Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, April 28
 

8:30am EDT

Opening Ceremonies
We'll kick off the conference at 8:30am and turn the floor over to Secure Code Warrior to introduce the day's CTF competition.

Wednesday April 28, 2021 8:30am - 9:00am EDT
Virtual

9:00am EDT

OSINT and the Hermit Kingdom. Leveraging online sources to learn more about the worlds most secret nation
OSINT provides security analysts with a powerful set of tools and data that can be leveraged to discover accounts, infrastructure, and long forgotten services that are still running. Learn more about different techniques to gather information while examining North Korea’s public infrastructure.

Speakers
NR

Nicholas Roy

Nick Roy currently works for a global security vendor creating training content and researching new attacker patterns and techniques. Previously he worked at an automation platform startup teaching people about the joys and benefits of automation.While not working he lives in Boston... Read More →



Wednesday April 28, 2021 9:00am - 9:55am EDT
Virtual

9:00am EDT

MQTT - IoT's Little Protocol with Big Vulnerabilities
Have you ever wondered about how your IoT device talks to your phone? Or how industrial factories collect data from sensors? Odds are pretty good they use a tiny protocol called MQTT, a tiny protocol that often has massive vulnerabilities.

Speakers
avatar for Tracie Martin

Tracie Martin

Principal Security Engineer/Founder, DefendCon
Tracie Martin is a Principal Security Engineer at a really big book store. Previously she's worked in a variety of roles in various tech companies such as Google, Microsoft and Twitter. She is passionate about making security accessible and approachable to everyone and changing the... Read More →


Wednesday April 28, 2021 9:00am - 9:55am EDT
Virtual

10:00am EDT

Teaching an Old Pentester New Tricks: Staying Relevant in the Changing World of InfoSec
Are you just starting your InfoSec career? Have you have been in InfoSec for a long time? Regardless, if you stay in InfoSec long enough, you will have to deal with changing technologies, new attacks, and knowledge that your precious expertise may not apply tomorrow. So, how do you stay relevant?

Speakers
avatar for Adam Compton

Adam Compton

Principal Security Consultant, TrustedSec
Adam Compton has been a programmer, researcher, professional pentester, father, husband, and farmer.  Adam has around 2 decades of programming, network security, incident response, security assessment, and penetration testing experience. Throughout Adam\'s career, he has worked for... Read More →


Wednesday April 28, 2021 10:00am - 10:55am EDT
Virtual

10:00am EDT

Securing AND Pentesting the Great Spaghetti Monster (k8s)
Oh sure, Kubernetes is the Bomb! But is it secure out-of-the-box? Oh hell no! Let's see if we can change that. Let's start with a live Kubernetes cluster running on a stack of PIs (there are visuals) So we have an app and we deploy it, but before we do that, let's make sure our cluster is secure.

NOTE: This presentation was not recorded per Kat's request.

Speakers
avatar for Kat Fitzgerald

Kat Fitzgerald

Security Engineering Mgr, Google
Based in Seattle and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral... Read More →


Wednesday April 28, 2021 10:00am - 10:55am EDT
Virtual

11:00am EDT

Security in Higher Ed: What it's Like to Secure a City
How do you manage security when you have to secure everything? Security in HigherEd is a master class in cat herding, including:
- Deciding what is important
- Determining threat when there are TONS of them
- Regulations everywhere
- Vendors!
Let's talk about how to create a security strategy.

Speakers
avatar for Helen Patton

Helen Patton

Advisory CISO, Duo Security
With more years working in the Security, Risk, Privacy and Resiliency professions than she cares to say, Helen Patton advocates using information risk, security and privacy to enable the mission of organizations and to support society at large. Helen is an Advisory CISO at Duo Security... Read More →



Wednesday April 28, 2021 11:00am - 11:55am EDT
Virtual

11:00am EDT

Zero-day .NET and Nvidia GFE Vulnerabilities Explained
I discovered two logical vulnerabilities that allowed for Local Privilege Escalation (LPE). Walking through the process of discovery and then the actual exploit is fun and will show everyone how installing new software will open up systems to more vulnerabilities. Both reported and Confirmed.

Speakers
avatar for Matt Batten

Matt Batten

Matthew Batten is a Red Team Security Engineer at SIXGEN, Inc. conducting red team operations in support of the Department of Defense. Mr. Batten has ten years of experience in the information security field and is a veteran of the United States Marine Corps specializing in signals... Read More →



Wednesday April 28, 2021 11:00am - 11:55am EDT
Virtual

12:00pm EDT

Lunch Break
Wednesday April 28, 2021 12:00pm - 1:00pm EDT
Virtual

1:00pm EDT

Selling Your Brand: Why Self-Marketing is Key to Advancing Your Career in Cybersecurity
Speakers
avatar for Sam Cowan

Sam Cowan

Head of Security Compliance, HackerOne
Samantha Cowan is the Head of Security Compliance at HackerOne, the world’s most trusted hacker-powered security platform. Samantha has extensive experience with complex security projects involving security monitoring, organizational compliance, threat detection, and incident response... Read More →


Wednesday April 28, 2021 1:00pm - 1:55pm EDT
Virtual

2:00pm EDT

Shall We Play a Game
Through gamification a company cybersecurity exercise can be an exciting and engaging adventure. I'll present how to use table top gaming logic and FEMA HSSEP exercise planning structure to be able to deliver exciting, dynamic, and useful exercises.

