It’s Broke, Let’s Fix It
For her day job, Stephanie serves as a level 2 cloud security operations analyst for Duo. Outside of her 9-5, however, Stephanie has filled her life with all kinds of cool activities. She has worked with WISP, SANS, Tech Field Day and LinkedIn Learning on great efforts to support the underrepresented, provide perspectives that are missing from the conversation, and educate people on security topics that are otherwise inaccessible. She speaks at conferences and virtual events on both soft skills and hard skill related subjects. She co-hosts a ""happy hour"" inspired podcast called Coolest Nerds in the Room, where conversations surrounding the lives of tech people are nurtured. Stephanie recognizes those that inspired her or helped her get to where she is today and hopes that everything she does moving forward does the same for others. Follow Steph on Twitter and LinkedIn, or visit her online at StephAndSec.com. Her podcast is also available everywhere.
It’s Broke, Let’s Fix It
Casey has been a Cybersecurity Engineer since graduating with her Bachelor's degree in Computer Science. During that time, she has received her Master's in Cybersecurity, become an avid member of infosec Twitter, and started her blog Caseyis, where she enjoys writing about an array of different tech-related topics.
It’s Broke, Let’s Fix It
Tricia Howard is an artist gone rogue who ended up in the wonderful world of security. With a B.A. in Theatre Arts and interests ranging from Star Wars to Opera, she brings a unique and artistic perspective to infosec. When she’s not trying to get you to click on marketing emails, you can find her playing with her pomsky Darth, singing, painting, dramatically reading cold sales emails, and doing copious amounts of jigsaw puzzles.
Blood In The Wires: How The Tech Industry Fails Humanity
Emily Crose has been an information security professional for over a decade. She has been an officer for multiple government organizations including the NSA, CIA and US Army INSCOM. She currently works to secure critical industrial infrastructure worldwide. She is also an advocate for counter white nationalism, and government transparency.
MC Track 1
Dave Aitel is best known for founding and running Immunity, a specialist in information security assessments and products, and more recently, his cyber policy work. His highly opinionated tweets can be found @daveaitel.
MC Track 1
Perri Adams is a security researcher at Blue Sky Innovators, an Arlington-based defense contractor that works closely with DARPA, the Department of Defense, and other US government agencies. Her work focuses on reverse engineering and automated static and dynamic analysis techniques. An alumna of Rensselaer Polytechnic Institute, Perri frequently competes in Capture the Flag (CTF) competitions with her team RPISEC and has qualified for DEF CON CTF Finals in 2018 and 2020. Perri has previously written on cyber policy, including a Lawfare article on the risks of using Huawei devices in 5G infrastructure and a piece in the Council on Foreign Relations (CFR) Net Politics blog on the importance of a strategic offset in U.S. cybersecurity innovation.
MC Track 1
Bryson Bort is the Founder and Chairman of GRIMM, an engineering and consulting firm that researches, develops, and advises on the art of the possible in cybersecurity. Prior to founding GRIMM, Bryson led an elite research & development (R&D) division for a contributing directly to National Security priorities. Earlier, he served as the Deputy CTO for the company where he developed the corporate R&D program and cybersecurity strategy and previously was the Program Director of a business unit focused on supporting technology research and global infrastructure for DoD and the Intelligence Community.
MC Track 2
Delainey is an undergraduate student at Seminole State College, seeking a degree in Information Systems Technology with a specialization in Cyber Security. She works in UCF™s Information Security Office, and does security research on embedded systems technology with LabX at UCF.
MC Track 2
Ean Meyer is an Associate Director of Security Assurance for a global resort company. When not working with large enterprises he can be found at Full Sail University teaching the next generation about information security and risk management as a Course Director in the IT and Cybersecurity programs. He is also the President of BSides Orlando. Ean has spoken at BSides Orlando, BSides Tampa, and InfoSec World. He has been a panelist at ISC2 Congress. He also runs workshops such as Advanced Cubicles & Compromises which is a tabletop incident response workshop for Wild West Hackin’ Fest. In 2019 Ean competed in the Social Engineering Capture The Flag at Defcon 27 where he took 5th place.
MC Track 2
Tabatha DiDomenico leads marketing at the Dradis Framework and is a grad student studying Cybersecurity at the University of South Florida. She has over 15 years of IT, communications, and community-building experience in multiple industries, including telecom, construction, and software. Tabatha is engaged in the infosec community serving on the board at BSides Orlando, as staff at The Diana Initiative, volunteering at conferences, and advocating for diversity and inclusion in the industry.
