Blue Team Con Announces Keynote, Talks and Training Sessions for 2026 Conference

Defense-oriented cybersecurity professionals to convene in Chicago Sept. 10-13

CHICAGO, IL (July 15, 2026) — Blue Team Con, the only annual in-person cybersecurity conference specifically for defenders, today announced that Ian Coldwater, cochair of the Security Special Interest Group for the Kubernetes project, will deliver the keynote address titled “We Keep Us Safe” at this year’s convention, taking place September 10–13, at the Swissôtel Chicago. In addition, organizers announced the full list of training sessions and talks scheduled for September during the conference. Find more information and register at blueteamcon.com.

Coldwater is an independent security consultant, a longtime community organizer and a globally recognized expert in container and Kubernetes security. They have presented their research on hacking and hardening cloud native infrastructure at conferences such as DEF CON, Black Hat, RSAC and KubeCon, and their work has helped shape the security practices of organizations around the world. They previously served as an ambassador for the Cloud Native Computing Foundation and on the governing board of the Open Source Security Foundation. Coldwater lives in Minneapolis and enjoys making bad jokes and good trouble.

“My talk is about taking lessons from neighborhood organizing and how blue teams can apply them to the work we do,” Coldwater said. “Blue Team Con’s welcoming, community-oriented vibe makes it one of my favorite conferences, and I’m really excited to bring this talk about what our communities can learn from each other there!”

“We are extremely excited to have Ian as our keynote speaker this year — their talk is particularly relevant as teams make do with fewer resources while battling increasingly sophisticated attackers,” said Tillery, Blue Team Con head of training and advisory board member. “The mission of Blue Team Con is to give every defender the tools they need to do their job and the community they need to back them up, and Ian’s experience in community building is a powerful message to our attendees and industry.”

Blue Team Con 2026 programming includes talks by expert speakers from Amazon, Nationwide, Liberty Mutual, REI, Semperis and the Cybersecurity and Infrastructure Security Agency (CISA) on such topics as filling the gaps in AI incident responses, detection engineering geared toward agentic attacks, defending the credential reset process, how to spot malicious code in Github repositories, and more.

In addition, topic-specific villages will provide flexible space for hands-on experiences and deep dives into areas of interest. Among the villages this year is a Wellness Village curated by Mental Health Hackers, a nonprofit whose mission is to educate tech professionals about the unique mental health risks faced by those in cybersecurity and provide guidance on reducing their effects and better managing potential causes. A Capture the Flag competition will offer newbies and veterans alike the ability to show off their skills and win the admiration of their peers in a unique and fun learning challenge.

Attendees have the opportunity to earn as many as 32 continuing professional education (CPE) credits over four days. This includes five exclusive two-day training sessions held Sept. 10–11, and 56 talks Sept. 12–13. The training sessions include:

  • Building Fort Knox: A Practical Bootcamp for Cyber-Physical Defense! Bulletproof your physical and wireless perimeters. Attendees receive hands-on training with access control handling and physical auditing, wireless defense and rogue infrastructure tracking and airspace defense and bug sweeping. Spend 25% of your time getting your hands dirty to understand the offensive threat, and the remaining 75% mastering wireless threat hunting, detecting rogue signals, auditing access control infrastructure and making the case to secure critical areas.
  • CQURE Masterclass: System Forensics, Incident Handling & Threat Hunting. This course offers a comprehensive, hands-on approach to mastering system forensics, incident handling, and threat hunting, equipping participants with the skills to detect, investigate, and respond to advanced cyber threats. Through case studies, practical labs, and real-world examples, participants gain expertise in identifying and mitigating modern attacks across various environments.
  • Defending Enterprises – 2026 Edition. This comprehensive training goes beyond threat hunting and into the world of detection engineering and the processes involved in converting logic into alerts. Participants will play a SOC analyst in a Microsoft Sentinel cloud-based lab and try to rapidly locate IOAs and IOCs from a live enterprise breach executed by the trainers in real time. Learn the top 10+ methods used in offensive engagements and show how these can be caught.
  • Exploring AI Visibility: Shedding Light on Shadow AI, Attack Surface, Telemetry and LLM Proxies. This hands-on training workshop equips security teams with the practical skills needed to detect, audit and secure AI usage within their environments. Attendees will learn how to identify shadow AI usage from existing network and endpoint logs (such as Zeek and Sysmon) without needing increased vendor visibility. Because AI tooling is ultimately just software, the course also explores how these tools can introduce vulnerabilities, such as unauthenticated servers allowing local execution.
  • Offense for Defense. Built specifically for blue team professionals, systems administrators, SOC analysts, threat hunters and incident responders, this training arms defenders with the tactics, tools and mindset of attackers, empowering teams to proactively identify weaknesses and design better protections, detections, and responses.

Tickets to Blue Team Con 2026 are $229, or $40 for students 18 and over; anyone under 18 may attend for free with adult supervision. Training sessions are ticketed separately and range from $675 to $2,000; conference attendance is not required. Special room rates at the Swissôtel Chicago are available for attendees

Share This Post!