List of Must-See Talks at Black Hat 2025 in Las Vegas

Black Hat USA 2025 #BHUSA brings together the brightest minds in cybersecurity. Here's our curated list of essential sessions for network security professionals.

Black Hat USA 2025 returns to Las Vegas from August 2-7, showcasing the latest cybersecurity research, emerging threats, and cutting-edge defensive strategies. Now in its 29th year, this premier conference continues to drive innovation and collaboration among security professionals, researchers, and industry leaders worldwide.

The conference features four days of intensive training (August 2-5) followed by two days of briefings and networking opportunities in the Business Hall (August 6-7). With the cybersecurity landscape evolving rapidly, this year's agenda reflects the urgent need for organizations to address the expanding attack surface created by IoT, OT, and IoMT devices, the rise of AI-powered threats, and the growing sophistication of ransomware groups.

Elisity's Participation at Black Hat 2025

Elisity's team will be actively participating in Black Hat 2025, continuing our mission to help enterprises achieve Zero Trust maturity through identity-based microsegmentation. Our solutions address the core challenges facing today's security leaders: preventing lateral movement, securing unmanaged devices, and implementing least-privilege access policies at scale.

We're excited to engage with customers, partners, and the broader security community as we explore how modern microsegmentation can transform network security architectures. Join us at the conference to discover how leading organizations are reducing their attack surface by up to 99% while achieving compliance with frameworks like NIST 800-207, IEC 62443, and the draft 2025 HIPAA Security Rule.

Additionally, Elisity's CEO James Winebrenner and VP, Business Development Sabrina Sirianni will be hosting an exclusive, invite-only CISO dinner on Tuesday evening, bringing together cybersecurity leaders to discuss the latest trends in Zero Trust implementation and microsegmentation strategies.

The Current Threat Landscape Driving Black Hat 2025

Manufacturing and Healthcare Under Siege

The threat landscape of 2025 presents unprecedented challenges for enterprise security leaders. 67% of healthcare organizations experienced ransomware attacks in 2024, with a 2024 average for healthcare data breach cost of $9.77 million. Manufacturing sectors face similar pressures, with 22% of all Q1 2025 ransomware attacks targeting manufacturing organizations.

These industries struggle with unique security challenges. Healthcare environments must protect thousands of unmanaged medical devices while maintaining continuous availability for patient care. Manufacturing organizations need to secure operational technology (OT) systems, including legacy PLCs and SCADA systems, without disrupting critical production processes.

The Ransomware Evolution

The ransomware landscape has evolved significantly, with 80 active groups identified in Q1 2025, including 16 new entrants. Leading groups like CLOP, Akira, RansomHub, and Qilin have dominated the attack landscape, with CLOP alone responsible for approximately 10% of all observed attacks. These groups increasingly leverage zero-day exploits, with evidence from Black Basta chat logs revealing purchases of exploits for $200,000 or more.

Executive Sessions at Black Hat 2025

Tuesday, August 5, 2025 - Summit Day

Omdia Analyst Summit at Black Hat USA
All Day Event - Mandalay Bay

This exclusive summit focuses on cybersecurity AI agents and their transition from intent to scale. For security leaders implementing microsegmentation strategies, understanding how AI agents can enhance automated policy creation and enforcement is crucial. The summit explores enterprise readiness to deploy cybersecurity agents, priority areas for implementation, and winning business models for agentic AI in cybersecurity.

The session provides valuable insights for organizations considering how AI can accelerate their Zero Trust journey through intelligent policy automation and continuous risk assessment.

9:00am-11:00am

Rise & Shine Leadership Breakfast - Vision & Voice
Location: Foundation Room, Mandalay Bay (3950 S Las Vegas Blvd, Las Vegas, NV)
Format: Leadership Breakfast & Panel Discussion
Track: Leadership

Overview: Join a powerful community of cybersecurity leaders passionate about advancing women in the industry and building pathways for rising stars. Attendees include CISOs, cybersecurity leaders, and rising stars in the industry. Please apply to attend if you fit within one of these groups and can add to the vibrant discussion.

