Recent OODA Network attendance at seminal, annual cybersecurity conferences (and subsequent “hot wash” discussions amongst the network membership) reinforced one vital takeaway: the “Human Factor” in all its forms will be a part of the narrative of the future of global cybersecurity.

This post also includes company profiles from this constantly evolving market landscape.

Summary

The human element of cybersecurity is not on the sidelines: it remains center stage.

At Black Hat USA 2025 and DEF CON 33, this was made clear as the human element – risk, resilience, and talent strategy – was a major theme, shaping how AI, agentic systems, and next-generation threats are understood and addressed. From immersive villages to cutting-edge panels, the recent cybersecurity conferences spotlighted how human risk, social engineering, and talent strategy intersect with AI, agentic systems, and next-generation cybersecurity challenges.

Market-leading startups are also emerging and are profiled here.

Why This Matters

The future of cybersecurity is not only about technology: it’s about people.

• Human risk is still the weakest link, amplified by AI-driven social engineering.
• Talent is now a strategic asset, with workforce resilience, mental health, and diversity central to security.
• AI-human integration demands oversight through red-teaming, crowdsourced validation, and governance frameworks.
• Community-led learning (villages, hackathons, live simulations) has proven more effective than traditional training for building resilience.

Key Points

Black Hat USA 2025

• “Securing Human Risk” session explored AI tools that transform fallible humans into resilient assets.
• Vendors like Mimecast demoed platforms to manage insider threats, shadow AI, and behavioral risk.
• Briefings addressed LLM exploits, phishing training, and the shift from attack surface to risk surface.

DEF CON 33

• The Social Engineering Village hosted live vishing contests, cold-call scenarios, and improv training.
• The AI Village ran the Generative Red Team (GRT-3) hackathon and featured deepfake karaoke.
• The Adversary Village offered purple teaming and workshops with leaders like Marcus Carey, Bryson Bort, and Sanne Maasakkers.

Company Profiles from the Market Landscape

• Mimecast – Human Risk Command Center
  Human Risk Management platform monitoring behavioral signals across collaboration tools. Targets insider threats, shadow AI, and impersonation. Directly aligned with human-centric cyber resilience.
• DevSec
  Cyber intelligence firm combining ex-intelligence operators, hackers, and data scientists for advanced investigations. Specializes in human targeting, threat attribution, and adversary profiling.
• BlackWire Labs
  AI-enabled decision support validated by human experts and blockchain audit trails. Focused on trust in AI, Human-AI collaboration, and transparent oversight.
• Dreadnode
  Offensive AI security company offering adversarial testing tools (Strikes, Spyglass, Crucible). Strengthens AI workforce resilience and red-team training.
• SailPoint
  Leader in identity governance across human and machine identities. Supports workforce strategies by automating access controls and reducing identity risk.

Company	Core Offering	Market Differentiation	Investment Relevance
Mimecast	Human Risk Command Center integrating insider threat detection, AI oversight, and awareness training.	First-mover in holistic human risk dashboards.	Scalable platform for enterprise adoption.
DevSec	Cyber intelligence & investigative services (fraud, nation-state, human targeting).	Ex-operator credibility + investigative depth.	Potential acquisition target for larger cyber intelligence players.
BlackWire Labs	AI decision support validated by human experts + blockchain auditability.	Transparency + trust in AI outputs.	Positioned at the AI-human trust intersection, with strong growth potential.
Dreadnode	Offensive AI red-teaming platforms.	Tools like Strikes and Crucible simulate real adversaries.	Critical for AI resilience; strong red-team training use case.
SailPoint	Identity governance for human + machine accounts.	Leader in identity orchestration.	Safe bet in workforce and machine identity risk automation.

What Next?

• Enterprise HR (Professional Development and Upskill Training) and Cyber Conferences: Expand human-AI trust, resilience training, and mental health tracks.
• Startups: Develop gamified platforms for workforce training and AI-human collaboration.
• Talent Strategy: Prioritize neurodiverse recruitment and oversight roles in AI workflows.
• Communities: Scale participatory, hands-on learning models.

