My Day at BSidesCharm 2025: Reflections from the Field

Cybersecurity conferences come in many shapes, but few offer the blend of community, content, and candor that BSides events are known for. On Saturday, April 12, I had the opportunity to attend BSidesCharm 2025 in Towson, Maryland. The conference was held over two days, but it was a single day for me; one packed with insight, new perspectives, and important reminders about the work we do, the people doing it, and the stakes we all face.

From the opening keynote to the last session of the afternoon, what struck me most was the shared sense of purpose. Whether diving deep into technical content, exploring non-traditional threat vectors, or reflecting on career ups and downs, every speaker reinforced a common theme: this work matters.

A Community That Is Critical Infrastructure

Keynote Speaker: Harry Coker

The conference opened with a keynote from the Honorable Harry Coker, newly appointed Secretary of the Maryland Department of Commerce and former United States National Cyber Director. His message was clear and forceful. Today’s cybersecurity community is not just protecting critical infrastructure, it IS critical infrastructure.

Coker’s career reflects this truth. A Naval Academy graduate and CIA veteran, he has held top leadership roles across the NSA and the broader intelligence community. He reminded us that practitioners at every level, analysts, engineers, CISOs, and students, are integral to national security. In his view, our efforts collectively shape the safety and stability of modern society. That message set the tone for the entire day.

Session Reflection: Beyond Tor and VPN – Protect Your Privacy with Decentralized Mixnet

Speaker: Alexis Cao

This talk caught my attention not just because of its subject, decentralized privacy, but because it was delivered by a student. Alexis Cao, a senior at Johns Hopkins University, presented with confidence, clarity, and contagious enthusiasm.

Her session unpacked the limitations of traditional privacy tools like VPNs and Tor and introduced decentralized mixnets as a more robust alternative. While I found myself needing to brush up on projects like Nym afterwards, it was clear that Alexis understood the landscape. She explained technical nuances with ease and compared competing privacy models effectively.

What stuck with me wasn’t just the topic, it was her presence. She was highly prepared and genuinely excited to share. This was a niche subject, but an important one. I walked away realizing that my lack of familiarity with mixnets was itself a signal. It’s an area worth learning more about, and it’s likely to grow in importance as gateway-level privacy becomes more contested.

Session Reflection: Fight Stealth with Stealth – Detecting Post-Breach Activity in the Cloud

Speaker: Jenko Hwong

Sessions like this are why I attend security conferences. Jenko Hwong, a veteran of the SOC world, presented a masterclass in modern cloud defense, layered, adaptive, and rich in deception tactics.

He covered the importance of stealthy tripwires, honeypots, and honey credentials, all designed to detect adversary movement in post-breach scenarios. The session was dense with insights, and I’ll be revisiting the recording once available. What stood out was Jenko’s philosophy: security is not a checklist. Frameworks like MITRE are useful, but real defense evolves constantly.

He reminded us that organizations questioning the value of proactive security should consider the cost of recovery. When breaches happen, and they do, reactive security is far more expensive and painful. Jenko’s passion and experience were evident. I hope he continues to publish and speak because professionals in SOCs, NOCs, and security leadership roles can learn a lot from his approach.

Session Reflection: Building Against a Breach… Out of a Disclosure?

Speaker: Liz Wharton

Liz Wharton brought something rare to a technical security event: legal insight, humor, and a sharp reminder that breach response doesn’t stop with the blue team.

Her talk explored how metadata, regulatory filings, and post-breach communications can inadvertently leak sensitive details. Using examples like Caesars and MGM, she showed how public SEC filings, like 8-Ks (a report that public companies file to disclose significant, unscheduled events or changes, like a cybersecurity breach), can help adversaries map out legal teams, detect patterns in reused legal language, and build threat models around them.

She also highlighted how job postings can reveal gaps in organizational defenses or expose ongoing recovery efforts. One of the most insightful themes was how often risk exposure originates outside the technical sphere, in legal, HR, and public relations. Liz argued convincingly that lawyers not leveraging AI will soon fall behind those who do. Her delivery was full of personality, and her message cut across silos. CISOs, general counsels, compliance officers, and insurers all need to hear what she had to say.

