Hacker Halted Conference Speakers

KeynotesTrack 1Track 2Track 3Track 4

Keynote Speakers

Jenny Radcliffe

Founder / Director Human Factor Security – JennyRadcliffe.com

Bio
Jenny Radcliffe has spent a lifetime performing physical infiltration, social engineering and security investigations. She specialises in various aspects of human manipulation including deception work, non-verbal communications, influence and persuasion techniques. She is the founder and Director of Social Engineering at Human Factor Security, is a regular global keynote speaker and is the host of award winning podcasts, vlogs and blogs on all aspects of the human element of security. Jenny can usually be found behind a mic, on top of a roof somewhere in the world, and believes there is always rum for pirates.

Abstract

Where the Falling Angel meets the Rising Ape…

This talk looks at lessons learnt from over 30 years of social engineering and physical infiltration work. It details many incidents of “people hacking” over years of practice and looks forward to how these skills might continue to be applied in an ever more technical age.

Paul Asadoorian

Security Weekly, Founder & CTO

Bio
Paul Asadoorian spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. He is the founder of the Security Weekly podcast network, offering freely available shows on the topics of information security and hacking. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

Abstract

Security Isn’t Doomed If We Learn From The Past

Many security professionals encounter what we believe are new problems and attempt to come up with new solutions. While the threat landscape and how we implement IT systems have evolved, older tactics and techniques for solving problems still apply. In fact, many new buzzwords trace their roots back to concepts developed many years ago. In this presentation, we’ll discuss how threat hunting is not a new concept (and still very effective). We’ll take a look at Paul’s “enchanting security quadrants” and how they can positively influence your security posture. It doesn’t stop there as we cover examples of borrowing from the past in areas such as music, military strategy, and technology to avoid being doomed.

Chuck Easttom

 

Bio
Dr. Chuck Easttom is the author of 26 books, including several on computer security, forensics, and cryptography. He has also authored scientific papers on digital forensics, cyber warfare, cryptography, and applied mathematics. He is an inventor with 15 computer science patents. He holds a Doctor of Science in cyber security (dissertation topic: a study of lattice-based algorithms for post quantum cryptography) and three master’s degrees (one in applied computer science and one in systems engineering). He also holds 44 industry certifications (CISSP, CEH, etc.) He was part of the team that created the CompTIA Security+, Linux+, and Server + exams. He created the OSForensics certification course and test, as well as EC Councils Certified Encryption Specialist. He was also on the team that created the CEH v8. He is also a Distinguished Speaker of the ACM and a frequent speaker at conferences.

Abstract

Peering into the Dark Web

There is a great deal of misinformation about dark web markets. There are myths about what is and what is not there. However, the reality is that financial information, drugs, and child pornography are indeed rampant on the dark web. Terrorist activity is also a reality. This talk provides an overview of what is real and what is not, with references to actual dark web markets. Then investigative techniques are summarized. Dark web investigations are important to a wide range of investigators. Cyber threat analysts working for financial institutions need to know how to investigate dark web markets to determine if their companies information is being trafficked. Law enforcement officers need to know how to investigate criminal activity on the dark web. Intelligence and DoD personnel need to understand terrorism on the dark web. And those interested in human trafficking need to understand how to investigate the dark web.

Casey Ellis

Founder, Chairman, & CTO, Bugcrowd

Bio
Casey is the Founder, Chairman, and CTO of Bugcrowd. He is an 18 year veteran of information security, servicing clients ranging from startups to multinational corporations as a pentester, security and risk consultant and solutions architect, then most recently as a career entrepreneur. Casey pioneered the Crowdsourced Security as a Service model launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the https://disclose.io vulnerability disclosure standardization project in 2016. A proud ex-pat of Sydney Australia, Casey lives with his wife and two kids in the San Francisco Bay Area. He is happy as long as he’s in the passionate pursuit of potential.

Tyrone E. Wilson

Founder & President of Cover6 Solutions

Bio
Mr. Tyrone E. Wilson is an information security professional with 23 years of experience in information technology and systems configuration, including information systems and network security. Wilson also has extensive knowledge in computer network defense, vulnerability assessments, cyber threat analysis, and incident response. As a former cybersecurity analyst for the United States Army, Wilson developed security structures to ensure American intelligence systems were protected from foreign threats. Currently, Wilson is the Founder and President of Cover6 Solutions, LLC; which teaches companies and professionals various aspects of information security, penetration testing, and IPv6.

