SANS CyberThreat Summit 2025

Wed, Dec 3 - Thu, Dec 4, 2025
12 CPEs (Summit Only)
English

Stamford Bridge

Fulham Rd., London SW6 1HS, United Kingdom

Jump to:

Speakers
Schedule
Location

Empowering Europe's Cybersecurity Sector

CyberThreat 2025 returns to London, bringing together Europe's cybersecurity community for another spectacular two-day conference. The event will take place on Wednesday, 3rd December and Thursday, 4th December 2025.

Tailored for security practitioners, this event covers both offensive and defensive disciplines, placing a significant focus on technical aspects. It provides exceptional value to cybersecurity professionals at all levels, offering an environment where practitioners can share experiences, knowledge, tools, and techniques to advance the field.

CyberThreat aims to deliver the best technical conference in Europe for cybersecurity practitioners. In addition to presentations from world-renowned cyber security experts and rising industry stars, CyberThreat 2025 features many hands-on opportunities for delegates in the form of CTF events, Hackable badges, team problem solving and “Hackathon” challenges against some of the latest devices and products.

The whole event was world class.
Graham BartlettSenior Technical Leader at Cisco

Get A Feel For CyberThreat By Looking Back At Our 2024 Event

CyberThreat 2024 welcomed hundreds of cybersecurity practitioners from across the world. Delegates enjoyed talks, presentations and an elaborate hackable badge challenge. The unique CTF competition provided an intense and entertaining experience and the high-quality networking opportunities ensured attendees thoroughly enjoyed the event. In 2024, attendees also had the opportunity to wind down between the technical presentations at the gaming area, flight and car simulators or on the retro arcade machines.

With new and exciting plans for 2025, you don't want to miss it!

CyberThreat 2024 Recap: Highlights, CTF Competition, and Key Insights

I really enjoyed the CyberThreat experience and my hats off to you and the team. You all pulled off one hell of a great conference!
Ryan NoletteLead Cloud Security Architect at Arrowstreet Capital

Why Should You Attend?

Watch inspiring keynote presentations delivered by renowned subject matter experts in the offensive, defensive and forensic fields.
Take part in the CyberThreat CTF; a super-technical, unpredictable and dynamic experience that allows you to participate as an individual or team up with your colleagues or friends.
Learn from SANS experts and hear unique insight from our founding partner - the UK's NCSC.
Network with like-minded security practitioners.
Attempt the interactive hackable badge challenge. Designed to test the most technically advanced delegates, the CyberThreat badge is, dare we say it, even more challenging than DEF CON's badges.

And much, much more...

Register

from £999 GBP

£999 GBP*Prices exclude applicable taxes | EUR price available during checkout

In personIncludes

Trending Talks from Industry Experts
Hackable Badge Competition
Immersive CTF Competition
Free Lunch and Snacks
Networking Opportunity with Peers

Advisory Board

Kirsten Ward

Threat Intelligence Manager

Kirsten Ward is the leader of Accenture’s Cyber Intelligence EMEA Consulting team, where Kirsten oversees a group of 35 threat intelligence specialists across the region.

Learn more

Dr. Xena Olsen

Exposure Management Manager

Xena is a Threat Intelligence Manager with Financial Services Company.

Learn more

Lina Lau

Founder of XINTRA

Lina has an extensive background in leading complex incident response engagements, where she was formerly the Principal IR Consultant at Secureworks APJ and the AAPAC Incident Response lead for Accenture ANZ where she built and set up the IR capability for the ANZ region.

Learn more

Simon Vernon

Principal Technical Architect

Simon Vernon brings more than a quarter century of experience to his role as Head of Research and Development for SANS Institute where he is responsible for the creation and operations of all Jupiter Rockets, BootUP, and Community Cyber Ranges.

Learn more

James Lyne

Chief Strategy and Innovation Officer

James has spent the past 20 years of his life chasing cybercriminals around the Internet and, as a self-professed “massive geek”, has been involved in most cyber security disciplines.

Learn more

Allison Wikoff

Global Threat Intelligence, Americas Lead

Allison Wikoff has over 20 years of experience in network defense, incident response, and cyber threat intelligence and research in private industry and consulting organizations.

