CISO.POKER  ·  The Stack  ·  CISO Poker Championship
DEF CON · Black Hat · BSides 2026  ·  Las Vegas Strip  ·  Wed, Aug 5, 2026
Hosted by CyberAdX & CISO Marketplace · Intelligence by FeltIQ · NFC tap tag.ciso.poker → · Coalition giving 4 nonprofits →
Hacker Summer Camp 2026  ·  Invite Only

Three hours.
No pitches.
The Stack.

Every other event this week is someone trying to sell you something. The Stack is different. A Texas Hold'em tournament for 75–100 CISOs during DEF CON / Black Hat / BSides week — free entry, food and drinks on the house, no badge scans, no pitches. Three hours of decompression with peers, plus contributions to the table from the cybersecurity community.

Request a Seat How It Works
75–100
CISOs Only
The Stack
Coalition Donates
3 hrs
Your Night
0
Vendor Pitches
The Honest Case

We know what you're thinking.

You've been to a thousand vendor events. You know how this goes. Here's why this one is different — and we'll let you decide.

What you're thinking
"It's just another sponsored open bar."
It's usually true. You show up, get a drink, see the same 6 people you already know, and leave in 45 minutes. Your badge got scanned. Someone will email you on Monday. You've forgotten the company name by Friday.
What this actually is
"A tournament changes the math entirely."
There's no pitch because nobody needs to pitch. You're there to play cards and compete for a donated enterprise security stack built from tools you actually want. The Stack contributors are at the table with you — not behind a booth. Three hours goes fast when you have skin in the game.
What you're thinking
"I have better things to do Wednesday night."
That might be true. There's no shortage of events that week. Half of them are better funded than this one.
What this actually is
"75 peers, no vendor pressure, and a shot at a donated enterprise security stack."
The room is curated — you're sitting across from CISOs from companies like yours, not junior SDRs with a quota. The conversation at the break is worth the night alone. The prize is genuinely worth winning. And you'll have a story to tell at RSAC.
What you're thinking
"Whatever they're 'donating' is probably free trials."
Fair. Most event prizes are. A Yeti cooler with a logo. A gift card. Something you'll never use.
What this actually is
"Actual enterprise product access — tools you'd buy anyway."
Identity protection, AI security, Zero Trust, cloud-native coverage, vulnerability prioritization — five donated enterprise products spanning your architecture. Plus coalition extras like policy packs, offensive security review, and CISO advisory tooling. Any CISO who wins this walks out genuinely ahead.
The Night

What actually happens.

DEF CON / Black Hat / BSides week, Las Vegas Strip. Black Hat Day 1 Briefings are done. DEF CON opens the next morning. The tournament runs approximately three hours. Exact start time (afternoon or evening) depends on final venue selection and is confirmed to approved applicants by June. Here's the structure either way.

Pre-game
Doors Open — Cocktails, Buffet & Registration
You check in, get your chip stack, find your table. Open bar and buffet running from the moment you walk in — and they keep going through the tournament. No badge scan. No lanyard required. You know some people in the room already. You'll know more by the end of the night.
Start
The Stack Revealed
Three minutes. The Stack is unveiled — all five contributors, what the winner takes home. One sentence from each sponsor. Then cards in the air.
+5 min
★ Cards In the Air
75–100 players. 8–10 professional tables. WSOP-caliber dealers. 15-minute blind levels. You play. The contributors play. Nobody is pitching anything. For three hours, you're just a card player.
~Mid-tournament
Structural Breaks — Chip Counts & Real Conversations
A couple of dedicated breaks baked into the tournament structure — chip counts posted, dealer rotations, blind level resets. Food and drinks have been flowing since doors opened, so the breaks are about regrouping, not feeding. This is when it gets interesting. Eliminated players are loose. Chip leaders are confident. Everyone has something to talk about that isn't a product roadmap.
+2.5 hr
★ Final Table
The room consolidates around the last 9 players. The entire room watches. This is the moment everyone in the room is thinking about the same thing at the same time. That's rare at a conference.
+3 hr
Winner Crowned — The Stack Is Awarded
The Stack contributions go home with one CISO. Each sponsor gets 60 seconds to describe their contribution — what it does, not what it costs. Then the bar reopens and the night is whatever you want it to be.
Post-tournament
Post-Tournament — Open Format · ~2 hours
No agenda. No one is going to corner you with a deck. You've spent three hours with 75 peers. You know who's interesting. Go find them at the bar.
The Room

Who's at the tables.

Seats are application-only and curated by the CyberAdX team based on title, company size, and security program maturity. This is not a first-come-first-served signup.

