06-08, May 2026
Málaga, Spain

PIVOTconThreat Research conference

Our goal is to create a forum to discuss the latest threats and to build connections between threat researchers.

Sponsors

Location

Malaga, Spain
PIVOTcon is an invite-only event that will be held in Malaga, Spain, on May 6-8, 2026 and focus on threat research and technical analysis tradecraft.
Get directions

Speakers

Nicole Fishbein

Nicole Fishbein

Security Researcher and Malware Analyst at Intezer
Read More
Greg Lesnewich

Greg Lesnewich

Senior Threat Researcher at Proofpoint
Read More
Nick Attfield

Nick Attfield

Senior Threat Researcher at Proofpoint
Read More
Colin Cowie

Colin Cowie

Threat Intelligence Lead at Sophos
Read More
Julian-Ferdinand Vögele

Julian-Ferdinand Vögele

Principal Threat Researcher at Recorded Future's Insikt Group
Read More
Bea Venzon

Bea Venzon

Senior Security Researcher at CrowdStrike
Read More
Sébastien Féry

Sébastien Féry

Head of Research and Development at FoxIO
Read More
Leon Chang

Leon Chang

Senior Threat Researcher at TrendAI
Read More
Michael August Raggi

Michael August Raggi

Principal Threat Response Specialist at Crowdstrike
Read More
Michael Horka

Michael Horka

Principal Information Security Engineer at Black Lotus Labs Lumen
Read More
Silvia Yeh

Silvia Yeh

Cyber Threat Intelligence Analyst at TeamT5
Read More
Roberto Martinez

Roberto Martinez

Senior Analyst at Mandiant (part of Google Cloud)
Read More
View all speakers

Agenda

May 6, 2026

Day 0
13:45
Registration Desk Opens at Workshops area
14:15
Workshop 1
14:15
Workshop 2
14:15
Workshop 3
18:30
Registration before Welcome reception
19:00
Welcome Reception

May 7, 2026

Day 1
09:00
PIVOTcon Opening
09:15
Fresh Tracks: Hunting the New Class of Russian Espionage Clusters
Greg LesnewichGreg Lesnewich PROOFPOINT
09:50
Paper Cuts: How an XLL Led Us to an Espionage Campaign Targeting Russia
Nicole Fishbein INTEZER
10:20
COFFEE BREAK
10:50
Sandworm's Trojan Odyssey
Redacted
11:25
Redacted
Redacted
12:00
Redacted
Redacted
12:30
LUNCH BREAK
13:45
EDR Evasion Counterintelligence: Tracking Adversary Testing
Colin Cowie SOPHOS
14:20
Mysterious ORBs and Where to Find Them
Redacted
14:55
Inside China Covert Infrastructure: Tracking Nation-State Obfuscation Networks on a Global Scale
Michael Horka LUMEN (Black Lotus Labs)
15:30
COFFEE BREAK
15:55
A "Fishy" Conference in Autumn
Julian-Ferdinand Vogele RECORDED FUTURE (Insikt Group)
16:30
Redacted
NCSC-NL CTI CREW

May 8, 2026

Day 2
09:35
Redacted
Redacted
10:10
Pivoting to Find "Invisible" Nation State C2s
John AlthouseSebastien Fery FOXIO
10:40
COFFEE BREAK
10:10
From Research to the Courtroom: Inside Google's Disruption of the Lighthouse and Darcula PhaaS Empires
Roberto Martinez GOOGLE CLOUD (Mandiant)
11:10
APAC Escrow Services: Building Trust in Untrusted Spaces
Bea VenzonMao Sui CROWDSTRIKE
12:15
LUNCH BREAK
13:30
The Infinite Game: The World Burns - How Do We Survive?
Leon Chang TRENDAI
14:15
Know Thy Network, Because They Already Do: A Case Study of SLIME27's Campaign against Telecoms
Silvia YehRax Chuang TEAM T5
14:40
The Rise of China's Cloud Access Brokers: Cyber Espionage From GENESIS PANDA to WARP PANDA
Michael RaggiMichael August Raggi CROWDSTRIKE
15:10
COFFEE BREAK
15:40
Redacted
Redacted
16:15
Paint Me Like One of Your Elephants: Do Sidewinder and Bitter Have a New Sibling?
Nick AttfieldKonstantin Klinger PROOFPOINT
16:50
Special talk

Committee

Kris McConkey

Kris McConkey

Global Lead for Threat Intelligence at PwC
Read More
Jennifer Kolde

Jennifer Kolde

Principal Intelligence Analyst at The Vertex Project
Read More
Chris St. Myers

Chris St. Myers

Deputy Threat Research Manager at SentinelLabs
Read More
Christopher Glyer

Christopher Glyer

Principal Security Researcher at Microsoft Threat Intelligence Center
Read More
Vicente Diaz

Vicente Diaz

Threat Intelligence Strategist at VirusTotal
Read More
Timo Steffens

Timo Steffens

Threat Intelligence Analyst at German BSI
Read More
Jasmin Stadler

Jasmin Stadler

Technical Analyst at GovCERT, Swiss NCSC
Read More
Max Smeets

Max Smeets

Co-Director Virtual Routes
Read More

Kris leads PwC’s Global Cyber Threat Intelligence practice, which tracks a wide variety of targeted threat actors operating from more than 27 countries. This research underpins PwC’s security services and is used by public and private sector organisations around the world to protect networks, defend nations, provide situational awareness and inform strategy.

