Keynote — Fleet

TBD

Speaker and talk details to be announced.

Rod Christiansen (Emily Carr University of Art + Design)

Mac Admin Tooling Rebuilt for Windows — Sanity for Mixed Fleets Management

Mac Admins have developed repeatable patterns for software deployment, scripting, user-facing messaging, and ongoing endpoint operations. Windows endpoint management feels like a different world entirely and it’s daunting to approach and quite honestly it’s a mess. This talk is about the tools I have built with some of the best parts of the Mac Admin toolkit for Windows so mixed fleet management can be more consistent, more predictable, and far less painful for you and your team.

I’ll walk through an ecosystem of Windows-native, open source tools inspired by the patterns many Mac Admins already know. Purpose-built Windows tools designed to feel familiar to any admin already fluent in Munki, Outset, InstallApplications, and related Mac Admin and Git workflows.

ReportMate: Modern Endpoint Reporting for both Macs and Windows

Endpoint reporting is only useful if it helps you understand what is actually happening across your fleet and act on it. This talk shows how ReportMate delivers deep, practical telemetry and visibility across both Mac and Windows endpoints as one unified platform for mixed fleets. I’ll briefly cover the design and architecture, then focus mostly on a live demo of how ReportMate works in practice across both platforms.

Bio: Rod Christiansen is the Devices Administrator Lead at Emily Carr University of Art + Design in Vancouver. He maintains a fleet of 1,000+ endpoints and is building new open sourced tooling focused on Git-driven workflows for Mac and Windows.

Jon Crain (Unity)

If You Give a MacAdmin a DB…

It started simple enough. Just move your munki/autopkg setup into a database. But then you needed an API. And if you have an API, you’ll want a frontend. And if you have a frontend…

This session traces the slippery slope of turning your munki and autopkg setup into a full stack application, exploring the benefits and pitfalls waiting at each step.

Bio: Jon Crain is a Senior Client Platform Engineer at Unity Technologies with over 15 years in IT and systems engineering. He got into full-stack development the way most IT engineers do — by trying to automate one small thing and not knowing when to stop.

Victor De Souza (Airbnb)

From Admin GUIs to Code: Approaching GitOps With AI

Every Mac in your fleet runs Chrome, and the Google Admin Console is how we enforce security policies, control extensions, and deploy configurations across macOS. But the Admin Console doesn’t scale — there’s no version control, no rollback, no review mechanism, no audit trail.

I replaced it with a YAML-driven, Git-managed Terraform platform — built with the help of AI. The result is a platform that would have taken a team months to deliver through traditional development. AI didn’t just speed things up — it allowed me to focus on the UX of my GitOps project instead of getting lost in the weeds of the code.

This talk is about the development mindset that makes AI-assisted engineering productive. I’ll talk about how I approached a daunting project and used AI to shape the final product, how I made sure I was still learning along the way and pushing my skills as an engineer, and the issues I encountered when trying to fully embrace AI in a large project. The main takeaway: how you can start using AI to accelerate your GitOps adoption goals and build better, more resilient tools that are best suited for your team.

Bio: Victor has spent the last 6 years on the Client Engineering team at Airbnb, bringing DevOps to macOS management and improving the user experience. Outside of work, he enjoys woodworking and hiking the outdoors.

Adam Derrick & Ryan Legg (Jamf)

Simplifying Platform SSO Setup using Terraform

Password resets. Phishing attacks. Credential sprawl. Authentication fatigue is draining IT teams and frustrating employees — and traditional SSO only goes so far.

Apple’s Platform Single Sign-On (PSSO) changes the game by embedding authentication directly into macOS, creating a seamless experience from the login window to every corporate app. No more juggling credentials. No more attack surface from scattered passwords.

But configuring PSSO has always been the catch — until now.

In this session, see how Jamf used Terraform to transform a tedious, error-prone setup process into a streamlined workflow that completes in seconds. Walk away ready to deploy PSSO faster and more confidently than ever.

Bio: Adam Derrick has spent 20 years doing one thing: making Apple technology simpler, smarter, and more secure. Now a Solutions Engineer specializing in Identity at Jamf, Adam is at the forefront of modern macOS authentication — helping organizations move beyond legacy password models with technologies like Platform Single Sign-On. His work sits at the intersection of user experience and enterprise security, where he’s passionate about proving that the two don’t have to be in conflict.