🔐
CISOs & Security Leaders
Enterprise and mid-market CISOs, VPs of Security, and Directors of Information Security. The people who actually run security programs and control budgets.
🏢
Company Size: Mid to Enterprise
Attendees are curated from companies with real security programs — not startups with a single IT person wearing the CISO hat. Meaningful peer conversation requires meaningful peer context.
🌐
Industry Mix
Healthcare, financial services, energy, SaaS, manufacturing, government. The security problems in this room span every vertical. Which means the conversations do too.
🎯
Mixed at the Tables
A small number of seats are reserved for sponsor representatives, professional poker players, and select industry guests. Mixed across the tables, never concentrated — CISOs remain the majority at every felt. Three hours of cards is the best icebreaker in the industry.
🚫
No Vendors. No SDRs. No Quotas.
Sales reps, BDRs, account executives, and anyone with a pipeline number are not invited. The tournament format creates natural accountability — everyone is there to play, not prospect.
📋
Application Required
Request a seat below. The CyberAdX curation team reviews every application. Official event details drop in early May — seat notifications go out in June.
Contributions to the table

The Stack.
Donated by the room. Awarded at the table.

"One winner. A donated enterprise security stack — five cybersecurity companies contributing real product access directly to the table. No strings, no upsells, no renewal pressure."

The prize is built from real, donated access to enterprise security products — not discount codes. Identity protection. AI security. Zero Trust. Runtime and cloud coverage. Vulnerability prioritization. Plus coalition extras like policy packs, offensive security review, and CISO advisory tooling. The winner walks out with a stack of donated coverage across their architecture — assembled by the coalition, awarded at the table.

Every CISO who doesn't win still learns exactly what's in The Stack — because the prize ceremony gives each company 60 seconds of real attention from a room full of their ideal customers. Not a pitch. Context. The difference is enormous.

The Stack — Coalition Prize
Donated Enterprise Access
Five contributing companies · One winner
  • Identity & MFA protection
  • AI / GenAI security & content DLP
  • Zero Trust network access
  • Runtime / cloud-native protection
  • Vulnerability prioritization & remediation
  • + Coalition extras: policy packs, offensive security review, CISO advisory tooling
Contributions & Prize Pool

From knockout bounties to
felt moments.

From knockout bounties to FeltIQ recognition to final table awards — contributions from our supporters show up throughout the night. Every elimination, every milestone, every felt moment.

◆ Community Contributor

PortSwigger

Creators of Burp Suite Professional — the industry-standard web security testing platform used by pentesters and AppSec teams worldwide.

Community Contributor — Professional security tooling
Sponsor page →
◆ Mystery Bounty

CISO.DIY

Self-service CISO toolkit — frameworks, templates, and advisory tooling for security leaders who'd rather skip the consultant hours.

Mystery Bounty — CISO.DIY toolkit access
Sponsor page →
◆ Mystery Bounty

GeneratePolicy

AI-generated cybersecurity policies — tailored, framework-aligned, generated in minutes instead of months.

Mystery Bounty — Custom AI-generated policy pack
Sponsor page →
◆ Mystery Bounty

CyberPolicy.shop

Pre-built cybersecurity policy templates and compliance packs — battle-tested, ready to deploy.

Mystery Bounty — Cybersecurity policy template pack
Sponsor page →
◆ How the Bounty System Works
01
You receive a bounty chip at check-in
Each player draws a randomized NFC bounty chip at check-in. The prize on your chip is a mystery — sponsor-contributed digital access, tools, or licenses. VIP and pro chips carry premium prizes from higher-tier contributors.
02
Eliminate a player, collect their bounty
Knock someone out and you permanently collect their bounty chip. Their original prize is yours. You never lose bounties you've already collected — only your own original chip stays on your head.
03
Scan to reveal on knockout
When a player is eliminated, the dealer taps the bounty chip. The prize is revealed on the spot — sponsor, product, and redemption code. All digitally delivered, no envelope, no photo.
04
Final table negotiates
Final table players typically hold multiple bounties. Standard format: winner collects all remaining chips on the table. Final table deal is always on the table — players negotiate as they see fit.

Prizes are digital-only: access codes, trials, and product licenses. No cash equivalent. Your bounty chip keeps its NFC functionality after the event — sponsors can see tap analytics on their prize chips post-event.