Recommendations from the Conferences

• Funders: Back platforms merging AI with human risk modeling and workforce resilience.
• Conference Organizers: Spotlight human-AI governance and adversary targeting.
• Cyber Leaders: Support “talent superpower” strategies (continuous training, stress resilience, and mental health safeguards).

Conference Highlights and Resources

• Black Hat USA 2025 – Conference Guide
• DEF CON 33 – Official Site
• Social Engineering Community – DEF CON Village
• AI Village – DEF CON
• Adversary Village

Additional OODA Loop Resources

DeepSeek AI’s Talent Strategy Signals a Shift in Global Innovation Leadership: According to researchers at the Hoover Institute, DeepSeek AI’s rise reveals a critical challenge to U.S. technological leadership: the erosion of its human-capital advantage as China builds a self-sufficient AI talent pipeline.

Navigating the National Security Deep Tech Landscape: An OODA Network Primer for Startups: Startups entering the U.S. national security arena face both extraordinary opportunity and systemic complexity. This primer maps where to focus and how to engage.

Cybersecurity and Blockchain Convergence: Strategic Opportunities for Startups and Investors at Black Hat 2025: As the OODA Network and the Black Hat community attend Black Hat 2025 in Vegas, we tailored this OODA Loop Original Analysis for startup leadership teams and investors attending the conference. It seems that market and regulatory conditions are now optimized for the innovation ecosystem to take the accelerated lead in addressing urgent problems, providing myriad competing solutions, for the market to then sort out the winners and losers.

Cybersecurity and AI Convergence: A Startup Ecosystem Playbook (Agentic AI, LLM Threats, and Red-Teaming at Scale): This playbook explains how cybersecurity, AI/ML, LLMs, adversarial AI, AI sovereignty, red-teaming, and agentic AI intersect (and what it means for startup teams who attended Black Hat USA 2025 and DEF CON 33).

OODAcasts

The Attacker Mindset: Maxie Reynolds on Red Teaming, Underwater Data Centers, and Human Nature: In this OODAcast episode, host Matt Devost sits down with Maxie Reynolds, author of The Art of the Attack, to explore the evolution of her unique career from offshore oil rigs to elite red teaming and cybersecurity innovation. Maxie shares how her unconventional path, working a decade in oil and gas, earning degrees while on remote rigs, and eventually breaking into cybersecurity at PwC, shaped her approach to physical and digital security. Her journey led to the creation of a company that builds underwater data centers, a novel fusion of her industrial and red teaming experiences. She discusses the rising interest in submerged infrastructure, particularly after China’s moves in the space and the demands of modern AI-driven cooling systems.

People, Culture, Organizations, Cybersecurity, and Technology: We continue our effort to underscore certain patterns and themes found throughout the OODAcast library of over 80 conversations with leaders and decision-makers, on topics such as leadership, empowering a team, clear decision-making while operating in a low information environment, the qualities and best practices of a true leader, the future of intelligence, the future of cyber threats, the cybersecurity marketplace, innovation, exponential technologies, and strategic action.

In May 2021, OODA CTO had a conversation with Bryson Bort, the Founder of SCYTHE, a start-up building a next-generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy. He is widely known in the cybersecurity community for helping advance concepts of defense across multiple critical domains. In December 2020, OODA CEO Matt Devost had a conversation with Masha Sedova, an award-winning people-security expert, speaker, and entrepreneur focused on helping companies transform employees from a risk into a key element of defense.

Masha Sedova, Co-Founder, Elevate Security on Human Risk Management: Masha Sedova is an award-winning people-security expert, speaker, and entrepreneur focused on helping companies transform employees from a risk into a key element of defense.

Scythe CEO Bryson Bort on Enhancing Security with Realistic Adversary Emulation: Bryson Bort is the Founder of SCYTHE, a start-up building a next-generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy. He is widely known in the cybersecurity community for helping advance concepts of defense across multiple critical domains. He is the co-founder of the ICS Village, a non-profit advancing awareness of industrial control system security. Bryson is also a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute.