2025-12-06 –, Track 1
SocVel Live: Command the Breach is a 45-minute interactive tabletop meets "choose-your-own-adventure" experience. Inspired by ongoing Chinese State Sponsored threat actor campaigns, the audience will guide a live breach investigation - voting on decisions, uncovering consequences, and tracking the impact on time, resources, and business reputation. No boring slides. No fixed-path. Just instinct, pressure, and collective response.
SocVel Live: Command the Breach is an immersive, high-stakes tabletop experience where the audience becomes the incident response team. Drawing inspiration from real-world Chinese state-sponsored threat actor campaigns, this session challenges participants to make critical decisions in real time, just like they would during a real breach.
The session begins with an initial trigger, something security teams might regularly see: a suspicious EDR alert, a call from Helpdesk, or a flagged event in a monitored system. From there, the audience is presented with multiple investigation options, much like a “choose-your-own-adventure” story. Do we isolate the host? Do we investigate quietly to gather more intel? Or escalate to the Incident Response team immediately?
Each decision point will be delivered live, with the audience voting democratically to determine the next course of action. As the investigation unfolds, consequences are revealed in real time, some expected, others not. Like in the real world, every choice affects three core metrics we track throughout:
1. Time – Every action either adds or saves valuable time. Delay the wrong decision and the breach escalates.
2. Resources Used – High-effort actions consume team bandwidth, tooling, and focus. Use too much too early, and burnout or blind spots creep in.
3. Business Reputation – Will we lose stakeholder trust? Or worse, will the media get there before you do?
This isn’t a lecture. There are no slides, no fixed path, and no single right answer, only trade-offs, real-world ambiguity, and lessons revealed through action. The session is designed to simulate the pressure, nuance, and complexity of real investigations, especially when dealing with advanced adversaries involved in Chinese state-sponsored espionage campaigns.
Why this format?
Because too often, security professionals are experts in their own tools but unsure how to respond when it’s time to zoom out and lead an investigation. This session reveals the investigative blind spots, the fallacies (“we’ll just check the logs”), and the hard truths of collaborative decision-making under pressure.
Attendees won’t just walk away with technical takeaways, they’ll gain insight into investigation strategy, team dynamics, and the broader consequences of operational decisions.
Bring your instincts. Bring your team. The breach is live, and you’re in command.
Jaco Swanepoel is a cybersecurity professional with over 15 years of experience in digital forensics, incident response, and threat intelligence. He’s worked on high-profile investigations, supported law enforcement operations, and testified as an expert witness in court. Having obtained multiple SANS certifications, he has led forensic engagements across several continents. Today, he heads a threat hunting and intelligence team within one of South Africa’s leading financial institutions, tracking threat actors and uncovering malicious activity. Passionate about sharing knowledge, Jaco actively works on projects designed to spark curiosity and inspire others to explore the world of cybersecurity.