Learn more

Schedule

Showing 15 of 30

Filter by:

Select day:

Registration and Networking

Day 108:15AM - 09:45AM GMT

In-Person

Opening Remarks

Day 109:45AM - 10:15AM GMT

Presented by

Ciaran Martin

Professor, Director of CISO Network

Paul Chichester

Director of Operations

In-Person

Opening Keynote – Securing The Unseen: The Future of Supply Chain Cybersecurity

As businesses grow more intertwined, threats tend to focus on vulnerable points, suchas external partners and supply networks. Whether it's tampered software patches or illicit intrusion into vendors' systems, malevolent actors manipulate trust and interconnections to achieve widespread access.

Day 110:15AM - 11:00AM GMT

Presented by

Robert Hannigan

Managing Director

In-Person

When The Dark Web Talks, The World Pays: The HELLCAT Story

In October, an innocuous-looking exchange on a well-known underground forum caught the attention of only a handful of seasoned threat watchers.

Within weeks, that conversation evolved into something far more dangerous—a fully operational ransomware group calling itself HELLCAT.

Day 111:00AM - 11:30AM GMT

Presented by

Rebecca Lois Taylor

Threat Intelligence Knowledge Manager

In-Person

Networking Break

Day 111:30AM - 12:15PM GMT

In-Person

Copilot: Bestie or Worst Enemy - The New Era of Weaponised LLMs

Large Language Models (LLMs) are rapidly being embedded into enterprise workflows. By 2025, 67% of organizations worldwide have adopted LLMs to support their operations, yet few defenders recognize them as a potential attack surface.

Day 112:15PM - 12:45PM GMT

Presented by

Rem Dudas

Senior Threat Intelligence Analyst

In-Person

How APTeens Pose a Risk to Your Enterprise and Career

How do Advanced Persistent Teenagers (APTEENS) pose a risk to enterprises and the defenders who protect them? This session explores how APTEENS have become a dominant threat in 2025, with groups like Scattered Spider turning intrusions into multi-domain crises that demand coordination across Incident Response, Legal, Executive, Communications, and Threat Intelligence teams.

Day 112:45PM - 01:15PM GMT

Presented by

Thomas Willkan

Lead Analyst and Manager, Dark Web Reconnaissance Team

In-Person

Networking Lunch

Day 101:15PM - 02:45PM GMT

Stealth and Evolved: The Story of Nimbus Manticore

For months, Check Point Research has tracked Nimbus Manticore, a threat group whose tactics and targets align with Iran’s IRGC, also known as UNC1549 or Smoke Sandstorm. Its focus – Strategic. Its hallmark – Human first deception. Targets receive convincing job offers via personalised HR emails, each containing a unique link to a fake career portal. Every credential is custom issued, allowing attackers to track victims individually.

Day 102:45PM - 03:15PM GMT

Presented by

Roi Morad

Threat Intelligence Researcher

In-Person

Stop Hitting Yourself: Turning Evasion Techniques Against Malware

Evasion techniques are among the most damaging tactics malware can employ, yet recent advances in both attacks and defenses have not been widely covered.

While some samples rely on popular and easy to defeat tricks copy-pasted from open-source GitHub projects, others reveal the hand of highly skilled developers who demonstrate deep insights of operating system internals and nearly push the techniques into an art form.

Day 103:15PM - 03:45PM GMT

Presented by

Patrick Staubmann

Team Lead Threat Analyst

In-Person

Technical Talk

Day 103:45PM - 04:05PM GMT

In-Person

Networking Break

Day 104:05PM - 04:50PM GMT

In-Person

Closing Keynote - Beyond the Digital: Drones as an Extension of the Cyber Threat

Drones are recognised now as a disruptive battlefield technology, particularly in the context of the war in Ukraine. Attacks in the Middle East and ambiguous incidents over critical infrastructure in Europe add to this narrative. Meanwhile the available counter-drone defences have either been absent or suffer from being point-solutions to particular problems. Detection is difficult, mitigation is hazardous and determining attribution often impossible. These are all familiar issues to practitioners of cyber security.

Day 104:50PM - 05:35PM GMT

Presented by

Adrian Nish

Director, Europe East

In-Person

Chair Closing Remarks

Day 105:35PM - 05:40PM GMT

In-Person

Post Summit Social Networking

Day 105:40PM - 07:40PM GMT

In-Person

Doors Open

Day 208:45AM - 09:45AM GMT

In-Person

Opening Remarks

Day 209:45AM - 10:00AM GMT

Presented by

Ciaran Martin

Professor, Director of CISO Network

In-Person

Opening Keynote - Cyber War By Proxy: What Ukraine Teaches Us About Defense Coalitions and Digital Policy at Scale

The war in Ukraine has become a proving ground for cyber warfare, proxy attacks, and international digital defense collaboration. This session examines the lessons learned about coalition-based cyber defense, scalable policy responses, and how global partnerships can rapidly adapt to evolving threats in a high-stakes conflict zone.

