Speaking Engagements

I'm passionate about sharing knowledge and insights with the global tech community. From BlackHat USA to AWS re:Invent, I deliver practical security insights that help organizations build more secure systems.

Book Me to Speak View Topics

Upcoming Talks

Catching one of these events? See Where's Andrew to book a meeting on site.

BewAIre: Detecting Malicious Pull Requests at Scale with LLMs

Breakout

BlackHat USA 2026 • Las Vegas, NV • August 2026

As AI coding assistants accelerate software development, the volume of pull requests at Datadog has grown to nearly 10,000 per week, increasing the risk that malicious changes slip through due to review fatigue. To address this, Datadog built BewAIre, an LLM-powered code review system designed to identify malicious source code changes introduced by threat actors. By reducing approval fatigue for developers while increasing friction for attackers, BewAIre guides human reviewers to the areas where judgment matters most, without slowing developer velocity. In this breakout session, Andrew Krug (Head of Security Advocacy) will share why BewAIre was built, how it evolved from a hackathon experiment into a production-grade internal system, and the key architectural decisions and trade-offs involved along the way. He will discuss what worked, what didn't, and the limitations the team encountered when applying LLMs to security-critical workflows. He will also cover how BewAIre is now being integrated into Datadog Code Security, and what it takes to turn an internal engineering tool into a product capability used at scale. Attendees will leave with practical lessons on building, hardening, and productizing LLM-powered systems and how you can use LLMs to minimize the security risks introduced by the new LLM-code-generation paradigm. Day and time TBD.

AI Security LLMs Supply Chain Security DevSecOps

Emulate Cloud-Native Attacks with Stratus Red Team

Arsenal

BlackHat USA 2026 • Las Vegas, NV • August 5, 2026

What attacks are used by threat actors in cloud environments? How do you reproduce them easily to ensure that your threat detection mechanisms are working as expected? Stratus Red Team provides a solution to these two questions. With support for AWS, Azure, Google Cloud, Entra ID, and Kubernetes, it allows threat detection and cloud security engineering teams to reproduce common cloud attacks in a self-contained manner, along with actionable detection insights. Wednesday, August 5, 1:40pm–2:40pm at Arsenal Station 1, Business Hall.

Cloud Security Threat Detection Adversary Emulation Open Source

Eliminating Blindspots in your security monitoring strategy

Breakout

AWS re:Inforce 2025 • Philadelphia, PA • June 17, 2025

Cloud security is being shaped by the rapid adoption of technologies like Generative AI, Kubernetes, and SaaS platforms, making comprehensive security monitoring more critical than ever. This session will explore strategies to eliminate blind spots in your security monitoring strategy. We will focus on precise instrumentation and data collection, and demonstrate an end-to-end detection strategy that includes cloud audit logs, runtime security, and data enrichment. The session will also emphasize leveraging runtime context to enhance threat detection and response. Participants will learn how to build a robust security monitoring framework that can adapt to evolving cloud technologies and ensure thorough coverage. This presentation is brought to you by Datadog, an AWS Partner.

Cloud Cloud Security SIEM Practitioner

Recent Talks

Datadog Detect Virtual

Virtual

Datadog Detect • Virtual • May 20, 2026

The latest edition of Datadog Detect, a virtual mini-conference focused on modernizing detection and response through engineering principles. Technical sessions and live Q&A covering practical tactics for building a more resilient and scalable detection program.

Securing the Cloud in the Age of AI

Virtual

Anticast • Virtual • March 19, 2026

An Antisyphon Anti-cast on what AI adoption means for cloud security: how AI-assisted development and agentic workflows change the attack surface, and what practitioners should do to keep guardrails in place as velocity increases.

Detection Engineering at Scale: Building High-Fidelity Security Operations (SEC327)

Conference

Amazon re:Invent • Las Vegas, NV • December 2025

How do you build security operations that scale without drowning analysts in noise? This AWS re:Invent 2025 session covers detection engineering practices for building high-fidelity security operations — treating detections as code, tuning for signal over volume, and measuring what matters in a modern SOC.