Wilson is also the organizer of The D.C. Cyber Security Professionals. With over 7,000 members, it is the largest #Cybersecurity meetup group in the United States. In addition, Wilson is also on the Review Board of BSides NoVA and has recently presented and/or taught classes at major conferences and events such as ISSA Mid Atlantic Security Conference, BSides NoVA, BSides DC 2017, and DCCyberWeek 2017.

Abstract

With the power to influence… comes great responsibility

This talk will focus on how a lifetime of experiences that led him to create a platform that helps others be successful in the tech industry. His journey, like many others, has been unconventional. Life lessons occur to prepare you for the future.

People can find their dream jobs by identifying what they’re good at, what they love to do and what the world needs. Through educating newcomers in cybersecurity, Mr. Wilson uses his dream job to improve the lives of others. He will share his experiences on how he created a platform that motivates, inspires, and challenges people from all walks of life to do the same.

Marcelle Lee

Senior Security Researcher at Secureworks

Bio

Marcelle Lee is a security researcher, an adjunct professor in digital forensics and network security, and she is also a co-founder of Fractal Security Group, LLC. She specializes in network traffic analysis, malware analysis, and threat hunting. She is involved with many industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu, the NIST Cyber Competitions Working Group, and the Cybersecurity Association of Maryland Advisory Council. She also both builds and participates in cyber competitions, and shares her work through her Github site, https://marcellelee.github.io/.

Marcelle has earned the CISSP, CSX-P, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|EH, CCNA, PenTest+, Security+, Network+, and ACE industry certifications. She holds four degrees, including a master’s degree in cybersecurity. She has received the Chesapeake Regional Tech Council Women in Tech (WIT) Award and the Volunteer of the Year award from the Women’s Society of Cyberjutsu. Marcelle frequently presents at conferences and training events, and is an active volunteer in the cybersecurity community.

Abstract

Hacking Diversity

We talk a lot about why diversity is important and we are all familiar with the woeful inclusion stats. In this talk we will discuss why diversity is important from both the perspective of an organization’s bottom line and the individual contributor.

Track: Ahoy Matey! (Social/Human Side of Hacking)

Stefan Stephenson-Moe

Bio
I am a security professional with over 6 years’ experience in the industry working in the Finance and Energy sectors. I have extensive experience in utilizing large amounts of data to find patterns that can detect fraud and security issues. I am also a Field Artillery Officer in the Army National Guard. My hobbies include wind surfing and ballroom dance.

Abstract

Crew drills and running a tight ship

In most organizations that I’ve observed, the Security Operation Center has been modeled after the Network Operation Center. Running a Base Defense Operations Center, protecting a FOB in Afghanistan from the Taliban has given me a unique perspective on how to improve the way we run SOCs.

Alex Holden

Bio
Alex Holden is the founder and CISO of Hold Security. Under his leadership, Hold Security plays a pivotal role in info-sec and threat intel, becoming one of the most recognizable names in its field. Holden is credited with discovering many breaches including Adobe, Target, JPMorgan, Yahoo, and parts of Equifax.

Abstract

Online Dating Scams: AI Low Blows

Over time dating scams have claimed many victims, becoming an immense industry that uses psychological approaches, photographers, graphic designers, call centers, extortion and blackmail, as well as human trafficking. We will dissect this dark business and identify its patterns and vulnerabilities.

Pilar Speranza

Bio
Pilar Speranza is Chief of Staff at Hold Security, where she tutor’s others on how to maneuver their way through the diverse world of hackers. Applying her street smarts, hidden ninja skills and social engineering artistry she pacifies malicious hackers, and they become her pawns disclosing their deepest, darkest secrets.

Abstract

Online Dating Scams: AI Low Blows

Over time dating scams have claimed many victims, becoming an immense industry that uses psychological approaches, photographers, graphic designers, call centers, extortion and blackmail, as well as human trafficking. We will dissect this dark business and identify its patterns and vulnerabilities.

Keith Turpin

Bio
Chief Information Security Officer and Head of Global Infrastructure Services at Universal Weather and Aviation, a billion dollar, international aviation services company operating 50 locations in 20 countries. Responsible for all aspects of information security and all IT infrastructure teams and services.

Former Cyber Security Technical Fellow at The Boeing Company leading International IT Security Operations, Supply Chain Security, Application Security Assessments and Enterprise IT Risk.

Previously served as a U.S. delegate to the International Standards Organization’s (ISO) Cyber Security Sub-Committee, former member of (ISC)2’s international Application Security Advisory Board and the OWASP Global Projects Committee.

