Boston Security July 2026 Meetup
Details
Important Notices
Starting in May 2026 we will start using Meetup's QR code check-in process to make sure only registered users are allowed at our events. We will also start tracking registered user no-shows, and after 3 incidents you will be removed from the group. Being on the wait-list is not an eligibility to attend the event, it only gives you the ability to move to registered list if someone cancels their registration more than 48hrs prior to the event.
Repeat cancellations with less than 48 hrs of notice may count towards your no-show count if it happens repeatedly.
During registration please provide a full name that matches the one on your ID. If the registered name doesn't match your ID, meetup organizers or the building security reserve the right to decline entry.
All meetup venues we currently use require us to provide a list of names (First & Last) to their door security so they can check people in at the time of the event. We are also required to bring "a picture ID" that matches the name we provide at the time of registration. Please be mindful of this requirement and provide the necessary information to ensure a smooth check in process at the door. Thank you for your cooperation - the management! There will be no entry without a confirmed RSVP. No pets or tele-presence bots allowed.
What: Two talks as usual plus a bonus talk this month!
>>> Bring your favorite stickers and tell us where you got it. Bring extras and swap it with fellow security enthusiasts at the sticker swap table! <<<
Talk 1 - From Spreadsheets to Continuous Risk Reduction: Understanding CTEM in Practice by Ori Zigindere
Description - As organizations face increasingly complex attack surfaces, traditional vulnerability management alone is no longer sufficient to prioritize and reduce cyber risk. Continuous Threat Exposure Management (CTEM), introduced by Gartner, provides a strategic framework for continuously identifying, validating, prioritizing, and remediating exposures that are most likely to impact the business.
This presentation will provide an overview of CTEM, including its core phases; scoping, discovery, prioritization, validation, mobilization and explain how CTEM differs from conventional vulnerability management programs. Attendees will learn how organizations are using CTEM today to gain a more comprehensive understanding of their attack surface by combining asset discovery, vulnerability intelligence, attack path analysis, security validation, and risk-based prioritization.
Speaker Bio - Ori Zigindere is an offensive security professional with a background in software engineering. He currently works as a Staff Technical Product Manager overseeing platform design and innovation with Bishop Fox's Cosmos Attack Surface Management platform. He's been an active organizer for Boston Security Meetup since 2018 and also the founder of MinuteCon hacking conference.
Talk 2 - Enter the Hidden World - Securing embedded devices with TrustZone and Trusted Firmware by Jayashree Srinivasan
Description - As systems become more complex and intelligent, the software components they contain increases dramatically. These are developed by many collaborating teams, often including multiple open-source elements. If a compromise occurs in any of these stacks the entire system can be at risk. This fact necessitates the need for isolation boundaries. Armv8-M architecture facilitates such an environment with TrustZone technology that divides the system-on-chip into Secure and Non-Secure worlds. Trusted Firmware-M is an open-source runtime firmware that utilizes TZ hardware’s isolation boundaries. This talk elaborates the advantages of using such a trusted execution environment to improve the security of embedded devices.
Speaker Bio - Embedded Security Enthusiast working at Analog Devices. I work with open-source SW like Trusted Firmware -M, MCUboot, and Zephyr.
Talk 3 - Post Quantum Cryptography- are we ready for the future by Robervan Silveira Santos
Description - We are entering a new era of the quantum computing, it will bring many benefits and breakthroughs in many areas, but it will also bring new challenges to the security space that must be addressed. Cryptography must also evolve and become Post Quantum Cryptography (PQC) compliant. Current cryptography has served us well so far. It is being used everywhere, for website security, private communication, and encrypting sensitive information. The current cryptographic methods, however, will soon become obsolete with the arrival of quantum computers. We will discuss how PQC is it different from our current cryptography, and what can be done right now to be prepared
Speaker Bio - Senior Cybersecurity engineer with 13 years of experience specializing in Zero Trust, SASE, and Post-Quantum Cryptography to secure critical infrastructure.
When: July 16 2026, Doors open 6 30 PM
Where: Microsoft NERD Center
1 Memorial Dr, Cambridge, MA