What this is
A real poker tournament with WSOP-caliber dealers, professional tables, and proper blind structure.
An actual enterprise prize — donated product access from five contributing companies, verified and documented.
A room full of peers — curated by title and company type, not whoever clicked a registration link first.
An open bar for the duration of the tournament and the post-tournament social. Yes, the whole event.
Free entry — buy-ins are covered. You show up, you play.
What this is not
Not a pitch session. Sponsors get 60 seconds at the prize ceremony and that's the extent of it.
Not a badge scan event. No one is building a lead list from your attendance.
Not open to the public. Every seat is reviewed and approved. This keeps the room what it's supposed to be.
Professionally filmed, privacy-first. Videography for recap and promotional use. No names or titles used without consent. Face blurring available on request. Final table live stream is opt-in only.
Not a networking event with a poker theme. It's a tournament first. The networking is a side effect.
The Venue

Location
announced early May.

The venue is confirmed and being finalized for public announcement. Attendees with approved applications will receive the full address and logistics in early May 2026.

City
Las Vegas, NV
Date
TBA DEF CON / Black Hat / BSides week 2026
Venue
TBA Private venue, Las Vegas
Context
Black Hat Day 1 done · DEF CON eve
Format
Professional poker setup · 8–10 tables
How you'll know
Date & address sent to confirmed applicants directly
Questions
[email protected]
The Coalition

The coalition
behind The Stack.

Five cybersecurity companies are coming together to donate enterprise product access — each contributing one piece of The Stack. Plus an open anchor slot for a top-tier sponsor wanting first billing on the contributor list. Contributors revealed rolling — May through the August event.

Powered by FeltIQ

The intelligence layer
built into the night.

FeltIQ debuts at HSC 2026 — our anonymous, real-time intelligence capture platform, designed to run at every CISO.POKER event going forward. Tablet kiosks at check-in, poker tables, food stations, and breaks ask fast, adaptive questions throughout the evening. No surveys. No follow-up emails. Just frictionless data capture in the moments between hands.

172
Questions across 17 categories
AI risk · agentic AI · post-quantum · SEC disclosure · NIS2 · vendor · budget · identity · and more
0
Personally identifiable data collected
Fully anonymous. No names. No badge scans. No follow-up.
Live
Real-time scoreboard — attendees and organizer
Consensus findings visible to the whole room as responses come in. "67% of CISOs said No." That's the signal.
◆ How it works at The Stack
01
Check-in kiosk
A tablet at registration asks 2–3 quick true/false questions while you collect your chip stack. Thirty seconds, anonymous, done.
02
Table kiosks between hands
Tablets at each poker table capture fast multiple-choice responses during chip shuffles and dealer changeovers. Questions adapt so no two CISOs answer the same set.
03
Break & food station
Deeper open-ended questions during the 15-minute break — where do you think the industry is actually heading? What's keeping you up right now?
04
The room sees the room — live
After you answer, you see how the rest of the room answered. A live scoreboard on your phone and at kiosks shows the top consensus findings in real time. Post-event, the full anonymized dataset publishes publicly under CC BY 4.0.
Learn more about FeltIQ → Anonymous · Adaptive · Real-time
CyberAdX gives back · 2026 coalition

This event funds
four nonprofits across workforce, infrastructure & future leadership.

A portion of every CyberAdX sponsorship flows post-event to a small coalition of 501(c)(3) nonprofits picked for this room. No middleman — checks go directly from CyberAdX to each org within 30 days of the event. 5% of CyberAdX sponsor contributions, distributed equally.

Workforce
Women in CyberSecurity WiCyS
Recruits, retains, and advances women in cybersecurity through scholarships, mentorship, and the largest women-focused cyber conference in the field.
Donate to WiCyS →
Infrastructure
Shadowserver Foundation
Free global threat intelligence for 9,000+ networks across 175 countries. Daily IPv4 scanning, malware analysis, botnet sinkholing — no cost to defenders.
Support Shadowserver →
Infrastructure
ISRG / Let's Encrypt
Runs the free TLS certificate authority securing over a billion websites. Every CISO in this room has Let's Encrypt running somewhere in production.
Donate to ISRG →
Future leaders
Information Security Leadership Foundation ISLF
Mentorship, practitioner collaboration, and grants for under-represented students aspiring to be future CISOs. Volunteer-run, low overhead, every dollar moves.
Donate to ISLF →
Equal 25% split · 5% of CyberAdX sponsor contributions · receipts published within 30 days
Full coalition details + give directly →
The Ecosystem

Built around
the event.

Sponsor-funded event production brings custom physical items to the table — card guards, chip sets, trophies, and plaques manufactured in-house. Community apparel is available separately through our print-on-demand arm.