Featured Panel Discussion: "Lessons in Resilience: What I Got Wrong (and What You Can Get Right)"
Don't miss our featured panel exploring pivotal experiences—moments when they questioned their voice, made decisions that challenged conventional wisdom, or faced setbacks that tested their conviction. Through these stories, we'll examine how resilience is built, how leadership evolves over time, and how these leaders are now guiding the next generation through similarly complex terrain.

Featured Speakers:

• Cynthia Kaiser - Formerly led policy, intelligence, and engagement for FBI Cyber, where she focused on strategic partnerships, sharing threat intelligence, and building relationships with the private sector and cyberthreats. With 20+ years of cyber and national security experience, she has served as a POB intelligence Studies in two presidential administrations, a Member of the Cyber Safety Review Board, and a Principal for multiple critical infrastructure security groups.
• Naheela Barbari - Vice President - Cyber, Law Enforcement, Intelligence, and Citizenship Business Area, CACI
• Galina Antova - Serial cybersecurity entrepreneur currently leading an AI-powered cybersecurity venture. In 2024, she founded Claroty in 2015 with the mission to secure all cyber physical systems. Today, Claroty is a pre-IPO company that has raised $300M+ and protects many Fortune 500+ organizations. Galina serves as a Member of Claroty, Ping, Cloud Range, and the Bulgarian Innovation Hub (BIH). Prior to founding Claroty, she was the Global Head of Industrial Security Services at Siemens and a Staff at MIT Software Group. Galina is a board member of Elisity.
• Emily O'Carroll - Field CISO with GuidePoint Security. Prior to GuidePoint, she was the CISO at TopGolf where she helped lead the cyber and management consulting at KPMG with major companies across a wide range of industries including maritime, healthcare, and finance.
• Moderator: Amy De Salvatore - Partner at NightDragon, a venture capital and advisory firm investing in growth-stage companies in cybersecurity, defense, and critical infrastructure protection. She leads NightDragon's information platform, building strategic partnerships to accelerate growth and scale across the portfolio.

Essential Sessions for Network Security Professionals

Wednesday, August 6, 2025 - Main Conference Day 1

Keynote: Three Decades in Cybersecurity: Lessons Learned and What Comes Next
Speaker: Mikko Hypponen, Chief Research Officer, WithSecure
Location: Michelob ULTRA Arena (Concourse Level)
Format: 40-Minute Keynote

Mikko Hypponen brings three decades of front-line malware research experience to this opening keynote. Having investigated major cyber outbreaks from early viruses to modern ransomware campaigns including Stuxnet, WannaCry, and LockBit, Hypponen offers unique insights into the evolution of cyber threats. His perspective on lateral movement tactics and the increasing sophistication of attack methods directly aligns with the challenges that drive microsegmentation initiatives.

For network security professionals, this keynote provides essential context for understanding how attack vectors have evolved and what defensive strategies will be most effective in the coming years.

I'm in Your Logs Now, Deceiving Your Analysts and Blinding Your EDR
Speaker: Olaf Hartong, Security Researcher, FalconForce
Location: Islander E & I, Level 0 - North Convention Center
Format: 40-Minute Briefings

This session demonstrates how attackers can manipulate Event Tracing for Windows (ETW) to mislead security analysts and potentially blind EDR systems. Hartong's research shows how event capping mechanisms can be exploited to render EDR tools partially blind to malicious activities. This research underscores the critical importance of network-level controls that operate independently of endpoint agents.

The presentation highlights why identity-based microsegmentation provides essential defense-in-depth capabilities that cannot be compromised through endpoint manipulation, making it a crucial component of comprehensive security architectures.