Industry recognized speaker at events including: Bsides, Blackhat, AppSec USA, National Software Assurance Forum and International Aviation Cyber Security Summit.

Graduate of the FBI CISO Academy at Quantico.

Certifications: CISSP, CSSLP, CRISC and NSA Certified Infosec Assessor.

MS in Computer Systems and a BS in Mechanical Engineering.

Abstract

Hacking Your Career

Learn how to take charge of your future and ring success out of every opportunity. I had some hard lessons on my way to becoming the CISO of a billion dollar company and now you can benefit from those experiences. In this candid conversation, you will learn the secrets to kicking your career’s ass.

V. Susan Peediyakkal

Bio
V. Susan Peediyakkal is a Cyber Threat Intelligence (CTI) Lead Consultant in Booz Allen Hamilton’s Commercial Cyber Defense Program where she focuses on helping their clients establish and cultivate industry-leading cyber threat intelligence programs.

With over 14 years of cyber security experience, focused primarily in Threat Intelligence, she draws on her significant knowledge from working with various intelligence operations in the federal government and international commercial domains. Susan has been a part founding many new CTI programs for the United States Postal Service (USPS), the government of United Arab Emirates (UAE), and, most recently, she was appointed as the first cyber intelligence specialist for the judicial branch of government, hired specifically to establish a threat intelligence program for the US Courts network. In March 2018, she was named one of “10 Women in Security You May Not Know But Should” by one of the most widely-read cyber security news sites on the Web, Dark Reading.

Susan has served 18 years in the US Air Force (active and reserve), is trained in Project Management Professional (PMP) and GIAC Cyber Threat Intelligence (GCTI), and is a certified Splunk power user. She is the DC Chapter Lead for the Women’s Society of Cyberjutsu. She was there for the inception and creation of the non-profit Mental Health Hackers, and serves on the board as the Chief Wellness Officer. She also serves as a board member for EC-Council’s Global Advisory Board for Certified Threat Intelligence Analysts and the inaugural Advisory Board for the SANS Purple Team Summit. Wanting to help grow the cyber community to her hometown, Susan is the founder and co-director for BSides Sacramento, an infosec conference in California’s capital city.

Susan is a 500 hour Registered Yoga Teacher (RYT) and enjoys studying and teaching yoga in her free time, loves traveling extensively, and mentoring junior analysts in Cyber.

Abstract

Social Media: The New Court of Public Opinion

The new court of public opinion is not only TV and radio, but all social media outlets. This talk will both present and challenge the audience in a different way than most presentations. We will explore different platforms, our unconscious biases, and how it plays into analysis of cyber operations.

Michael F D Anaya

Bio
A skilled, cybersecurity tactician with a wealth of knowledge in understanding both criminal and nation state actors.

At the end of 2018, I was given a tremendous opportunity to be the Head of Global Cyber Investigations and Government Relations for DEVCON (a leading company in the ad tech space). I lead a team focused on investigating online ad theft on the global scale as well as facilitating interactions with the U.S. government and its investigative units. I specialize in untangling all the complex and sophisticated ways threat actors attempt to obfuscate their activity. Where did I learn to do this? I am glad you asked!

Prior to joining the DEVCON family, I was a part of another stellar group of people. I started my career as an FBI Special Agent in Los Angeles, CA. There I addressing complex cyber matters, during which time I led numerous, expansive investigations including one that resulted in the first federal conviction of a US person for the use of a peer-to-peer botnet. I then was named a Supervisory Special Agent for the Leadership Development Program in Washington, D.C., charged with bringing together disparate divisions of the FBI focused on a workforce development program. This resulted in a more balanced and inclusive program. After the implementation of the program, I went on to lead a cyber squad in Atlanta, GA. There, I led a diverse group of Agents, Intel Analysts, and Computer Scientists in neutralizing nation-state and criminal threats. I secured one of the highest performance standards given by the FBI for the entire Atlanta cyber program.

One of my main focuses at DEVCON is information sharing, which I believe will be key to our collective success. This is not just limited to sharing with other businesses, but also key government entities. Given my experience, I can attest to the fact our adversaries work together, so shouldn’t we?

Abstract

The Dark Side of AdTech: The Criminal Mind

With $50 billion up for grabs, we can’t afford to be complacent. Hackers know something you don’t: The ad industry is completely unregulated and there are billions for the taking. This is an immersive presentation given by a former FBI CyberAgent – credited as one of the FBI’s best speakers.

