Stairway to resilience: cybersecurity in good times, bad times, and everything between

This presentation forms part of the CTA's Threat Intelligence Practitioners' Summit

Thursday 15 October 12:00 - 12:30, Small Talks room

Selena Larson (Proofpoint), Jeannette Jarvis (Cyber Threat Alliance), Kathi Whitbey (Palo Alto Networks) & Jeanette Miller-Osborn (Dataminr)

Step into the world of Led Zeppelin as we turn classic tracks into modern cybersecurity insights.

In today's threat landscape, cybersecurity teams are living through Good Times, Bad Times – moments of extraordinary innovation fuelled by AI, paired with unprecedented pressure as adversaries weaponize the same technologies. As automation accelerates both defence and attack, organizations must rethink how they build, train, and empower their workforce to keep pace.

Critical infrastructure operators know all too well what happens When the Levee Breaks. From water systems to hospitals to energy grids, the consequences of a single breach can cascade across communities. This panel will explore how secure‑by‑design and secure‑by‑default principles can reinforce the digital levees we all depend on, and why resilience must be engineered, not hoped for.

Yet the industry continues to wrestle with What Is and What Should Never Be – persistent gaps in diversity, equity, and inclusion that limit who gets to participate in cybersecurity and whose perspectives shape our defences. We'll examine how the lack of representation impacts everything from AI model bias to incident response culture, and what it will take to build teams that reflect the communities they protect.

To meet the moment, we need a whole‑of‑industry call to action: C'mon Everybody. From upskilling the existing workforce to reimagining cyber training pathways, from expanding sponsorship to operationalizing inclusion, the future of defence depends on broad participation and shared responsibility.

Ultimately, the goal is a Stairway to Heaven – a more secure, more resilient, more equitable cybersecurity ecosystem where innovation lifts everyone, not just a few. This panel brings together leaders across sectors to explore how we get there, what stands in the way, and how partnerships can turn aspiration into action.

 

Selena-Larson.jpg

Selena Larson

Selena Larson is a staff threat researcher on Proofpoint's threat research team. Her work focuses on uncovering emerging attacker techniques, profiling threat actors, and delivering high impact intelligence to strengthen organizational defences. Selena's analyses span fraud and cybercrime ecosystems, and rapidly evolving threat trends. She collaborates closely with cross functional teams to advance threat detection and response. Selena hosts two podcasts for cyber defenders: DISCARDED and Only Malware in the Building. Previously she worked for ICS security firm Dragos, and before joining vendor land, was a cybersecurity and privacy journalist.

 
Jeannette-Jarvis-web.jpg

Jeannette Jarvis

Jeannette Jarvis is the Chief Business Officer at the Cyber Threat Alliance (CTA), where she leads the organization's membership growth, strategic partnerships, marketing and communications, and overall business operations. With over 30 years of experience in the cybersecurity industry, Jeannette has held senior leadership roles at prominent technology companies, including Director of Product Marketing at Fortinet and Director of Product Management at McAfee and Intel Security. Her career also includes key leadership positions at Microsoft and Boeing. Jeannette actively contributes to the global cybersecurity community through her service on the Board of Directors for the Association of Anti-Virus Asia Researchers (AVAR) and as a member of the advisory board for Virus Bulletin.

 
Kathi-Whitbey.jpg

Kathi Whitbey

Kathi Whitbey is the Principal Threat Analyst, Healthcare for Unit 42 at Palo Alto Networks, where she combines deep threat intelligence expertise with a passion for securing the healthcare sector and a commitment to advancing cybersecurity collaboration. She played a pivotal role in the formation of the Cyber Threat Alliance (CTA), helping establish trusted intelligence-sharing capabilities that transformed how the industry works together to defend against cyber threats.

Beyond her professional work, Kathi served as a technical expert for Girl Scouts of the USA, helping develop 18 cybersecurity badges that have introduced thousands of girls to cybersecurity concepts and careers. With experience spanning government technology programs, global training initiatives, emergency medical services, and industry leadership, she is dedicated to strengthening cyber resilience through collaboration, education, and service.

