Limiting Admin User Risk in a Windows environment and other tips to avoid making the news
Blake Regan works as a Senior Security Engineer for Wesco International, where he focuses on improving enterprise security posture and automating Active Directory related business processes with Powershell. Prior to Wesco, Blake worked at Motorola Solutions as an Engineer securing Government and Public Safety Land Mobile Radio systems. Blake attended ITT Technical Institute in Oak Brook, IL where he graduated with a Bachelor's degree in Information Systems Security. Blake currently holds GIAC GCWN, GCIH, Security+, Network+, and Project + certifications. Prior to starting in InfoSec 10 years ago, Blake worked in the building trades and ran his own remodeling business. He lives with his wife and daughter in Illinois.
Privacy Shield is Dead: Using Technology to Make the Lawyers Happy
Carey Lening (@privacat) is a senior security consultant specializing in data protection, cybersecurity, and governance. As a former attorney, Carey focused on the legal and policy issues surrounding computer & data security & privacy law. Now, she works with consultancies and firms around the world, navigating the intersections between cybersecurity and data protection. Carey is a published author, and has written and lectured extensively on best practices in cybersecurity and data protection, how to make sense of the GDPR, cross-border data transfers, and privacy-enhancing technologies. She earned her Bachelor’s degree from the University of California, Irvine, and her JD from the University of New Hampshire School of Law. She is CIPP-E & CIPP-US certified, and holds a GIAC Certified Threat Intelligence designation. In her spare time, she enjoys brewing beer, travel (pre-COVID), and nerding out over coffee.
Incident Communications 101 - Breaking the Bad News
Dr. Catherine J. Ullman is a security researcher, speaker, and Senior InfoSec Analyst at the University at Buffalo. In her current role, Cathy is a DFIR specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment as well as providing security awareness training across campus. Cathy has presented at several information security conferences including DEF CON and Hacker Halted. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking to make the world a more secure place.
Keynote Speaker - Hacking AI: From GPT-3, the Turing Test, to Cybersecurity
Dr. Chenxi Wang is the Founder and General Partner of Rain Capital, an early-stage venture fund focused on Cybersecurity. A well-known operator, technologist, and thought leader in the Cybersecurity industry, Dr. Wang serves on the Board of Directors for MDU Resources (NYSE: MDU), and the board of advisors for Secure Code Warrior and SC Media. Previously Chenxi was Vice-Chair for the board of directors for the global OWASP Foundation. Previously, Chenxi was Chief Strategy Officer at Twistlock, VP of strategy at Intel Security, and VP of Research at Forrester Research. Chenxi was named by Women Tech Founders as Women Investor of 2019, and received the Women-of-Influence award by SC Magazine. Chenxi’s career began as a faculty member at Carnegie Mellon University. Chenxi holds a Ph.D. in Computer Science from the University of Virginia.
Asking Questions and Writing Effectively
My name is Christopher Lopez, I'm a father first and a SOC analyst second. If I were to say that I have a super power it would be the ability to ask questions. This is what I feel our work as analysts mainly consists of. Asking the best questions to drive our analysis. I've been in the InfoSec field for a few years and have been a SOC analyst throughout. I came from IT and have been very fortunate to have great people around me to learn from in my career. I enjoy understanding how an analyst investigates and jumping down rabbit holes to learn how things work.
Security Research : A Talk for All new Bug-Hunters
Fardeen Ahmed has been a cyber crime investigator at The Cyber Agents, freelance security researcher and a student. Fardeen has been doing Security Research from a very young age and now trains students to be Cyber Agents, thinking like an Attacker and defending people who need help. He also provides Bug-Bounty tips in their New Security Research field, if they opt in it.
Urban Exploration - A COVID-Friendly Hacker Hobby
Johnny Xmas is a predominant personality in the Information Security community, most well-known for his work on the TSA Master Key leaks between 2014 and 2018. He has operated in nearly every realm of the Infosec vertical, from defensive engineering to penetration testing, industrial control security, and extensive personal research. He has been touring the world for nearly 20 years presenting and training on these as well as various other security and privacy concerns for nearly 20 years.