Track: Batten Down the Hatches (Defense)

Dr. Catherine J. Ullman

Bio
Dr. Catherine J. Ullman is a security researcher, speaker, and Senior Information Security Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a data forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness amongst faculty and staff via a comprehensive department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at several information security conferences including DEF CON and Hacker Halted. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.

Abstract

A Theme of Fear: Changing the Paradigm

This talk is relevant to both red and blue teams because it examines the basic premise around which the entire industry is built. It’s thought-provoking, considers whether we are stuck in a rut that is ultimately unhelpful, and suggests there is a better way.

Brian Hileman

Bio
Brian has spent most of his career working in the data protection field. He is currently a Sales Engineer with Digital Guardian providing Data Loss Prevention (DLP) and Endpoint Detection and Response (EDR). Prior to joining DG, Brian was at InteliSecure, a Denver based data protection consulting company, as a professional service engineer. Brian also created a DLP testing website called dlptest.com (www.dlptest.com) which allows for easy testing of DLP policies and reveals DLP capabilities.

Abstract

Are Your Cloud Servers Under Attack

For this presentation, I built out a test lab in AWS and allowed someone to hack the servers. I will talk about what we saw when we opened RDP to the internet, what the hackers did once they got in, and someone trying to kick me off my own servers.

Peter Smith

Bio
Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers and customer-hosting environments for Harvard University, Endeca Technologies (Oracle), American Express, Fidelity UK, Bank of America, and Nike. Most recently, Peter was on the founding team at Infinio Systems where he led product and technology strategy.

Abstract

Multidimensional Attack Path Analysis: Eliminating Network Blind Spots

What happens when you change your view of what matters on your network? Understanding how attackers use low friction pathways helps you prioritize what to protect. This session will simplify how to narrow massive amounts of network data and learn which network targets are most at risk.

Jim Nitterauer

Senior Security Engineer

Bio
Currently a Senior Security Specialist at AppRiver, LLC., his team is responsible for global network deployments and manages the SecureSurf global DNS infrastructure and SecureTide global spam & virus filtering infrastructure as well as all internal applications. They also manage security operations for the entire company. He holds a CISSP certification in addition to a Bachelor of Science degree with a major in biology from Ursinus College and a Master of Science degree with a major in microbiology and biochemistry from the University of Alabama. He is a 2000 graduate of Leadership Santa Rosa and a 2001 graduate of Leadership Pensacola. He is also well-versed in ethical hacking and penetration testing techniques and has been involved in technology for more than 20 years.

Jim has presented at NolaCon, ITEN WIRED, BSides Las Vegas, BSides Atlanta, BSides San Francisco, CircleCityCon, DEF CON, DerbyCon, CypherCon and several smaller conferences. He is a regular contributor to the Tripwire Blog and Peerlyst. He has presented training classes at CircleCity Con and BSides San Francisco. He regularly attends national security conferences and is passionate about conveying the importance of developing, implementing and maintaining security policies for organizations. His talks convey unique and practical techniques that help attendees harden their security in practical and easy-to-deploy ways.

Jim is a senior staff member with BSides Las Vegas, a member of the ITEN WIRED Planning Committee and the President of the Florida Panhandle (ISC)2 Chapter. He served as President and CEO of GridSouth Networks, LLC, a joint venture between Creative Data Concepts Limited Inc. and AppRiver, LLC., and founded Creative Data Concepts Limited, Inc.

He stays connected with the InfoSec and ethical hacker community and is well-known by his peers. In addition to his work at AppRiver, he devotes his time to advancing IT security awareness and investigating novel ways to implement affordable security controls.

When not at the computer, Jim can be found working out, playing guitar, traveling or just relaxing with an adult beverage.

Abstract

DNS: Strategies for Reducing Data Leakage & Protecting Online Privacy

DNS is the foundational protocol used to directly nearly all Internet traffic making the collection and analysis of DNS traffic highly valuable. This talk will examine ways in which you can effectively limit the disclosure of your online habits through securing the way your local DNS resolvers work.

Ryan Kelso

Bio
Former developer specializing in writing secure software and exploiting insecure software.

Abstract

Loose Lips Sink Ships: Why your application tells me how to hack it

Robust error outputs, OPTIONS, version headers, X-Powered-By, are all awesome pieces of information for an attacker. In this talk, we’ll discuss how you can leverage these low level information disclosures to get to higher ranked vulnerabilities.

