Talks at Hack Red Con 2023
All Conference Speakers
Our opening ceremony will include a panel of industry-leading keynote speakers as well as audience Q&A. Following the ceremony, this year's conference will continue our tradition of hosting high-quality cybersecurity talks and demonstrations.
Topics will range from beginner subjects all the way to advanced offensive security discussions.
* Talks marked as 'Potential Fireside Talk' will be available as a talk in our Fireside Talks area.
Speakers Index
Anna Quinn
Barbi Howell
Chase Fontenot
Colin Glover
Chris Silvers
Edward McCabe
Joe Sarkisian
John Stigerwalt
Jonathan Perez
Jordan Silva
Josh Jackson
Katrina Khanta & Joe Brinkley
Logan Hicks
Marissa Page
Mark Gaddy
Nate Johnson
Nick Gipson
Qasim Ijaz
Richard Jackson
Sienna Delvasto
The Techromancer
Wally Prather
Yaamini Barathi Mohan
Yvonne Rivera
Keynote Roundtable
Ed Skuodis
President of SANS Institute Technology College, CEO and Founder of the Counter Hack consulting firm
Sienna Delvasto
Application Security Operations at The Home Depot
Jason Haddix
CISO and Hacker in Charge at BuddoBot Inc
James Meece
Chief Information Security Officer at Louisville Metro Government
Yaamini Mohan
VxRail Security at Dell
Talks
The Whimsical World of Business Email Compromise
Joe Sarkisian | OSCP, GCPN, GWAPT
Manager, Lead Penetration Tester, DenSecure by Wolf & Co.
Talk Synopsis:
The latest statistics are in: a business email compromise costs an organization, on average, $1.03 million for the costliest attacks, and is growing.
While multi-factor authentication, stronger password requirements, automated password protection tools, increased security awareness, and other factors have increased our ability to protect the business, the arms race between the proverbial “red” vs “blue” team is ever evolving. These controls take a huge amount of attack surface off the field, but novel ways around them and new ways altogether are constantly being researched and used in the real world.
Come and learn about these new approaches that both we as security testers and the real bad guys are using to breach organizations and invade their privacy.
Learning Objectives:
- Why MFA is not a set and forget control
- Why your email security solution is not a set and forget control
- Why your MS Teams configuration is not secure by default
- How Microsoft exposes insecure features when you setup your Azure/M365 tenant
- The lesser known “dual use” products that Microsoft 365 exposes for attackers to use against you
- How a successful phishing attack is often only a phone call away
- How to protect you organization from these vulnerabilities
- Much more!
Speaker Bio:
Joe serves as a Manager and Lead Penetration Tester on Wolf & Company’s DenSecure team. Joe is responsible for coordinating and conducting penetration testing services for clients in a variety of industries including financial, healthcare, and software. His expertise consists of internal and external network penetration testing, social engineering, vulnerability assessments, Microsoft Windows security and management audits, and general information security and controls. Joe has extensive experience conducting penetration testing audits and is pursuing ethical hacking certifications from industry-recognized organizations like the SANS Institute and Offensive Security.
Tales of AV/EDR Bypass: Overcoming Detection with Compilers
John Stigerwalt
Founder, Red Team Lead, White Knight Labs
Talk Synopsis:
TBD
Speaker Bio:
During the last 10 years, John has worked in the following roles: blue team lead, developer, and senior penetration tester. John has led multiple red teams over the years, including filling the role of red team for F-Secure for the western hemisphere. Focused mostly on exploit development and offensive cyber operations, he has: led red team engagements in highly complex Fortune 500 companies, worked hand-in-hand with Microsoft to increase kernel security for the Windows 10 operating system, and is very proficient at surreptitious entry and alarm/lock bypass during physical penetration tests. He has authored and taught several courses at BlackHat, DerbyCon, Wild West Hackin’ Fest, Antisyphon, and the HackDown Summit.
John holds the following certificates: Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Certified Red Team Expert (CRTE), and SLAE64. John lives on a maple syrup farm in rural Pennsylvania with his family. He was recently bullied by his business partner to get back into running and now is completely addicted to it.
