Ymir Vigfusson

Most cybersecurity decisions inside large organisations are still made by people who have never thought like an attacker. That gap, between the defender’s checklist and the attacker’s actual workflow, is where breaches happen. Boards need a credible interpreter of how adversaries reason, not another vendor reading from a slide.

Ymir Vigfusson is a computer science professor and serial cybersecurity founder who teaches senior leaders to think like the attackers targeting their organisations.

Download Profile
Check Availability
Check availability

Check Ymir Vigfusson's availability for your event

Complete the form below to check Ymir Vigfusson's availability. If you prefer, you can also send an email directly to our head office.

How would Ymir Vigfusson deliver their presentation at your event?
Please provide details of your budget for Ymir Vigfusson's speaking fee, including currency.

Your dedicated Speakers Associates agent manages your booking end-to-end.

We strive to reply within 4 working hours.

Currently booking for 2027 and selected 2026 dates

Full Profile

Why organisations work with Ymir Vigfusson

  • He is a tenured computer scientist at Emory and a practising offensive-security entrepreneur, with three founded companies and two acquisitions. Boards rarely get both registers from the same speaker.
  • His TEDxReykjavik talk on teaching people how to hack has passed 1.8 million views, which means executives often arrive already primed by his argument and ready to engage at depth.
  • Keystrike, his third company, was built specifically for the problem of secure remote access when the user’s machine is already compromised. He has commercial scar tissue on the exact threat model most enterprises now face.
  • He holds an NSF CAREER award for fundamental work on caching and distributed systems, so the technical authority extends well beyond cybersecurity into the infrastructure layer that AI workloads depend on.
  • His guest-researcher role at the CDC, applied to disease-outbreak surveillance, gives him a working analogy for how organisations should model contagion and propagation inside their own networks.

Biography highlights

  • PhD in Computer Science, Cornell University; BSc in Mathematics, University of Iceland.
  • Associate Professor at Emory University and director of the SimBioSys lab.
  • NSF CAREER award recipient for the “Rethinking the Cache Abstraction” project.
  • Co-founder of Syndis (acquired by Origo, 2021), Adversary (acquired by Secure Code Warrior, 2020) and Keystrike (current CTO).
  • TEDxReykjavik talk “Why I teach people how to hack” with more than 1.8 million views.
  • Guest researcher at the Centers for Disease Control and Prevention, applying network science to outbreak surveillance.

Biography

The cybersecurity industry has a translation problem. Attackers reason in workflows; defenders reason in compliance frameworks. Most senior leaders only hear the second language, which is why most security investment is shaped by audit logic rather than by how an adversary actually moves through a system.

Ymir Vigfusson works in both languages. He is Associate Professor of Computer Science at Emory University and director of the SimBioSys lab, where his NSF CAREER-funded research on caching and distributed systems has produced papers at USENIX ATC, VLDB and EuroSys. The same researcher co-founded Syndis, the de facto cybersecurity firm in Iceland (acquired by Origo in 2021), the hacker-training platform Adversary (acquired by Secure Code Warrior in 2020), and Keystrike, where he is now CTO and which won Emory’s Innovation of the Year for a product that secures remote access even when the endpoint is compromised.

That dual track shapes how he speaks to leadership audiences. His TEDxReykjavik talk, “Why I teach people how to hack,” has been viewed more than 1.8 million times and lays out the argument that an organisation cannot defend itself against an attacker mindset it refuses to study. He brings the same logic into board conversations: walk through how an adversary would actually compromise this organisation, then decide what to fund.

A guest-researcher post at the CDC, where he applies network-science methods to outbreak surveillance, gives him a working model for how threats propagate inside any complex network. The practical result for leadership audiences is a clearer picture of where their actual attack surface sits and which defensive habits change the outcome.

Key speaking topics

  • Cybersecurity as a board-level risk
  • The hacker mindset as a defensive capability
  • Secure remote access and the compromised endpoint
  • Distributed systems and the infrastructure layer beneath AI
  • Network science applied to threat propagation
  • Cybersecurity education and the future security workforce

Ideal for

  • Boards, audit committees and CISOs commissioning a sharper view of attacker behaviour
  • Chief technology and chief information officers planning resilience investment
  • Banking, healthcare and critical-infrastructure leadership teams with high-value endpoints
  • Innovation and R&D leaders integrating security into AI and cloud roadmaps

Audience outcomes

  • A working model for how adversaries actually move through an enterprise network
  • A sharper line between security spend that changes attacker behaviour and spend that satisfies audit
  • A vocabulary for discussing cyber risk with non-technical board members
  • A view of where computational epidemiology and network science inform threat modelling

Talks

Why I teach people how to hack

A defence of the hacker mindset as the missing ingredient in corporate cybersecurity.

Key takeaways:

  • Why defenders who have never thought like attackers consistently underestimate them
  • How offensive-security education changes the way security teams prioritise
  • What boards should ask of security leaders who claim to be “covered”

Why it's a small world

A walk through network-connectivity models and what they predict about how attacks, information and contagion spread.

Key takeaways:

  • How short-path properties of networks shape both opportunity and risk
  • Why most organisations underestimate lateral movement
  • What network science teaches about resilience design

How Alan Turing cracked the Enigma

A historical case study used to draw out durable lessons about cryptography, deception and code-breaking.

Key takeaways:

  • How an adversary’s assumptions become their weakness
  • Why the mathematics of secrecy still shapes modern security architecture
  • What Turing’s team got right about combining human insight with machine power

Languages
Click the button below to check Ymir Vigfusson's fees and availability for your event.
Check Availability

Videos