Speakers
avatar for Steven Briggs

Steven Briggs

Senior Program Mgr. Power Operations Cybersecurity, TVA
Steven has worked for the Tennessee Valley Authority (TVA) for the ten years and is currently serving as a senior program manager responsible for the cyber security of TVA’s Coal, Gas, and Hydro Fleets. He is a NERC CIP subject matter expert focusing on vulner¬ability management... Read More →



Wednesday April 28, 2021 2:00pm - 2:55pm EDT
Virtual

2:00pm EDT

A Live Simulation of Advanced Cloud Misconfiguration Attacks
Preventing cloud-native exploits requires us to rethink cloud architecture and how we use services such as IAM. We will simulate advanced cloud attacks live to demonstrate how common cloud misconfigurations are exploited to understand how we can prevent them up front with secure architecture.

Speakers
avatar for Josh Stella

Josh Stella

Chief Executive Officer, Fugue, Inc.
Josh Stella is co-founder, CTO, and CEO of Fugue, the company transforming cloud security to help teams move faster and stay secure. Through Fugue's masterclasses, Josh educates cloud and security professionals about cloud misconfiguration exploits and how to keep cloud infrastructure... Read More →


Wednesday April 28, 2021 2:00pm - 2:55pm EDT
Virtual

3:00pm EDT

Inside The Mind of a Threat Actor: Beyond Pentesting
Red team has become a popular area of offensive security but often thought of as just pentesting. Learn about red teaming, the differences from pentesting, and how to become a red teamer including the tools of the trade, and education resources.

Speakers
avatar for Phillip Wylie

Phillip Wylie

Founder, The Pwn School Project
Phillip has over two decades of information technology and cybersecurity experience. His specialties include penetration testing and application security. When Phillip is not hacking, he is educating others. Phillip is the founder of The Pwn School Project, an education-focused cybersecurity... Read More →



Wednesday April 28, 2021 3:00pm - 3:55pm EDT
Virtual

3:00pm EDT

Educated Guesses with Symbolic Execution: Using Constraint Solvers for Speculative Execution in Modern Firmware
Symbolic Execution is a useful way to perform static and dynamic analysis but is underutilized by security professionals. I hope to expose more people to this awesome tool and demonstrate its utility in finding bugs and "rehosting" firmware.

Speakers
avatar for Chris Craig

Chris Craig

Cyber Security Software Engineer, ORNL
Christopher Craig is a Cyber Security Software Engineer in the Vulnerability Research Group at Oak Ridge National Laboratory. He received a B.S. and M.S. in Computer Science from the University of Tennessee in 2011 and 2018 respectively and has 9 years of experience in the field of... Read More →



Wednesday April 28, 2021 3:00pm - 3:55pm EDT
Virtual

4:00pm EDT

JUST JUMP! Lessons for Wannabe Social Engineers by a Recent Wannabe Social Engineer
Social Engineering is the easiest and hardest part of security to enter; easy since it doesn't require lots of tech skill; hard because it can be terrifying! I'll share lessons learned as I began my journey, like:

Fear
The starter 'kit'
Why plans can be your enemy
Skills you already have
Safety!

Speakers
avatar for Joseph S Sarkisian

Joseph S Sarkisian

Lead Penetration Tester, Wolf & Co., P.C.



Wednesday April 28, 2021 4:00pm - 4:55pm EDT
Virtual

4:00pm EDT

Hacking K-12 School Software in a Time of Remote Learning
This talk will take an in-depth look at the zero-day vulnerabilities discovered in a K-12 classroom management solution used in over 9,000 school districts. The focus will be on how four vulnerabilities combined lead to a wormable unauthenticated remote code execution resulting in System privileges.

Speakers
avatar for Sam Quinn

Sam Quinn

Security Researcher, McAfee
Sam Quinn is a Security Researcher on McAfee's Advanced Threat Research team, focused on finding new vulnerabilities in both software and hardware. Sam has a focus on IOT and embedded devices with knowledge in the fields of reverse engineering and penetration testing.



Wednesday April 28, 2021 4:00pm - 4:55pm EDT
Virtual

5:00pm EDT

Fallout from Florida: Why the Oldsmar water plant hack may mean government-mandated SCADA security is coming sooner than you think
A water plant in Oldsmar, Florida was recently hacked in an attempt to poison the drinking water. Much of America's critical infrastructure is similarly vulnerable. But this may soon change as legislators re-engage with cyber issues. This talk will discuss how to best secure critical infrastructure.

Speakers
avatar for Anthony Hendricks

Anthony Hendricks

Attorney, Crowe & Dunlevy
Anthony counsels clients on the constantly changing field of cybersecurity. He also advises clients on privacy and data protection laws including the European Union’s General Data Protection Regulation, coaches clients on developing data breach response plans and represents clients... Read More →
avatar for Jordan Sessler

Jordan Sessler

Attorney, Crowe & Dunlevy, P.C.
Jordan Sessler is an attorney in Oklahoma City, OK whose practice focuses primarily on commercial litigation, appellate advocacy, and administrative/regulatory compliance. He places a special emphasis on advising clients in regard to environmental, legislative, data privacy, and cybersecurity... Read More →



Wednesday April 28, 2021 5:00pm - 5:55pm EDT
Virtual

5:00pm EDT

Service Mess to Service Mesh
In our quest to secure all the things, do we jump in too quickly? We'll use Istio and Linkerd as example service meshes, and look at the features we would expect from a service mesh. You'll leave with a concrete understanding of the service mesh, and be ready to justify the investment.

Speakers
avatar for Rob Richardson

Rob Richardson

Developer Advocate, Cyral
Rob Richardson is a software craftsman building web properties in ASP.NET and Node, React and Vue. He’s a Microsoft MVP, published author, frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development... Read More →


Wednesday April 28, 2021 5:00pm - 5:55pm EDT
Virtual
 


Twitter Feed