Jan Pohl
Jan Pohl is a Threat Engineer, Deception Operator, and R&D Cyber Security Engineer dedicated to shifting defense from a reactive posture toward proactive adversary engagement. As the author of the Seven Laws of Deception and creator of the HEFAISTOS detection platform, Jan specializes in establishing Perceptual Control (Law 4) to maintain a persistent gap between an attacker’s perceived world and the ground truth.
His work centers on operationalizing the ACD Loop, a six-stage methodology that integrates threat intelligence and detection engineering to identify the Inevitable Residue (Law 6)—the anomalous digital artifacts that any adversarial interaction necessitates. A frequent speaker at Blackhat, RSA, and hack.lu, Jan leverages the Law of Asymmetric Stakes (Law 7) to flip the conventional advantage in favor of the defender, ensuring that adversaries must be perfect to remain undetected within a layered deception grid.
Linkedin Profile: https://www.linkedin.com/in/jan-pohl-89231a264/
Session
Threat intelligence is often reduced to reactive IOC lists or superficial color-coded reports. This talk dismantles that paradigm. We will explore the application of Cyber Threat (Counter) Intelligence - CT(C)I - in a geopolitical context, demonstrating how to engineer detections that actively hunt sophisticated adversaries operating both outside and inside your perimeter. Moving beyond standard threats, we dissect the rising trend of APT-backed "remote workers" infiltrating organizations using deepfakes and fabricated histories. We will show you how to weaponize cyber counterintelligence and deploy deceptive defenses to expose the threat, transforming your internal environment into your primary intelligence sensor - detection. Finally, we will outline a modern, graph-based "Detection-as-Code" methodology that replaces static documentation with visual, automated defense logic.