top of page
Search

Your Conference Badge Is a Hacker’s VIP Pass

You spent three days at Milken or SIFMA. You networked. You learned. You came home with business cards and new ideas. So do I, I was sitting two rows behind you.


Our industries run on conferences. RSA. Secure World. SIFMA. Money20/20. Bloomberg Invest. FINRA. RIMS. SuperReturn. We badge in and network aggressively, because that’s the point. What we don’t discuss is how efficiently attackers weaponize everything we voluntarily display.


It starts before you arrive. Conference apps publish your name, title, and company. Attackers, we harvest this before the doors open. Your org chart and peer relationships handed over for a registration fee.


Then you clip on your badge. Full name. Company. Title. Visible to everyone nearby for three days. I now know your face, your role, and that you control capital and systems worth targeting.


The finance world makes this worse. CFOs, managing directors, compliance officers, each representing billions in AUM, networking openly in hotel ballrooms. I am a middle aged guy in a suit, I blend in and start asking about your firm’s technology strategy or investment mandate. This is everyone you have ever met at a conference. 


Hallway conversations do the rest. Vendors complain about clients (You do). Executives mention platforms and custodians they use (You also do). Every conversation is intelligence if the right person is listening (I am), and I paid the same registration fee you did.


Spear phishing spikes after every major conference. Attackers cross reference attendee lists against LinkedIn. “Great connecting at Milken” opens doors cold emails never would.


Unsecured WiFi. Shoulder surfing. An attacker doesn’t need to breach your perimeter if they can sit next to your CFO and watch him check email. One of my personal favorites. 


Finance is a high value target with an underinvested security culture. IT professionals talk about this. Finance professionals rarely do. That gap is exactly what attackers count on.


Stop attending unconsciously. Treat conference WiFi as hostile. Brief your team when you return.


The best hackers don’t break down doors. They walk through the ones you left open, smiling, badged, and right on schedule.

 
 

Recent Posts

See All
Scamming - Public Service Announcement

A text arrived on my phone this morning. Final Warning. Today’s date. Massachusetts Department of Transportation. License suspension if I don’t pay by end of day. A code citation. Five escalating cons

 
 

Timcke Risk Management, LLC

660 Massachusetts Ave

6th Floor, Boston, MA 02118

 

© 2025 by Timcke Risk Management, LLC

 

bottom of page