Joshua Sorenson

Bio
Joshua is a Global Information Security Leader with 13 years of professional experience. Joshua currently serves as Equifax’s Senior Director of Global Mainframe Security where he has responsibility for transforming zSeries, iSeries, and pSeries platform security around the world. Prior to joining Equifax, Joshua served in security leadership roles, leading transformation initiatives, since 2013 at Delta Air Lines. Key accomplishments at Delta include deploying the $12 Million QRadar SIEM in 90 days, leading the $15 Million APT & IDS Defence Initiative, building the off-shore Security Operations Centre (SOC), and launching the Strategic Fraud Detection practice which identified nearly $4 Million in fraud in the first 90 days. Prior to joining Delta, Joshua’s experiences included roles in IT Audit, Software Development, Database Administration, and Finance at The Coca-Cola Company, Deere & Company (John Deere), & Kimberly-Clark.

Joshua served on Cisco’s Strategic Security Threat Defence Advisory Forum between 2016 and 2017 and Deloitte’s Aviation Executive Roundtable from 2014 through 2016. Joshua regularly speaks publicly on Information Security at forums including IBM Interconnnect, ISACA Atlanta Geek Week, Georgia Institute of Technology’s Institute for Information Security & Privacy, and Georgia State University. Joshua has extensive professional and personal travel experience and has visited 42 countries across 6 continents.

Joshua is a Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA), he is a graduate of the University of Iowa with Bachelor of Business Administration (BBA) degrees in Finance and Management Information Systems (MIS), he holds a professional certificate in Cyber Security from the Georgia Institute of Technology, and is currently pursuing his Master of Science in Information Security from the University of London.

Abstract

Demystifying and securing Big Iron: making the mainframe just another platform

How do we begin to secure the mainframe and treat it as “just another platform”? This presentation will walk the audience through a journey where we break down the basics of the mainframe platform and discuss how we can begin the transformation needed to secure the platform.

Track: Run a Rig and Give no Quarter (Offense)

Jeff Nichols, Ph.D.

Bio
Abstract

What Happens When 70 Universities, 7 National Labs, the Military, and 1000 Volunteers Hold a Cyber Defense Competition?

Oak Ridge National Lab, in cooperation with six other labs, hosts a cybersecurity CTF focused on energy systems. This challenge includes a green team who use the system while it’s under attack. Join us as we discuss the unique challenge of attacking and defending our strange SCADA system.

Joe Gray

Bio
Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys attending information security conferences, contributing blogs to various outlets, training in Brazilian Jiu-Jitsu (spoken taps out A LOT!), and flying his drone. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. Joe has contributed material for the likes of AlienVault, ITSP Magazine, CSO Online, and Dark Reading and is a regular Forbes contributor.

Abstract

7 Habits of Highly Effective Adversaries

As someone who spent their whole career on the blue team, I am working on moving to the red team. This presentation talks about the TTPs to be successful as an adversary, whether operating as a penetration tester or red team operator while leveraging blue team experience.

Bhavin Patel

Bio
Bhavin Patel is a Sr. Application Security Engineer specializing in penetration testing and exploit development of new innovative technology at NCR. Moving away from operational security to security R&D allows Bhavin to practice exploit development and security research more intuitively with securing the everyday. Started his adventure in breaking technologies during my primarily life in Zimbabwe and Botswana, dusty countries with legacy technologies that needed to be pawned. He is currently pursuing his Master’s in Computer Science with a focus in Robotics and Machine Learning at Georgia Tech. He holds several security certifications that include: CISSP, CSSLP, OSCP and CEH. Bhavin has participated in several South Eastern Collegiate Cyber Defense Competitions (SECCDC) in the United States of America during his academic career and has worked on multiple consulting penetration testing engagements for healthcare, financial, retail, consulting, and technology industries. One of his favorite mantras is from Mr. Robot: “When you see a good move, look for a better one.”

Abstract

Argh! Savvy BOF, it’s time you learned how to loot!

As humans, don’t fully fathom our capabilities on this pursuit of innovation. Whether it be through creativity or technology. This balancing factor requires people to develop and break technologies continuously to make everyday secure. I will showcase how new security professional can hack!

Manuel Nader

Bio
Manuel Nader is a Security Researcher at Trustwave Spiderlabs. He works on tracking new vulnerabilities, identifying how those vulnerabilities are exploited and writing code that detects the presence of or exploits those vulnerabilities. Previously worked in the offensive side of security and before that he worked on the defensive side of security. Manuel’s favorite independent research involve web attacks.