Session Reflection: When The Fall Is All There Is – How to Lose a Gig Without Losing Your Mind

Speakers: Jeff Man and Danny Akacki

This session was personal. I attended not just out of curiosity but because of my past working relationship with Danny Akacki. We crossed paths during my time at Trimarc Security, where we sometimes got along and sometimes not. Although I left the company before its closure, I was interested in his reflections, particularly how he experienced those final days.

The talk didn’t disappoint. Both Danny and Jeff Man have long histories in the industry, and their candid, unpolished delivery gave this session a unique tone, more like a fireside chat than a formal presentation. There were no slides, no scripts. Just stories, war wounds, and perspective.

Danny was gracious in how he spoke about his time at Trimarc. He acknowledged the pain and complexity of his departure, especially having been involved in difficult decisions to let others go before ultimately departing himself. Jeff brought his own legacy of lessons, recalling the early days of security work before the existence of frameworks or formal blue teams.

What stuck with me most was their shared message: good people make mistakes. Good people get fired. Good people leave toxic jobs or walk away from great ones because something inside says it's time. Both men spoke vulnerably about wounds they’ve carried, and the perspective time gives. It was powerful and grounding.

For me, it triggered reflection on my own journey. I founded HUME-IT in 2008, worked elsewhere for many years, and now I’ve returned to build something lasting. This talk reminded me that every step, including the painful ones, shapes the mission.

The room was engaged. Audience members called out to the stage, not with questions, but in camaraderie. There was laughter, knowing nods, and the kind of silence that comes when a story hits home. This session wasn’t about tactics or tools, it was about survival. Anyone in cybersecurity, especially those just starting or those feeling burned out, would benefit from hearing what Jeff and Danny shared.

*Note: Danny and I had a chance to reconnect over a drink and clear the air regarding past tensions, missteps on my part that I fully owned. We left that conversation with a shared commitment to move forward.

Reconnecting with Former Colleagues and Community Leaders

One of the most rewarding parts of BSidesCharm 2025 wasn’t on the schedule, it was the opportunity to reconnect with several former colleagues from my time at Trimarc Security.

On the evening before the conference, I caught up with Darryl Baker and Jim Sykora, who were both leading the Active Directory Security 101 training course on day one. While I didn’t attend their session, I know firsthand the quality of instruction they bring.

Darryl was a trusted presence at Trimarc, frequently delivering Active Directory Security Assessments (ADSAs) and supporting our training programs at major conferences. He’s a natural teacher, calm, thorough, and generous with his knowledge. Today, he continues that work at Netwrix, still focused on Microsoft identity security and training the next wave of defenders.

Jim was one of the most technically gifted researchers I worked with. During his time at Trimarc, he played a critical role in the success of our VISION platform. Jared Haight, the platform’s lead developer, once described Jim as “irreplaceably invaluable” to the project. That speaks volumes. Now with SpecterOps, Jim continues his work on Microsoft identity research, digging deep into the kind of security rabbit holes that most of us only scratch the surface of.

Speaking of Jared, I also had the chance to run into him during Danny Akacki’s session. He was seated right in front of me, and later we grabbed a drink at the bar and caught up. Jared’s technical leadership, especially in the early days of the VISION platform, helped set a high standard for security tooling and analyst workflows. It was great to reconnect and exchange a few stories from both past and present.

Their ongoing work serves as a reminder that while companies and roles may change, the relationships we build in this field endure, and often continue to shape the cybersecurity landscape in powerful ways.

Conclusion: Community, Responsibility, and Perspective

My time at BSidesCharm 2025 reaffirmed something I’ve believed for a long time: the cybersecurity community is one of the most vital, dynamic, and human-centered professional spaces in the world. We defend critical infrastructure, manage existential risk, and face relentless pressure. And we do it as a community.

Whether it was a student pushing the envelope on privacy tech, a threat researcher sharing deep operational knowledge, a legal strategist mapping new threat surfaces, or a heartfelt conversation about failure and renewal, each session contributed to a bigger story.

We aren’t just solving problems. We’re helping shape the future.