Please Don’t Hack Me is a co-hosted Montash cybersecurity event bringing together short expert talks on AI security, identity risks, governance and real-world incidents for leaders in the CyberSecurity space across Europe.
The community gathered for a second year in Dresden, for an evening built around real examples, shared challenges and important insights for the planning the year ahead. The format remained simple: six talks, no slides, and plenty of space for people to speak honestly about what they are seeing in their work.
Here’s a recap of the key takeaways from each of this year’s speakers.
Henry began the night in a way no one expected. He walked in dressed as a food courier, carrying a delivery bag filled with basic hacking tools. The point landed immediately. Organisations are often caught out by familiar scenarios, not exotic ones. The smallest assumption can be enough to create an opening for an attacker.
His light humour, including the well-received joke about a “Pizza Hawifi”, illustrated how attackers blend into everyday situations. The talk reminded everyone that there is no single attack vector. Defenders need flexibility and awareness across the entire environment.
Key takeaway:
“It’s not just one door they come through. It’s many. Your defences must be just as flexible.”
Andreas presented several incidents from his experience, including a CEO fraud attempt that almost succeeded with a new employee. The example showed how easily social cues can override good training when a request feels important or time sensitive.
He noted that incidents are rarely caused by a single point of failure. Instead, they tend to arise when processes are unclear or when people do not feel confident enough to slow down and verify a request.
Key takeaway:
“Even a well-trained team can slip up when something looks urgent and official.”
3. Iryna Schwindt, Co-author of the OWASP AI Exchange
Iryna explored how AI systems behave in ways that existing security frameworks are not designed to handle. Drawing on her work with secure-by-design engineering and the OWASP AI Exchange Project, she explained how data pipelines, model behaviour and rapid iteration all contribute to new categories of risk.
She encouraged organisations to treat compliance as a starting point, as opposed to an end goal. AI security requires testing, transparency and a clear understanding of how models interact with the wider environment.
Key takeaway:
“AI threats aren’t theoretical. They are shaping real-world risk now.”
Pranav opened with a story that highlighted how identity shapes an attacker’s path. This led into a practical look at human and non-human identities across cloud and SaaS systems. He covered excessive permissions, unmanaged accounts, session abuse and the advantages of just-in-time access.
His session highlighted a common challenge where many organisations have tools for identity management, but limited visibility into what actually exists. Privileges build up quietly and are rarely reviewed.
Key takeaway:
“You can’t protect what you can’t see, and most organisations don’t see their non-human identities.”
Dennis spoke about how security culture develops inside organisations. He highlighted the value of informal internal networks, where conversations about risk and resilience happen naturally long before something needs to be approved in a board meeting.
He shared an example illustrating the cost of a daily outage. When leadership understands the real financial impact of downtime, discussions around security budgets become clearer and more productive.
Key takeaway:
“If your board understands the cost of an outage, you won’t need to argue for budget.”
Martin closed the evening with a look at governance in large, international organisations. He explained how global standards can collide with local processes and how quality and security teams sometimes approach the same requirement from different angles.
His examples emphasised how governance only succeeds when it’s workable for the teams who use it every day.
Key takeaway:
“Governance only works when it fits reality, not just regulation.”
This year’s session showed once again that cybersecurity doesn’t need to be stiff or serious to be valuable. Identity, AI and governance might sound heavy on paper, but with a mix of humour, real stories and proper conversation it became an event packed with insight to take into the year ahead.
For updates and future events:
Follow Please Don’t Hack Me on LinkedIn, here.
For enquiries and speaking opportunities:
Contact Charlotte Christensen, here.
We have already confirmed our next event in Munich for Spring 2026, keep an eye on our LinkedIn for more information, here.
If you're interested in learning more about what we cover in these events, check out the recap from last year’s Please Don’t Hack Me, here.