Building An Effective Red Team Function (2021 Edition)
Cedric is currently an offensive security engineer with past experience as a blue teamer. His passion revolves around red teams and blue teams working closely together to improve each other's tradecraft. Cedric enjoys writing useful red team and blue team tools and periodically writing posts that are of interest on his blog at https://medium.com/red-teaming-with-a-blue-team-mentaility.
Design Thinking for Blue Teams
J. Wolfgang Goerlich is an Advisory CISO for Duo Security. He has been responsible for IT and IT security in the healthcare and financial services verticals. Wolfgang has led advisory and assessment practices in cybersecurity consulting firms.
Electronify Your Objective C
Antonio Piazza, hailing from Austin, TX. USA, is an Offensive Security Engineer on the Zoom Red Team. Following his stint as a US Army Human Intelligence Collector he worked as a Defense contractor/operator on an NSA Red Team so he is intimately familiar with spies, hacking, and nerd stuff. Antonio is passionate about all things related to MacOS security and thus spends his days researching MacOS internals and security as well as writing free, open-source security tools to help protect Mac users.
Kubernetes Security 101: Best Practices to Secure your Cluster
Magno Logan works as an Information Security Specialist for Trend Micro Cloud and Container Security Research Team. He specializes in Cloud, Container and Application Security Research, Threat Modelling, Red Teaming, DevSecOps, and Kubernetes Security, among other topics. He has been tapped as a resource speaker for numerous security conferences around the globe including Canada, USA, Portugal and Brazil. He is also the founder of JampaSec and a member of the CNCF SIG-Security team.
Intro to Hardware Hacking with a DRM'd LED Therapy Mask
Jaime is an EE turned software dev turned security researcher. She caught the infosec bug through playing CTF, and now works at GRIMM hacking cars. In her spare time, she adds LEDs to things and hangs out with her dog.
Know Thy Enemy/Know Thyself
James McCarter is a former United States Marine, specializing in signals intelligence and is a graduate of the Defense Language Institute as a Korean Cryptologic Linguist. He is an experienced cybersecurity operational support professional and is CEO of Boise based company, Shadowscape, an Intelligence-driven cybersecurity, training and analytics company. He is a recognized subject matter expert in cyber threat intelligence operations, digital forensics and cyber training and has previously served as the Director of Threat Intelligence, Vice President of Training, Intelligence Collection Manager and Digital Forensics Specialist within his previous cyber operations companies. As a SIGINT Support Team Leader and Cyber Threat Analyst, Mr. McCarter has provided operational support and training to numerous Commercial, DoD/LE and national level intelligence programs. He developed and presented comprehensive course curriculum in Cyber Threat Intelligence, Forensics, SIGINT Operations/Signals Theory, and other disciplines to multiple commercial clients and operational DoD personnel in both tactical and non-tactical settings. He has served as a lead instructor in Technical Exploitation Operations to NATO Special Operations Forces internationally with emphasis on Intelligence Collection, Digital and Physical Biometrics collection, Digital Forensics and Site Exploitation. At Shadowscape, Mr. McCarter has designed his organization to specifically assess and identify cyber risks by the identification and combination of unique pertinent threats to asset vulnerabilities. By studying the cyber adversary in order to provide customers with predictive, threat-informed security recommendations and tailored solutions, their processes help clients determine the most relevant and cost-effective defense measures for their unique security requirements.
Bringing critical D&D Skills to the workpace
Mr. Stoner is a Cyber Threat Intelligence (CTI) Analyst. Mr. Stoner served for 10 years in the U.S. Army, receiving an honorable discharge in 2010. He has over 21 years of experience in the national security and defense sector in a variety of roles, with 11 focused in cybersecurity to include a cyber threat analyst, cyber counterintelligence analyst and cyber instructor. His experience includes IT, instruction and course design, cyber exercise and testing, penetration testing, threat support, SIGINT (Signals Intelligence), and Cyber Operations. He holds A+, Net+, CEH, CHFI, CEI, CISD, CASP and CISSP certifications. He also has a Computer Studies degree from UMUC. He is a huge soccer fan and coaches youth soccer.
Exploiting COM with Microsoft Word
Will Dormann has been a software vulnerability analyst with the CERT Coordination Center (CERT/CC) since 2004. His focus areas include web browser technologies, ActiveX, mobile applications, and fuzzing. Will has discovered thousands of vulnerabilities using a variety of tools and techniques.
The Future is Humans, not Machines
Dan has been crazy-passionate about technology since the age of 5. Some years later he has had the pleasure of working in the information security industry as everything from a lead engineer to the head of information security, and now manager of professional services. When not hacking away, Dan enjoys time with his wife and two children.