 
Jeanette-Miller-Osborne.jpg

Jeanette (Jen) Miller-Osborn

Jeanette (Jen) Miller-Osborn is Field Cyber Intelligence Officer at Dataminr, where she tracks emerging threats and translates real-time intelligence into actionable defence strategies. A co-founder of Palo Alto Networks' Unit 42 threat intelligence team and co-creator of the MITRE ATT&CK framework, she brings more than 25 years of cyber threat intelligence experience spanning the private sector, government, and the U.S. Air Force.

Back to VB2026 Programme page

Back to VB2026 conference page

Register your interest for VB2026

Other VB2026 papers

Threat intelligence-driven clustering: identifying a new cyber-mercenary intrusion set

VB2026 presentation: Threat intelligence-driven clustering: identifying a new cyber-mercenary intrusion set, Maher Yamout and Fatih Şensoy

From hotel account compromise to guest payment fraud: the reservation hijack attack chain

VB2026 presentation: From hotel account compromise to guest payment fraud: the reservation hijack attack chain, Martin Chlumecký and Luis Corrons

Hunting LANDFALL: from overlooked images to state-linked mobile spyware

VB2026 presentation: Hunting LANDFALL: from overlooked images to state-linked mobile spyware, Itay Cohen

Gorbag: Orcs at the border

VB2026 presentation: Gorbag: Orcs at the border, Damien Schaeffer

Defeating indirect branching obfuscations in malware with Hex-Rays Decompiler

VB2026 presentation: Defeating indirect branching obfuscations in malware with Hex-Rays Decompiler, Georgy Kucherin

Discerning the invisible: a heuristic engine for behavioural inference in nation-state covert networks

VB2026 presentation: Discerning the invisible: a heuristic engine for behavioural inference in nation-state covert networks, Madeline Sedgwick

Kimwolf’s claws loom over 1.8 million firewalled Android devices worldwide

VB2026 presentation: Kimwolf’s claws loom over 1.8 million firewalled Android devices worldwide, Alex Turing

Paying the TOLL: how REF3927 turned 571 IIS servers into an SEO fraud network

VB2026 presentation: Paying the TOLL: how REF3927 turned 571 IIS servers into an SEO fraud network, Salim Bitam and Jia Yu Chan

Leveraging Landlock telemetry for Linux detection engineering

VB2026 presentation: Leveraging Landlock telemetry for Linux detection engineering, Guillaume Couchard and Erwan Chevalier

Targeting the elderly: from spoofing to persistence

VB2026 presentation: Targeting the elderly: from spoofing to persistence, Axelle Apvrille

The invisible warzone: competing botnets fighting over your smart TV

VB2026 presentation: The invisible warzone: competing botnets fighting over your smart TV, Asher Davila, Chris Navarrete & Doel Santos

Mac&Cheese: cooking up the Digit Stealer recipe

VB2026 presentation: Mac&Cheese: cooking up the Digit Stealer recipe, Kseniia Yamburh & Joan Garcia

How real-world malware disables EDR systems

VB2026 presentation: How real-world malware disables EDR systems, Holger Unterbrink

Newsjacking the world: tracking three months of uncovered APT operations disguised as global headlines

VB2026 presentation: Newsjacking the world: tracking three months of uncovered APT operations disguised as global headlines, Darrel Virtusio & Subhajeet Singha

Polling is the vulnerability: a case for event-driven cloud detection

VB2026 paper: Polling is the vulnerability: a case for event-driven cloud detection, Santiago Abastante

The edge is the enemy: hunting Chinese router relay networks

VB2025 presentation: The edge is the enemy: hunting Chinese router relay networks, Ryan Sherstobitoff

Unravelling Lumma Stealer’s protection stack: pushing static deobfuscation to its practical limit

VB2026 presentation: Unraveling Lumma Stealer’s protection stack: pushing static deobfuscation to its practical limit, Yuki Umemura

AI in malware: evolution and predicting the future of AI-driven attacks

VB2026 presentation: AI in malware: evolution and predicting the future of AI-driven attacks, Eli Smadja

The cyber saga: deconstructing the DPRK’s global synthetic IT workforce ecosystem

VB2026 presentation: The cyber saga: deconstructing the DPRK’s global synthetic IT workforce ecosystem, Anastasia Tikhonova

Tracing the bloodline of LLM-driven polymorphic malware: do GHOSTs leave footprints?

