♠ DEFCON 34 · August 5, 2026 · Las Vegas

Every chip
tells a story.

CISO.POKER chips aren't just plastic and paint. Each one carries a locked NFC tag that logs a data point the moment it's tapped — who, when, where, and what happened next. 175 chips. One night. One open dataset.

How it works Sponsor a chip →
The tap

The chip is dumb.
The server is smart.

Each chip is programmed once with a single locked URL — something like https://tag.ciso.poker/v/A7F3K2. The tag is then hardware-locked and can never be rewritten. But the server decides in real time where that URL goes. We can change every chip's destination without touching a single piece of hardware.

01
Phone reads chip NFC antenna wakes up, browser opens the chip's locked URL
02
Worker logs the tap Cloudflare edge captures timestamp, country, city, data center — in ~50ms
03
302 redirect Phone follows to the chip's current destination — always a fresh request, never cached
What we capture
  • Server timestamp (authoritative)
  • Country, city, Cloudflare colo
  • Chip class and ID
  • Hashed IP (SHA-256 + daily salt)
  • Browser UA string (device type)
  • Where we redirected them
  • Anomaly flags (bot, class mismatch)
What we never capture
  • Raw IP addresses — ever
  • GPS or phone location
  • Phone identifiers or cookies
  • Any data requiring your permission
  • Names or emails from taps
Chip → seat

The chip knows
its seat.

Player chips aren't just tap-and-go. Each one is distributed pre-event with a unique token that deep-links directly to the seat registration form — chip pre-filled, ready to apply. When the application is submitted, the chip is cryptographically linked to that seat in our system. One chip. One seat. No duplicates.

01
Chip distributed Player chip handed out pre-event — locked URL carries the chip's unique token
02
Tap → registration Profile page CTA deep-links to the apply form with chip token pre-filled
03
Seat linked Submission links chip to application in both databases — double-registration blocked server-side
What the link creates
  • Verified chain: physical chip → confirmed seat
  • Pre-event: chip token surfaced in admin before anyone arrives
  • Night-of: tap data ties back to the registered CISO
  • Post-event: chip becomes part of the open FeltIQ dataset
What it never does
  • Allow the same chip to register two seats
  • Share registration data with sponsors
  • Expose PII through the chip or its tap log
  • Require a tap — manual apply always works too
Chip classes

Six chips.
Six roles.

Every chip class has a different URL prefix, a different redirect destination, and a different place in the tournament arc. The class is baked into the URL — /c/ for player, /v/ for VIP, /s/ for sponsor.

Player
/c/XXXXXX
~80 chips

The primary credential for every seated CISO. Tap a player chip to see who is at the table tonight.

VIP
/v/XXXXXX
~15 chips

Issued to TLV partners, VC guests, and key community voices. Gold chip, gold access.

Sponsor
/s/XXXXXX
~10 chips

One per sponsor company. Sits at your table or booth. Every tap is a warm lead — someone physically picked up your chip.

Bounty
/b/XXXXXX
~20 chips

Mystery chips hidden in the event. Reveal on elimination. Each tap could mean someone just collected a prize.

Prize
/p/XXXXXX
1 chips

The single ceremonial chip awarded to the night's champion. Redirects update in real time as the tournament arc unfolds.

🂡
Staff
/x/XXXXXX
~8 chips

Tournament directors, dealers, and crew. Filtered from the research dataset — internal ops only.

Analytics arc

Before, during,
and after the felt.

Pre-event

Registration & distribution

Chips are registered in the database before anyone arrives. Each chip gets a class, a destination URL, and an owner (if applicable). Sponsor chips can point to your product page or booth info from the moment they're written.

During event

Live tap stream

Every tap appears in the live dashboard within seconds — chip ID, class, Cloudflare data center, country, city. Bounty chip taps trigger reveal flows. Prize chip destination updates as the tournament bracket unfolds.

Post-event

Open research dataset

Tap data with consent tier research rolls into the FeltIQ open dataset published after DEFCON. Aggregate behavioral patterns — which chip classes got tapped, when, from where — with zero individual profiles.

Research layer

Tag data meets FeltIQ.
Carefully.

FeltIQ is CISO.POKER's real-time research platform — anonymous AI-analyzed survey responses captured from the same CISOs, during the same three hours. Tag data and FeltIQ data are collected and stored separately with a deliberate firewall between them.

Tag system captures
  • Physical behavior — who tapped what and when
  • Movement through the event space
  • Sponsor chip engagement (warm leads)
  • Bounty and prize chip reveal sequences
+
FeltIQ captures
  • Stated preferences — threat priorities, budget cycles
  • Vendor sentiment and risk tolerance
  • Anonymous survey responses via AI prompts
  • Real-time theme detection across the room
=
Published together as
  • Aggregate behavioral + stated-preference dataset
  • No individual profiles — ever
  • Open access post-event via FeltIQ
  • The only dataset of its kind from this cohort

We don't know who tapped which chip unless the chip owner explicitly consents to named sharing. The research value is in the aggregate pattern, not the individual record.

Ready to be in the room?

Apply for a seat at the table or put your company's chip in play.

Apply for a seat Sponsor a chip

Technical details: tag.ciso.poker on GitHub