Kitzy (Fleet)

Automate software deployment with AutoPkg and Fleet

AutoPkg already handles software packaging and updates for thousands of Mac applications. Fleet manages software deployment across your devices. This talk shows you how to connect them.

You’ll learn how to use FleetImporter, a custom AutoPkg processor that adds software directly to Fleet’s package management from your AutoPkg runs. We’ll cover both direct API mode for quick deployments and GitOps workflows for version-controlled, declarative management.

Walk away with the knowledge to create a working integration that eliminates manual software uploads and keeps your Fleet software library up to date using AutoPkg.

Bio: Kitzy is a Customer Solutions Architect at Fleet and co-founder of the Mac Admins Slack. They built FleetImporter to automate software deployment between AutoPkg and Fleet, and have over 15 years of experience in Mac administration and device management.

Kitzy & Andrea Pepper (Fleet)

Not broken, just different: Working with ADHD, anxiety, and neurodivergence in tech

Mac Admin work requires staying calm while systems break and priorities shift. For neurodivergent people, this creates predictable challenges. Two neurodivergent technical professionals share practical techniques they use to stay effective: time containment, energy-aware scheduling, professional communication strategies, and when to ask for accommodations. You’ll leave with concrete tools you can use during incidents, meetings, and when your brain is loud.

Bio: Kitzy is a Customer Solutions Architect at Fleet and co-founder of The Mac Admins Slack. With 15+ years in Mac administration and device management, they’ve built tools like FleetImporter and spoken at conferences including X-World, MacADUK, and Penn State Mac Admins. They’ve previously worked at Jamf and Fastly.

Andrea Pepper is an Apple SME MacAdmin with a problematic lack of impulse control around a software update prompt. When not poking at machines, Pepper enjoys being a silly goose in sunny Colorado with her gigantic fluffer pup, Tanooki.

Mike Meyer (Foursquare Labs, Inc.)

Stop Telling Juniors to ‘Just Read the Repo’

Onboarding a junior engineer into an existing codebase is one of the hardest things to do well. The code is never documented enough, senior engineers are never available enough, and sometimes they’d rather juniors not touch anything at all. This talk explores how AI coding assistants are changing that dynamic, letting juniors explore unfamiliar code, ask questions without interrupting anyone, and actually write code safely with a human in the loop. It’s not about replacing mentorship. It’s about giving junior engineers the confidence to contribute instead of just observe.

Bio: Mike Meyer is a Senior Systems Engineer and Technical Lead who has spent over a decade building systems that hide complexity so people don’t have to deal with it. He’s currently deep in a new chapter: building AI-powered internal tools. He writes about making technical things feel human at the.hmn.engineer.

Vaughn Miller (Lafayette College)

Contributing to Open Source Projects Without Writing Code

Not a developer? Don’t feel comfortable submitting code? This does not mean you cannot contribute to your favorite open source project. There are ways we can all contribute to these projects and the communities that grow up around them.

Bio: Vaughn has been working in Higher Education for longer than he cares to admit. He currently works as a Client Platform Engineer at Lafayette College in Easton Pennsylvania.

Harrison Ravazzolo (Fleet Device Management)

Your new junior macadmin is a bot

AI coding agents can now draft osquery policies, write remediation scripts, and open pull requests — all from a Slack message. This talk explores how IT teams can use tools like Kilo Code to accelerate the boring-but-critical work of endpoint security: detecting unwanted software, writing uninstall scripts across macOS, Windows, and Linux, and wiring it all together through GitOps. We’ll look at what these agents get right, where they stumble, and how to build a review workflow that lets your team move faster without shipping broken scripts to production.

Bio: Harrison Ravazzolo is a security, identity and client platform engineer formerly with Deputy and other companies in Silicon Valley. He is a chef & baker who does real gigs in real restaurants in San Francisco, CA (one of the world’s premiere food scenes.) He is also a rock climber and is a huge fan of Yogi Bear (or maybe Yoga…) Harrison is currently a Solutions Consultant with Fleet Device Management.

Andrew Schwartz (Openmac)

The Self-hosted Mac Admin

In this session we’ll walk through building a fully functional Mac admin lab from scratch using entirely open source tools — NanoMDM, FleetDM, Autopkg, Munki, and more. We’ll cover standing up each tool and wiring them together into a complete device management pipeline. You’ll leave with a practical blueprint for your own lab. Use it to evaluate new tools before they touch production, or simply to build skills on your own time.