From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion
Speaker: Shu-Hao Tung, Threat Researcher, Trend Micro
Location: South Seas A & B, Level 3
Format: 40-Minute Briefings

This session introduces innovative techniques for gaining initial access to intranets without traditional phishing or credential attacks. Tung demonstrates how stateless tunnels like GRE and VxLAN can be leveraged for network infiltration, affecting not only major cloud providers but also enterprise networks.

The research emphasizes the importance of comprehensive network visibility and microsegmentation to detect and prevent these sophisticated tunneling techniques. Organizations implementing Zero Trust architectures need to ensure their segmentation strategies account for these emerging attack vectors.

Thursday, August 7, 2025 - Main Conference Day 2

Keynote: The New Frontline: Cyber on the Precipice
Speaker: Nicole Perlroth, Founding Partner, Silver Buckshot Ventures
Location: Michelob ULTRA Arena (Concourse Level)
Format: 60-Minute Keynote

Nicole Perlroth delivers a stark assessment of the current threat landscape, warning that malware has evolved to "living off the land" techniques while AI distorts reality itself. Her analysis of how advanced persistent threats have evolved from Stuxnet to modern campaigns provides crucial context for security leaders planning their defense strategies.

Perlroth's emphasis on courage over code resonates with the practical challenges facing CISOs who must implement comprehensive security transformations while maintaining operational efficiency. Her insights reinforce the need for robust microsegmentation strategies that can adapt to increasingly sophisticated threats.

Behind the Screen: Unmasking North Korean IT Workers' Operations and Infrastructure
Speaker: SttyK, Open Source Intelligence Analyst
Location: South Pacific F, Level 0 - North Convention Center
Format: 40-Minute Briefings

This session provides unprecedented visibility into North Korean cyber operations, revealing organizational structures and operational workflows used to generate foreign currency through cryptocurrency theft and covert IT worker placements. The research demonstrates the sophistication of state-sponsored operations and their impact on enterprise security.

For manufacturing and healthcare organizations, understanding these advanced persistent threat capabilities is essential for developing appropriate defense strategies, including robust network segmentation and identity verification processes.

Advanced Active Directory to Entra ID Lateral Movement Techniques
Speaker: Dirk-jan Mollema, Security Researcher, Outsider Security
Location: South Seas A & B, Level 3
Format: 40-Minute Briefings

This session explores the security boundary between Active Directory and Entra ID in hybrid environments, introducing new lateral movement techniques that bypass authentication, MFA, and traditional security controls. Mollema's research demonstrates how attackers can stealthily exfiltrate data using on-premises AD as a starting point.

The presentation underscores the critical importance of implementing comprehensive microsegmentation that extends beyond traditional network boundaries to include cloud and hybrid environments. Organizations need identity-based security policies that persist across all network locations and environments.

Turning the Tables on GlobalProtect: Use and Abuse of Palo Alto's Remote Access Solution
Speakers: Alex Bourla, Security Engineer and Researcher; Graham Brereton, Senior Software Engineer, Form3
Location: Mandalay Bay H, Level 2
Format: 40-Minute Briefings

This research examines security vulnerabilities in Palo Alto Networks' GlobalProtect remote access solution, demonstrating how highly-privileged agents can become sources of vulnerability. The findings highlight potential privilege escalation and VPN bypass techniques on MacOS and Linux endpoints.

The session emphasizes the importance of Zero Trust principles that do not rely solely on VPN security but implement continuous verification and least-privilege access policies throughout the network infrastructure.

Specialized Summit Sessions

Supply Chain Micro Summit

Wednesday, August 6, 2025 - 10:15 AM – 12:20 PM
Location: Business Hall Theater C

This summit addresses the complex security challenges introduced by digital transformation and interconnected supply chains. For manufacturing organizations, supply chain security is particularly critical given the integration of operational technology systems with business networks.

The sessions explore strategic approaches to securing distributed environments while maintaining operational efficiency, directly relevant to organizations implementing microsegmentation across complex, multi-vendor ecosystems.