CISO Gear  ·  3D Production Event Production Custom branded event items for HSC 2026 — chip sets, card guards, trophies, and table plaques. Sponsor-funded and manufactured in-house. View event gear → Security By Design  ·  Print-on-Demand Community Apparel T-shirts, hoodies, hats, and mugs — CISO.POKER branded community swag. Available to order separately at securitybydesign.shop. securitybydesign.shop ↗
Check-In

Three chips.
One process.

Day-of check-in is straightforward. Registered applicants go first — walk-ins are welcome but enter through the waitlist queue once all registered seats are confirmed. Pre-registering is the only way to guarantee your seat.

1
Show ID & check in
Name verified against the registered applicant list. Give your name — or tap your player chip if you received one in advance. Everyone gets a chip at this step regardless. T-shirt size confirmed here. If the venue requires age verification (21+) or a gaming license ID check, that's a venue requirement — details confirmed in your seat notification.
2
Draw your bounty chip
Random draw. Each bounty chip is an NFC poker chip tied to a sponsor-contributed prize — digital access, tools, or licenses. Mystery until you bust someone or win. Yours to keep.
3
Pick up your FeltIQ token (optional)
A third NFC chip — your anonymous intelligence token. Not linked to your name, your seat, or your application. Entirely optional. Use it at kiosks during breaks, while folding, or skip it entirely. No impact on your experience either way.
Player Chip
Your seat credential. Everyone gets one at check-in on event day — no advance chip required. Some approved applicants receive theirs in the weeks leading up to the event. Either way, it's yours at the door. Links to your seat profile and works at future events.
Bounty Chip
Random draw at check-in. Mystery prize revealed when you knock someone out or win. Everyone gets one. Sponsor-contributed digital prizes only.
FeltIQ Token
Anonymous. Optional. Never linked to your identity. Use it during breaks, while folding, or post-event remotely. Carries into future CISO.POKER events.
Walk-in day-of: Allowed, but registered applicants hold their seats through the 15-minute grace window. After that, empty seats are backfilled from the waitlist — starting with CISOs already on the casino floor. Pre-registering is the only guarantee. Apply now →

Request
your seat.

Seats are limited to 75–100 attendees and filled from a curated waitlist. Applications open now. Official event details drop in early May — seat notifications go out in June. The event is during DEF CON / Black Hat / BSides week 2026 in Las Vegas.

Hosted by CyberAdX Network & CISO Marketplace
Presented by The Stack coalition — contributors revealed rolling May–August.
events.cisomarketplace.com  ·  cisonearme.com

Questions: [email protected]

* Required

Enter a valid work email address. Enter a valid LinkedIn URL.
Events Attending This Week (optional — select all that apply)
If the tournament fills up (optional)

We may expand capacity based on demand. Would you like to stay in the room as a cash game?

Official details drop in early May. Seat notifications in June — two confirmations required to hold your spot. Day-of check-in at the door. No SDRs, BDRs, or vendor sales staff.
Questions

What people
actually ask.

Do I need poker experience?
No. Texas Hold'em is a game of incomplete information — which is a skill set most security executives have in abundance. Dealers will briefly explain the structure at the start. Players range from occasional home-game participants to serious students of the game. You don't need to be either to have a good night.
Is there really no buy-in?
Correct. Entry is free for all approved attendees. Tournament chips are provided with registration. No money changes hands. The prize is donated product access, not cash — which is why CISO.POKER itself doesn't require a gaming license. The venue (Las Vegas Strip casino) does have its own gaming-license-required entry compliance though — see the check-in & security FAQ below for the ID / age / players card details.
How are seats allocated?
Every application is reviewed by the CyberAdX curation team against three criteria: title (qualifying security executive role), company size (mid-market to enterprise), and program maturity. Here's the timeline once you apply:

Early May — Official event details released publicly.
June — Seat notifications go out. Approved applicants receive a confirmation email and must confirm their spot to hold it.
~2 weeks out — A second confirmation is required to finalize attendance. This is how we keep the tournament full — DEF CON / Black Hat / BSides week is busy and we respect that people have conflicts.
Day of — Check-in is required at the door. This is an invite-only event; seats are non-transferable and cannot be passed to a colleague.

