John Menerick — Speaker
Two decades on stage at DEF CON, ISC2, Stanford, CCC, JavaOne, ROOTCON, and dozens more — covering adversarial AI, autonomous SOC architecture, offensive security research, zero knowledge computing, multi-party computation, bio-inspired defense, Kubernetes hardening, hardware-rooted identity, complex systems science, and financial systems security. Every talk is backed by published research, working exploits, and production deployments. If your audience needs to be challenged, not just informed, this is the speaker.
📩 Book a Speaking EngagementConference History
| Year | Conference | Talk | Links |
|---|---|---|---|
| 2002 |
ROOTCON
|
Satellite Foolery and Hijinks | |
| 2003 |
JavaOne
San Francisco |
Java Security | |
| 2003 |
Stanford University
|
Complex Systems Engineering Limitations | |
| 2010 |
SigInt
|
Echo Chambers and Systems in Hacker Culture | |
| 2005 |
Northwestern
|
Video Game Programming series | |
| 2005 |
University of Minnesota - Twin Cities
|
C++ / C Programming for Robotics lectures | |
| 2004 |
SIGINT Development
Intentionally not recorded. |
Guest Speaker | Not recorded |
| 2003 |
SIGDEV
Intentionally not recorded. |
Guest Speaker | Not recorded |
| 2008 |
PayPal
Corporate engagement |
Complex Systems & Distributed Systems in Security | |
| 2007 |
eBay
Corporate engagement |
Security Imagineering | |
| ~2005 |
Notacon
Cleveland, OH |
Security Research | |
| Recurring |
OWASP Bay Area Chapter
|
Cracking Financial Systems & others | |
| 2014 |
DEF CON 22
Las Vegas, NV |
Open Source Fairy Dust | ▶ Video |
| 2015 |
DEF CON 23
Las Vegas, NV |
Backdooring Git | ▶ Video |
| 2015 |
ROOTCON 9
Philippines. Part of winning Hacker Jeopardy team. |
BackDooring Git | |
| 2015 |
ROOTCON 9
Philippines |
Open Source Internet Infrastructure Insecurity | |
| 2016 |
ROOTCON 10
Philippines |
Liberating Self Driving Cars | |
| 2015 |
GrrCON
Grand Rapids, MI |
Backdooring Git | ▶ Video |
| 2015 |
SkyTalks (DEF CON)
Intentionally not recorded. |
ERP inSecurity | Not recorded |
| 2015 |
DerbyCon
Louisville, KY |
Backdooring Git | ▶ Video |
| 2015 |
CCC (Chaos Communication Camp)
European security community |
Security Research | ▶ Video |
| Recurring |
BSides Cleveland
See IronGeek archive. |
Multiple Talks | ▶ Video |
| Recurring |
ISC2
Top Rated Speaker. |
Various topics from Bug Bounty to Purple Teaming Operational Excellence |
Talk Topics & Expertise
⚡ Adversarial AI & Autonomous SOC
What happens when your SOC learns faster than your attackers evolve? John's research covers energy-based detection models, self-healing security architectures, and autonomous response loops — built and battle-tested, not theoretical.
🔓 Offensive Security & Supply Chain Risk
From backdooring Git repositories to cracking financial systems at scale, John delivers talks that make engineering teams immediately audit their own code. Uncomfortable, actionable, and technically unimpeachable.
🏗️ Security Architecture at Scale
Zero-trust isn't a product — it's a discipline. John has designed and broken security architectures across cloud-native, distributed, and legacy environments. He speaks from the scar tissue, not the slide template.
🧬 Complex Systems & Security Engineering
Security is a complex adaptive system. Drawing from cybernetics, developmental biology, and game theory, John challenges audiences to think about defense the way nature thinks about resilience — not brittleness.
🤖 Machine Learning in Information Security
Machine learning isn't a magic bullet — it's a force multiplier for attackers and defenders alike. John covers applied ML for threat detection, anomaly modeling, adversarial inputs, and the practical limits of what models can and cannot do in production security environments.
📡 Distributed Systems & Information Theory
What are the theoretical speed limits of a secure distributed system? John explores multi-terminal information theory, Slepian-Wolf compression, MAC/BC interference management, and Physical Layer Network Coding to show how understanding the math behind performance boundaries lets you design optimized, decentralized architectures — with compute pushed to the edge where it belongs.
🔐 Zero Knowledge Computing
Prove you know something without revealing what you know. John breaks down zero knowledge proofs from the cryptographic fundamentals to real-world applications in authentication, privacy-preserving computation, and trust minimization — bridging theory and deployment for technical and executive audiences alike.