Bio: Andrew is an IT professional who, without access to a production Mac environment, set out to learn the Mac admin ecosystem the hard way — building a home lab from scratch. He is the creator of openmac.org, a new community resource for IT admins managing Apple devices with open source tools, and has hands-on experience self-hosting NanoMDM, FleetDM, and other open source Mac admin tools. His outside perspective drives a focus on documentation and lowering the barrier to entry for the tools the MacAdmin community relies on.

Mike Solin (Emory Healthcare)

From HomeKit to Homelab: Reclaiming my Smart Home

In this presentation, I’m going to talk about smart home stuff: how I started out on HomeKit, the limitations that ultimately led me to implement Home Assistant, and why people might want to self-host their tech stack.

Bio: Mike is an experienced Client Platform Engineer with deep expertise in managing Apple and cross-platform devices at scale. He has led major cross-functional initiatives in MDM migration, zero-touch deployment, and automation, significantly improving efficiency and security. As cofounder of the Greater Philadelphia Mac Admins group, he is an active contributor to the Apple admin community.

Henry Stamerjohann (FleetDM)

Pique Your Interest — Expose, Validate, Create

In the ever-evolving and challenging world of MacAdmins, we often overlook the impact of small changes on daily productivity. This quick talk aims to shed light on this concept. It will showcase an exemplary tool that leverages well-known technology commonly used daily, yet has almost been forgotten over the past decade. Furthermore, I’m thrilled to introduce a “one more thing” during this talk. Join me to explore some low barrier tools.

Bio: Henry Stamerjohann is a Solutions Consultant at FleetDM.

Nate Walck (Meta)

AI all the things!

AI all the things! Is it worth it? Does it work well enough to trust? What can you use it on? What SHOULD you use it on? Let’s find out.

Bio: Nate has been involved in the MacAdmins open source community since 2010, starting with the OSX Deployment Wiki, Munki and later chef on macOS. Nate is the Founder of the Mac Admins Open Source nonprofit, currently working at Meta as a Client Platform Engineer on the macOS team.

Olivia Gallucci (Datadog)

Between the Lines: Exploring macOS Internals through Apple’s Open Source Software

Have you ever wondered how macOS and iOS work under the hood? While Apple is known for its closed ecosystem, significant portions of macOS and iOS are open source, including security components. For researchers, learning how to find, analyze, and use Apple’s open source code is a game-changer.

In this talk, we’ll explore macOS internals by simplifying Apple’s open source ecosystem: where to find it, how to navigate licensing limitations, and what components matter for security research. We’ll explore techniques like binary analysis and extraction to uncover hidden references to source code. You’ll also learn how macOS and iOS share a common codebase!

We’ll discuss challenges when compiling Apple’s open-source projects, troubleshooting errors, and making the most of these resources for reverse engineering. By the end of this session, you’ll have a solid foundation in macOS internals, understand how this open-source model impacts security, and gain skills to explore macOS from the inside out.

Bio: Olivia Gallucci is a Security Engineer at Datadog focused on macOS internals, and detection engineering. She previously worked in offensive security at Apple, SECUINFRA GmbH, the U.S. Government, and Deloitte. Olivia is also the founder of two ventures: Offensive Services, a security consultancy, and OG Health & Fitness. She graduated top of her class and is passionate about low-level systems, free and open-source software, and security research. Outside of cybersecurity, she enjoys competitive sailing, cooking, and reading about the history of computing.

Philippe Boucher (Amaris Consulting)

Scoping Smarter – Entra ID-Based Targeting in Jamf Pro

Want to scope policies, configuration profiles, apps, and more to the right people in Jamf Pro using Microsoft Entra ID groups? This session will show you how.

We’ll walk through the key integrations every Jamf admin should first have in place with Entra ID, then we’ll demonstrate how to natively scope using Entra ID group membership directly within Jamf Pro.

Through real demos and practical examples, you’ll leave with a clear, actionable framework for implementing Entra ID-based targeting in your own environment.