Day 210:00AM - 10:45AM GMT

Presented by

Heli Tiirma-Klaar

Visiting Distinguished Fellow

In-Person

Squidoor - Dissecting a Sophisticated Multi-Platform Malware Used By a Chinese APT

Since early 2023, a Chinese APT group tracked as CL-STA-0049 has been running an intricate campaign against government, defense, telecom, education, and aviation targets across Southeast Asia and South America.

This operation showcases exceptional tradecraft: Multi-stage attacks, stealthy evasion, and a backdoor unlike any we’ve seen before.

At its core lies “Squidoor”, a cross-platform backdoor with 10 distinct C2 channels—including rare techniques like abusing Outlook for command-and-control.

Day 210:45AM - 11:15AM GMT

Presented by

Lior Rochberger

Principal Threat Researcher

Tom Fakterman

Senior Threat Researcher

In-Person

Networking Break

Day 211:15AM - 12:00PM GMT

In-Person

Fireside Chat

Day 212:00PM - 12:30PM GMT

Presented by

Ciaran Martin

Professor, Director of CISO Network

In-Person

Service à la Russia: A Tasting Course of Intelligence Tradecraft and Russia - Based Threat Actor Case Studies

Russia-based threat actors remain a top concern for organizations across North America and Europe. In this session, PwC will share 2025 case studies on groups such as Blue Python (Turla), Blue Echidna (Sandworm), and Blue Dev 17 (Void Blizzard), exploring their tactics, tools, and infrastructure.

Day 212:30PM - 01:00PM GMT

Presented by

John Southworth

Senior Manager, Threat Intelligence

In-Person

Networking Lunch

Day 201:00PM - 02:30PM GMT

In-Person

Machine vs Machine: Winning the New Security Arms Race

We stand at the dawn of a new security paradigm where autonomous systems on both sides of the battlefield are changing the dynamics of attack and defense. Drawing on recent Google Threat Intelligence findings, this session reveals how nation-state actors and cybercriminals are already weaponizing AI while showcasing how defensive AI agents can create self-improving security systems.

Learn how the constraints of cost, latency, and efficacy are shaping this machine-vs-machine future, and discover how autonomous agents and domain-specific languages enable a continuous feedback loop to rapidly strengthen defenses.

*Sponsored by Sublime Security

Day 202:15PM - 02:45PM GMT

Presented by

Bryan Campbell

Threat Detection Engineer

In-Person

The Crossover Episode: When Espionage Steals from Crime

Proofpoint Threat Research has uncovered a striking trend: State-sponsored actors increasingly adopting the tools and tactics of cybercriminals. Tactics once used by criminals for profit are now showing up in espionage attacks. Across both emerging and established threat groups, we are seeing criminal techniques such as social engineering tricks, abuse of cloud services, and rapid vulnerability exploitation, all repurposed for intelligence gathering.

Day 202:40PM - 03:10PM GMT

Presented by

Saher Naumaan

Senior Threat Researcher

In-Person

Hey Minion! Demystifying North Korean IT Workers

That promising Senior Software Engineer applicant with a Minion avatar on GitHub? They might just be a North Korean IT Worker.

Active since at least 2018, these operatives—Tracked as PurpleDelta—have targeted organizations across every sector, from government and finance to aerospace, e-commerce, and crypto.

Day 203:10PM - 03:40PM GMT

Presented by

Sveva Vittoria Scenarelli

Cyber Threat Intelligence Senior Analyst

In-Person

Networking Break

Day 203:40PM - 04:25PM GMT

In-Person

No pAIn, No gAIn: How AI Will Hurt Bug Bounty Hunters and How to Fix It

Artificial Intelligence is transforming the cybersecurity landscape, promising faster threat detection, streamlined incident response, and predictive defense. But behind these advancements lies an urgent challenge: AI is not just augmenting cybersecurity work—it’s automating it. And in doing so, it threatens to displace the very skilled workers it was meant to empower.

