BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsidesluxembourg-2026//speaker//FTZ9CR
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesluxembourg-2026-DL9Z8C@pretalx.com
DTSTART;TZID=CET:20260508T112000
DTEND;TZID=CET:20260508T120000
DESCRIPTION:Early in my career\, while working as a junior engineer at an e
 merging AI startup in Seattle\, Washington\, USA\, during the first wave o
 f commercial AI adoption\, our company suddenly became the target of an ex
 treme and highly disruptive phishing campaign. Shortly after we received p
 ublic attention as a “hot startup\,” phishing volume surged to the poi
 nt that it flooded employee mailboxes and interfered with normal operation
 s. The messages were convincing enough that at one point an employee ran t
 hrough the office claiming that our CEO was stranded at an airport and urg
 ently needed financial help.\n\nWhat initially felt like an uncontrollable
  background problem became a significant security and operational risk. Ra
 ther than accepting it as inevitable\, we began analyzing the phishing ema
 ils in detail— treating them as data rather than noise. By correlating s
 ender IP addresses and examining publicly available IP allocation and rout
 ing information\, we discovered that although the emails appeared to origi
 nate from many different sources\, the traffic consistently traced back to
  a small number of allocated IP blocks.\n\nWe mitigated the immediate risk
  by blocking those ranges at the email gateway\, which dramatically reduce
 d the volume of phishing. Digging further into the upstream infrastructure
  revealed that the IP space was associated with a data center in Luxembour
 g\, operating email security and anti-spam systems. At the time\, I was in
  the process of reclaiming my Luxembourg citizenship through ancestry on m
 y mother's side\, and the situation prompted a different line of thinking:
  if similar infrastructure under my supervision was being abused\, I would
  want to know about it.\n\nInstead of assuming malicious intent\, we reach
 ed out directly to the infrastructure operator\, shared sanitized examples
  of the phishing messages\, and coordinated a responsible disclosure. Desp
 ite internal skepticism that this amounted to “talking to the attackers\
 ,” the response was professional\, the issue was investigated\, and the 
 phishing activity largely stopped. We also filed a report with the regiona
 l internet registry.\n\nLooking back\, this incident shaped how I think ab
 out security problems that seem impossible or overwhelming. Not every issu
 e is solved with more tooling or escalation. Sometimes\, careful deduction
  paired with human communication and empathy can break deadlocks that tech
 nology alone cannot.
DTSTAMP:20260412T011803Z
LOCATION:Workshops and Stage - Gernsback (C1.05.02)
SUMMARY:From Phishing to Mitigation: An Early-Career Incident Response - Ch
 ris Beckman
URL:https://pretalx.com/bsidesluxembourg-2026/talk/DL9Z8C/
END:VEVENT
END:VCALENDAR