Aaron DeVera

On Private Sector Offensive Operations

The private sector’s role in offensive cyber operations is rapidly evolving yet remains largely unexplored in public discourse. Unlike traditional government-led initiatives, these activities often lack formal oversight or established best practices. This raises critical questions: How can organizations ensure responsible conduct in the absence of regulatory frameworks? What mechanisms might emerge to address accountability and minimize unintended consequences?

This talk examines real-world examples of private companies conducting offensive cyber activities, including disruption campaigns against malicious infrastructure and operations targeting cybercriminal entities. We will discuss potential frameworks for responsible offensive operations, and what the roadmap might look like for an organization joining an ever-growing threat environment.

Aaron DeVera is a security researcher based in New York. They conduct investigations into the threats and technologies that take advantage of everyday people. Aaron is specialized in building technical collection programs and managing teams of data scientists and hackers. Their favorite type of work is developing behavior-based detection mechanisms by collecting on, analyzing, and understanding adversaries. Aaron is a member of New York City’s Cyber Sexual Abuse Taskforce, serving as a technical subject matter expert in online harassment and abuse. Aaron’s previous roles feature contributions in threat intelligence, cybersecurity data science, and advising Fortune 500 companies in active defense measures. They are a founding organizer of the Jump The Wall anti-censorship competition, DistrictCon, The Net Gala, and Cabal. Previous speaking engagements include Hushcon, Skytalks, BotConf, and South by Southwest.