Day 204:25PM - 04:45PM GMT

Presented by

Katie Moussouris

Founder and CEO

In-Person

Closing Keynote - When Cyber Conflict Hits Civilians: The Humanitarian Impact of Digital Warfare

Cyber conflict no longer stops at the battlefield. Civilians are increasingly caught in the crossfire. This keynote explores the humanitarian consequences of cyberattacks, from hospital outages to critical service disruption, and highlights the role of international cooperation and ethics in reducing harm to society.

Day 204:45PM - 05:30PM GMT

Presented by

Francesca Bosco

Chief Strategy Officer

In-Person

Chair Closing Remarks

Day 205:30PM - 05:40PM GMT

In-Person

London, United Kingdom

Stamford Bridge

Forget the office. CyberThreat deserves the prestige of Stamford Bridge—the legendary London landmark will be the venue for this year's edition, hosting all of the keynotes, workshops, and other memorable surprises. Where else can world-class networking happen surrounded by decades of sporting excellence in the city?

View Venue

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SANS CyberThreat Summit 2025

Share

Empowering Europe's Cybersecurity Sector

Students Say

Get A Feel For CyberThreat By Looking Back At Our 2024 Event

Students Say

Why Should You Attend?

Register

Register

Advisory Board

Kirsten Ward

Dr. Xena Olsen

Lina Lau

Simon Vernon

James Lyne

Allison Wikoff

Schedule

Registration and Networking

Opening Remarks

Opening Keynote – Securing The Unseen: The Future of Supply Chain Cybersecurity

When The Dark Web Talks, The World Pays: The HELLCAT Story

Networking Break

Copilot: Bestie or Worst Enemy - The New Era of Weaponised LLMs

How APTeens Pose a Risk to Your Enterprise and Career

Networking Lunch

Stealth and Evolved: The Story of Nimbus Manticore

Stop Hitting Yourself: Turning Evasion Techniques Against Malware

Technical Talk

Networking Break

Closing Keynote - Beyond the Digital: Drones as an Extension of the Cyber Threat

Chair Closing Remarks

Post Summit Social Networking

Doors Open

Opening Remarks

Opening Keynote - Cyber War By Proxy: What Ukraine Teaches Us About Defense Coalitions and Digital Policy at Scale

Squidoor - Dissecting a Sophisticated Multi-Platform Malware Used By a Chinese APT

Networking Break

Fireside Chat

Service à la Russia: A Tasting Course of Intelligence Tradecraft and Russia - Based Threat Actor Case Studies

Networking Lunch

Machine vs Machine: Winning the New Security Arms Race

The Crossover Episode: When Espionage Steals from Crime

Hey Minion! Demystifying North Korean IT Workers

Networking Break

No pAIn, No gAIn: How AI Will Hurt Bug Bounty Hunters and How to Fix It

Closing Keynote - When Cyber Conflict Hits Civilians: The Humanitarian Impact of Digital Warfare

Chair Closing Remarks

London, United Kingdom

Registration and Networking

Opening Remarks

Opening Keynote – Securing The Unseen: The Future of Supply Chain Cybersecurity

When The Dark Web Talks, The World Pays: The HELLCAT Story

Networking Break

Copilot: Bestie or Worst Enemy - The New Era of Weaponised LLMs

How APTeens Pose a Risk to Your Enterprise and Career

Networking Lunch

Stealth and Evolved: The Story of Nimbus Manticore

Stop Hitting Yourself: Turning Evasion Techniques Against Malware

Technical Talk

Networking Break

Closing Keynote - Beyond the Digital: Drones as an Extension of the Cyber Threat

Chair Closing Remarks

Post Summit Social Networking

Doors Open

Opening Remarks

Opening Keynote - Cyber War By Proxy: What Ukraine Teaches Us About Defense Coalitions and Digital Policy at Scale

Squidoor - Dissecting a Sophisticated Multi-Platform Malware Used By a Chinese APT

Networking Break

Fireside Chat

Service à la Russia: A Tasting Course of Intelligence Tradecraft and Russia - Based Threat Actor Case Studies

Networking Lunch

Machine vs Machine: Winning the New Security Arms Race

The Crossover Episode: When Espionage Steals from Crime

Hey Minion! Demystifying North Korean IT Workers

Networking Break

No pAIn, No gAIn: How AI Will Hurt Bug Bounty Hunters and How to Fix It

Closing Keynote - When Cyber Conflict Hits Civilians: The Humanitarian Impact of Digital Warfare

Chair Closing Remarks