Bio: Philippe Boucher is a Senior Consultant in Modern Device Management at Amaris Consulting, based in Montreal, Canada. He’s been working in IT for 8 years and has had the privilege of being a Jamf Integrator for the past three. He helps organizations deploy and manage Apple devices with MDM solutions, focusing on zero-touch setups, smooth migrations, and smart workflows that make life easier for IT teams and users alike.

Nayt Brookes

When BYOD means BYO- Don’t

Nearly every employee carries a smartphone and expects access to work from anywhere. Yet enabling secure mobile access through BYOD has long challenged organisations; particularly in regulated industries.

On Apple platforms, the BYOD model has evolved significantly, introducing new capabilities as well as new complexity for large organisations. This session examines how BYOD on Apple devices has changed, how organisations in regulated environments can re-establish meaningful control over personally owned devices, and how to address common challenges such as device security, data loss prevention (DLP), and employee sentiment.

Bio: Nayt is a Staff Engineer at a large healthcare startup, where he focuses on endpoint platforms and endpoint security. Over the past decade, he has worked as both a systems and security engineer across highly regulated industries. Despite frequent and occasionally ill-fated encounters with Windows, ChromeOS, and AI agents, he continues to favour macOS and iOS devices.

Samuel Keeley & Maya Kaczorowski (Wealthsimple / Oblique)

Gotcha! Hard-Won Lessons in Identity Automation

The more you use Okta, the more you discover its “eccentricities.” As an organization scales, what starts as a simple identity provider quickly becomes a complex web of Group Rules, Terraform providers, manual overrides, and API-driven automation.

In this session, we’ll dive into the non-obvious behavior of Okta that frequently trips up even seasoned MacAdmins and Security Engineers. We’ll answer the “Identity Riddles” that keep you up at night. For example, what happens when a user is added to a group manually, then caught by a Group Rule, and then that rule is deleted? (Spoiler: The result isn’t always “clean”).

We will share the “gotchas” we’ve encountered at scale and, more importantly, the architectural patterns you can use to avoid them.

Bio: Samuel Keeley is a Staff Security Developer at Wealthsimple, where he builds security paths that prioritize a seamless user experience while reducing operational overhead and security risks. A long-time member of the MacDevOps community, Sam specializes in the intersection of infrastructure-as-code and user-centric security.

Maya Kaczorowski is driven to make enterprise security tools that people actually want to use and that genuinely improve security. Previously a product leader at Google and Tailscale, she is the co-founder of Oblique, where she focuses on making access controls self-serve for modern corporate environments.

Daniel Nerenberg (Avantcio Technologies)

Raising Lobsters: How I built an AI development pipeline in a weekend using OpenClaw

OpenClaw has been on the scene for a handful of weeks and already it’s changing the way we think about so much. There is hype and there are horror stories but when you cut through it all, and when you set up your environment with the right constraints you can do some amazing things. You may also have heard our favourite Mac the Mac mini is a favourite lobster aquarium!

Raising Lobsters is a talk about how I set up OpenClaw, configured it to work in Slack and built a development pipeline that builds deployable apps in a weekend.

Let’s be clear, this isn’t a best practices talk — this is just what I think are good practices. We’ll cover:

• Setting boundaries for your lobster
• How to talk to your lobster
• Giving your lobster personalities
• Raising many lobsters so they play nicely

Bio: Daniel Nerenberg is a technology executive and founder of AvantCIO Technologies with over 20 years of experience leading IT transformation at organizations including Morgan Stanley, Ubisoft, and AON3D — across Canada, the United States, and China. An Apple Certified IT Professional and member of the Apple Consultant Network, he has designed enterprise end user computing environments — spanning Apple Business Manager, Intune, Mosyle, M365, and Windows — that make technology feel effortless for the people using it. He believes the best IT infrastructure is the kind employees never have to think about. These days he has also gone deep into agentic AI, getting his claws into how autonomous tools can be responsibly woven into the modern workforce — before the hype outpaces the reality. A six-time Microsoft MVP turned Apple advocate, Daniel brings a rare cross-platform perspective to modern workplace strategy.

Kyle Pazandak (LoonSecIO)

The “why” and “how” of streaming Mobile Device Management (MDM) data into your SIEM

Most Mac admins live in their MDM console, but the rest of the organization — Security, Finance, and Leadership — live in Splunk, Microsoft Sentinel, Power BI, or Keynote. When your device information exists in a vacuum, your organization is flying blind to cross-platform threats and operational inefficiencies.

