Kat Fitzgerald
Chicago-based (But soon Porto!) and proudly a natural creature of winter, I thrive on snow, OSS, and just the right amount of chaos. Whether sipping Grand Mayan Extra Añejo or warding off cyber threats with a mix of honeypots, magic spells, and a very opinionated flamingo named Sasha (the BSidesChicago.org mascot), I keep things interesting. Honeypots and refrigerators rank among my favorite things—though my neighbors would likely disagree.
Sessions
Cloud misconfigurations still cause saying-it-out-loud 99% of cloud security failures, but in 2026 the mistakes have mutated. Today’s breaches are less “oops, public bucket” and more over-privileged identities, sketchy SaaS integrations, forgotten test environments, and dangerously helpful defaults in AI and Kubernetes.
This talk introduces a modern hierarchy of cloud misconfigurations based on late-2025 and early-2026 breach data, then flips the script from post-incident cleanup to pre-deployment prevention using Policy as Code (PaC). Instead of finding problems after attackers do, we stop insecure resources from ever being created. We’ll wrap with the Toxic Trilogy, a practical model for spotting cloud assets that are statistically doomed, and show how PaC quietly dismantles all three conditions before anyone has to open a ticket.
Embark on a whirlwind tour of global cyber deception with a seasoned(?) security engineer who's been running honeypots in some of the world's most intriguing locales, including the bustling digital battleground of Ukraine. This talk will blend humor and hard-won wisdom to reveal the lessons learned from deploying, customizing, and maintaining honeypots across diverse environments. Participants will enjoy a lively narrative filled with tales of cyber trickery, cultural quirks, and the occasional mishap, all while gaining actionable insights into enhancing their own security strategies.