Monthly Security Meetup — Des Moines, Iowa

Security talks.

Vendor-neutral, practical, open to the curious. Bring a laptop, bring a question. All types welcome.

View Schedule Join Discord
Next Run
2026-07-02
Doors 6:00 PM
Venue T12 Distillery
City West Des Moines, IA
See the lineup →

The Room

Practical security. No vendor fog.

SecDSM is a monthly meetup where local security folks trade notes, demo tools, talk through failures, and compare scars. No registration required. Bring curiosity, a laptop if you want, and enough manners to keep the room good.

01 Talks

Short demos, primary talks, tool notes, and field stories.

02 Community

Local security people, students, builders, breakers, and defenders.

03 Venue

First Thursday at 6PM, T12 Distillery.

04 Signal

Free, vendor-neutral, and open to the curious.

cron.d

Schedule

0 18 * * 4  ·  first thursday monthly  ·  t12 distillery

Submit a Talk
● Next Run 2026-07-02
7:00 PM
Feature
Nicholas Starke Introducing Embedded Linux Audit: A Toolkit for Performing Security Analysis of Embedded Devices

Anyone who has done an embedded device security audit can attest to some of the struggles with doing these types of evaluations: libraries are missing, code has to be statically compiled to run usually - and cross compiled for another CPU architecture. Trying to debug a process is usually a non starter due to these problems and others.

I developed a tool, dubbed "Embedded Linux Audit" (https://github.com/nstarke/embedded_linux_audit) to help alleviate some of these troubles, plus also make it possible to "remotely" audit an embedded device. This talk will cover what the tool is, how it works, and some of my motivations for developing such a tool.

The second part of the talk will focus on how this project was developed using the latest in AI assisted development tools, which allowed me to "punch above my weight" in terms of writing code I probably could have never written myself.

Nick Starke is an embedded device and firmware security researcher. When he isn't hacking, he likes playing with synthesizers

7:40 PM
Feature
Drey Zhuk Beyond the Fluff: Building a Security Agent That Actually Works

There's a massive influx of hype around AI agents for security and investigations - most of it is fluff. Chatbots that look impressive in a demo but fall apart the moment they hit a real investigation because they lack context, consistency, and grounding in ground truth.

This talk walks through what it actually takes to build an AI agent that works for threat hunting and security investigations. Not a conversational assistant - an Investigation Operating System.

We'll cover the architecture that delivered real results:

1. The Knowledge Layer (Institutional Memory) - feeding each investigation back into a knowledge database of entities, indicators, historical patterns, and analyst corrections so the agent never starts cold.

2. Data Mapping & Orchestration - teaching the agent where evidence actually lives and which schemas matter, so the model acts as an orchestrator across identity, infrastructure, billing, and usage signals - not just a summarizer.

3. Deterministic Data First, AI Second - using structured telemetry, parsers, and repeatable queries as the factual foundation, with the AI layer reasoning over evidence rather than being asked to 'believe' anything. This is the key to avoiding the hallucination trap.

4. Encoded Tradecraft - encoding investigative methodology (pivot-chain analysis, entity relationship mapping, timeline reconstruction) into repeatable workflows that another analyst can inspect, reproduce, and challenge.

5. Parallelism - fanning out across multiple angles simultaneously, merging results, and launching follow-up pivots instantly to compress multi-hour manual loops.

Attendees will walk away with a concrete framework for moving past 'shiny UI over a basic prompt' and toward AI systems that are reliable investigation partners - with context, constraints, and a repeatable process.

Drey is a Senior AI Security Researcher with a background in threat intelligence and security investigations. Originally from Washington state, moved to Iowa on accident and have spent the last three years in this amazing place.

Have a talk to share? → Interested in sponsoring? →
○ Queued 2026-08-06
TBA
Talk schedule pending

Check Discord for updates as the agenda fills in. All are welcome.

Presented with support from
Sublime Security
Have a talk to share? →
○ Queued 2026-09-03
TBA
Talk schedule pending

Check Discord for updates as the agenda fills in. All are welcome.

Presented with support from
SentinelOne
Have a talk to share? →
○ Queued 2026-10-01
Get ready to crank up the party vibes and kick off the Halloween fun with a bang! Picture this: a Hacker Costume Contest, an electrifying Scavenger Hunt, a spooky CTF and a brain-teasing Trivia Night! Prizes will be on hand for winning teams. No presentations this meeting, just pure excitement and energy! Get your costumes ready and join us for an unforgettable pre-Halloween bash! 🎉👻🎃.
TBA
Talk schedule pending

Check Discord for updates as the agenda fills in. All are welcome.

Presented with support from
LMG Security
Have a talk to share? →
○ Queued 2026-11-05
TBA
Talk schedule pending

Check Discord for updates as the agenda fills in. All are welcome.

Have a talk to share? → Interested in sponsoring? →

Live console

$ secdsm --interactive

A real shell. Try help to see commands — next, uptime, dig venue.secdsm.org, or set a custom prompt with hostname <your-name>. Session persists per-browser.

dig venue.secdsm.org // real records, captured at build time

$ dig +noall +answer +comments venue.secdsm.org TXT venue.secdsm.org LOC venue.secdsm.org URI

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41841
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; ANSWER SECTION:
venue.secdsm.org.	1799	IN	TXT	"addr=111 S 11th St, Ste 100, West Des Moines, IA 50265"
venue.secdsm.org.	1799	IN	TXT	"doors=18:00"
venue.secdsm.org.	1799	IN	TXT	"parking=Parking to the south of the building"
venue.secdsm.org.	1799	IN	TXT	"v=t12-distillery"

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3383
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; ANSWER SECTION:
venue.secdsm.org.	1800	IN	LOC	41 34 8.488 N 93 42 56.653 W 0.00m 1m 10000m 10m

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51330
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; ANSWER SECTION:
venue.secdsm.org.	1800	IN	URI	10 1 "https://maps.app.goo.gl/6PkyXeeGZvLL6ugh9"

T12 Distillery hosts us monthly. They make great whiskey — buy some. Silver-tier+ sponsors can produce a custom-labeled barrel via the T12 Distillery Private Barrel Club. Map: google · osm

whoami // what is this

SecDSM is a 501(c)(3) nonprofit running a monthly information security meetup in Des Moines, Iowa, since February 2016. Founded by people who got tired of vendor-driven “community” events. Run by volunteers. Funded by sponsors who agree to the terms: banner space, brochures, a shoutout — no pitch, no list.

Show up. Bring a question. Give a talk if you’ve built or broken something cool.

read /about read /coc read /bylaws read /colophon 
$ man secdsm

NAME
       secdsm — des moines security meetup

SYNOPSIS
       1st thursday, 18:00 CDT, t12 distillery

DESCRIPTION
       monthly. vendor-neutral. free.
       attendee-driven talks.
       no sales. no registration.

FILES
       /coc          code of conduct
       /bylaws       501(c)(3) bylaws
       /sponsor      tiers & terms
       /pgp-key.txt  board pgp key
       /security.txt rfc 9116

SEE ALSO
       discord(7), opencollective(7)