KB4con 2026 had Alex Honnold as a keynote speaker. He’s someone who climbs extremely tall mountains with no ropes and no safety equipment. Just him, the rock, and a Wil-e-coyote style ending if anything goes slightly wrong.
I have sat through a lot of conference keynotes. Former heads of state explaining that leadership is important. Astronauts confirming that space is large. Digital fortune tellers telling a room full of security professionals that the future will be different from the past.
A man who has made a careful, considered, expertise-backed decision to remove every single safety net is a genuinely interesting choice for a security conference. Not because the metaphor writes itself. Because it got me thinking about what safety measures are actually for.
Some controls exist because the risk is real and the mitigation works. Some controls exist because removing them would look bad in the post-incident report. The free soloist has thought, with more rigour than most, about which category each piece of protection falls into. He has not abandoned caution. He has replaced generic caution with extremely specific, deeply informed caution. Before climbing a huge mountain, he has gone through the route hundreds of times, has visualised and memorised every hand grip and every transition along the way.
Most security programmes do the opposite. They accumulate controls the way people accumulate subscriptions, adding things regularly, auditing almost never, assuming that more coverage means more safety.
I am not suggesting your organisation free solos its infrastructure. I am suggesting that the keynote was a better fit than it first appeared.
Javvad Malik 