VB2026 presentation: Tracing the bloodline of LLM-driven polymorphic malware: do GHOSTs leave footprints? Chanbin Jeon, SeungBeom Lim & SuhMahn Hur

How LOLRMM, LOLDrivers and CertGraveyard map the attacker's favourite kill chain

VB2026 presentation: How LOLRMM, LOLDrivers and CertGraveyard map the attacker's favourite kill chain, Jose Enrique Hernandez & Nasreddine Bencherchali

Agent detection and response: safety on a token budget

VB2026 presentation: Agent detection and response: safety on a token budget, Václav Belák, Jakub Křoustek & Tomáš Ďuriš

Malwaremorphosis - breaking down a global multi-layer malvertising operation

VB2026 presentation: Malwaremorphosis - breaking down a global multi-layer malvertising operation, Ionuț Baltariu

I will find you and I will flag you: hunting malicious packages at scale

VB2026 presentation: I will find you and I will flag you: hunting malicious packages at scale, Christophe Tafani-Dereeper

Otter encyclopaedia: deep analysis of Otter family

VB2026 presentation: Otter encyclopaedia: deep analysis of Otter family, Rintaro Koike, Yuta Sawabe & Masaya Motoda

Break the silence: tracking Silent Lynx through exposed infrastructure

VB2026 presentation: Break the silence: tracking Silent Lynx through exposed infrastructure, Julian Ferdinand Vögele & Chi-en (Ashley) Shen

Operation FalseProof: PoC that bites back

VB2026 presentation: Operation FalseProof: PoC that bites back, Jiho Kim & Minyeop Choi

Transparency wars: exposing hidden biases in testing

VB2026 presentation: Transparency wars: exposing hidden biases in testing, Righard Zwienenberg & Luis Corrons

Snap, trigger, steal: SnappyClient and the art of trigger-based intrusions

VB2026 presentation: Snap, trigger, steal: SnappyClient and the art of trigger-based intrusions, Muhammed Irfan V A, Avinash Kumar & Nirmal Singh

Reverse engineering a multi-stage implant targeted Vietnamese organizations

VB2026 presentation: Reverse engineering a multi-stage implant targeted Vietnamese organizations, Minh Anh Luong

When malware talks back: real-time interaction with a threat actor during the analysis of Kiss Loader

VB2026 presentation: When malware talks back: real-time interaction with a threat actor during the analysis of Kiss Loader, Marvin Castillo & Arvin Jay Bandong

Free games, costly consequences: unravelling PiviGames’ hidden treasure malware

VB2026 presentation: Free games, costly consequences: unravelling PiviGames’ hidden treasure malware, John Rey Dador

Khmer Shadow: uncovering a targeted cyber espionage campaign against Cambodian military intelligence

VB2026 presentation: Khmer Shadow: uncovering a targeted cyber espionage campaign against Cambodian military intelligence, Subhajeet Singha

Practical ransomware detection on macOS (via math, not AI)

VB2026 presentation: Practical ransomware detection on macOS (via math, not AI), Patrick Wardle

From exclusive to widespread: the shifting exploitation dynamics of (zero-day) vulnerabilities before and after their (public) disclosure

VB2026 presentation: From exclusive to widespread: the shifting exploitation dynamics of (zero-day) vulnerabilities before and after their (public) disclosure, Kerstin Zettl-Schabath & Kritika Roy

The other side of the front: hunting Paper Werewolf's operations against Russia

VB2026 presentation: The other side of the front: hunting Paper Werewolf's operations against Russia, Nicole Fishbein

Meet ARES - an agentic reverse engineer that decrypts sophisticated ransomware encrypted files

VB2026 presentation: Meet ARES - an agentic reverse engineer that decrypts sophisticated ransomware encrypted files, Raviv Rachmiel

Disrupting the threat actor mythos: data-based insights into targeting, tooling, and the limits of AI in cybercrime

VB2026 presentation: Disrupting the threat actor mythos: data-based insights into targeting, tooling, and the limits of AI in cybercrime, Selena Larson & Daniel Blackford

Deadline as bait: a comparative analysis of tax-themed smishing campaigns targeting Spain and Portugal

