2025-09-15 –, Main Room
The pursuit of a perfectly configured cloud is a laudable but often Sisyphean task. So why is it the primary benchmark for success in cloud security?
This talk uses the lens of behavioral economics to answer that question. We’ll explore how our fast, intuitive thinking (Daniel Kahneman's "System 1") is drawn to simple metrics and quick fixes, even when they don't reduce overall risk. We'll also examine how misleading metrics reinforce these cognitive biases, keeping us doing the busy work that is easily measured, but not impactful.
But moving from System 1 thinking to System 2 thinking isn't as simple as it sounds. Challenging an intuitive belief is not just an intellectual exercise; it's an emotional one.
This session explores how to engage analytical thinking with frameworks, giving System 2 the structure it needs to combat complacency and utilize its skills to understand complexity.
Kat Traxler is the Principal Security Researcher at Vectra AI, focusing on abuse techniques and vulnerabilities in the public cloud. Before her current role, she worked at various stages in the SDLC, performing web application penetration testing and security architecture.
Kat has presented at conferences worldwide on topics such as privilege escalation in GCP and bug-hunting in the cloud. She can be found on the internet as @nightmareJS.