Eye of the Paper Tigers:
Filling the Cyber Workforce Void
Chase Fontenot
Memorial Sloan Kettering
Talk Synopsis:
With the ever-growing cyber threats, the scarcity of cybersecurity professionals poses a critical challenge to safeguarding digital assets and maintaining robust defenses. This presentation, titled "Eye of the Paper Tigers: Filling the Cyber Workforce Void," sheds light on a potential solution to the workforce shortage. We delve into the often overlooked resource of "paper tigers" in cybersecurity - individuals possessing certifications but lacking practical experience. By exploring their untapped potential, we challenge the industry's perception and highlight how these "paper tigers" can bridge the workforce gap. It's time we uncover the value and capabilities of "paper tigers" and explore how they can address the global workforce shortage in cybersecurity.
Speaker Bio:
Chase Fontenot is a passionate Cybersecurity Engineer at RADER Solutions and a dedicated Cybersecurity Researcher with the Synack Red Team. He brings a wealth of experience as a member of Team Nighthawk, winners of the NolaCon 2022 Capture The Flag (CTF) competition. In addition to his achievements, Chase has also shared his expertise as a speaker at NolaCon 2023. As a member of the coaching staff for the 2023 US Cyber Games, he is committed to promoting cybersecurity awareness and supporting newcomers in the industry.
From DOS to BOSS: Mastering the Magic in DoD Cybersecurity
Richard Jackson
Talk Synopsis:
Strap in, folks, for the roller-coaster ride of a lifetime! We're about to embark on an epic journey through the hazardous hoops and treacherous turns of landing that coveted Cyber Security job in the DoD. Kick-start your journey as we demystify the mumbo-jumbo of qualifying for such a position. We'll dive into the abyss of applications and resurface with tips that make your resume shine brighter than a new recruit's boots! We then venture into the thrilling world of the DoD Cyber Security program. This is where cyber soldiers are forged, where firewalls are stronger than adamantium shields, and phishing is definitely not a relaxing weekend activity. Don't have the budget of Tony Stark? No worries! We'll explore how to secure systems while not blowing a Stark Industries-sized hole in your pocket. You'll become the McGyver of Cyber Security, making miracles happen with just a roll of duct tape, a Swiss Army knife, and an old router. Ever heard the saying, 'work smarter, not harder'? Well, we're going to demonstrate how to keep systems compliant without breaking a sweat. Expect to learn DOS batch files 101 - the secret weapon every Cyber Security superhero should have in their utility belt. And finally, we'll delve into the mysterious realm of the Risk Management Framework. It's not a cryptic secret society; it's the magic spell for keeping your DoD system in top shape. We'll reveal how it's implemented in the DoD, unmasking the arcane, and making it as easy as a Sunday morning. Join us on this wild journey. We promise, by the end of this talk, you'll be ready to dive headfirst into the exhilarating world of DoD Cyber Security jobs - all without a parachute!
Speaker Bio:
Richard Jackson is the Service Deliver Manager Director at Human Resources Command, Fort Knox, Kentucky. He was born in Clare, Michigan and joined the Air Force right out of high school. He was first stationed at Altus Air Force Base in Oklahoma where he served four years as a Flight Simulation Technician supporting the C141 Aircraft. Following his military service, Mr. Jackson then transitioned to the civilian sector, supporting the KC-135 Aircraft Simulator, Trident Nuclear Submarine Simulator, B52 Aircraft Simulator, M60A3, M1AI, and M1A2 Tank Simulators. He has worked at multiple sites including Little Rock AFB, Arkansas, McCord AFB, Washington, Wurtsmith AFB, Michigan, Fort Knox, KY, and Tabuk and Riyadh, both in the Kingdom of Saudi Arabia. In 2002, after 25 years as a Simulation Technician, Mr. Jackson earned the Microsoft MCSE certification and transitioned into an IT career. He worked with Lockheed Martin as an IMO for two years and was hired by the NEC (DOIM at the time) in 2004 to be the first Cyber Analyst for the Information Assurance Branch, now called Cyber Security. Mr. Jackson continued working his way to become the Chief of the Cyber Business Division and eventually the Director for the Network Enterprise Center (NEC). He earned a Bachelor’s in Information Technology from Western Governors University as well as over a dozen IT certifications. Throughout his civilian service, Mr. Jackson has earned a Civilian Achievement Medal and 10 Commander’s Coins along the way. He retired from Government service in March of 2023 and now works for OSCEdge as a Service Delivery Manager Director continuing to support the Fort Knox mission, working closely with the Human Resource Command (HRC) to ensure the HRC mission is highly effective.