Cloud Security Adoption Curves

Virtual

Anticast • Virtual • January 22, 2025

An Antisyphon Anti-cast on cloud security adoption curves: how organizations mature their cloud security practices over time, where teams commonly stall, and how to prioritize the controls that move the needle at each stage.

Datadog Detect

Conference

Datadog Detect • Virtual • May 2024

Datadog Detect is a virtual mini-conference focused on modernizing detection and response through engineering principles. This event includes multiple technical sessions and a live Q&A with our expert speakers from Datadog, Snowflake, FireMon, and more. Whether you’re a security leader or hands-on engineer, you’ll leave with concrete tactics to build a more resilient and scalable detection program.

Beyond just observing, protecting your whole software supply chain (SEC406)

Conference

Amazon re:Invent • Las Vegas, NV • November 2024

How do you protect your software supply chain from threat actors, and how do you mitigate vulnerabilities across fleets? Observing the supply chain is only part of the answer. In this session, explore supply chain best practices, and learn about Datadog’s open source tool GuardDog and how they use it to protect critical repos. Also, gain insight into how Datadog AVM helps prioritize acting on security findings in your AWS environment. This presentation is brought to you by Datadog, an AWS Partner.

Securing the Speed

Virtual

Anticast • Virtual • July 2024

CI/CD (Continuous Integration and Continuous Delivery) is at the very heart of every DevOps strategy. Whether it includes security or not, security practitioners should have familiarity with CI/CD systems. Often these systems have implicit trust, or the “keys to the kingdom,” when it comes to forming resources in cloud environments. Join us for a free one-hour Antisyphon Anti-cast, with instructor Andrew Krug, where he’ll explain best practices for CI/CD, detail common pitfalls, and get hands on with Github Actions + Cloud Providers. Andrew will cover common best practices for project layouts and discuss do’s and don’ts. You'll leave with a firm understanding of how to properly federate identity – in a safe way with cloud providers.

Securing the Blobs

Virtual

Anticast • Virtual • October 2024

The practices and principles that drive successful technical organizations. From hiring and onboarding to creating psychological safety and fostering innovation.

AWS Cloud: DevSecOps Essentials

Virtual

Anticast • Virtual • April 3, 2024

An Antisyphon Anti-cast covering the essentials of DevSecOps on AWS: the core practices, tooling, and skills security practitioners need to secure cloud development pipelines.

Speaking Topics

I speak on a wide range of topics related to technology, leadership, and innovation. Here are some of my most popular presentations.

🚀 Engineering Leadership

  • Scaling engineering teams and organizations
  • Building high-performance engineering culture
  • Technical decision-making and architecture reviews
  • Managing technical debt and system evolution

⚡ System Architecture

  • Microservices architecture and distributed systems
  • Cloud-native development and deployment
  • Resilience patterns and fault tolerance
  • Performance optimization and scalability

🔧 DevOps & Platform Engineering

  • CI/CD best practices and automation
  • Infrastructure as code and GitOps
  • Observability and monitoring strategies
  • Platform engineering and developer experience

🤖 AI & Agentic Security

  • Securing coding agents and AI-assisted development workflows
  • Agentic system design: guardrails, least privilege, and human-in-the-loop
  • AI workflow development for security and engineering teams
  • Model tuning and evaluation for security use cases
  • Threat modeling LLM applications and prompt injection defense

Let's Speak Together

I'm always excited to share knowledge and insights with technical communities around the world. Whether you're organizing a conference, meetup, or corporate event, I'd love to contribute.

What I Bring

  • Real-world experience and practical insights
  • Engaging presentation style with actionable takeaways
  • Customized content tailored to your audience
  • Professional speaker materials and promotion
Book Me to Speak