Abstract

Breaking Smart [Bank] Statements

Explanation of how I find and exploit a security flaw (bad implementation of cryptography) in a bank statement, sent via email, of one of the biggest banks in Mexico.

Amber Welch

Bio
Until she’s accepted for a Mars mission, Amber Welch is pursuing the advancement of personal information privacy and security as a Data Protection and Risk Specialist at McKinsey & Company. Amber has previously managed security and privacy governance for a suite of SaaS products and worked in companies creating ERP, CRM, event planning, and biologics manufacturing software.

Abstract

Data Access Rights Exploits Under New Privacy Laws

The right to access all personal data under new privacy laws has opened new attack vectors for phishing, OSINT, and “legal DDoS.” This talk covers data access exploits for privacy vulnerabilities, red teaming privacy rights, defense strategies for security teams, and data subject request validation.

Mandy Logan

Bio
Following a series of 5 strokes and major head injuries, Mandy is no longer in the construction engineering industry. She used her life hacking prowess from a non-traditional background (such as skipping five years of K-12 schooling while working on a ranch and then graduating from a giant, traditional high school in 2.5 years with a 4.2 GPA) to re-establish neuro control using her electrical system, her tongue against her teeth, and perseverance. Now, as a happy dyslexic autie (autistic person) she is pursuing all things InfoSec with an emphasis on Incident Response, Neuro Integration, Artificial General Intelligence, and Community, pressing forth to improve the lives of InfoSec professionals and long term ethical neuro tech for those unable to express themselves to their own satisfaction. She enjoys art, travel, naps, speaking, continuing and broadening her own recovery, and good people, and hopes to be half the person her service dog, Trevor, is.

Abstract

MUTINY. ANALOG HUMAN CAPABILITIES vs AI (or: ANALOG AI PWNAGE)

BLOOD. MUSCLE. ELECTRICITY. Could mitigating incomplete human experience data sets and unconscious bias come from ANALOG HUMAN categorization/quantifying? I lived it. See how devastating brain injury led me to use these to rebuild cognitive and sensory function and how muscle holds new light for AI.

Track: Shiver Me Timbers (Latest tech/Misc)

Jeffrey E. Man

Bio
Respected Information Security expert, advisor, evangelist, co-host on Paul’s Security Weekly, Tribe of Hackers, and currently serving in a Consulting/Advisory role for Online Business Systems. Over 37 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises and was part of the first penetration testing “red team” at NSA. For the past twenty years, has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation’s best known companies.

Abstract

What are We Doing Here? – Rethinking Security

So much technology. So many smart people doing amazing things. Still so much is broken. I think we need to look at the history of InfoSec starting with the basic risk equation to decide if we’ve missed something. (We have). Technology is not the solution; it’s the problem.

Kevin Cardwell

Bio
Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate at compromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways clients can mitigate or limit the impact of these weaknesses.

He spent 22 years in the U.S. Navy. He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations and Security Center (NOSC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOSC for six years. While there he created a Strategy and Training plan for the development of an expert team that took personnel with little or no experience and built them into expert team members for manning of the NOSC.

He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia and the UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, Advanced Penetration Testing for Highly Secured Environments 2nd Edition and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman and the Central Bank of Oman. He designed and implemented the custom security baseline for the Oman Airport Management Company (OAMC) airports. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices as well as applications. Additionally, he provides training and consultancy to the Oman CERT and the SOC team in monitoring and incident identification of intrusions and incidents within the Gulf region. He holds the CEH, ECSA. LPT, APT, CHFI and a number of other certifications.

Abstract

Deception as a Defense: Confuse and Frustrate the Hacker!

No matter how much “security” is put in place, the reality is we are running our data on protocols that were developed many years ago when the Internet was small and as a result of this, these protocols are based on the principle of trust; therefore, to truly defend we need to modify these protocols. The concept is, if the protocols can be changed then the result of this will be frustration and confusion for the adversary. In this presentation advanced defensive concepts will be explored and the power of using deception at different layers of the network. The attacker depends on information that is gathered during their surveillance, and with deception we change the network at layer 2-4 and the result of this is the attacker’s collected data is no longer valid and useless for them, this requires the attacker to start the information gathering process over again. In a robust defensive solution, the network can change multiple times based on the classification of the threat, and each time it changes, the attacker is lost and has to start the recon process over again. These concepts change the game and puts the defender in control! We know our networks best and not the hackers!

