Blue Team Con 2022

Blue Team Con talks you don’t want to miss!


‘The goal of Blue Team Con is to have talks that are almost exclusively focused on sharing information amongst defenders and protectors of organizations. This can span from SOC Analysts through CISOs and across the aisle to auditors and compliance personnel and application developers focusing on security. There are many professionals hard at work struggling to keep up with the vast amount of information in the cybersecurity space. Our goal is to help organize that information in a fun and collaborative way while offering a platform for those that have figured it out to share their knowledge.’


See the full Blue Team Con 2022 schedule here

Registration Times

Friday, August 26th 6:00pm to 9:00pm

Saturday, August 27th:

Registration: 7:00am to 3:00pm

Swag: 11:00am to 3:00pm

Sunday, August 28th: Registration and Swag: 9:00am to 1:00pm


Fairmont Hotel Chicago


I’m most excited about the Unconference! After all, the main purpose of a conference is to confer with other members of the community. I would love to talk to you- so don’t hesitate to strike up a conversation. Look for me in my k9 Security shirt!

Stephen Kuenzli

Founder, k9 Security

Our List of Top Talks

We reviewed this year’s schedule and these are the top 5 security presentations we are excited to see:


  1. From Exceptionally Awful to Pretty Good: A Guide for New Security Leaders
  2. Building Better Security Metrics
  3. Holistic AWS Cloud Security Design for Organizations
  4. Everyone Can Play! Building CTFs To Teach Non-Security Folks
  5. How to Win Over Executives and Influence the Board

Effective IAM for AWS

Effective IAM book

Learn how to secure AWS with IAM built for continuous delivery.

1. From Exceptionally Awful to Pretty Good: A Guide for New Security Leaders

Presented by: K R Bard

Drawing on 25 years of experience, this narrative-driven presentation walks through proven strategies for all aspiring security leaders who may be wondering: how can I have fun and profit whilst hacking the typical systemic challenges that block better security outcomes? The four sections of this talk outline people-driven and culture-conscious methodologies that will enable you to do just that! First, you will learn how to choose the right leadership opportunity that aligns with your professional career goals and your amazing life purpose. Second, you will explore how to harness your “new role energy” to do two simultaneous jobs: making good on your highly visible “30/60/90 day plan” that aligns with the business of security; also an in-depth investigation into what is holding back the security program you just inherited. Third, you will discover how to rebuild your security program step-by-step, including a commitment to excellent security experiences, fostering healthy team culture, and partnering with others in your security ecosystem. And to round out your journey, you will uncover how to deal with inevitable entropy and change in a fast-paced industry through the power of reflection, storytelling, and gratitude.

Date and Time: Sunday, August 28th 10:40am to 11:10am

Job role: CISO, Director Cloud Security, Cloud Security Architect, VP Engineering, Director Site Reliability Engineering

Bonus Resources

2. Building Better Security Metrics

Presented by: Jake Williams

Let’s face it: most of us don’t like gathering and reporting metrics. But the boss says “that which isn’t measured isn’t managed.” Of course there’s the problem of users gaming metrics to paint unrealistic pictures to stakeholders. Good metrics should serve as a heuristic for stakeholders to understand a situation at a high level without needing to understand all the nuance of how the sausage is made. In other words, metrics should tell a story. Since you’ll be generating security metrics anyway, shouldn’t they tell the right story?

Beyond the obvious justification of “management says you have to,” as an aspiring security leader you should be self-motivated to create and deliver better metrics. If there’s one thing leadership abhors, it’s uncertainty. Better metrics don’t eliminate uncertainty, but they do promote better understanding, leading to better evaluation of risk.

In this presentation, you’ll learn the principles of generating compelling metrics. We’ll then cover examples of easy-to-gather metrics across a range of security disciplines, including SOC, cyber threat intelligence, threat hunting, and incident response. Come learn how to level up your metrics game in this session!

