I had the absolute pleasure to attend both days of SecTor 2025 this year, followed by a weekend of lovely talks at BSidesTO 2025. I wanted to collect my thoughts and post a small write-up here, detailing my time at both conferences, mentioning the new people I met, businesses I talked with, and classmates I advised on how to make the most out of SecTor! I have been lucky enough to attend SecTor (consecutively) for the past 3 years, with this being my 4th! I wish I knew of the opportunity for the Education Discount for the full Briefings pass, but not only do you live and learn...now I can suggest to my classmates who still have a few years left of cyber to return to SecTor each year and experience the amazing talks, as well as to learn about cool new up-and-coming technologies in our field! I attended this year's SecTor solo, but met up with current, new, and old classmates, expanding my reach for ISSessions and within the cybersecurity community. # SecTor 2025 I was able to attend many talks through the Arsenal area in SecTor, which consisted of 4 rotating talks throughout both days. While some repeated, most were new, and some even ended up speaking at BSidesTO. A few of my favourite talks were from the minds of Pavel Shukhman, who was showcasing the use of ReARM, which is an SBOM/xBOM (Software/Hardware) Manager, which allows you to organize product and component releases with their metadata! I found this quite exciting, since I have been moving into DevOps and AppSec much more these days. I also quite enjoyed the talk on the Azazel System, by Makoto SUGITA. It is a portable cybersecurity gateway built on a Raspberry Pi 5. Instead of just watching attacks like a normal honeypot, it actively slows attackers down and manipulates their behavior, which gives defenders extra time to react. The last talk that stuck with me was the Raining in the Clouds talk by Rodney Beede. They showcased training materials they made, from their company, Coalfire Labs/Research. I liked this repository a lot, as it offers a hands-on environment for developing application security penetration testing skills focused on cloud environments such as OpenStack, Salesforce, and Google Cloud. It was a very informative and interesting talk to see such training materials online for one to try! It would not have been a SecTor event without the Bricks & Picks area, and like every year I have seen it, it was booming with people! I had great chats with both Dave Schefcik and his co-host, who I seem to have forgotten the name of....they were both nice enough to invite me to Bricks in the 6 in mid-November, which I will definitely attend! I ended playing both days in the raffle, which consisted of building special black tiles which would eventually form the lovely mosaic you see at the top of the post! I ended up winning the raffle on Day 2! I finally got a LEGO SecTor Leaf! I also spoke to a few startups, but my favourite was MokN, and the conversations I had with Antoine Coudoux, CISSP and Fatiha BENGHANEM! Their idea to "phish the phishers" was interesting and I brought over a few of my classmates as well to pique their interest as well. Overall, it was a fantastic two-day event! # BSidesTO 2025 I was so ecstatic when I found out BSidesTO was a 2-day event this year! Even though day 2 was just a half-day, it was full of **amazing** talks!! My favourite, though, definitely had to be the one by @Cedric and @Josh. They did this on the NPM Supply chain attacks, but my favourite was the Shai Hulud one. I almost did a writeup on this for ISSessions a few weeks back, but ended up going with a talk on some crypto stealer malware that ended up on Steam! Was a pretty cool talk, you can watch it here, if you like (live recording, slides are missing from the stream, if you would like them I can totally share them) https://www.youtube.com/live/0pi-CeKrp5o?si=wwuvxoO5otmx6dky&t=2171 Anyway, back to the talk about the NPM Supply Chain attack. It was very interesting hearing from two different perspectives, as Josh is the CEO of a Reverse Engineering company, called @InvokeRE, and Cedric works as a Senior SOC Analyst & Tech Lead @Coveo, so the two separate trains of thoughts were very technically interesting to me. I met some wonderful new folks there, saw some friendly faces from SecTor, and old friends and professors from the ISS program. Giving Thanks I would like to give thanks to friends and classmates, such as: Yubo Sun, Majd Abboud, Ruslan Parkhomenko, Dev Godhani, Nada Elshami, Yazan Mesallam, Nick McClure, Greg Westover, and Conrad Fitzgerald. These are our up-and-coming faces in Cybersecurity, it is a pleasure to be in my final semester and to be able to help you all enjoy these events to the fullest. I'd also love to give thanks to the graduating class from last term, who surprised me at these events: Hussein Bicher, Durval Ledo, Muhammad Elsayed, and Jillian Moorcroft. And finally, to my friends which I see often throughout these events, and who were in my original class of ISS @ Sheridan College. Abdul Haliru, and Austen Snow.