Wayne Burke

Bio
Wayne Burke has had considerable hands-on IT Security experience consulting or lecturing, whether it was for Government Agencies, Healthcare Institutions, Financial and international companies.His experience in the public / defense sectors is equally complemented by assignments undertaken for heavyweight world renowned corporations including Yahoo, Xerox, AT&T and Texas Instruments to name but a few. He is imminently qualified in his field in that he holds a string of professional qualifications in Networking to name a few (MCT, MCSE, Cisco, Network+) and IT Security (CIW-SA, Security+, CEH, ECSA, LPT, CHFI) besides a bachelor’s degree in science.

Abstract

Deception as a Defense: Confuse and Frustrate the Hacker!

No matter how much “security” is put in place, the reality is we are running our data on protocols that were developed many years ago when the Internet was small and as a result of this, these protocols are based on the principle of trust; therefore, to truly defend we need to modify these protocols. The concept is, if the protocols can be changed then the result of this will be frustration and confusion for the adversary. In this presentation advanced defensive concepts will be explored and the power of using deception at different layers of the network. The attacker depends on information that is gathered during their surveillance, and with deception we change the network at layer 2-4 and the result of this is the attacker’s collected data is no longer valid and useless for them, this requires the attacker to start the information gathering process over again. In a robust defensive solution, the network can change multiple times based on the classification of the threat, and each time it changes, the attacker is lost and has to start the recon process over again. These concepts change the game and puts the defender in control! We know our networks best and not the hackers!

Andrea Amico – Privacy4Cars

Bio
Andrea Amico is a vehicle privacy and cybersecurity advocate. After co-chairing the Compliance Committee at the International Automotive Remarketers Alliance (IARA) and realizing the inadequacy of tools for the protection of personal data stored in automobile systems, Andrea founded Privacy4Cars.com, the first and only mobile app designed to help erase Personally Identifiable Information (PII) from modern vehicles. In February 2018, during the development of the Privacy4Cars app, Andrea discovered that many vehicle makes, models, and years could be attacked via the Bluetooth protocol to expose the personal information of previous vehicle users such as stored contacts, call logs, text logs, and in some cases even full text messages without the vehicle’s owner/user being aware and without the user’s mobile device being connected to the system. It is estimated that the hack, named ‘CarsBlues’, may affect tens of millions of vehicles in circulation worldwide based on estimates from the Auto-ISAC with whom Andrea collaborated on a disclosure affecting 22 vehicle makes to date.

Andrea lives in Georgia and will be an adjunct professor of Engineering Ethics at Kennesaw State University this fall.

Abstract

The $750 billion vehicle data gold rush – pirates ahoy!

Vehicle data may be worth $750b by 2030. Problem: vehicle security, privacy, and user awareness of risks are inadequate. Andrea Amico will share some exploits including his “CarsBlues” which exposes people’s personal data, affects 22 makes, and is still a 0-Day for tens of millions of vehicles.

Wes Widner

Bio
Abstract

Alexa is a snitch!

You’re not paranoid, your voice assistant is listening. And what’s worse, Alexa is stitching on you! What is she hearing? Where is she sending it? And is there anything we can do to stop her?!

Join me as we discuss the current state of security around voice assistants. And how to silence them.

Jocelyn Matthews

Bio
Jocelyn Matthews is Community Manager at Storj Labs, a company focused on decentralized cloud object storage that is affordable, easy to use, private and secure. She is responsible for building and nurturing the technical community contributing to Storj Labs and the great blockchain and decentralization ecosystem. Her focus is to grow a vibrant ecosystem to which everyone brings their best selves, a place for developers to contribute to the project and build applications on top of the platform, as well a place for storage node operators to get assistance building supply for the network.

Jocelyn is a former Rosberg-Geist Fellow at the Center for African Studies at UC Berkeley. Her ethnographic social research has received grant funding from the Sultan Grant for Arab Cultural Studies; UC Berkeley Center for Race and Gender Studies; HASTAC Humanities, Arts, Science and Technology Alliance Collaboratory; and the National Science Foundation (NSF). She is a former lab member at CITRIS (the Center for Information Technology Research in the Interest of Society) Banatao Institute. In her spare time, she is an active member of the Bay Area Black Designers group and Elpha. She cares very much about diversity, inclusion and equity, values she brought to bear both as a former faculty member of the California college system and while teaching underserved teens in Oakland.

