Please Don’t Hack Me is a co-hosted Montash cybersecurity event bringing together short expert talks on AI security, identity risks, governance and real-world incidents for leaders in the CyberSecurity space across Europe.
The community gathered for a second year in Dresden, for an evening built around real examples, shared challenges and important insights for the planning the year ahead. The format remained simple: six talks, no slides, and plenty of space for people to speak honestly about what they are seeing in their work.
Here’s a recap of the key takeaways from each of this year’s speakers.
1. Henry Werner, Enginsight
Attackers have many entry points, not just one
Henry began the night in a way no one expected. He walked in dressed as a food courier, carrying a delivery bag filled with basic hacking tools. The point landed immediately. Organisations are often caught out by familiar scenarios, not exotic ones. The smallest assumption can be enough to create an opening for an attacker.
His light humour, including the well-received joke about a “Pizza Hawifi”, illustrated how attackers blend into everyday situations. The talk reminded everyone that there is no single attack vector. Defenders need flexibility and awareness across the entire environment.
Key takeaway:
Security depends on varied and adaptable controls, supported by realistic expectations of how attacks unfold.
“It’s not just one door they come through. It’s many. Your defences must be just as flexible.”
2. Dr. Andreas Lang, Staffbase
Incidents reveal how people interpret urgency and authority
Andreas presented several incidents from his experience, including a CEO fraud attempt that almost succeeded with a new employee. The example showed how easily social cues can override good training when a request feels important or time sensitive.
He noted that incidents are rarely caused by a single point of failure. Instead, they tend to arise when processes are unclear or when people do not feel confident enough to slow down and verify a request.
Key takeaway:
Security culture grows through simple, steady habits. Clear escalation paths help people act with confidence, even when something appears urgent.
“Even a well-trained team can slip up when something looks urgent and official.”
3. Iryna Schwindt, Co-author of the OWASP AI Exchange
AI systems introduce risks that traditional controls cannot fully manage
Iryna explored how AI systems behave in ways that existing security frameworks are not designed to handle. Drawing on her work with secure-by-design engineering and the OWASP AI Exchange Project, she explained how data pipelines, model behaviour and rapid iteration all contribute to new categories of risk.
She encouraged organisations to treat compliance as a starting point, as opposed to an end goal. AI security requires testing, transparency and a clear understanding of how models interact with the wider environment.
Key takeaway:
AI security is an active process. It requires continuous learning, careful design and close attention to how systems behave in practice.
“AI threats aren’t theoretical. They are shaping real-world risk now.”
.jpg?width=4944&height=3296&name=DSC07089-ARW_DxO_DeepPRIME%20(1).jpg)
4. Pranav Vattaparambil, Unosecur GmbH
Identity sits at the centre of modern breaches
Pranav opened with a story that highlighted how identity shapes an attacker’s path. This led into a practical look at human and non-human identities across cloud and SaaS systems. He covered excessive permissions, unmanaged accounts, session abuse and the advantages of just-in-time access.
His session highlighted a common challenge where many organisations have tools for identity management, but limited visibility into what actually exists. Privileges build up quietly and are rarely reviewed.
Key takeaway:
You can’t protect identities you can’t see. Visibility and regular review matter far more than additional tooling.
“You can’t protect what you can’t see, and most organisations don’t see their non-human identities.”
5. Dennis Winter, Börse Stuttgart Digital
Security culture grows when leadership understands operational risk
Dennis spoke about how security culture develops inside organisations. He highlighted the value of informal internal networks, where conversations about risk and resilience happen naturally long before something needs to be approved in a board meeting.
He shared an example illustrating the cost of a daily outage. When leadership understands the real financial impact of downtime, discussions around security budgets become clearer and more productive.
Key takeaway:
Security becomes a shared priority when leaders have a realistic view of operational risk and its financial consequences.
“If your board understands the cost of an outage, you won’t need to argue for budget.”
6. Martin Krueger, B. Braun SE
Making governance work across teams and cultures
Martin closed the evening with a look at governance in large, international organisations. He explained how global standards can collide with local processes and how quality and security teams sometimes approach the same requirement from different angles.
His examples emphasised how governance only succeeds when it’s workable for the teams who use it every day.
Key takeaway:
Policies must reflect real workflows and cultural context, otherwise, they remain documents rather than operational practice.
“Governance only works when it fits reality, not just regulation.”
Looking Ahead
This year’s session showed once again that cybersecurity doesn’t need to be stiff or serious to be valuable. Identity, AI and governance might sound heavy on paper, but with a mix of humour, real stories and proper conversation it became an event packed with insight to take into the year ahead.
Stay connected
For updates and future events:
Follow Please Don’t Hack Me on LinkedIn, here.
For enquiries and speaking opportunities:
Contact Charlotte Christensen, here.
We have already confirmed our next event in Munich for Spring 2026, keep an eye on our LinkedIn for more information, here.
If you're interested in learning more about what we cover in these events, check out the recap from last year’s Please Don’t Hack Me, here.
