SmileyCon 2026 Agenda

Tuesday, April 21, 2026

8:00am - 9:00am
Breakfast and Registration Check-In

9:00am - 10:00am
Opening Keynote: The Times They Are AI-Changin’
Presented by Ed Skoudis, President, SANS Technology Institute and CEO of Counter Hack Innovations
AI hasn’t just sped up penetration testing... it has rapidly changed what penetration testing is, and most of the industry hasn’t caught up yet. This talk will explore what we’re seeing firsthand at Counter Hack and at the SANS Institute as AI reshapes real-world offensive work in ways far beyond report writing and automation.

Source-Assisted pen testing has evolved into AI-driven code analysis with a human pen tester in the loop, uncovering deeper, more lethal vulnerabilities than we could find before.  At the same time, AI systems themselves are rapidly becoming targets that expand the scope of modern tests in weird and unexpected ways. We haven’t seen a shift this profound since the late 1990s, when web application testing first emerged as an extension to what we now call network pen testing. It’s exhilarating, unsettling, and unavoidable. No, this isn’t just another AI pen test talk; we’re going to get really practical about stuff that many folks in the industry aren’t talking about… yet. Key take-aways from this session include: 

- New ways to think about penetration tests and attack surfaces
- Decisions you'll have to make about new forms of testing and trust of frontier AI models
- Specific skills to develop to leverage these new technologies 
- Ways to organize to help inspire innovation among a technical team

10:30am - 11:15am
10 Ways to Secure Entra ID
Presented by Sean Metcalf, TrustedSec Identity Security Architect and Brandon Colley, TrustedSec Senior Security Consultant
Entra ID is the cornerstone of Microsoft cloud security. We regularly assess Microsoft cloud environments and often identify the same findings across customers and industries regardless of size. This talk will focus on the key actions to quickly improve Entra ID Security. In our presentation, we won’t just share the What, but also the Why. The top 10 dangerous configurations will be addressed and we’ll explore how they are exploited. You’ll also learn why implementing these recommendations are important. Join us in this talk to go beyond Secure Score and level up your Entra ID security!

11:30am - 12:15pm
Detect Me if You Can: Quick Wins for Catching Your Next Pentester
Presented by Nick Doerner, TrustedSec Security Consultant and Mike Spitzer, TrustedSec Senior Security Engineer
This session will examine some of the most common paths used in penetration testing and how to detect such techniques in your internal environment. From enumeration to initial access and privilege escalation, we will cover the process from remediation, exploitation, and detection perspectives to assist in giving a detailed overview of both how to stop your next penetration tester and show detection capabilities. Led by team members specialized in penetration testing and detection, we will have a comprehensive overview on some wins you can implement now to gain a leg up before your next assessment. Attendees will gain knowledge on different techniques used in penetration testing and a solid foundation on how to mitigate and detect these techniques to create a better baseline for overall security posture on future tests.

12:30pm - 2:00pm
Lunch & Networking:
Lunch will be served at 1:00PM

2:00pm - 2:45pm
CISO Panel: This Title Was Made by AI
Moderated by: David Kennedy, TrustedSec Founder and CEO
How well is your company currently adopting AI? In this panel we will explore real-world enterprise applications of AI in today’s workplace, highlighting practical use cases, commonly recommended tools, and how organizations are successfully adopting them. Panelists will share insights and current realities of using AI such as what’s working, what isn’t, and the measurable wins and losses seen in day-to-day operations. Conversation will also address governance, compliance, and policy considerations leaders must navigate when integrating into existing operations. Attendees will gain a clear view of what AI adoption looks like today and how these technologies are helping organizations better serve our clients and drive measurable results.

3:00pm - 3:45pm
When Badge Meets the Breach: How Best to Work With Law Enforcement During a Cyber Event
Presented by Ryan Macfarlane, TrustedSec Incident Response Practice Lead
Cyber Events don’t stop at your business’ borders, and neither should your response. This talk will discuss how to leverage law enforcement during a cyber event, what agencies can and can’t do for you, and how establishing trusted relationships in advance can inform events, reduce risks, preserve options, support recovery, and generally make the Internet a better place. 

4:00pm - 6:00pm
Happy Hour
Location: TrustedSec Headquarters
Enjoy drinks, heavy finger food, retro raffle items, a surprise guest visit, and more as we wrap up the first day of SmileyCon!

Wednesday, April 22, 2026

8:30am - 9:15am
Breakfast

9:15am - 10:00am
From Hype to Hardening: Safely Deploying AI in Modern Organizations
Presented by David Kennedy, TrustedSec Founder & CEO
AI is rapidly reshaping how organizations operate and that includes fundamentally changing cybersecurity on both offense and defense. This transformation affects cybersecurity operations, detections, and response as new technologies introduce novel attack surfaces, including model poisoning, data leakage, and prompt abuse.

Ensuring governance frameworks and accountability structures are being followed lays the groundwork for protecting AI models, training data, and pipelines from compromise. As organizations strive to balance innovation with risk management, compliance, and ethical use, they need practical guidance for deploying AI across business functions.

This session explores how businesses can adopt AI safely, protect emerging AI systems, and prepare for the new classes of risk that will define cybersecurity and strategic planning considerations in 2026 and beyond. 

Attendees will gain a practical, executive-level understanding of how AI impacts security operations, governance, compliance, and adversary capabilities—and what organizations should be doing now to stay ahead.

10:30am - 11:15am
Weaponization of Token Theft - Red Team Edition
Presented by Edwin David, TrustedSec Senior Security Consultant
Attackers often utilize token theft to achieve initial access into cloud services often bypassing MFA restrictions that are placed in conditional access. Participants will get an in-depth look at tools that are used in token theft operations and how tokens are used to extract information from specific services in Azure/Entra ID. While some tactics involve device code phishing to obtain tokens for initial access, the audience will have an in depth-look into adversary simulation on interactive authentication to get around device code bans. If the target network is utilizing device compliance or trusted network exclusions, covert C2 communications over Azure blobs to internal Azure virtual networks will be demonstrated on how adversaries can get around these blocks for token theft extraction. Attendees will gain valuable insights to the number of tool sets at an attacker’s disposal for adversarial cloud operations. 

12:00pm - 1:00pm
Lunch & Networking

1:00pm - 1:45pm
Vulnerabilities in Modern-Day Web Applications
Presented by Luke Bremer, TrustedSec Senior Security Consultant
Web applications are in almost every company’s network. Applications that are publicly available can become a target for attackers to gain access to sensitive data or internal infrastructure. Over the past few years, we have collected a list of notable high severity vulnerabilities that could be discovered in any modern-day application. This talk will focus on how Pentesters find these vulnerabilities, the problems these vulnerabilities can cause, and detections and remediations to ensure your applications are secure.  

2:00pm - 2:45pm
Best Practices for Security Program Prioritization
Presented by Alex Hamerstone, TrustedSec Advisory Solutions Director
There are countless things that can be done to improve any security program, regardless of its current maturity. However, the fact of the matter is that we all are constrained by time, staffing, and budgets. Evaluating the security program and prioritizing the most important processes, initiatives, and controls in a way that lowers risk most effectively is essential. In this presentation, Alex will discuss ways to determine what is most important, consider compliance requirements, evaluate risk, and focus on what is most important. 

Attendees will leave this session with actionable steps to evaluate their current program and prioritize initiatives. 

3:00pm - 4:00pm
Closing Networking Hour