Skip to main content

25 Awesome and Influential InfoSec Talks You Should Watch

by Ellen Zhang on Thursday August 6, 2020

Contact Us
Free Demo

We've rounded up 25 of the most influential InfoSec talks from the past decade. Check them out!

Over the years, many thought leaders have taken the stage at security conferences and events around the world, dissecting major security incidents, sharing their insider perspectives, and more. Unfortunately, it's impossible to attend every conference and sit in the audience for every compelling talk. So, we've rounded up some of the most awesome and influential InfoSec talks from the past decade into one convenient post.

There have been dozens of game-changing talks around the globe, and you'll find thousands on YouTube alone, but if you're looking for some of the most influential talks delivered by leading authorities in the InfoSec space, we think you'll find the following 25 talks arranged in chronological order worth a watch.

1. The Next Arms Race

In this keynote at the CeBIT conference on March 22, 2017, Mikko Hypponen, the Chief Research Officer for F-Secure, discussed the current climate in which cyber attacks aren't the exception but the norm, and how understanding who today's attackers are can help us build a better defense.

Mikko Hypponen @mikko

CeBIT Global Conferences @cebit

2. The Seven Most Dangerous New Attack Techniques, and What's Coming Next

The RSA Conference 2017 featured this informative panel briefing on February 15, 2017, with insights from Michael Assante, Director of Industrials and Infrastructure and Lead for the ICS Curriculum at the SANS Institute, Ed Skoudis, Instructor at the SANS Institute, and Johannes Ullrich, Dean of Research for SANS Technology Institute. Alan Paller, Research Director and Founder of the SANS Institute, moderated the discussion on the most dangerous new attack techniques and how we can stop them.

SANS Technology Institute @SANSInstitute

RSA Conference @RSAConference

3. The Hidden Architecture of our Time: Why This Internet Worked, How We Could Lose It...

In this keynote at Black Hat USA 2016, Dan Kaminsky lays out his beliefs for how the Internet actually works and discusses the increasing likelihood of attempts to change the core principles of the Internet. Kaminsky is best known for finding a critical flaw in the internet's Domain Name System (DNS) and for leading the largest synchronized attempt to fix the Internet's infrastructure. He is also the American representative among the seven Recovery Key Shareholders who hold the ability to restore the DNS root keys.

Dan Kaminsky @dakami

Black Hat @BlackHatEvents

4. Defense at Hyperscale: Technologies and Policies for a Defensible Cyberspace

In another talk from Black Hat USA 2016, Jason Healey, Senior Research Scholar at Columbia University's School for International and Public Affairs, focuses on the value of investments in defense and the need to roll out proven effective defense strategies at hyperscale. The innovations Healy describes are the result of a "recent task force to identify the top technologies, operational innovations and public policies which have delivered security at scale for the defense to catch up with attackers."

Jason Healey @Jason_Healey

Black Hat @BlackHatEvents

5. The Cryptographers' Panel

Moderated by Paul Kocher, President and Chief Scientist at the Cryptography Research division of Rambus, this panel at the RSA Conference in 2016 features Ron Rivest - an MIT Professor, Adi Shamir - a Computer Science Professor at the Weizmann Institute of Science in Israel, Whitfield Diffie - a Cryptographer & Security Expert at Cryptomathic, Moxie Marlinspike - the Chief Technology Officer of Whisper Systems, and Martin Hellman - a Professor Emeritus of Electrical Engineering at Stanford University. These leaders and founders engage in an enlightening discussion about the latest advances and revelations in cryptography, including hot research areas for 2016 and lessons learned over the last several decades.

RSA Conference @RSAConference

6. Social Engineering Village - Dave Kennedy - Understanding End-User Attacks

Dave Kennedy, founder of TrustedSec and Binary Defense Systems, talks about the emergence of phishing attacks as the number one attack vector and the trend of targeting users to carry out attacks in the modern landscape.

Dave Kennedy @HackingDave

DefCon @defcon

7. The Lifecycle of a Revolution

This keynote from Black Hat USA 2015 was delivered by Jennifer Granick, the Director of Civil Liberties at the Stanford Center for Internet and Society. Granick, the second woman to deliver a keynote at the conference in the past 20 years, conveyed her passionate belief that we must preserve the idea of a free and open Internet, creating a world in which security researchers and developers have the "freedom to tinker."

