Greg Conti
Greg Conti is a hacker, maker, and computer scientist. He is Principal at Kopidion, a cyber security training and professional services firm. Greg is a long-time Defcon, Black Hat, and infosec community speaker and trainer. Formerly he served on the West Point faculty for 16 years where he led their cybersecurity research and education programs, and has published approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg is a graduate of West Point, Johns Hopkins, and Georgia Tech.
Session
For decades, tech companies have been stuck on the defensive, absorbing blow after blow from state and state-enabled threat actors while their governments prove unable or unwilling to protect them.
This talk challenges that status quo and asks: how can companies legally and decisively fight back? To be clear, this isn’t a rehashed “hack back” debate. Instead, we apply the military concept of Effects Based Operations (EBO) to explore the spectrum of outcomes companies can impose, individually or in concert with allies, on their adversaries.
By adopting an effects-based mindset, companies can create real consequences at scale where governments will not or cannot act. Possible effects include disrupting threat infrastructure, denying access to products and services, degrading adversary systems, shaping public opinion, destroying hardware or software, corrupting or altering data, and collecting actionable intelligence.
The conversation becomes even more compelling when we consider what happens if EBO becomes normalized inside large corporate security teams: scaling operations beyond isolated proof-of-concept actions, building playbooks of legally reviewed options, operating across multiple domains (physical, digital, and cognitive), and coordinating collective actions where companies and organizations pool authorities and capabilities to magnify impact.