Resource Center

Security leaders from Reddit, Meta, and SeatGeek share battle-tested approaches for scaling application security in fast-moving environments. Learn how these organizations are shifting from vulnerability hunting to building secure-by-default ecosystems that empower rather than hinder development teams.

Veteran security leader Nate Lee reveals how effective cybersecurity depends as much on relationship-building as technical expertise. Learn practical strategies for gaining organizational trust, communicating effectively, and driving security initiatives through persuasion rather than mandate.

Security researcher and YouTube educator John Hammond shares insights on effective red teaming that balances technical depth with business impact. Learn how threat intelligence, fundamentals-focused security, and emerging technologies shape today's offensive security landscape.

Marketing executive Charrah Hardamon shares insights on tackling the security challenges of modern SaaS ecosystems. Learn practical approaches to managing vendor relationships, implementing appropriate controls, and addressing AI integration without compromising data security.

Veteran security leader Dave Lewis shares his philosophy on transforming struggling teams into high-performers through trust, communication, and empathy. Learn practical approaches to leadership that enable both individual growth and organizational security.

Security pioneer Robert "RSnake" Hansen shares insights from his book "AI's Best Friend," revealing why artificial intelligence without moral frameworks poses unprecedented dangers that regulation alone cannot address.

The presentation delves into securing AI & LLMs, covering threat modeling, API testing, red teaming, emphasizing robustness & reliability, sparking conversation on our interactions with GenAi.

Justin Rhinehart distills for us and the broader public how this type of “marquee” research comes to market in an ethical and responsible way. Watch Now!

Join us for our 2nd Annual Bishop Fox RSAC Livestream event - an electrifying convergence where innovation meets expertise in the realm of cybersecurity.

Join Christie Terrill and Tom Eston as they share practical advice on the proactive security measures you can take today and provide a space to ask our security experts your most pressing questions.

Hear from Anirban Banerjee, CEO and Co-founder of Riscosity, and Matt Twells, Sr. Solution Architect at Bishop Fox, as they explore critical considerations for developing a security program that prioritizes third-party risk reduction.

Tune into our special livestream event where we highlight the remarkable achievements of women in the field of cybersecurity, celebrating their contributions during Women's History Month.

Get to know our Lady Foxes in our "21 Questions with Bishop Fox" video series. In this episode, hear from Sarah Muriel, Attack Surface Analyst

Get to know our Lady Foxes in our "21 Questions with Bishop Fox" video series. In this episode, hear from Lindsay Von, Security Consultant II.

Security Consultant Derek Rush shares how organizations can transform mandatory PCI penetration tests from compliance exercises into meaningful security assessments by following industry guidance and adopting attacker-focused methodologies.

Caleb Gross, Director of Capability Development, gives his insight on the dynamics of exploit creation and execution and what organizations can do to not only mitigate risk from this event, but also stay focused on minimizing exposure across the business.

Watch our exclusive livestream with Ben Lincoln, Managing Principal at Bishop Fox, to learn about GWT web application vulnerabilities, exploitation strategies, and security enhancement recommendations.

Senior security expert Jon Guild demonstrates how to use the Sliver C2 framework to develop advanced offensive security skills. Arm yourself with the knowledge and skills of enumeration, lateral movement, and escalation techniques from first-hand experience in a vulnerable lab environment.

Bishop Fox's Red Team Director, Trevin Edgeworth, spotlights two notable vulnerabilities - left unpatched for years on end and discusses how unpatched vulnerabilities can wreak havoc on businesses. One, an unpatched six-year-old flaw in Microsoft Office, the other in Google Web Toolkit (GWT), unaddressed for eight years.

In light of the recent security breaches involving Bitcoin and SEC’s X account, our Red Team Practice Director, Trevin Edgeworth, analyzes the role of fluctuating security programs in these incidents. He discusses how attackers exploit confusion, communication gaps, and vague policies, and identifies weak points in shared security responsibility.

Join our webcast as we navigate the complex terrain of social engineering, offering insights into its various stages from planning to execution, common phishing techniques, and the necessity of ongoing vigilance and proactive strategies to combat this pervasive issue.

Watch the CloudFoxable demo to see a gamified cloud hacking sandbox where users can find latent attack paths in an intentionally vulnerable AWS environment.