VB2026 presentation: Deadline as bait: a comparative analysis of tax-themed smishing campaigns targeting Spain and Portugal, Natasha Márquez & Ghyorka Kpee

When wipers leave backups: an analysis of ArgonWiper’s encryption workflow

VB2026 presentation: When wipers leave backups: an analysis of ArgonWiper’s encryption workflow, Hyuna Lee & Hyoje Jo

Notoriously reluctant: continuing conversations with FBI and private sector defenders about disrupting cybercriminals through collaboration

VB2026 presentation: Notoriously reluctant: continuing conversations with FBI and private sector defenders about disrupting cybercriminals through collaboration, Sara Eberle & DeLynn Bettencourt Hammell

From dead malware to living adversaries: AI-powered digital twins for adaptive APT modelling

VB2026 presentation: From dead malware to living adversaries: AI-powered digital twins for adaptive APT modelling, Alexander Adamov & Anders Carlsson

The silent threat in your enterprise: SAP security

VB2026 presentation: The silent threat in your enterprise: SAP security, Anita Cwynar

BEAST: binary emulation and analysis simulation technology for advanced malware analysis and anti-forensic countermeasures

VB2026 presentation: BEAST: binary emulation and analysis simulation technology for advanced malware analysis and anti-forensic countermeasures, Bramwell Brizendine, Alexander Wood, Jared Sheldon & William Lochte

Spec-driven malware: turning markdown into threats

VB2026 presentation: Spec-driven malware: turning markdown into threats, Sven Rath

The invisible candidate: tracking the evolution of 'Un-tracked' GRITCASPIAN

VB2026 presentation: The invisible candidate: tracking the evolution of 'Un-tracked' GRITCASPIAN, Asli Koksal

DPRK-aligned threat operations: tradecraft, tooling, and detection patterns

VB2026 presentation: DPRK-aligned threat operations: tradecraft, tooling, and detection patterns, Wonkyeom Kim

Workshop: Collaborative attack modelling across CTI, Red Team, and SOC (MITRE)

VB2026 workshop: Collaborative attack modelling across CTI, Red Team, and SOC (MITRE)

TIPS: The next chapter

VB2026 TIPS presentation: The next chapter, Jiri Sejtko

TIPS: Collaboration in action: turning shared threat intelligence into coordinated defence

VB2026 TIPS presentation: Collaboration in action: turning shared threat intelligence into coordinated defence, Tuna Dabak

TIPS: From signal to shield: rapid collaboration to defend critical infrastructure during crisis

VB2026 TIPS presentation: From signal to shield: rapid collaboration to defend critical infrastructure during crisis, Madeline Sedgwick

TIPS: Harmonizing AI agents and human analysts in CTI - are CTI agents friends or rivals to junior analysts?

VB2026 TIPS presentation: Harmonizing AI agents and human analysts in CTI - are CTI agents friends or rivals to junior analysts? Takahiro Kakumaru

TIPS: Stairway to resilience: cybersecurity in good times, bad times, and everything between

VB2026 TIPS presentation: Stairway to resilience: cybersecurity in good times, bad times, and everything between Selena Larson, Jeannette Jarvis, Kathi Whitbey, Jeanette Miller Osborne

TIPS: Defending (against) the human layer: IoB in the real world

VB2026 TIPS presentation: Defending (against) the human layer: IoB in the real world Righard Zwienenberg, Kathi Whitbey, Samir Mody & Mienke

TIPS: STIX in action: proposed industry collaboration on sharing DigSig metadata

VB2026 TIPS presentation: STIX in action: proposed industry collaboration on sharing DigSig metadata, Samir Mody

TIPS: Ghosts in the chat: tracking GhostPairing from trusted message to linked-device takeover 

VB2026 TIPS presentation: Ghosts in the chat: tracking GhostPairing from trusted message to linked-device takeover, Michal Salat

TIPS: The art of fighting back

VB2026 TIPS presentation: The art of fighting back, Gabor Szappanos

TIPS: Wartime intelligence collection and collaboration

VB2026 TIPS presentation: Wartime intelligence collection and collaboration, Sergey Shykevich

Closing keynote

VB2026 closing keynote, Saâd Kadhi

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.