Is it a Feature? Is it a Vulnerability? It's Active Directory.
Qasim Ijaz
Director of Offensive Security, Blue Bastion Security
Talk Synopsis:
This talk is a summation of stories from my recent penetration tests inside Active Directory networks. I will use this time to discuss common methods I have used to obtain initial access inside Active Directory environments, the features that paved the way to lateral movement, and vulnerabilities that escalated me to Domain Admin. This talk is laid out in a way that benefits both entry-level and experienced penetration testers. The content is for both blue and red teamers looking to better understand common Active Directory configurations that can lead to compromise. It has everything from memes to kerberoasting, with a pinch of humor (no dad jokes, I promise).
Speaker Bio:
Qasim "Q" Ijaz is the Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the "dry" business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.
Incident Response Playbook-101: The importance of an Incident Response Playbook and how to create one.
Yaamini Barathi Mohan
VxRail Security at Dell
Talk Synopsis:
With the increase in security incidents happening across companies, Incident response teams are in the spotlight. An Incident Response Playbook will help the team organize the process and provide guidance during the time of chaos.
Join me to understand:
-
Why a Playbook is extremely important in the Incident Response process
-
What a Playbook is
-
How to build one for your company from scratch.
How To (Not) Crash UNIX
Barbi Howell, CISSP, CRISC, CISA
Talk Synopsis:
This presentation is for those who may use Linux such as Kali, Parrot, RedHat, or Ubuntu, but are not experts in UNIX commands. Instead of "How to use ls, cd, chown," this talk covers "what does the && do in ‘apt-get update && apt-get upgrade’ ?” The goal is less memorization and less looking up syntax and more understanding of why. The talk ends with real world stories of syntax errors causing system degradation and outages.
Speaker Bio:
Barbi is an IT Security Director specializing in Governance Risk and Compliance (GRC) and a former UNIX Sys Admin. A natural leader with a technical background, she is known for effective team building and promoting work-life balance. Barbi resides in Louisville, Kentucky and is a member of professional organizations such as Kentuckiana ISACA chapter. She assisted coordinating regional InfoSec conference, Louisville Metro Infosec Conference (2014-2017). She holds a bachelor's degree in Computer and Information Science and her certifications are not limited to CISSP, CISM and CISA.
CMMC Who? The Basics of New DoD Cybersecurity Compliance
Chris Silvers, CISSP
Founder and Principal Consultant, CG Silvers Consulting
Talk Synopsis:
The Cybersecurity Maturity Model Certification (CMMC) is the new security program the Department of Defense (DoD) is requiring Defense Industrial Base (DIB) contractors to comply with. CMMC 2.0, released in late 2021, aims to protect Controlled Unclassified Information (CUI) with the evolving nature of contemporary cybersecurity threats in mind. In this talk, Chris Silvers will explore the historical progression of DoD cybersecurity requirements (including the 9/11 Commission Report), highlight the most impactful new components of in CMMC, and provide his expert guidance for DIB contractors to forge a path to certification.
Chris, one of less than 100 individuals officially certified as both a Certified CMMC Provisional Assessor and Instructor, has led CMMC instruction for more than 500 students. His positioning on the front lines of the CMMC 2.0 rollout, and his cumulative 25-plus years in cybersecurity, uniquely qualify him to guide DIB contractors through the certification process.
Speaker Bio:
With more than 25 years of information security experience, Chris Silvers, CISSP, MBA, is the Founder and Principal Consultant at CG Silvers Consulting, a boutique information security firm based in Atlanta, GA. He is an established presenter and instructor, bringing an engaging, relatable storytelling style to all speaking engagements. In the classroom, Chris has worked with thousands of students, from 8-year-old Girl Scouts learning how to stay safe online to career forensic architects in government positions. Chris is also one of less than 100 individuals officially certified as both a Provisional CMMC Assessor and a Provisional CMMC Instructor, rendering him a uniquely qualified CMMC instructor for his almost 500 Defense Industrial Base students to date. On the presentation stage, he has been featured at DEF CON, TEDx, DerbyCon, and various universities, community events, and industry conferences. Chris regularly delivers engaging presentations on topics broadly ranging from social engineering, the state of the cyber security industry, cyber safety for families, and more. Chris' 2017 TEDx talk, The Cyber Skills Gap, has amassed more than 100,000 views and counting on YouTube.