GDPR - Strategies for Failure
After working as SysAdmin in hospitality at a time where data protection laws were growing around the world, Juan has been trying to help other IT folks avoid the headaches involved in analyzing basic compliance requirements. Two years after GDPR went live we have seen some unforeseen consequences as to how Europeans communicate with the other side of the pond. While CVEs and remote shells are all the hype in the infosec community, the fines involved with bad data protection strategies are the tools that can cripple a company beyond repair. According to Dave McKenzie, Juan can provide the "First GDPR Talk I made it to the end without dying 13 times".
Bluetooth as a Rising Concern in Automotive Security
Kamel is a veteran of the automotive cybersecurity community, having spent over 3 years as an expert car hacker, technical trainer, and contributor to worldwide industry-focused communities such as the SAE, ASRG, and the Car Hacking Village. His particular areas of focus within vehicle security are Bluetooth, RF, and in-vehicle networks. He currently works at White Motion – subsidiary of the global automotive supplier, Marelli – where he leads the vehicle security research team, assessing vehicle systems and training customers in state-of-the-art car-hacking techniques. Outside the garage, Kamel is an amateur chef, terrible ukulele player, and fighting game enthusiast.
Identifying malware using bloom filters and DGArchive in a sandbox environment
Konstantin works as a Security Research Engineer for Proofpoint and lives in Bern (Switzerland). He dives deep into malware threats every day and tries to be one step ahead in the cat and mouse game with the attackers. His focus relies on detection signatures and threat actor tracking. Previously Konstantin served for the German government and defended large enterprise networks. He loves open source projects. After work he is a passionate soccer player and fan and a proud marathon finisher.
Hoe the Planet! : Not Your Mama's Social Engineering Talk
Maggie Morganti is a Technical Staff member for the Power and Energy Systems team at Oak Ridge National Laboratory focusing on electric grid cybersecurity and resilience research. She works on research projects dealing with precision timing, vulnerability handling, distributed energy systems, and other matters relevant to security and resilliency of the power grid. Prior to joining Oak Ridge National Laboratory, Maggie was a graduate intern at FireEye and worked as a Threat Intelligence Analyst on their iSight Cyber-Physical team. She holds a M.S. in Intelligence Studies with a focus on cybersecurity from Mercyhurst University. As a graduate student, she worked as an intelligence analyst for the university’s CIRAT (Center for Information Research Analysis and Training) program and served as an active member of the university’s cyber threat research analysis, data science, and nuclear nonproliferation clubs. She is IEEE member and active in local chapter events.
Neurodiversity in Cybersecurity
Nathan Chung is a cloud security architecture specialist with more than 20 years of experience in IT and Cybersecurity. He is an advocate for women in cyber and Neurodiversity. He serves on multiple boards including WiCyS (Women in Cybersecurity) Colorado, IGNITE Worldwide, and Spark Mindset. In addition he volunteers on more than 12 committees and groups. He is also the host of the NeuroSec podcast.
The Cognitive Stairways of Analysis
Nicole Hoffman recently graduated with her Bachelor’s in Information Technology with a minor in Cyber Security and is Security + certified. She is currently serving as an Intelligence Analyst at GroupSense, a digital risk protection company delivering customer-specific intelligence. While pursuing a degree in the medical field, Nicole became the unofficial helpdesk for many of her professors and decided to pivot into a career in technology. While struggling to break into infosec, Nicole worked as a financial fraud analyst and fell in love with threat hunting and behavioral analytics. Her diverse background has made her the well-rounded analyst she is today. Nicole has a passion for helping those starting out in the field and gives back to the community through her blog threathuntergirl.com as well as her various speaking engagements. She hopes to inspire and educate others by sharing her own experiences as well as the results of her in depth research. Nicole lives in the Pacific Northwest with her husband, two children, and small army of fur babies. When she has the chance to disconnect, she enjoys reading comic books, playing video games, and watching as many medical dramas as possible.
