Media & speaking.
Keynotes, conference sessions, podcast appearances, and writing — across attacker engineering, fraud intelligence, and FT3. Newest first.
Zero to Hero: Threat intelligence with Claude Code & Scout
A hands-on workshop where defenders will leverage Claude Code + the Pure Signal Scout MCP to conduct a real threat intelligence investigations, using live Team Cymry data in a TLP:RED environment.
AI Hackathon
A hands-on hackathon for threat hunters and cyber investigators focused on using threat intelligence to track and investigate real-world threat and fraud actors. Participants analyze OSINT to uncover malicious operations and connect intelligence into actionable findings.
FT3 Evolution: From Static Classification to Living Agentic Framework
This session will provide a builder’s view of how fraud intelligence must evolve as adversaries use AI to accelerate their tactics. The next evolution is making that language operational, adaptive, and usable inside real investigative and intelligence workflows.
A Charge to the Defender Community
Opening keynote on the power of the defender community and the responsibility of being in the room. The talk welcomed attendees on behalf of Stripe Security and centered on a simple idea: everyone present had the opportunity to change an outcome for the better.
FT3: The Industry's First Agentic ATT&CK-Style Matrix
FT3 brings an ATT&CK-style model to fraud defense. This session breaks down how it actually gets operationalized, from classifying fraud behavior to building workflows teams can act on at scale.
Outside-In: Rethinking External Threat Detection When AI Changes Everything
A Piper Sandler Cybersecurity CEO Summit session with Vincent Passaro and Team Cymru CEO Joe Sander on how AI is reshaping external threat detection, fraud intelligence, and internet-scale visibility.
Two Minds, One Reframe: A Shift That Won't Wait
Past the hype: security practitioners are becoming owners of outcomes, not just builders of tools. Explore how analyst judgment, agentic workflows, and product thinking can help small teams move problems that once felt too complex, too slow, or too expensive to solve.
The Butterfly Effect
Using the butterfly effect as a metaphor, this keynote explored how trust, permission, and presence can shift complex systems in unpredictable ways, and how community gives legitimacy a path to travel.
Arrival of FT3 (Fraud Tools Tactics and Techniques)
FT3 reaches one of the field’s most trusted global defender communities: Underground Economy. The talk presented Fraud Tools, Tactics, and Techniques as a shared framework for defending the financial ecosystem.
Evolution of FT3 (Fraud Tools Tactics and Techniques)
FT3 becomes a bridge across fraud, threat intelligence, and security operations. Session explores how shared language reduces translation loss and turns pattern recognition into operational leverage.
FT3 (Fraud Tools Tactics and Techniques)
FT3 evolves from concept into structure. The talk explored how fraud tactics, techniques, and workflows could be mapped with enough precision to support shared reasoning and defensive action.
Introducing FT3: Common Language for Fraud
FT3 began as an early field signal: fraud needed a common language. The talk introduced the case for a framework that could help defenders classify behavior, compare patterns, and move beyond isolated casework.
Security Hardening with Ansible
Linux Journal covered Aqueduct as open-source hardening infrastructure for RHEL6 systems, showing how its STIG scripts could be deployed with Ansible across a high-performance compute cluster.