APT ATT&CK EMULATION
Immanuel Chavoya is recognized as a dynamic Security practitioner, and is highly regarded for progressive experience managing complex IT environments and developing successful technical solutions for industry leaders. Immanuel is a former NASA Supercomputer SRE, supporting one of the USA's Top 10 Supercomputers (Pleiades). He is the author of several cybersecurity focused articles on topics ranging from NIST CSF to Container Security. Immanuel is an InfoSec researcher by night; notable research including identifying over 100+ sites impacted by related magecart skimming activity. By day Immanuel has curated his security skill set by spending years with "boots on the ground" perspective as the Triage Team Lead for the NASA SOC at Ames Research Center, expanding his work to the private sector bringing his expertise to the Product Security team at Intuitive Surgical. While at Intuitive Surgical Immanuel has led projects to mature the Vulnerability Management process for Intuitives "da Vinci" Robots, and helped architect PSIRT and PSOC initiatives. Immanuel has played a key role as Incident Commander at Intuitive, authoring key Security Policies, and has helped to define a path forward for their DevSecOps initiatives. In addition, Immanuel is an elected member of the Silicon Valley ISSA Board of Directors (www.sv-issa.org). The ISSA is a not-for-profit, international organization of information security professionals and practitioners.
Alex Esposito is a cybersecurity consultant. She speaks with clients about specific security concerns, gathers critical assessment-related details, and helps communicate the solutions in ways that speak to the organization. She has been performing this work with large commercial organizations for some time.
Seek, and ye shall find: OSINT for Beginners
Siobhan Kelleher is a Senior Security Analyst in the higher education space. She has been in IT for just over 8 years and worked in both government and corporate environments before joining higher Ed. She holds a degree in Digital Forensics from Champlain College as well as the GIAC Critical Controls Certification. Prior to her career in Information Security she worked in Business to Business sales where OSINT and Social Engineering skills were vital to creating sales leads and closing deals. She carried this knowledge with her into Information Security and it helps her better educate end users on their vulnerability to social engineering attacks.
Repo Jacking: How Github usernames expose 70,000 open-source projects to remote code injection
Indiana is a security engineer at Security Innovation who specializes in testing web applications, APIs, and cloud configurations. He has a background in web development and previously worked in telecommunications and banking, performing penetration tests and security assessments. In his spare time, he works on personal coding projects and eats copious amounts of sushi.
Simulating Supply Chain Attacks with Assume Breach
Kevin Ott works as a penetration tester and red teamer at Exploit Labs in Germany. He is currently focused to further develop the teams’ Red Teaming capabilities, automate deployments and counter measures, develop custom TTPs and offerings such as Assume Breach engagements to measure a company’s ability to detect and defend against cyberattacks. Before joining the offensive security community, Kevin worked as a technical analyst in the network engineering department of a global financial institution. When there is not a global pandemic, he enjoys all sorts of outdoor sports, from mountain biking to rock climbing.
Funtastic Packers And Where To Find Them
Eli, Lead Threat Hunter and malware reverse engineer, began his career as a security analyst in the private sector. At Cybereason, Eli is leading the Threat hunting service in the EMEA region. During his work at Cybereason Eli has published researches on various subjects such as advanced persistent threats groups (APT's), Cyber-Crime, its Effects on E-Commerce and financial companies, and malware research.
What to expect when you’re expecting a pentest
I am Alex Norman and I use my love of technology and gadgets to provide my customers as much actionable information as I can to improve their overall security posture. I’ve been a penetration tester for 9 years, performing and managing tests for government and private industry in traditional and cloud environments.
Dr. Catherine J. Ullman is a security researcher, speaker, and Senior Information Security Forensic Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff via a department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and Hacker Halted. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.
