of the contradiction matrix as a “decision tree for conflicts,” helping you navigate dilemmas like “secure but open” or “privacy vs functionality.” Patterns of evolution act as “forecasting the weather in technology,” enabling professionals to anticipate emerging risks and opportunities.
Attendees will learn how TRIZ can be applied to secure software supply chains, analyze underground economies on the dark web, design resilient critical infrastructure during natural disasters, and protect sensitive data while balancing privacy concerns. Through vivid case studies—including anti-phishing strategies and internal data leakage prevention—participants will gain actionable insights into integrating TRIZ into their analytical processes. By adopting this mindset, cybersecurity professionals can anticipate emerging threats, minimize surprises, and lead teams toward innovative solutions.
Black Hat
Industrial Control Summit (ICS) Micro Summit
Thursday, August 7 from 1:30 PM to 3:35 PM PDT
The ICS Micro Summit explores the business view of digital transformation, assessing and providing insights into how cybersecurity can be incorporated and carefully balanced Industrial organizations are rapidly digitalizing their environments to meet business goals, enhancing the productivity and efficiency of operations.
Lessons from the Trenches
Thursday, August 7 at 2:05 PM PDT.
IST Adjunct Senior Technical Advisor Bryson Bort will present his experience and analysis of what is happening and needs to happen in industry, why we facing these risks, how the threats work, how asset owners are improving security, and his recommendations on the best win-win tactical solution for asset owners working IT-OT convergence.
DEF CON
Adversary Village Kick-Off Keynote Panel: Let’s Hack the Planet!
Friday, August 8 at 10:00 AM PDT
Adversary Village @ DEF CON
Bryson Bort joins Marcus J. Carey, Sanne Maasakkers, and Abhijith “Abx” B R for a keynote kick-off panel to the Adversary Village @ DEF CON.
Hacking Back to School: How states, hackers, and civil society can support K-12 cybersecurity when federal support wavers
Saturday, August 9 at 4:30 PM PDT
Policy @ DEF CON
What happens to K-12 cybersecurity when federal leadership steps back? Led by IST Senior Director for Preparedness and Response Michael Klein with North Carolina Department of Public Instruction Chief Information Officer Vanessa Wrenn, South Dakota Bureau of Information and Telecommunications Chief Information Security Officer Johnathan Hampe, and Censys Principal Security Researcher and IST adjunct Silas Cutler, this session explores the emerging patchwork of state-led cyber defense models for schools and how the hacker community can play a vital role in this ecosystem. This discussion will be accessible to policy-focused attendees while providing technical participants with concrete examples of state-level cyber defense efforts.
Co-founded by Bryson Bort, ICS Village is a non-profit organization with the purpose of providing education and awareness of Industrial Control System security. This DEF CON Village hosts talks, hands-on demonstrations, hacking sessions, and escape rooms to connect the public, industry, media, and policymakers directly with ICS systems and experts.
Meet & Greet
Saturday, August 9, 1:37 PM PDT
ICS Village @ DEF CON
Hang out with Bryson Bort, Darknet Diaries, Ray Redacted & special guests in the ICS Village.
Cyber Volunteering and Community Defense – DEF CON Franklin and the Cyber Resilience Corps 1 Year In
Sunday, August 10 at 10:00 AM PDT
Track 5
One year after launch, the DEF CON Franklin returns to the Mainstage with partners from the Cyber Resilience Corps with updates on their mission to empower local communities through cyber volunteering and grassroots defense. CLTC Program Director of Public Interest Cybersecurity Sarah Powazek, University of Chicago Cyber Policy Initiative Jake Braun, and Cyber Peace Institute Chief Operations Operator Adrien Ogee will share key lessons learned from running on-the-ground volunteering programs and future plans for scaling civic cyber defense by joining forces. From helping small towns respond to ransomware to building rapid-response volunteer teams, this talk will highlight how hackers and technologists are stepping up to protect the public good—one community at a time.
