2025-12-13 –, Track 3
I will take the audience inside the Pacific Rim campaign, a five year battle between Sophos and advanced Chinese nation state adversaries. As the Director leading the response, I oversaw operations against waves of intrusions aimed at exploiting our firewall technology and leveraging it as a springboard into global networks. A turning point came when poor OpSec allowed us to track and identify an individual operator, putting a human face to a campaign often seen as anonymous and distant. This talk explores both the technical and human aspects of confronting the China nexus, where overlapping groups share tools, evolve tactics, and sustain pressure over years. Attendees will gain practical insight into attribution, the challenges of disclosure, and the realities of defending against persistent state sponsored operations.
The Pacific Rim campaign was one of the most sustained and complex cyber operations Sophos faced, with multiple Chinese nation state groups working to compromise our technology and use it to gain access to targets worldwide. This talk will share the inside story of managing such a high pressure campaign, with a focus on the China nexus and how different adversary groups intersect and operate. I will discuss the attackers’ tactics, the countermeasures we developed to disrupt them, and the extraordinary experience of uncovering and identifying an individual operator behind the activity. By connecting technical tradecraft to human behavior, I will show how attribution can both sharpen our understanding of threats and complicate how we respond.
Attendees will leave with a deeper understanding of how the China nexus operates, what it takes to manage attribution in practice, and the human side of confronting advanced adversaries.
I am the Chief Security Officer at Ontinue, where I lead global security strategy and operations. Previously, as Director of the Sophos Pacific Rim campaign, I oversaw one of the longest and most complex defensive operations against Chinese nation-state adversaries, guiding the response to years of sustained espionage and intrusion attempts. With deep experience across threat intelligence, incident response, and strategic defense, I specialize in bridging technical tradecraft with the leadership decisions required in high-pressure environments. I have worked closely with governments, industry partners, and international law enforcement, and bring a unique perspective on how persistent adversaries operate and how they can be disrupted. My mission is to share real-world lessons from the field to strengthen the wider security community, making the realities of nation-state conflict both accessible and actionable for defenders.