BSides Sofia 2026 TechArena @ Technical University, Sofia Currently live: When Policy Fails: Turning Kubernetes OPA/Gatekeeper Violations into Detections BSides Sofia 2026 TechArena @ Technical University, Sofia Currently live: When Policy Fails: Turning Kubernetes OPA/Gatekeeper Violations into Detections BSides Sofia 2026 TechArena @ Technical University, Sofia Currently live: When Policy Fails: Turning Kubernetes OPA/Gatekeeper Violations into Detections BSides Sofia 2026 TechArena @ Technical University, Sofia Currently live: When Policy Fails: Turning Kubernetes OPA/Gatekeeper Violations into Detections

5th Anniversary Edition

The Cybersecurity
Community Conference

The largest community-driven cybersecurity conference in Bulgaria. Talks, workshops, and networking - all in one place.

21 – 22 March 2026
TechArena @ Technical University, Sofia

Five years of building
Bulgaria's infosec community.

Security BSides Sofia is an international cybersecurity conference organized by and for the information security community. Since 2022 we have brought together researchers, practitioners, and enthusiasts for talks, workshops, and hands-on learning - covering ethical hacking, incident response, IoT security, forensics, compliance, AI security, and everything in between. For our 5th anniversary we are moving to the Technical University of Sofia with 500+ attendees, two tracks of content, and a full day of cybersecurity. No corporate agenda - just community, knowledge sharing, and real experience with real tools.

Watch past talks

Our Supporters & Partners

ESET
SAP
Technical University
Clico
Yubico
Ardes BG
Secragon
Centio
Baseline
UX to Dev
bTV
Kaldata
Black Hills
Cyber Security Talks
DEV BG
Commerzbank

Event Agenda

09:00

Registration

09:30

When Policy Fails: Turning Kubernetes OPA/Gatekeeper Violations into Detections

Jorge Calleja

LinkedIn
This workshop walks through building, end to end, a Policy-as-Detection pipeline for Kubernetes.

Everything that is traditionally treated as compliance or policy enforcement (OPA / Gatekeeper) is transformed into actionable detection signals: alerts, dashboards, and tickets -- all managed using GitOps and Terraform, just like the rest of modern infrastructure.

Instead of policies silently blocking workloads or producing YAMLs nobody reviews, violations become measurable, observable, and operational security signals.
Hands-on
12:30

Break

13:00

MacOS Investigation Workshop

Evgen Blohm

LinkedIn
The goal of this workshop is to equip participants with the essential knowledge and practical skills needed to perform forensic analysis of macOS systems in the context of modern threats.

Although macOS devices still represent a smaller share of enterprise environments compared to Windows, they are increasingly targeted by threat actors. As a result, macOS security and forensic analysis remain less mature and underrepresented in many organizations' defensive strategies. Recent industry reports -- including findings from Red Canary showing a 400% increase in macOS-related threats between 2023 and 2024 -- highlight the urgent need for improved visibility and expertise in this area.

This workshop will guide participants through the fundamental steps of conducting macOS forensic investigations, including:

- Creating logical and triage images of macOS devices
- Identifying and interpreting key system artifacts
- Investigating artifacts for evidence of threat actor activity
- Utilizing common forensic tools to support analysis
- Understanding the evolving macOS threat landscape

By the end of this workshop, participants will be able to independently conduct forensic investigations on macOS systems and will receive additional resources to support continued learning and future casework.
Hands-on
15:30

Closing

All talks and workshops are selected by an independent programme committee of industry professionals with deep expertise in offensive security, incident response, threat intelligence, and applied research.

Petar Anastasov

Petar Anastasov

CyberSecurity at Its Finest @ SECRAGON | Coach of the National Cybersecurity Team

Viktor Mares

Viktor Mares

Senior Penetration Tester, SoCyber

Pavel Georgiev

Pavel Georgiev

Information Security Expert at United Bulgarian Bank | Founder of Cyber Security Talks Bulgaria

Konstantin Veselinov

Konstantin Veselinov

Founder and Manager at CENTIO #CYBERSECURITY

Nikolay Paskov

Nikolay Paskov

CTO @ BaseLine Cybersecurity

Watch Previous Talks

Sign in to watch talks

Create an account or sign in with your email to access recorded talks.

Video coming soon

Opening Keynote

EN
Video coming soon

Digital Predator Toolkit

Chris Kubecka

EN
Video coming soon

Slithering Through the Noise: Deep Dive into the VIPERTUNNEL Python Backdoor

Evgen Blohm

EN
Video coming soon

Unmasking Coordinated Threats: Analyzing Node.js Malware on GitHub

George Gerontakis

EN
Video coming soon

Bot vs. Bash: How Modern Threat Actors are Actually Using AI

Daniel Kapellmann Zafra

EN
Video coming soon

Bro, Do You Even Supply Chain?

Plamen Petkov

EN
Video coming soon

Satellite Hacking for Dummies

Emil Raychev

EN
Video coming soon

Next Generation Penetration Testing

Lachezar Uzunov

EN
Video coming soon

Hijacking AI Agents with Special Token Injection (STI)

Armend Gashi

EN
Video coming soon

Cybersecurity Team Meetup: National Team Qualification Orientation

Petar Anastasov

BG