Most people will never see the inside of a ransom negotiation. The conversations happen on backchannels, on a clock, under pressure, with the rest of the business on hold. Matt has been on the other end of those conversations enough times to have built a real framework for how to do it well. He's taking that framework on the road this year. In the short promo below, he previews what the talk covers and where you can see it.
| Salt Lake City | April 10th, 2026 |
| Tampa | May 16, 2026 |
| Detriot | May 30th, 2026 |
Want to bring this talk to your event or organization?
Get in touch and we'll work out the details.
Ransomware coverage in the press tends to follow the same arc. A company gets hit. The story breaks. There's a number attached to the demand. A few days or weeks later we learn whether they paid or didn't, and the news moves on. The actual middle of that story, the part where someone is sitting in front of a chat window typing back and forth with the person who just locked up the business, almost never makes it out.
That middle is where the work happens. It's also where most of the bad decisions get made. Companies that have never thought about a negotiation before the day they need one tend to do things that cost them money, time, and leverage. The talk is about closing that gap.
Matt walks through the parts of a negotiation that don't show up in the headlines. The ecosystem of actors involved in a single event, which is usually larger and stranger than people assume. What a typical day looks like for someone running these conversations. The skills you actually need to do it well, which are mostly not technical. How to size up the value of what's been taken, and how to figure out what the other side actually wants versus what they're saying they want. How to build enough trust in a relationship that exists for one reason only, which is to extract money from you.
It's also about the decisions that surround the negotiation itself. Whether to engage at all. Whether to pay. Whether to involve law enforcement. What the consequences of each choice look like a year later, not just the week of the incident. Most of those decisions are made under duress by people who've never been in this position before. Hearing how they look in retrospect, from someone who has, changes how you think about the day you might need it.
Security teams, incident responders, executives who'd be in the room when one of these decisions has to get made, and anyone who has spent any time wondering what the criminal end of the cybersecurity economy actually looks like from the inside. The talk is technical where it needs to be and plainspoken everywhere else. You don't need a background in negotiation, ransomware, or cybersecurity to follow it. You will leave with a better sense of how this part of the world operates than almost any article on the subject can give you.