Industrial Control Systems (ICS) Micro Summit

Thursday, August 7, 2025 - 1:30 PM – 3:35 PM
Location: Business Hall Theater C

This focused summit addresses the unique challenges of securing rapidly digitalizing industrial environments. Manufacturing organizations face the dual challenge of enhancing productivity through digital transformation while maintaining robust cybersecurity controls.

The sessions provide actionable insights for implementing microsegmentation in OT environments, meeting IEC 62443 requirements, and securing legacy PLCs and SCADA systems without disrupting critical production processes.

Building Your Microsegmentation Strategy: Key Takeaways

People: Building Internal Capabilities

Black Hat 2025 emphasizes the critical importance of building internal cybersecurity capabilities. Organizations need teams capable of understanding both traditional network security and modern identity-based approaches. Training programs should focus on developing expertise in Zero Trust architectures, microsegmentation strategies, and incident response procedures.

Successful implementation requires collaboration between IT, security, and operational teams. Manufacturing organizations particularly benefit from cross-functional teams that understand both enterprise IT and operational technology requirements.

Processes: Implementing Modern Security Frameworks

The conference sessions highlight the need for processes that support rapid policy implementation and continuous security improvement. Organizations should develop standardized procedures for device discovery, policy creation, and incident response that can scale across multiple locations and environments.

Modern microsegmentation platforms enable organizations to implement comprehensive security policies in weeks rather than years, but success depends on having proper processes in place for policy development, testing, and rollout.

Compliance: Meeting Regulatory Requirements

Black Hat 2025 sessions emphasize the increasing regulatory focus on network segmentation. Healthcare organizations must comply with updated draft HIPAA Security Rule requirements, while manufacturing organizations need to meet IEC 62443 standards for industrial cybersecurity.

Identity-based microsegmentation provides a comprehensive approach to meeting these requirements through automated policy enforcement, continuous monitoring, and detailed audit reporting. Organizations can achieve compliance while reducing operational overhead through modern approaches that eliminate the need for complex VLAN configurations and manual policy management.

Technology: Leveraging Modern Platforms

The conference showcases the evolution from traditional perimeter-based security to modern Zero Trust architectures. Organizations should evaluate microsegmentation platforms based on their ability to provide comprehensive device discovery, automated policy creation, and seamless integration with existing infrastructure.

Modern platforms like Elisity enable organizations to implement identity-based security policies using existing network infrastructure, eliminating the need for agents, additional hardware, or complex network reconfigurations. This approach reduces both capital and operational expenses while providing superior security coverage.

Conclusion: The Path Forward for Network Security Leaders

Black Hat 2025 demonstrates that the cybersecurity landscape continues to evolve rapidly, with increasingly sophisticated threats targeting manufacturing, healthcare, and industrial organizations. The conference sessions highlight the critical importance of implementing comprehensive microsegmentation strategies that can adapt to emerging attack vectors while maintaining operational efficiency.

Organizations that succeed in this environment will be those that embrace modern approaches to network security, implementing identity-based microsegmentation that provides comprehensive coverage for all users, workloads, and devices. By leveraging platforms that enable rapid implementation and continuous policy adaptation, security leaders can achieve Zero Trust maturity while meeting regulatory requirements and reducing cyber insurance premiums.

The insights from Black Hat 2025 reinforce that security transformation is not just about technology—it requires the right combination of people, processes, and platforms working together to create resilient security architectures. As the threat landscape continues to evolve, organizations that invest in modern microsegmentation capabilities will be best positioned to protect their critical assets while enabling business growth and innovation.

Ready to explore how identity-based microsegmentation can transform your organization's security posture? Connect with the Elisity team at Black Hat 2025 or schedule a demonstration to see how leading organizations are implementing Zero Trust architectures in weeks, not years. Request to meet with us at Black Hat here.