Date and Time: Saturday, August 27th 3:40 to 4:30pm

Job role: Director SOC, Director Cloud Security, Cloud Security Architect

3. Holistic AWS Cloud Security Design for Organizations

Presented by: Cassandra Young

Ditch the kale smoothie, it’s time to go big picture. Your organization is moving to AWS, and you’re in a panic. Which of the 42 billion AWS service offerings do you really need? How do you manage user and service accounts? What about those 7 different rogue AWS accounts you just found out about? We’ll talk about securing, organizing and standardizing your AWS environment(s), managing authentication, protecting your applications, and we’ll walk through a few key guardrails you can plan today. Throughout the presentation, we’ll talk about balancing security with usability, how your existing architecture can work for you and against you, and how to identify and protect your attack surface in (and even out of) the cloud.

Date and Time: Sunday, August 28th 1:00-1:50pm

Job role: Cloud Architect, Cloud Security Architect, Director Site Reliability Engineering, Principal/Senior Site/Cloud/DevOps/Security Engineer

Bonus Resources

4. Everyone Can Play! Building CTFs To Teach Non-Security Folks

Presented by: Joe Kuemerle

Most security practitioners are aware of the learning and fun that comes from participating in Capture the Flag competitions. Racing against other teams, solving brain-twisting challenges and seeing new ways to compromise systems teaches and entertains.
CTFs are also a great tool to give non-security folks a hands-on understanding of how security vulnerabilities enable criminal activities, reduce user privacy and degrade system reliability.

In this session you will learn to build interesting, educational and easy to use Capture the Flag events targeted at developers and other technical, non-security, users.  We will cover specific considerations for each audience you target, how to create interesting (yet solvable) challenges, and how to make the overall experience friction free for the participants.

You will also learn tools and techniques to create easily repeatable, consistent events with minimal work. We will cover collaborative development, external system integration techniques, tooling and a fully automated deployment pipeline to make spinning up a new CTF as easy as pushing a button.

Date and Time: Saturday, August 27th 4:40-5:30pm

Job role: Cloud Security Director, Cloud Security Architect, Site Reliability Engineer

5. How to Win Over Executives and Influence the Board

Presented by: Alyssa Miller

Stop me if you’ve heard these before (or maybe you’ve said them yourself), “Management just doesn’t listen”, “The executives don’t care”, “The board just doesn’t understand”. These exasperations can be very common for blue teamers. We know what needs to be done but we just can’t seem to get the support of our organizational leadership. Even when CISOs or high-level security leaders break through and get time with the board, it’s not uncommon to see them with their heads down looking at their phones. Well, this session is your master class in turning that around and making these conversations work for you.

Come learn from an experienced cyber security executive about what works and what doesn’t when you’re engaging with your leadership teams. Learn actual techniques you can employ tomorrow for effectively planning and delivering a presentation, recovering engagement from an audience that’s tuned out, and overcoming some the skepticism and animosity that can derail your efforts. You’ll see re-world examples from presentations that succeeded as well as from those that failed. Whether you’re in an individual technical role or in the executive suite, this is a chance to up your game and start gaining the support you need.

Date and Time: Saturday, August 27th 2:30-3:20pm

Job role: CISO, Director Cloud Security, Cloud Security Architect, VP Engineering, Director Site Reliability Engineering

We hope to catch these talks too!

Blue Team Con 2022 has way more than 5 great talks on the program plus villages like the Unconference!  We hope to check out these awesome presentations too:

  1. Breaking Boundaries, Securing Perimeters: A pragmatic approach to Attack Surface Management (Katie Inns)
  2. Protecting Application and Service Principal Permissions in Azure AD (Mark Morowczynski, Michael Epping)
  3. SaaSy detection: purple teaming Software-as-a-Service platforms (Nick Jones, Chris Philipov)
  4.  Say Hi to the New Guy: How Diverse Backgrounds Can Mature Your Security Program (Ross Flynn)