There’s something really special about running your own event. Not only do you have the opportunity to bring people together with a shared common goal, but it gives you the opportunity to shape an event that becomes part of your brand, and a movement, not necessarily just an event. I’m talking about THREATCON1 2025.
I’m not big on quoting people to make a point, but in the words of Ralph Waldo Emerson, “ Do not go where the path may lead, go instead where there is no path and leave a trail.” This is particularly applicable as VulnCheck’s growth strategy is rooted in the concept of “playing bigger.”
What is remarkable to me as the Marketing lead at VulnCheck is we don’t have hundreds of people at the company, and we’re a Marketing team of four people. We pulled off what I like to think of as something nearly impossible to execute as a small team.
However, there’s something about a huge challenge – one that suggests, “this is too much to take on” that we didn’t balk at, approached it intelligently without striving for perfection and the entire VulnCheck organization pitched in to support THREATCON1.
VulnCheck’s THREATCON1 was a massive success for many reasons. This is an attempt to highlight the key elements that helped us build an event that is now our flagship experience that will only grow after its first year.
I personally had the privilege of moderating an important discussion between Jen Easterly, former Director of CISA, and Andrew Boyd, former Head of the Center for Cyber Intelligence at the CIA. We selected both speakers based on their deep cyber backgrounds in defensive and offensive cyber respectively.
All I can say is this was one of the more enlightening and eye-opening sessions I’ve ever witnessed, not to mention participate in. And what made it special was getting to know Jen and Andy – knowing they are just both super cool humans with knowledge and experience that is as impressive as it is inspiring.
We had nearly 400 registrants and hundreds of attendees at THREATCON1, which is an amazing response for a first-year event. Titles ranged from CISOs to threat intelligence analysts to vulnerability management practitioners to security researchers and go-to-market teams. The cross-section of leaders and newcomers across different domains in cyber meant that there was relevant content and purpose for attending.
THREATCON1 also featured 17 VulnCheck customers who attended the conference across its diverse installed base: Enterprise, Federal, Cybersecurity companies and cyber insurers. It sure makes life easier when customers are supporting an initiative like this. I would have been happy with five coming, but 17 was next-level!
Overall we had 34 presenters at the conference also, running two separate tracks: our Tech Track and our Showcase Track. We covered topics all relating to identifying, understanding and countering emerging threats. If you missed THREATCON1, we will have our resource center live very soon to view all our amazing content.
We also had seven sponsors of THREATCON1: Carahsoft, RunSafe Security, NetRise, HeroDevs, FleetDM, Blackwire Labs and Cogent Security. All participated at the highest level in terms of presentations and networking. THREATCON1 doesn’t happen without sponsor support. Taking a flyer on sponsoring a first-year event isn’t the easiest decision in any business, and VulnCheck is appreciative of their support across the board.
I’ll first say that as we hosted this event at the Carahsoft global headquarters, THREATECON1 doesn’t happen without Carahsoft. First, they’re an incredible business partner to VulnCheck with deep expertise in navigating the Federal market and who have helped us push VulnCheck intelligence into Federal sites and systems. It’s not lost on me that it can be challenging for well-established teams to entertain the notion of an early-stage startup bringing the next big thing in cyber to teams who rely on them as trusted technology advisors.
However, it’s not limited to just that – the Carahsoft Marketing team, their facilities team and their A/V specialists helped us create an experience with THREATCON1 that hopefully will remain top-of-mind for years to come as we grow it and start planning for our 2026 conference.
Also, Marketbridge, VulnCheck’s PR firm of record, was immensely helpful in putting this event on the map, working with reporters ahead of the event and onsite too, to ensure the media had the level of access to the content and presenters necessary.
My good friend Patrick Garrity and I kicked off our THREATCON1 podcast the week prior to the event to help show the world what they could expect from our conference. THREATCON1 is available on Apple, Spotify, Amazon, iHeartRadio and YouTube. We kicked off with episodes one and two featuring Jen Easterly and Andy Boyd respectively.
But this isn’t just limited to conference-related content – – this will be a large part of VulnCheck bringing on interesting, important and unique voices from the cyber industry all focused on the emerging cyber threat landscape. Look for our next set of episodes that’ll drop in the coming weeks.
As part of the experience, we put together our first THREATCON1 golf tournament at Reston National Golf Club the day prior to our conference. Needless to say it was a blast. From first-timers to experienced golfers, we filled the course with people to activate networking and partnering opportunities. My foursome finished third in prize money netting a whopping $40.08. We’re all $10.02 richer today as a result!
And we ran a Capture the Flag challenge that yielded far more participants than we could have expected, hosted by our Initial Access research and product team. It was a mix of trivia, PCAP analysis, reverse engineering, and exploitation tasks that were rewarded for their efforts. In fact it was so successful that we’re planning some new exercises to roll out more broadly – stay tuned for more cool stuff from us!
We hope to continuously engage our audience by making all the aspects of THREATCON1 unique, interesting and fun. If you missed it, we sincerely hope you’ll get involved for our 2026 event.
What I learned along the way with THREATCON1 is if you can dream it and apply stringent execution to make it happen, anything is possible. Even just taking the time out of your average day in the industry to connect with friends, colleagues and leaders was so worth the time. Like even just making new friends in the industry and welcoming new VulnCheckers to the THREATCON1 experience was one of the most rewarding things I’ve done in my career.
We’ll have a Call for Papers going live in January, and again thank you to EVERYONE for making THREATCON1 a success!
