2025-07-26 –, Track 1
SocVel Live: Command the Breach is a 45-minute interactive tabletop meets "choose-your-own-adventure" experience. Inspired by recent North Korean threat campaigns, the audience will guide a live breach investigation - voting on decisions, uncovering consequences, and tracking the impact on time, resources, and business reputation. No boring slides. No fixed-path. Just instinct, pressure, and collective response.
SocVel Live: Command the Breach is an immersive, high-stakes tabletop experience where the audience becomes the incident response team. Drawing inspiration from real-world North Korean threat actor campaigns, this session challenges participants to make critical decisions in real time—just like they would during a real breach.
The session begins with an initial trigger—something security teams might regularly see: a suspicious EDR alert, a call from Helpdesk, or a flagged event in a monitored system. From there, the audience is presented with multiple investigation options, much like a “choose-your-own-adventure” story. Do we isolate the host? Do we investigate quietly to gather more intel? Or escalate to the Incident Response team immediately?
Each decision point will be delivered live, with the audience voting democratically to determine the next course of action. As the investigation unfolds, consequences are revealed in real time—some expected, others not. Like in the real world, every choice affects three core metrics we track throughout:
1. Time – Every action either adds or saves valuable time. Delay the wrong decision and the breach escalates.
2. Resources Used – High-effort actions consume team bandwidth, tooling, and focus. Use too much too early, and burnout or blind spots creep in.
3. Business Reputation – Will we lose stakeholder trust? Or worse—will the media get there before you do?
This isn’t a lecture. There are no slides, no fixed path, and no single right answer—only trade-offs, real-world ambiguity, and lessons revealed through action. The session is designed to simulate the pressure, nuance, and complexity of real investigations, especially when dealing with advanced adversaries like North Korean IT worker personas targeting crypto infrastructure.
Why this format?
Because too often, security professionals are experts in their own tools but unsure how to respond when it’s time to zoom out and lead an investigation. This session reveals the investigative blind spots, the fallacies (“we’ll just check the logs”), and the hard truths of collaborative decision-making under pressure.
Attendees won’t just walk away with technical takeaways—they’ll gain insight into investigation strategy, team dynamics, and the broader consequences of operational decisions.
Bring your instincts. Bring your team. The breach is live—and you’re in command.
Jaco Swanepoel is a dedicated cybersecurity professional with 15 years of expertise in Digital Forensics, Incident Response, and Cyber Threat Intelligence.
After completing his BSc Hons degree in Computer Science at the University of Pretoria, he began his career as a Digital Forensic Analyst. From an early stage in his professional career, Jaco participated in Dawn Raids conducted by the South African Competition Commission, assisted law enforcement agencies with various high-profile investigations, and testified in court as a Digital Forensic expert.
Following his certification as a PCI Forensic Investigator by the PCI Security Standards Council, Jaco conducted multiple PCI Forensic Investigations across South Africa, the UK, and Europe. He has also earned certifications from SANS in Digital Forensics, Incident Response, Threat Hunting, Malware Reverse Engineering, and Cybersecurity Leadership.
Today Jaco leads the Threat Hunting and Intelligence team for one of South Africa's banking giants. This team of specialists is responsible for identifying and tracking cyber threats targeting the Group, as well as conducting continuous Threat Hunting activities to uncover potential malicious activity.
Jaco is passionate about sharing his knowledge on various cybersecurity topics and is currently involved in several projects aimed at inspiring others to develop a similar enthusiasm for the field.