Serving Soft Skills All Day
Sienna Delvasto
Talk Synopsis:
Deciding for a career change can seem intimidating when you're making the jump from a soft-skill-driven field such as hospitality to Cybersecurity, however, it doesn’t have to be. From the outside looking in, Cybersecurity can seem like an industry with heavy dependency on technical skills, though technical skills may be helpful for some roles, soft skills can be just as important (if not more). To ease the stress of this transition, this talk will be drawing the similarities between day-to-day activities as a server/bartender to that of a cybersecurity analyst. From juggling orders, running the expo window to working the closing section, you can leverage these skills to have a successful career in cybersecurity.
Speaker Bio:
Sienna Delvasto has been in the Cybersecurity industry for 5 years. While attending Gwinnett Technical College as a Computer Science Major she was introduced to Cybersecurity (love at first shell) and decided to focus her goals on that career field. In her time in the field, she started in Vulnerability Management, moved into Penetration Testing and is currently focused in Application Security. Prior to being in Cybersecurity she has spent 7 years in the service/hospitality industry and brought the skills gained from those years of experience into her career in Cybersecurity.
When not learning or practicing security skills Sienna can be found exploring menus and quality checking cocktails usually with the company of her pup, seeking new experiences and dancing to a beat (sometimes in her head).
Don’t let Ransomware Win -
A Blueprint for Ransomware Defense
Edward McCabe, CISM, CRISC, CGEIT, CDPSE, COBIT, SABSA
Talk Synopsis:
Ransomware attacks continue to increase in frequency, complexity and damaging effects worldwide. Cybercriminals have operationalized ransomware into a multibillion-dollar illegal enterprise with the capability to exploit and disrupt even the largest and most sophisticated companies. However, both the probability and severity of an attack can be mitigated when companies develop and maintain strategies for both prevention and mitigation. This talk offers insight into the current ransomware landscape and outlines steps an organization can take to prepare for and respond to ransomware attacks.
Abusing IPv6 on the Public Internet
TheTechromancer
Hacker, Black Lantern Security
Talk Synopsis:
As an attacker, what could you do if you had 4,722,366,482,869,645,213,696 IP addresses?
This is not a talk about mitm6 or DHCPv6. Instead we will focus on how IPv6 can be used for new and nefarious purposes on the Internet.
We'll get technical, demoing live attacks with TREVORproxy -- a special SOCKS proxy that splits your web traffic into a billion different source IPv6 addresses. We'll demo how to use this to bypass WAFs, password smart lockouts, and other rate-limiting mechanisms.
Then we'll cover each of the major cloud providers, their progress in deploying IPv6, and how they're vulnerable to these methods. Finally, we'll explore the kwirks and limitations of IPv6 attacks, and tricks for making them as effective as possible.
Speaker Bio:
TheTechromancer is a hacker at Black Lantern Security. When he's not pentesting, he enjoys writing hacking tools in Python, and speaking about them at conferences. He is an avid believer in open source software, and by the way he runs Arch Linux. He remains largely absent from the social media scene except on Github and ArtStation. He has some certifications, but asks that you judge him not by the color of his certs, but by the content of his Github profile. When provoked, he is likely to rant about Microsoft. Despite all these things he's actually a pretty friendly person.
ATOmically Passing Audits:
A CCRI love story
Josh Jackson
Talk Synopsis:
Join us as we navigate through a sizzling romance between regulation and risk management, traversing the often-convoluted terrains of the DoD. Discover how to charm your way into an ATO's auditor’s heart while dodging the fiery arrows of a CCRI. It's a tale of passion, audacity, and a relentless pursuit of compliance, guaranteed to keep you on the edge of your auditor's seat. So, grab your notepad, your laughter, and a heart ready for adventure. Because when it comes to cyber compliance in the DoD, it's not just business, it's a love story.
Speaker Bio:
I've been navigating the DoD sector for over 13 years now, serving as a Senior Middleware admin, Senior Linux Architect and now the Enterprise Architect / Technical Lead. It's been a fascinating journey, one where I've had the chance to work with an extensive array of systems and security tools.