Amyn leads strategy and growth at CounterCraft, a threat intelligence and cyber deception start-up. Previously, Amyn Gilani was a Chief Technologist at Booz Allen Hamilton where he managed capture efforts and provided expertise to federal and commercial clients focusing on incident response, red teaming, threat hunting, and cybersecurity operations engineering. Amyn also supported clients in maturing their cybersecurity operations centers by providing advanced threat detection analytics, incident response strategies, threat modeling, and task automation. Prior to joining Booz Allen, Amyn was a Vice President in Information Security and Operational Risk at Goldman Sachs where he led Red Team Operations (RTO) and cyber threat analysis in the Security Incident Response Team. As the head of RTO, Amyn emulated sophisticated attacks against securities trading platforms and payment systems in an effort to assess risk and minimize the impact of breaches to the firm and global financial markets. Prior to joining Goldman Sachs, Amyn supported various government agencies, including United States Cyber Command, the National Security Agency, and Homeland Security, where he worked on large-scale incident response engagements, network warfare, and a range of intelligence and national security issues, including cyber policy and critical infrastructure crisis management. Amyn began his career serving in the United States Air Force as an Intelligence Analyst for six years. During his tour of duty in Iraq, Amyn served as an intelligence operator working on a range of military operations, including unmanned aircrafts, targeting, and human intelligence. Amyn was among a team of airmen who were awarded the Joint Commendation Medal for their service at the task force supporting Operation Iraqi Freedom. Amyn also performed signals intelligence analysis while he was assigned to the National Security Agency, where he supported real-time tactical operations. Amyn holds a bachelor’s degree from University of Maryland, College Park and a master’s degree from the Johns Hopkins University. Amyn also holds certificates from the United States Navy Center for Information Dominance and the United States Army Intelligence Center.
Ron is an experienced technology consultant and seasoned cybersecurity specialist with deep expertise in critical systems, network security, deep packet inspection, data analytics and secure embedded software development. He leads Verve’s research on vulnerabilities, cyber risk, and reverse engineering network protocols & firmware in OT/critical infrastructure. He created the watershed S4 ICS detection challenge datasets, advised several industrial domains, and love’s to chat about hard to solve technical problems.
Jason Thomas, CISSP, is the Chief Information Officer at Cole, Scott & Kissane, an AmLaw 200 law firm and Florida’s largest law firm with over 540 attorneys.
Nick Andersen is the Chief Information Security Officer (CISO) for Public Sector at Lumen Technologies. Andersen served previously the Principal Deputy Assistant Secretary for the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at the U.S. Department of Energy. He was appointed to lead DOE’s national effort to secure U.S. energy infrastructure against all hazards, reduce impacts from disruptive events, and assist industry with restoration activities. CESER works closely with the electricity and oil and natural gas industries; other Federal agencies; State, Local, Tribal, and Territorial (SLTT) communities; and DOE’s national laboratories to advance national energy security and prepare for, respond to, and recover from evolving threats and events to critical infrastructure. Prior to joining the Department of Energy, Nick Andersen served in the White House Office of Management and Budget (OMB) as the Federal Cybersecurity Lead and Senior Cybersecurity Advisor to the Federal Chief Information Officer, where he led the OMB Cyber Team and was responsible for government-wide cybersecurity policy development and compliance of shared federal security services. Andersen previously served as CISO for the State of Vermont, where he was appointed to lead State efforts pertaining to the security and protection of data, security compliance activities, risk reduction, security operations, and threat intelligence. Prior to this, Andersen was a senior executive and senior intelligence officer serving as the Chief Information Officer for Navy Intelligence and was the Head of the Office of Intelligence, Surveillance, and Reconnaissance Systems and Technologies at the U.S. Coast Guard. He has served on active duty with the U.S. Marine Corps, managing intelligence mission systems in Iraq, Europe, and Africa; and has led cybersecurity and technology programs worldwide with several leading and emerging companies. Andersen holds a Bachelor of Science in Information Technology Management and a Master of Science in Information Security and Assurance. He has received awards from the U.S. Navy, U.S. Marine Corps, U.S. Coast Guard, and Intelligence Community.
Shivam is a passionate security researcher, he is currently reporting security flaws within organizations and making the internet a safer place. Shivam is running local cyber awareness camps, tutoring, and educating script kiddie's to land into Infosec Community and grow together.
Phillip is a Security Analyst for Private Insurance Company. He focuses on Splunk threat hunting and PCI compliance. He is also currently studying to make the move to Penetration Testing. #HackingIsNotACrime
Alyssa Feola is a Cybersecurity Advisor in the Technology Transformation Services within GSA. Since 2020, she supports the organization by rationalizing, modernizing, and hardening the infrastructure and software that the workforce needs to do their jobs. She is currently working on a detail for the Max.gov Transition Team, where she leads the effort to get two new products through the assessment and authorization process. She focused on simplifying procurement, security, and compliance of the Software as a Service so that internal users within the Technology Transformation Services can focus on their individual missions. With over 10 years of experience, Alyssa came to the GSA after supporting the United States Air Force for ten years and the Federal Aviation Administration for two years. She brings a wealth of knowledge, skills, and experience in acquisition, information technology, and cybersecurity. Her passions lie with innovation and modernizing government technology.