Late arrivals & waitlist backfill: Tournament starts on time. There's roughly a 15-minute grace period for late arrivals to claim their seat. After that, empty seats may be backfilled from the waitlist — typically waitlisted CISOs who are already on the casino floor playing the public cash game tables. The grace window closes around the 30-minute mark. If you can no longer attend after confirming, let us know as early as possible so we can pull from the waitlist directly.
Will I be filmed or recorded?
The event may be professionally filmed for recap and promotional use. An additional photography/videography consent form will be provided onsite at check-in — your application acknowledgment is preliminary; the explicit, granular consent (face blurring, full opt-out, identifying info usage) is captured in person on event day. Privacy is a first-class concern: no names, titles, or company affiliations will be used in any footage without explicit consent. What's said at the tables stays at the tables.
Is the final table streamed live?
We are exploring a live stream of the final table in the style of poker broadcast production. Participation is opt-in — if you make the final table and prefer not to be on stream, that will be respected, no questions asked. Players who do participate can choose how they're identified on stream — handle, title only, or anonymous. Details will be confirmed closer to the event.
Can I bring a guest or colleague?
Each attendee applies individually. If a colleague also meets the criteria and wants to attend, they should submit their own application. Qualifying roles include CISO, VP Security, Director of Information Security, vCISO, Compliance / Risk Officer, Privacy Officer / DPO, and Legal Counsel with security & privacy focus — self-attested in the application's role context dropdown and reviewed by the curation team. Plus-ones, assistants, and colleagues without a qualifying security executive role are not admitted to the tournament floor.
Who else is in the room?
CISOs and security leaders from mid-market and enterprise companies across multiple verticals. A handful of sponsor representatives, professional poker players, and select industry guests are mixed across the tables. No vendors, no SDRs, no one with a sales quota. The application process exists specifically to maintain the composition of the room.
What happens if I get eliminated early?
The bar stays open and the room stays active. Eliminated players typically have the best conversations of the night — no pressure, nowhere to be. Buffet-style food and open bar run throughout the entire event, with a couple of structural breaks baked into the tournament for chip counts and regrouping. Post-tournament format is open and casual for ~2 hours after the winner is crowned. If cash games are your thing, participants receive a voucher to continue playing at the venue's cash game tables after the tournament wraps.
Is there a cash bar or is it all included?
All included. Open bar and buffet-style food run from doors open through the post-tournament social — you're not paying for anything on-site. Food and drinks aren't gated to a single break; they're continuous. The structural breaks during the tournament are for chip counts and regrouping, not for feeding.
What's a mystery bounty?
Every player draws a randomized NFC bounty chip at check-in. The prize on your chip is a mystery — sponsor-contributed digital access, tools, or licenses from the prize pool. When you knock someone out, you permanently collect their bounty chip. The prize reveals on the spot via NFC scan. You never lose bounties you've already collected — only your own original chip stays on your head. It keeps every elimination interesting regardless of your stack.
What's the deal with the NFC poker chips?
Every approved applicant receives an NFC-tagged poker chip — your seat credential. Most people get theirs at check-in on event day; some approved applicants receive one in advance in the weeks leading up to the event. Either way, no one walks in without one. Tap it with your phone to pull up your seat profile. At check-in you'll also draw a bounty chip (mystery prize) and pick up an optional anonymous FeltIQ token. All three are yours to keep. The chips stay active after the event — tap them anytime to reach your profile, and they carry into future CISO.POKER events.
Will there be poker pros at the event?
We're scouting professional players to join the table for the day. They play in the same tournament under the same rules — no special treatment, no commentary role. Just another seat at the table that you might have to bust.
Are there cash games before, during, or after the tournament?
The CISO.POKER tournament happens on a public Las Vegas Strip casino floor with active cash game tables adjacent — those are the venue's own cash games, run by the venue's dealers, separate from CISO.POKER's curated tournament. The cash games are public to anyone on the casino floor and run continuously.

Before the tournament: early arrivals and waitlisted CISOs can warm up at the venue cash game tables.
During the tournament (15–30 min in): waitlisted CISOs at the cash tables are the primary backfill pool when registered tournament seats open up due to late arrivals.
After the tournament: tournament participants are expected to receive a venue voucher to continue playing in the cash game. Completely optional, no pressure, just there if you want to keep the night going.

Final venue details and cash game logistics confirmed to approved applicants closer to the event.
What happens at check-in & what's the security situation?
Two layers of entry, both apply:

Casino floor entry — the venue is a licensed Las Vegas Strip casino with its own gaming-license-required entry compliance: government-issued photo ID verification, age confirmation (21+), and possibly a venue players card or rewards enrollment. These are venue requirements, not CISO.POKER requirements — we cooperate with the venue but don't control them. See Terms of Service §3 for the full disclosure.

CISO.POKER check-in — name verified against the approved registration list, T-shirt size confirmed, photography/videography consent form completed onsite (this is when granular face-blurring and stream opt-out preferences are captured — your application acknowledgment was preliminary). Private security is on-site to ensure registered attendees only access the tournament floor and the room composition stays as curated.

You'll receive specific check-in instructions (location, ID requirements, arrival window) in your seat confirmation email.