But my passion for cybersecurity isn't just from my work experience. I have a degree in Cyber Security from Western Governors University, which has really been the foundation of my career in this ever-evolving field.
One of my proudest accomplishments is co-founding Optica, a compliance tool that's been instrumental in streamlining various processes. And when I'm not architecting or leading a venture, you can often find me elbows deep in code and scripts.
‘Flagged': Tracking Photo Geo-Locations Using Overpass-Turbo
Anna Quinn
Rapid7
Talk Synopsis:
In the talk, I will show how I can track images, videos, and more from photos and videos uploaded to social media without using metadata.
Speaker Bio:
Anna has a mixed IT background of over two years’ experience in system hardening, threat hunting, and blue and red team operations, as well as 3 years’ experience in IT in helpdesk and sysadmin roles. She joined Rapid7 as a penetration testing consultant in January of 2023. At Rapid7, Anna provides in-depth overviews on new exploitation techniques within the realms of Open-Source Intelligence (OSINT) and internal network penetration testing, specializing in Active Directory exploitation and pivoting. Anna also has expansive lab building experience - developing Application Programming Interfaces (APIs) for research and exploit development. In addition to this, Anna builds wireless labs, lockpicking environments, and Active Directory deployments for testing and research purposes. Anna also develops custom tools and scripts for the Rapid7 pentest team. Industries she has conducted penetration testing for and worked with closely include the financial, healthcare, social media, education, and energy industries.
The Unforeseen Battlefield:
Small Businesses as the New Frontline in National Cybersecurity
Nick Gipson
Founder/CEO, Gipson Cyber
Talk Synopsis:
The advent of the digital age has not only streamlined business processes but also brought along with it the increased risk of cyber threats. Recent trends indicate a shift in hacker focus from large corporations to unsuspecting targets such as small businesses, including mom-and-pop stores. The paper, titled "The Unforeseen Battlefield: Small Businesses as the New Frontline in National Cybersecurity," delves into the evolving cybersecurity landscape and analyzes the multi-faceted repercussions of cyber-attacks on small businesses and the consequent ripple effects on national security. Using a case study approach, the paper illustrates the real-life example of a mom-and-pop store that suffered a cyber attack, setting the stage for an in-depth exploration of the motives behind targeting small enterprises. The study underscores how seemingly innocuous entities, such as a small family-run business, can inadvertently become conduits for large-scale attacks on critical infrastructure and government systems. The paper also addresses the potential for aggregated data from multiple small-scale attacks to be used in more sophisticated, targeted attacks against national security interests. By illuminating the cascading effects of breaches in small business security, this paper advocates for a more inclusive approach to national cybersecurity strategies, emphasizing the need for awareness, education, and more robust security measures among small business owners.
Speaker Bio:
Nick Gipson is a seasoned cybersecurity expert renowned for his expertise in incident response, security research, and leadership as the CEO of Gipson Cyber. With nearly a decade of experience, Nick has been instrumental in safeguarding organizations from cyber threats. His published research and industry recognition demonstrates his profound knowledge and innovative insights. As a sought-after speaker and educator, Nick empowers others with his wealth of knowledge, driving proactive cybersecurity practices. Through his visionary leadership, Gipson Cyber remains at the forefront of the industry, offering comprehensive solutions in an ever-changing threat landscape. Nick Gipson’s unwavering commitment to cybersecurity continues to make a remarkable impact, securing organizations and raising awareness worldwide.
Securing Cloud-Native Applications:
Best Practices and Challenges
Yvonne Rivera, CISSP-ISSEP, CISM
CEO/CISO/Co-Founder at CyberMyte
Talk Synopsis:
The proposed presentation will explore the unique security challenges that emerge in cloud-native environments, including container vulnerabilities, API security, identity and access management, and continuous integration/continuous deployment (CI/CD) pipeline security. Moreover, I will present best practices and innovative solutions that offer valuable insights to attendees involved in building and securing cloud-native applications.
As a passionate advocate for cybersecurity engineering, I believe this topic is of utmost importance for today's rapidly evolving technological landscape. I am confident that this presentation will contribute significantly to the knowledge exchange and security enhancement of cloud-native applications.