Phishing and Social Engineering, 101
Nina Jones is currently on her 2’nd year studying network and IT-security at Noroff School of Technology and Digital Media. Through her studies she has come to find an interest in phishing and social engineering. As a result of her interest she delivered a report on the topic to mark the end of year one at Noroff. Nina lives on a small island on the outskirts of Norway, in a county where, due to outsourcing, no IT-jobs exist on the market. She is working passionately towards creating a place where the local teenagers can gather and learn about IT together. Either through e-sport, coding, building PC’s or learning ethical hacking. In doing so she wishes to plant the seeds which hopefully will grow into an IT job-market in the future. Through her work she has come to know a handful of other IT-specialists – all unemployed in their field due to lack of job-opportunities, and she is working to gather and promote them as freelancers through what has come to be known as Austevoll IT. Through her studies she is hoping to work towards a bachelor in either cyber security or digital forensics. “At our 2’nd year in Noroff we will touch base on both degrees, so I still have some time to decide where my journey will take me”. Nina wishes to work on an incident response team, or dreams of training employees in various companies on how to protect themselves against phishing and social engineering. Luckily, she still has another 6 months of studying before she must make up her mind on which path to take. Apart from studying fulltime and working to build the local community, she also works part time in a local shop, plays in a brass band, and is a single mother to two children.
Unit Operations for ICS security professionals (one big and expensive “Lego”)
Process Engineer with over 13 years of experience in Industrial Plant design. Responsible for the design, analysis, and troubleshooting of equipment, piping, and instruments in several critical industries (Oil & Gas, Mining Water & Wastewater treatment plants). Programmer and Pentester by hobby.
What really is Cyber War?
Sana is currently lending her national security, cyber policy, strategic development, legal, and cross-functional management expertise to CISA within the Department of Homeland Security as a Section Chief and Cyber Advisor. Previously, she was Special Advisor to Four Star Pentagon leadership from 2012 through 2017: Senior Advisor with Office of the Secretary of Defense proposing and implementing detailed recommendations, DoD-wide strategic initiatives, and reforms which were adopted - as written - by Deputy Secretary of Defense and Secretary of Defense. Previously served as Special Advisor to the Army Secretary and U/Secretary from 2012 – 2015. Just prior, served as Special Adviser to the Army General Counsel. Worked directly with the Secretary (and previously the Army General Counsel), managing controversies—both short suspense and crisis-driven, or long term initiatives. Initiated and managed first Cyber Policy portfolio for office of the Secretary of the Army.
Keynote Speaker - How to Delay Building Skynet: A Cautionary Tale on Connecting AI with Robotic Automation
Sounil Yu is currently the CISO-in-Residence at YL Ventures, where he leverages his 30+ years of industry experience to support the due diligence process, vet entrepreneurs, and evaluate startup ideas. Sounil proactively supports the ideation processes of up and coming entrepreneurs and advises them on greenfield opportunities in cybersecurity. He is the creator of the Cyber Defense Matrix and the D.I.E. Triad, which are helping to reshape how the industry thinks about and approaches cybersecurity. He serves on the Board of the FAIR Institute and SCVX; co-chairs Art into Science: A Conference on Defense; volunteers for Project N95; contributes as a visiting National Security Institute fellow at GMU's Scalia Law School; and advises many security startups. Previously, Sounil was the Chief Security Scientist at Bank of America, leading a cross-functional team focused on driving innovation and a thriving startup culture to meet emerging cybersecurity needs, to serve as a challenge function, and to be a change agent driving unconventional thinking and alternative approaches to hard problems in security. Sounil co-chaired the OpenC2 standards group, was recognized by Security Magazine as one of the most influential people in security, and has 22 granted patents.
How To Learn Malware Analysis Without Breaking the Bank
I have been working in the cybersecurity industry for over a decade. I like figuring out how things work. Aside from spending time with my family, my hobbies include reading, Netflix, and legally breaking machines in various CTF platforms.