In my workshop, I'll dive into the world of game-based learning in cybersecurity, showcasing HackBack - a unique framework loosely based on Dungeons & Dragons that blends role-playing game elements with security training. I'll start out explaining what HackBack is and how it works. Afterwards we’ll play a game together where we’ll play as teams and engage in passionate discussions on how to save our fictitious company from total disaster in a realistic scenario based on true events.

HackBack revolutionises traditional methods by providing immersive, risk-free simulations of security situations, both offensive and defensive, making it ideal for teaching concepts like Zero Trust and enhancing teamwork and empathy among participants. We'll explore the open-source nature of HackBack and how it fosters a community-driven approach to cybersecurity education, making it accessible and adaptable to various settings.
Join me to discover how game-based learning is a crucial, yet often overlooked tool in developing effective security professionals.

HackBack is designed for learning so it’s not necessary to know about neither Dungeons & Dragons nor Incident Response.

Have you noticed how security policies often read like legal documents rather than practical guides? In this talk, I'll show you how we've been inadvertently creating barriers by writing policies in legalese and passive, authoritarian language that makes security feel like something that happens TO people rather than WITH them. Drawing from my experience transforming security policies into clear, engaging documents, I'll demonstrate how combining readability science, inclusive language, and AI can revolutionize the way we communicate security requirements.

Using real examples and live demonstrations, I'll show you how shifting from "The System Administrator shall enforce..." to "We protect our systems by..." transforms policies from intimidating documents into collaborative guidance that shapes behavior. You'll learn how to measure policy readability using LIX scores, harness inclusive language to build shared responsibility, and leverage AI tools to scale these improvements across your organization.

Whether you're a security professional frustrated with writing policies that gather digital dust, or a leader wondering why your security initiatives aren't getting traction, you'll leave with practical tools to make policies that work for people, not lawyers. Join me to learn how we can make security policies speak human and make everyone feel that security is indeed their responsibility too.

In this evolved version of my Living with ADHD in InfoSec talk, I integrate video interviews with John Strand (CEO of Black Hills Information Security), who shares both his personal journey with ADHD and his experience as an employer of neurodivergent professionals. This new perspective complements my ongoing exploration of how ADHD manifests in cybersecurity work.

After a year of deeper community engagement, it's become increasingly clear that neurodiversity is remarkably prevalent in InfoSec. Through our combined experiences and supported by recent research, John and I examine why our industry particularly attracts and benefits from neurodivergent thinking. The discussion includes both personal insights—from early diagnosis to workplace challenges—and practical strategies for leveraging diverse cognitive styles in security teams.

This presentation offers fresh perspectives on neurodiversity in cybersecurity and provides actionable insights for creating more effective, inclusive teams—whether you're familiar with the topic or exploring it for the first time.