Turning Breached Data into Intelligence
Wally Prather
Independent Intelligence Professional
Talk Synopsis:
The basics of this talk is to provide insight into the processes and methodologies utilized by intelligence professionals to discover data of high intelligence value. This talk will show communications networks, email chains, data bases, key personnel and more but specifically how to find it and then what to do with it.
In this talk we will also cover how this same methodology can be utilized to discover connections and provide attribution from cyber attacks.
Speaker Bio:
Jon “Wally” Prather is a seasoned intelligence professional with a wide range of subject matter expertise and at the time of writing this independently researching intelligence related topics and currently pursuing new career options. Wally is proficient in multiple intelligence disciplines including HUMINT Targeting, HVI Targeteer, and Network Analysis with 20 years’ experience, primarily in maritime counterterrorism/ counterinsurgency operations with the US Marine Corps, Special Operations, and Irregular Warfare. Wally has operational experience providing in-depth intelligence analysis and direct support to combat and interagency operations in the Middle East, Southeast Asia, and Africa with over four years deployed to combat, hostile and sensitive environments to include East Africa, Afghanistan, and Iraq. Wally now applies intelligence processes and methodologies to cyber data with unique and innovative results.
TBD
Katrina Khanta
Security Researcher
Joe Brinkley
Director of Offensive Security Innovation, Research and Advanced Testing at OnDefend
* Potential Fireside Talk
Talk Synopsis:
TBD
Speaker Bio - Katrina:
Katrina Khanta is a cybersecurity industry professional and conference speaker who transitioned her career from combating human trafficking to bolstering cybersecurity at major organizations through Digital Forensics and Incident Response (DFIR). Katrina is an avid supporter of people who are in the process of transitioning their careers to a tech-related role. She aims to inspire and frequently encourages others by sharing resources that have helped her to succeed.
She is currently balancing her career in DFIR while being a full-time graduate student pursuing a Doctorate of Science (D.Sc.) in Cybersecurity at Marymount University. Having worked as a Protector of Magic at The Walt Disney Company, she became immersed in the fast-paced realm of broadcast systems engineering and technology, developing solutions to mitigate impact, and performing investigations on major incidents.
Katrina is a member of the Hack Red Con advisory board, bringing a well-rounded perspective and a commitment to fulfilling her endless curiosity to the community. #Curiosity&Coffee
Speaker Bio - Joe:
Insightful, results driver IT professional with extensive knowledge of industry leading security standards and the use of latest and greatest IT security practices. Proven track record with 10 years of results leading to a successful track record. Comprehensive analytic skills; keen eye to details. Ability to plan, design, and implement security solutions for clients. Outstanding track record of identifying risks and managing disasters for a diverse set if clientele including private and federal contracts. Increased computer protection through new programs implemented from trained staff. Able to work in diverse surrounding; alone and in group settings. Ability to serve in both leadership and sub-ordinate roles. Excellent written and verbal communication skills. Able to build successful rapport with coworkers, employees, and clientele.
So you failed a pentest, now what?
Jordan Silva
Senior Manager, Hawaiian Telcom
Talk Synopsis:
Tips to get you back on track after receiving less than stellar pentest or vuln scan results and a few good cocktail recipes to help get you through the worst of it.
Synopsis: Overview of best practices for dealing with the management of tasks after a pen test or vuln scan that had less than stellar results. Includes info on how to prioritize issues, how to communicate them to responsible parties, how to prevent issues in the future, etc.
Speaker Bio:
Jordan has spent over a decade helping organizations implement and utilize technology to solve business challenges. As Senior Manager of Service Delivery at Hawaiian Telcom, Jordan’s teams are responsible for delivering Security and Cloud Services to customers big and small. Jordan has a Masters of Science in Leadership and Management and industry credentials, including the CISSP, C|CISO, and multiple GIAC certifications, giving him a unique balance of nerdy engineer and human leader. Given the opportunity, he will happily talk your ear off about anything related to technology, organizational culture, or the best ways to cook meat with fire.
Drone Penetration - Testing Lessons Learned
Jonathan Perez
Dark Wolf Solutions
Talk Synopsis:
In this talk, I give an overview of the lessons learned while performing penetration testing and supply chain analysis on UAS platforms for the Blue UAS and Green UAS programs. Topics include industry trends, common problems, and thoughts on the future of this space.