Kris also leads the EMEA Cyber Threat Operations practice – a front line technical services group responsible for a portfolio of defensive and offensive cyber security services to help clients detect and respond to cyber security threats and incidents.

He has spent the past 20 years at PwC delivering cyber incident response, threat hunting and threat research services to global clients across multiple sectors.

Jennifer Kolde has been an innovator in threat intelligence and analysis for over two decades. As a computer scientist with the federal government, she was a leading force in the early tracking of nation-state threats. Jennifer was part of the original Mandiant Threat Intelligence team and later led the team as its technical director. She supported cutting-edge DARPA research, testified before Congress on emerging cyber threats, and acted as an expert witness on threat intelligence and attribution. She is currently a Principal Intelligence Analyst for The Vertex Project.

Chris is the Deputy Threat Research Manager at SentinelLabs where he leads a dedicated team specializing in the research and analysis of a spectrum of threats. His primary focus is on equipping customers with comprehensive analysis and insights, aiding them in effectively safeguarding their organizations.

Chris’ career spans more two decades, marked by a number of significant roles. Before his current tenure at SentinelOne, he served as Head of Threat Research at Stairwell and as a Sr. Staff Threat Researcher, Research Team Lead at Chronicle (Google Cloud), Manager of Espionage Intelligence at iDefense, and Lead Researcher at Rackspace. He is also an organizer of the annual LABScon conference.

Christopher Glyer is a Technical Director with Microsoft Threat Intelligence, where he oversees the strategic direction and execution of threat intelligence initiatives. In this role, he leads the technical strategy for a team of experts dedicated to identifying, analyzing, and mitigating advanced cyber threats. Christopher’s work involves collaborating with various stakeholders to enhance Microsoft’s security posture and protect customers from emerging threats.

Vicente is a specialist in Threat Intelligence and Threat Hunting. He works in the VirusTotal team in Google as Threat Intelligence Strategist. He holds a degree in Computer Science and an MsC in Artificial Intelligence. He was e-crime manager in S21sec for 5 years and deputy director for EU in Kaspersky’s Global Research and Analysis team for almost 10 years, where he was co-creator and responsible for the APT Intelligence Reporting service.

Timo was involved in the analysis of many of the most spectacular cyber-espionage cases in Germany. He has been tracking the activities and techniques of sophisticated hacker groups for almost a decade. He is the author of ‘Attribution of Advanced Persistent Threats’.

Jasmin Stadler is a GovCERT Analyst at the Swiss National Cyber Security Centre (NCSC_CH). Previously, she worked in law enforcement digital forensics, after serving as cyber defence project manager in the general secretariat of the Swiss Department of Defence. She started her career in Blackrock’s Financial Markets Advisory, after specialising in Chinese cybersecurity policy for her master’s degree in comparative government at the University of Oxford.

She is an ECCRI European Cybersecurity Fellow, an inaugural Schwarzman Scholar, and speaks fluent Mandarin Chinese and intermediate Korean.Jasmin Stadler is a GovCERT Analyst at the Swiss National Cyber Security Centre (NCSC_CH). Previously, she worked in law enforcement digital forensics, after serving as cyber defence project manager in the general secretariat of the Swiss Department of Defence. She started her career in Blackrock’s Financial Markets Advisory, after specialising in Chinese cybersecurity policy for her master’s degree in comparative government at the University of Oxford.

She is an ECCRI European Cybersecurity Fellow, an inaugural Schwarzman Scholar, and speaks fluent Mandarin Chinese and intermediate Korean.

Max Smeets is the Co-Director of Virtual Routes and Senior Researcher at ETH Zürich. He is the author of No Shortcuts: Why States Struggle to Develop a Military Cyber-Force and Ransom War: How Cybercrime became a Threat to National Security.

View all committee
About us
PIVOTcon is a non-profit event created by veteran threat intelligence practitioners Pasquale Stirparo and Bartosz Jerzman. With no corporate backing, all revenue goes directly into running the conference.
It’s built by threat analysts for threat analysts — a trusted space to share deeper insights, discuss emerging threats beyond public reports, and strengthen connections across the community.

FAQs

What is PIVOTcon?
When/Where is PIVOTcon?
How to get an invite to attend PIVOTcon?
Why do I need an invite instead of simply buying a ticket?
How to apply to present at PIVOTcon?
How long are the talks?
Are speakers costs covered?
Are second speaker costs covered?
What topics are in scope of PIVOTcon?
Can I sponsor PIVOTcon?
Will the talks be streamed or recorded?
How many tracks for speakers will be organised during PIVOTcon?