Speaking at Oh MY HACK International
I will speaking at Oh My Hack this year, my session is titled :
💥 Building a #Cybersecurity Strategy for CISO’s? 💥
There are two types of organizations, the one they know has been hacked and the ones they don’t. It’s not the matter if but when the hack is going to happen!
So you are responsible for securing your organization, what do you need to do?
This session will help you to rethink your #security culture and hopefully help you make the #hackers job harder from learning the best practices from the field.
For More Info ▶️ https://bit.ly/3d0gG5T
11-12.05.2021, ONLINE
https://youtu.be/CO33EZeYemU?si=ctYuvCw2NRPJogcA
ABOUT OH MY HACK!
Enter the fascinating world of security conferences with one click – without barriers, without limits. Adjust the lectures to your level of knowledge, meet the best specialists from blue and red teams and enjoy the relaxed atmosphere of a virtual event.
The Oh My H@ck conference is an upgraded version of the well-known What The H@ck. Adam Haertle, founder and editor-in-chief of the Zaufana Trzecia Strona, is responsible for the selection of speakers and topics. Join us to fight cyber threats together and gain new levels of knowledge!
More Event News :
Oh MY HACK International – Speaking at Oh MY HACK International 2021
CISO Insight
Ethical hacking conferences are where the real threat intelligence lives. Researchers presenting new attack techniques, exploitation methods, and vulnerability discoveries at events like Oh My Hack give defenders a preview of what they will face in the wild within 6 to 12 months. CISOs who dismiss hacker conferences as irrelevant are ignoring the best early warning system our industry has.
The Value of Ethical Hacking Conferences for Security Leaders
Hacking conferences serve a critical function in the cybersecurity ecosystem. They provide a venue for security researchers to responsibly disclose new vulnerabilities, share novel attack techniques, and demonstrate the real-world impact of security weaknesses that might otherwise remain theoretical. For CISOs and security leaders, attending or following these events provides insight into the techniques that adversaries will adopt next — often well before they appear in commercial threat intelligence feeds.
Conferences like Oh My Hack, DEF CON, Black Hat, and regional security gatherings across Europe bring together offensive and defensive security practitioners in a way that no vendor webinar or analyst report can replicate. The technical depth of presentations, the hands-on workshops, and the hallway conversations between practitioners generate knowledge that directly informs defensive strategy. A CISO who understands how their environment looks from an attacker’s perspective is better equipped to prioritise controls and allocate resources effectively.
Bridging the Gap Between Offensive and Defensive Security
The most mature security programmes maintain a healthy tension between red team (offensive) and blue team (defensive) capabilities. Red teams simulate realistic attacks to test defences. Blue teams detect, respond to, and recover from those attacks. Purple team exercises bring both sides together to systematically evaluate controls and share knowledge. This adversarial approach to security testing is far more effective than compliance-driven checkbox exercises, because it reveals how defences actually perform under realistic conditions rather than how they perform in theory.
For organisations that cannot maintain dedicated red teams, engaging external penetration testing firms and participating in bug bounty programmes provides a similar adversarial perspective. The key is ensuring that findings from offensive testing are systematically fed back into the defensive programme — improving detection rules, hardening configurations, and closing gaps that testing reveals.
Frequently Asked Questions
Should CISOs attend hacking conferences?
Yes. Even if CISOs do not engage in hands-on technical work, understanding the attacker’s perspective is essential for making informed security investment decisions. Many conferences now include executive tracks and CISO-focused sessions alongside technical talks. At minimum, CISOs should follow conference proceedings and ensure their technical teams attend and share key takeaways.
What is the difference between red team and penetration testing?
Penetration testing focuses on finding vulnerabilities in specific systems or applications within a defined scope. Red teaming simulates realistic, multi-stage attacks against an organisation’s entire security posture — including people, processes, and technology — with the goal of testing detection and response capabilities rather than just identifying individual vulnerabilities. Red team engagements are broader in scope, longer in duration, and more closely simulate real adversary behaviour.
Related reading: For building offensive and defensive security capabilities, visit our Incident Response Hub or explore the Cyber Resilience Framework.