Speaker Bio:
Jon Perez is a Technical Program Manager with Dark Wolf Solutions specializing in Cybersecurity and Autonomous Systems. He is responsible for overseeing Dark Wolf's support of the Blue UAS and Green UAS programs in addition to other non-UAS programs. He strongly believes in leading with empathy and focuses his efforts on removing sources of friction so his stellar teams can thrive.
Jon holds a B.S. and M.S in Electrical Engineering from the Georgia institute of Technology. He would go on to spend the early years of his career pursuing electromagnetics research and secure software development as part of the Georgia Tech Research Institute. He currently resides in Atlanta, Georgia where he spends his free time relaxing with his family and writing music.
Sec is Dead...ish
Nate Johnson
Real Chemistry
Talk Synopsis:
Sec is dead, or at least it will be if we keep down this path. We are a self-perpetuating FUD machine that understands the threats out there, but normally can’t show our value add to a company. We are seen as a cost center and a burden. It’s time to look at options to fix the broken system, we may not be dead, but we’re close to needing life support. This is an interactive talk that takes a look at the less glamorous and more wholistically corporate strategy side of security. Moving from a single team to a dispensed group of security experts focused in training and informing business units, no longer are we looking at Sec Awareness training once a year, but creating an environment of users that have a security mindset, where its second nature to look at all problems, projects, etc. through a lens of operations and security.
Speaker Bio:
I’m the Head of Security at Real Chemistry, which means I do a lot of updates and paperwork most of my day. With a broad background ranging from admining systems and networks, commercial and DoD audits, DIACAP/RMF/NIST/SOC/ISO compliance, and managing security programs across the government and commercial entities; I’m uniquely situated to have a lot of experience across a lot of facets of the industry, and a mastery in absolutely nothing. I’m a firm believer in the passing of knowledge and openly sharing any experiences that may help others keep from making my mistakes. The stove is hot, I still touched it, now I’m telling you.
Common Cloud Misconfigurations
Mark Gaddy
Cyber Security Club
Talk Synopsis:
In this presentation, I give an overview of different cloud misconfigurations with a focus on Amazon Web Services. As well as remediation techniques and breaches that occurred from these misconfigurations.
Speaker Bio:
Mark Gaddy recently graduated from the University of West Florida with a degree in Cyber Security. At the University of West Florida, Mark was President of the Cyber Security Club, competing in both red and blue team competitions. Currently, Mark is working towards doing more vulnerability research and gaining certifications in the offensive security space.
Application of Multiple AIs in Tandem for Offensive and Defensive Cyber Operations
Logan Hicks
Red Wolf Intelligence
Talk Synopsis:
1. CNO and Red team operations, using AI and training models & environments in order to make AI more effective at breach and extraction methods as well as all out cyber warfare.
2. Defensive Applications, leveraging AI to make real time detections, decisioning, to include modifications to entire infrastructure and pipelines if necessary to apply data centric methods to the prevention of impact of operations & data, in part or in full.
Speaker Bio:
TBD
Securing Your Cloud Environment
Colin Glover
Cyber Security Advisor. Cybersecurity Infrastructure Security Agency, Department of Homeland Security
* Potential Fireside Talk
Talk Synopsis:
Malicious cyber actors target organizations, on-premises, and cloud environments, who do not possess the proper resources for defending against cyber threats. As organizations continue to advance into operations associated with cloud and cloud computing. The presentation will cover cloud users’ responsibility for security their environment as well as free tools and resources to get you started.
Speaker Bio:
Colin Glover spent the past 15 years working in the military and in the federal government on National Security matters. In August 2015, he completed his Master's Degree in Mechanical and Aerospace Engineering. He is seeking to transition to an engineering or data science position with the government or in industry.
Exploring the Dark Side: Introduction to Threat Hunting
Marissa Page
Threat Huntress
* Potential Fireside Talk
Talk Synopsis:
This talk will unveil the proactive approach to cybersecurity, revealing the tools, techniques, and real-world case studies that empower organizations to detect and neutralize threats. Join us on this enlightening journey into the world of threat hunting.
Speaker Bio:
Marissa Page is a highly skilled cybersecurity professional with five years of expertise in threat hunting, malware analysis, cyber threat intelligence, and security operations.