In this session, we’ll explore the critical “why” and “how” of streaming Mobile Device Management (MDM) data into your enterprise’s central nervous system. We will move past simple inventory checks to discuss why application install logs and device change history are the missing links in modern security and business intelligence.

Key Takeaways: The Security Connection, The Compliance Audit Trail, BI for Better Budgeting, and The “Single Pane of Glass” Reality — a practical look at using APIs and Webhooks to pipe data from Jamf Pro into platforms like Power BI, Tableau, and Snowflake.

Stop treating your Mac fleet as an island. It’s time to integrate your Apple data into the platforms that drive your business.

Bio: Self described “dodgy not-a-developer,” but his track record in building enterprise-grade MDM integrations suggests otherwise. Kyle focuses on bridging the gap between raw data and usable business and security intelligence. Whether he’s walking a room through the perils of bad code or showing how an Apple TV can revolutionize a Security Operations Center, Kyle brings a pragmatic, hands-on approach to macOS management.

Kory Prince (Airbnb)

osquery + AI: Device Insights at Scale

osquery is an awesome tool to collect telemetry from devices, but how do we turn a question and billions of data points into an answer?

In this talk we’ll cover building an open source pipeline to collect telemetry from all of your devices. Then we’ll explore integrating AI, so you can spend time asking the right questions about your data, not writing SQL. We’ll end with a live demo showcasing everything in action!

Bio: Kory is a Staff Engineer on the Client Engineering team at Airbnb, where he builds cool solutions for managing devices and implementing zero trust.

Joel Rennich & Tim Perfitt (JumpCloud / TwoCanoes)

Tokens are not Cookies

Join us for a rollicking discussion of how tokens and sessions differ from each other. While both are typically present in modern authentication they do different things and have different methods of being secured. From authentication in your web browser to Platform SSO, knowing how and where these artifacts of authentication work is important for better understanding. We will talk about how tokens and cookies address different but overlapping uses, how tokens and cookies are used in OIDC flows, and the different ways cookies and tokens are secured.

Bio: Joel Rennich is SVP at JumpCloud. Tim Perfitt is CEO at TwoCanoes.

Ferdous Saljooki (Jamf)

Analyzing macOS Tahoe’s ClickFix Paste Protections

ClickFix attacks are one of the fastest growing threats targeting Mac users. A fake website tells the user to open Terminal and paste a command that installs malware. macOS Tahoe added two separate paste protections against this. One is built into Terminal and targets non-developer users based on behavioral signals without examining paste content. The other runs in the XProtect daemon and checks paste content against Safari’s Safe Browsing Service with no option to override it. It also catches obfuscated payloads at execution time. This talk breaks down how both paste protection systems work, who they protect, what the three different prompts look like, how to trigger each on a test machine, and what this means for managed fleets with a mix of developer and non-developer systems.

Bio: Ferdous Saljooki is a Staff Security Researcher at Jamf Threat Labs, specializing in the detection and analysis of macOS malware. With a background in threat hunting, he is passionate about tracking adversaries and uncovering flaws in macOS internals. He has previously presented at OBTS and has contributed to Apple’s Bug Bounty program.

Calvin So (Iru, formerly Kandji)

What’s going on with my Mac Malware?

Many users still believe the macOS sector of the Grid is impenetrable. However, as the portal between the physical and digital worlds widens, the threats targeting Mac users have become more sophisticated than ever. This talk will examine current Apple native defenses and the evolving techniques used to circumvent Gatekeeper and XProtect. We will explore the modern macOS threat landscape, highlighting how Mac malware has evolved into a multi-stage default.

Bio: Calvin So is a Security Researcher at Iru (formerly Kandji, an Apple ecosystem MDM company). His previous experience lies within malware analysis and threat intelligence in Windows before pivoting into malware analysis for Mac.

Michael Tornello (Datadog, Inc.)

The Marketplace of IDEs

How do you tackle managing vulnerable extensions in popular development tools? In this talk, I’ll walk you through that process! From identifying the affected extensions to creating a template script using Jamf parameters, I’ll share the lessons learned and show you how to use this approach in your own environment.

Bio: Michael has been a macOS administrator for 10 years. When he’s not wrangling computers, he’s either playing guitar or running!