BSidesLuxembourg 2026

Threat intelligence is often reduced to reactive IOC lists or superficial color-coded reports. This talk dismantles that paradigm. We will explore the application of Cyber Threat (Counter) Intelligence - CT(C)I - in a geopolitical context, demonstrating how to engineer detections that actively hunt sophisticated adversaries operating both outside and inside your perimeter. Moving beyond standard threats, we dissect the rising trend of APT-backed "remote workers" infiltrating organizations using deepfakes and fabricated histories. We will show you how to weaponize cyber counterintelligence and deploy deceptive defenses to expose the threat, transforming your internal environment into your primary intelligence sensor - detection. Finally, we will outline a modern, graph-based "Detection-as-Code" methodology that replaces static documentation with visual, automated defense logic.

The purpose of this panel is discuss where the participants see the still-young, still-emergent discipline of Detection Engineering going.

The tools and know-how presented over the last 2 days in the village will be pitted against ideas from Diana (moderator) and the audience.
The panelists will try to explore together how the detection engineering landscape might evolve over the next few years,

This lightning talk will present positive and negative examples related to workplace well-being. It will emphasise the importance of mental health for operational teams such as SOCs and CSIRTs, and explore the pressures CISOs face today. The talk will explore the importance of creating a safe and open environment for cybersecurity professionals. It will also explain how to build a safe harbor for cybersecurity professionals. Furthermore, it will explain how this approach will be reciprocated by these individuals and contribute to a positive workplace culture.