📡 Computing Through the Noise: Circuit-Scalable MPC
What if the network itself is working against you? John dives into the Constant-Rate Compiler and interactive-coding—breakthroughs that fuse error correction with encryption. He demonstrates how to maintain a Zero Trust environment even when communication channels are failing, noisy, or under active electronic interference.
⚡ The Straggler Solution: Coded-MPC for the Edge
In decentralized IoT, waiting for the slowest node is a performance death sentence. John introduces Private and Rateless Adaptive Coded Computation (PRAC), a method of "over-provisioning" math through polynomial codes. Discover how to achieve reliability without the bloat of traditional redundancy for massive, unreliable sensor networks.
🔐 Beyond the Algorithm: Unconditional Security
If a quantum computer can break any code, is anything truly secure? John explores the shift from "hard to break" to "impossible to observe." By leveraging Information-Theoretic Security and GHZ quantum states, he maps a future where the laws of physics—not just complex math—ensure your data remains private and untampered.
🤝 Multi-Party Computation: Beyond Bit-Perfect
What if you could compute together without any party learning another's inputs—even over a "broken" network? John explores the frontier of Coded-MPC, leveraging physical limits to achieve unconditional security and zero trust across noisy, adversarial environments that would cripple traditional protocols.
🧠 Agentic AI & Autonomous Security Operations
What happens when your security operations center stops waiting for human commands and starts thinking for itself? John presents the MAESTRO and TAME frameworks — architectures for governed, multi-agent security systems with cognitive light cones, guardian swarms, and bio-inspired collective intelligence. Built for the SOC that needs to operate at machine speed without losing human accountability.
🦎 Self-Healing Infrastructure & Regenerative Security
Salamanders regrow limbs. Your cloud infrastructure should too. John draws from developmental biology, anatomical homeostasis, and TOTE loop theory to design systems that recover from breaches without human intervention — not through redundancy, but through genuine regenerative architecture. If you're still relying on backups, you're thinking about resilience wrong.
🔑 Hardware-Rooted Identity & Ephemeral Credentials
shared secrets are a liability. John covers hardware-rooted authentication using YubiKeys, FROST threshold signatures, HashiCorp Vault, and short-lived certificate chains — eliminating standing credentials entirely. Built from production deployments at scale, this talk gives engineering teams a concrete path from password chaos to phishing-resistant, zero-trust identity.
☸️ Kubernetes Security & Cloud-Native Hardening
Kubernetes is a force multiplier for attackers who find one misconfiguration. John walks through the full attack surface — Pod security policies, CNI network policy enforcement, scheduler privilege, CI/CD pipeline injection, and secrets management — with concrete CIS Benchmark-aligned remediations. Practical enough for engineering teams, sobering enough for leadership.
🕵️ Threat Hunting & Advanced Incident Response
Alerts are noise. Hunting is signal. John covers macOS and Linux first-responder forensics, APT detection patterns, SIEM model failure modes, Loki/Splunk threat hunting pipelines, and IOC scanning at scale — drawn from years of incident response across enterprise and critical infrastructure environments. This is the talk for defenders who are tired of losing.
⚖️ AI Governance, Ethics & the Worthy Successor
When an AI agent decides to contain a threat, who is responsible for the consequences? John explores the legal, ethical, and technical dimensions of autonomous decision-making in security contexts — covering AI governance frameworks, the Petrov Rule for machine judgment, and how to build systems that are powerful enough to matter and accountable enough to trust.
💸 Financial Systems Security & Cryptographic Attack Surfaces
Financial systems carry the highest consequences for failure — and the most creative adversaries. John's research spans cracking financial APIs, DPAPI exploitation, cryptographic protocol weaknesses, and the attack surface of modern payment infrastructure. This talk has made engineering teams audit their own systems before the session ended.
🌱 Bio-Inspired Defense & Morphogenetic Security
What if your security architecture could grow, adapt, and respond to threats the way a developing organism responds to injury? John applies morphogenetic field theory, bioelectric signaling models, and developmental biology to network defense — arguing that the future of resilient security isn't more rules or more alerts, but systems with genuine goal-directed behavior encoded at the architecture level.
Engagement Information
Book a Speaking Engagement
- Formats: Keynote, deep-dive workshop, panel, fireside chat
- Duration: 20 min lightning · 45 min main stage · 90 min workshop
- Audience fit: Security engineers & architects, CISOs, ML & AI practitioners, cloud & platform engineers, academic & government audiences, financial services — across all 16 topic areas above
- A/V: Slide deck (PDF/Keynote), lapel or handheld mic, HDMI output
- Bio & headshot: Available on request. Full speaker kit provided upon booking.
- Fee: Available on request. Travel and accommodations to be arranged by event organizer.
- Book: [email protected] — or reach out via LinkedIn