Jennifer Granick @granick

Black Hat @BlackHatEvents

8. Escaping Security's Dark Ages

From the RSA Conference in 2015, Amit Yoran, currently CEO of Tenable, speaks about the idea that we're living in the dark ages of security, clinging to outdated world views and relying on outdated tools and tactics. Yoran emphasizes the need to pursue greater visibility and understanding of the complex digital world.

Amit Yoran @ayoran

RSA Conference @RSAConference

9. Kevin Mitnick: Live Hack at CeBIT Global Conferences 2015

Kevin Mitnick, one of the world's most famous hackers, performs a hack live on center stage at CeBIT Global Conferences 2015.

Kevin Mitnick @kevinmitnick

CeBIT @cebit

10. How not to suck at pen testing - John Strand at DerbyCon 2014

At DerbyCon 2014, John Strand takes the stage and offers tips on how not to suck at pen testing. In his talk, he covers some key components that many pen tests lack, the importance of learning from real attackers, and how to gain access to organizations without exploiting a vulnerability. He also talks about how to bypass whitelisted applications that are touted as impenetrable.

John Strand @strandjs

DerbyCon @DerbyCon

11. OWASP AppSecUSA 2014 - Keynote: Bruce Schneier - The Future of Incident Response

Bruce Schneier's keynote at OWASP AppSecUSA 2014 continues to be a must-watch as he discusses the future (and importance) of incident response (IR) and how prevention and detection can only take you so far. He examines the economic and psychological drivers in the computer security industry and the need for IR to augment, not replace, people.

Bruce Schneier @schneierblog

AppSecUSA @appsecusa

12. DEF CON 22 - Mark Stanislav & Zach Lanier - The Internet of Fails - Where IoT Has Gone Wrong

Mark Stanislav and Zach Lanier discuss where the Internet has gone wrong and delve into research, outcomes, and recommendations regarding information security for the Internet of Things (IoT). They discuss IoT failures from their own research as well as from the research of others, offering concerning examples of improper access control, a lack of transport security, hardcoded-everything, and techniques for bypassing the need to pay for stuff.

Mark Stanislav @markstanislav

Zach Lanier @quine

DefCon @defcon

13. Cybersecurity as Realpolitik by Dan Geer presented at Black Hat USA 2014

Dan Geer, CISO of In-Q-Tel, presents this keynote presentation from Black Hat USA 2014. He discusses the state of cybersecurity, names ten pressing cybersecurity policy concerns, and talks about the role of power and politics in cybersecurity. Geer, a long-time contributor to the information security space, kicks it off by acknowledging the pervasive influence of cybersecurity in every facet of modern life.

Black Hat @BlackHatEvents

14. Lorrie Faith Cranor: What’s wrong with your pa$$w0rd?

This TED Talk is delivered by Lorrie Faith Cranor, who has studied thousands of real passwords to determine the common and surprising mistakes users and secure sites make that compromise security. Cranor is a security researcher at Carnegie Mellon University and studies online privacy, usable security, phishing, spam, among other topics pertaining to online security.

Lorrie Cranor @LorrieTweet

TED News @TEDNews

TED Talks @TEDTalks

15. Keren Elazari: Hackers: the Internet's immune system

Keren Elazari discusses how hackers are a motivating force that drives us to improve in this 2014 TED Talk. Elazari points out that while some hackers are the bad guys, many work to fight government corruption and to defend our rights. She says hackers push the Internet to become stronger and healthier by exposing vulnerabilities.

Keren Elazari @k3r3n3

TED News @TEDNews

TED Talks @TEDTalks

16. Swimming with sharks - security in the internet of things: Josh Corman at TEDxNaperville

In this TED Talk, Josh Corman, a security strategist and philosopher, talks security for the Internet of Things (IoT). Corman's research focuses on adversaries, game theory, and motivational structures, with a shift to the rise of hactivism, Internet governance, cyber-conflict, and the growing tensions between civil liberties and technology.

Josh Corman @JoshCorman

TED News @TEDNews

TED Talks @TEDTalks

17. DEF CON 21 - Social Engineering: The Gentleman Thief

From DEF CON 21 on August 1 - 4, 2013, this talk discusses social engineering, featuring Apollo Robbins, a.k.a. The Gentleman Thief, in conversation with Dr. John Gabrieli, Ph.D. Robbins is a performer, speaker, and consultant, as well as one of the world's leading experts on pickpockets, confidence crimes, and deception. His unique set of expertise makes for an engaging and enlightening discussion about social engineering.

Apollo Robbins @ApolloRobbins

DefCon @defcon

18. DEF CON 21 - Mudge - Unexpected Stories From a Hacker Inside the Government

In this talk, Peiter Mudge Zatko speaks from his unique perspective from inside the hacker community and from a senior position within the Department of Defense. He shares Julian Assange's story about U.S. government involvement in the origins of Wikileaks, the story of how the DoD accidentally caused Anonymous to target government systems, and other intriguing stories and insights.

Peiter Mudge Zatko @dotMudge

DefCon @defcon

19. Hacktivity 2012 - Joe McCray - Big Bang Theory - Pentesting high security environments

From Hacktivity 2012, this talk features Joe McCray, Founder of Strategic Security, who discusses pen testing high security environments, new methods for identifying and bypassing common security mechanisms, staying persistent, and ex-filtrating critical data from networks without detection, among other tactics and insights. The talk focuses on the buzz surrounding Advanced Persistent Threats (APT) and how few pen testers actually utilize APT techniques to carry out their work.

Joe McCray @j0emccray

Hacktivity @hacktivityconf

20. DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin!

This talk from DEF CON 19 features speaker Jayson E. Street, CIO of Stratagem 1 Solutions. In this talk, Street shares insights from the perspective of already being in a breached system and shows pictures from actual social engineering engagements that he's been on. In one example, he shows a picture that cost a company one million dollars and possibly even a few lives. With every example, he talks about what would have stopped him from successfully breaching a system.

Jayson E. Street @jaysonstreet

DefCon @defcon

21. SSL and the Future of Authenticity

From Black Hat USA 2011, this talk on SSL and the Future of Authenticity is delivered by Moxie Marlinspike and focuses on the evolution of SSL from the early beginnings of the World Wide Web to the present day. Marlinspike talks about the current issues with authenticity in SSL, some recent high-profile infrastructure attacks, and potential strategies for the future.

Moxie Marlinspike @moxie

Black Hat @BlackHatEvents

22. Mikko Hypponen: Fighting viruses, defending the net

Mikko Hypponen talks fighting viruses and defending the net in this TED Talk from 2011. At the time he delivered this speech, it had been 25 years since the first PC virus (Brain A) had hit the web. Initially a mere annoyance, viruses and other threats have evolved into sophisticated tools for cybercrime and espionage. Mikko talks about defending the Internet against these threats and stopping new viruses from threatening the net as we know it.

Mikko Hypponen @mikko

TED News @TEDNews

TED Talks @TEDTalks

23. Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon

Another must-watch TED Talk from 2011, this talk features Ralph Langner, the man known for cracking Stuxnet's payload, an OT security professional, lead OT-BASE architect, and head of The Langner Group. Langner gives the audience an inside look at how he and his team helped crack the code that revealed this puzzling digital threat's final target and its covert origins.

Ralph Langner @langnergroup

TED News @TEDNews

TED Talks @TEDTalks

24. Bruce Schneier: The Security Mirage

Leading security expert Bruce Schneier talks about the perception of security and the fact that it doesn't always match reality in this talk at TEDxPSU from 2011. Schneier explains why we spend billions addressing news story risks while at the same time neglecting risks that are more likely to become reality, and offers his insights on how to break the pattern.

Bruce Schneier @schneierblog

TED News @TEDNews

TED Talks @TEDTalks

25. Black Ops 2008: It's The End Of The Cache As We Know It

In this older talk from Black Hat 2008, Dan Kaminsky talks about the major bug that hit DNS, dissects how it happened, the role of the DNSRake, and the process for running, validating, and extending the attack. Kaminsky focuses on the DNS flaw that enabled this major event to occur and what needs to be done better to prevent future attacks.

Dan Kaminsky @dakami

Black Hat @BlackHatEvents

Tags:  Best of InfoSec

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business