Speaker Experience

    • Lesbians Who Tech Summit 2019 speaker
    • Microsoft Womens’ Group speaker
    • AIGA Design Week 2018, host and speaker

AIGA Diversity & Inclusion series, panel moderator

  • AIGA Diversity & Inclusion series, presenter

 

Abstract

Building Diverse Blockchain Communities for a Decentralized Future

As new communities form around blockchain and decentralization technologies, women must be involved to realize its potential. Learn how the confluence of blockchain, open source and its principles of transparency will contribute to societal shifts and economic empowerment for women in coming years.

Jeff Silver

Bio
Jeff has been involved in the network security industry for over 20 years, working with Intrusion Detection, Vulnerability Assessment, Data Loss Prevention and other network security tools. He currently works for Symantec as a Senior Security Engineer in the Mid-Atlantic Region helping enterprise organizations increase their security posture. Jeff was a founding member and officer of the Delaware ISC2 Chapter, and actively serves on the Academic Advisory Boards of Embry-Riddle Aeronautical University, Anne Arundel and Delaware Tech. He is passionate about building up a culture of mentoring young security professionals in our industry and has been published on this topic. A strong advocate of building better cyber collaboration with Law Enforcement, Jeff is a graduate of the FBI Citizen’s Academy and a member of Infragard and HTCIA. He currently lives in Newark, Delaware with his wife and two children and outside of the technology industry is active in his church and local community.

Abstract

Cloud Proxy Technology [The Changing Landscape of the Network Proxy]

This class will cover the distinctions between traditional proxy technology and the emergence in recent years of cloud proxy and why it matters to organizations today. We will review real use cases and their corresponding screen shots to provide a stimulating session.

Pieter Danhieux

CEO & Co-Founder

Bio
Pieter Danhieux is the CEO of Secure Code Warrior, a global security company that makes software development better and more secure. He co-founded the company in 2015, has been building the product, a team of 30 staff globally and 5x revenue growth in 2017. In 2016, he was No. 80 on the list of Coolest Tech people in Australia (Business Insider) and awarded Cyber Security Professional of the Year (AISA – Australian Information Security Association).

Pieter is also a principal instructor for the SANS Institute teaching military, government and private organisations offensive techniques on how to target and assess organisations, systems and individuals for security weaknesses. Before starting Secure Code Warrior, Pieter work at Ernst & Young, BAE Systems and co-founded NVISO, a high-growth cybersecurity consulting firm Pieter has spoken at over 50 public presentations in the ast 7 years including RSA Asia Pacific & Japan, ACSC, AusCERT, ISACA, ISSA, AISA, CloudSec, and SANS Institute Community Events. During his career, he collected a whole range of cyber security certificates (CISSP, CISA, GCFA, GCIH, GPEN, GWAP) and is currently one of the select few people worldwide to hold the top certification GIAC Security Expert (GSE).

Abstract

The AppSec Error Loop: How We Can Break the Cycle and Stop Making the Same Mistakes

Application security can be a tough gig. It seems no matter what we do, common vulnerabilities – hundreds of them – keep rearing their ugly head in modern software. These issues (and their remedies) have been around for years, yet the average pen-test report uncovers that we simply don’t learn from our mistakes.
Why, then, do we keep sticking to the same action plan, expecting a different result?

A positive security approach including knowledge-sharing, engaging training, plus relevant tools that actually work, are instrumental in breaking the cycle of common vulnerabilities and improving application security. Imagine empowering developers to embrace their responsibility in creating more secure code; writing it straight into the IDE from the beginning. Imagine if they could fix secure coding problems as they arise and share that knowledge with their peers, so every developer wouldn’t have to figure it out for themselves. Imagine if highly skilled security managers and testers could focus on finding and fixing the really challenging, complex bugs rather than sending developers after nebulous minor issues with limited instructions. It’s not a pipe dream; it’s simply a different approach that can happen right now.

This presentation showcases the principles and the practice of ‘Positive Security’ revealing the importance of scaleable knowledge distribution and training, as well as real data on the most common mistakes we see (and how to fix them). This is a game-changing blueprint that will substantially improve your approach to effective application security.

Ian Eyberg

Bio
Ian is the CEO of NanoVMs – he was first given his set of slackware floppies in the year of 94. He is an acolyte of Andrew Tanenbaum and hasn’t looked back since. He’s on a mission to upgrade the world’s infrastructure one linux box at a time.

Abstract

Unikernels – Friend or Foe?

Unikernels have long been promised to be the next generation of cloud infrastructure for their security, performance and server density. So are unikernels all they are chalked up to be? What are their benefits? What are their problems?