Hacker Halted 2024 Speakers
Elizabeth Stephens
CEO, DBS Cyber LLC
Elizabeth is the CEO of DBS Cyber LLC, a company whose mission is to protect American families. She is a cybersecurity expert with a distinguished background leading intelligence teams in high-stakes environments. Formerly the Director of Data Center Cyber Risk Intelligence at Microsoft, Elizabeth’s work focused on the safety of critical digital infrastructure. Her experience includes evaluating cyber risks, providing actionable intelligence, and developing best practices to secure cloud operations.
A Nashville native and Memphis born retired United States Marine Corps veteran, Elizabeth completed three combat deployments to Iraq. Following her graduation from the United States Naval Academy, she earned an MS in Business Administration and Management from Boston University. She is also capstone pending in the Masters in Cybersecurity Program at California State University and has completed a MS in Public Leadership from USF.
Elizabeth’s career is marked by a trailblazing spirit. She holds the distinction of being the first black female graduate of the Naval Academy to become a selected Fleet Naval Aviator in the Marine Corps. Her other firsts include piloting the CH-46E, attaining tactical aircraft commander status, and becoming the first woman to fly the MV-22 Osprey. Elizabeth’s courage and leadership earned her an Individual Air Medal for her exceptional actions during a critical period in the first democratic elections in Iraq’s history.
The cyber threat landscape is a battlefield. Outdated defenses leave us vulnerable. This manifesto unveils strategies for proactive risk management, intelligence-driven action, and a culture of cyber vigilance; it’s the modern survival guide for individuals and organizations.
Solomon Sonya
Computer Science Graduate Student, Purdue University
Solomon Sonya (@0xSolomonSonya) is a Computer Science Graduate Student at Purdue University. He earned his undergraduate degree in Computer Science and Masters Degrees in Computer Science, Information Systems Engineering, and Operational Art and Strategy. Solomon routinely develops new cybersecurity tools and presents his research, leads workshops, and delivers keynote addresses at cyber security conferences around the world.
Prior to attending Purdue, Solomon was the Director of Cyber Operations Training . Prior to that position, Solomon was a Distinguished Computer Science Instructor at the United States Air Force Academy, Research Scholar at the University of Southern California, Los Angeles, and an Adjunct Faculty Instructor with the Advanced Course in Engineering Cyberspace Security (ACE) at the Air Force Research Lab in Rome, NY.
Solomon’s previous keynote and conference engagements include: DEFCON and BlackHat USA in Las Vegas, NV, SecTor Canada, Hack in Paris and LeHack, France, HackCon Norway, ICSIS ‚Äì Toronto, ICORES Italy, BruCon Belgium, CyberCentral ‚Äì Prague and Slovakia, Hack.Lu Luxembourg, Shmoocon DC, BotConf – France, CyberSecuritySummit Texas, SANS Digital Forensics Summit, DerbyCon Kentucky, SkyDogCon Tennessee, HackerHalted Georgia, Day-Con Ohio, TakeDownCon Connecticut, Maryland, and Alabama, and AFCEA ‚Äì Colorado Springs and Indianapolis.
Malware continues to increase in prevalence and sophistication. Traditional detection mechanisms fail to adequately detect new and varied malware. This talk teaches how to use AI and delivers a new Machine Learning framework to analyze malware classify malicious samples into malware families.
Marissa Davis
Information Security Analyst
With over five years of hands-on experience as an Information Security Analyst, I safeguard critical systems, networks, and data from sophisticated cyber threats. My expertise encompasses malware research and analysis, threat hunting, security operation center (SOC), and incident response activities, utilizing industry-leading tools and technologies. I’ve successfully identified and mitigated high-risk vulnerabilities, bolstering the company’s security posture.
I hold both a bachelor’s and Master’s degree in Cybersecurity. Additionally, I’ve earned certifications including Security+, eJPT, CySA+, and CSAP, showcasing proficiency across diverse cybersecurity domains. My professional journey spans various sectors, including roles at Maximus, Flashpoint, Synovus, and Columbus State University. Passionate about staying abreast of cybersecurity trends, I’m dedicated to fortifying digital defenses and fostering a secure online environment.
In an age of relentless cyber threats, businesses teeter on the edge of a cyber dystopia. Join me for “Navigating the Cyber Dystopia: Proactive Incident Response,” where I’ll unveil strategies to outsmart hackers, fortify defenses, and secure your digital future. Stay ahead, stay protected!
Chris Esquire
The Esquire Group, LLC
Dr. Chris Esquire, esq. is a US Army veteran who served in the Signal Corps. Since 1996 he has worked in Information Technology for all industry sectors including public, private, military, and federal government. That also includes being a security analyst for one of the largest power companies in the world. For over 20 of those years he has operated in the security part of the field. Since 2017 he has focused his energy on educating individuals in cyber security having worked for over 5 universities. He has presented research internationally on various topics such as data breaches, cloud security, GDPR, cyber terrorism, and critical infrastructure protection. Lastly, he is also a licensed attorney who has focused his energy on education, community and public service with hopes on helping various industries and government bodies stay one step ahead of those who wish to do harm.
What if I told you that for around $1,000 you can compromise and intercept satellite communications? Still not intrigued yet? What if I told you that all communication signals transmit under the bandwidth of satellite and microwave communications? These signals are always around us, remember that.
Jim West
TopCyberPro.com
Jim West possesses more than 32 years’ experience in the Information Technology field with over 20 years focused within Cybersecurity. He has worked in the IT and Security industry across many sectors of commercial, space, federal, and defense with expertise in Biometrics, Risk Management, Security Analysis, and Network and Systems Auditing. Jim holds multiple certifications which include; CISSP-ISSEP, ISSMP, GSLC, GCIH, GSNA, GPEN, G2700, PMP, C-CISO, S-CISO and many others. Jim has been invited to speak at Cyber Security conferences and events worldwide to include the NSA IA Symposium, Texas Technology Summit, CSfC Tech Day, TechNet Korea, Global CISO Forum, Cyber Bowl, Best Cyber Ranger, and many others. He was shortlisted as a finalist for Personality of the Year for the 2018, 2019, and 2020 Cyber Security Awards, and won in 2021. Jim was recently awarded the 2024 Cyber Leader of the Year award by Cyber First. West is also an award-winning author and writer. Jim’s “Cyber Security and Test Tips” eBook placed in the “100 Best Cyber Security Books of All Time” list by Bookauthority.org. For years he has developed and overseen IT and Cybersecurity strategy and solutions which solve complex problems for National Security systems and networks. West possesses a wide range of IT specialization to include systems integration, enterprise-wide and cloud security, network engineering, penetration testing, and more.
Quantum Computing is soon to become a major advancement for the world, but with this huge step forward in compute power comes a real and serious threat to security for everyone. Threats that we will face in our near future.
Mauro Eldritch
Bitso Quetzal Team Leader
Mauro Eldritch is an Uruguayan-Argentine hacker, founder of Birmingham Cyber Arms LTD and DC5411 (Argentina / Uruguay). He has spoken at various events, including DEF CON (10 times). He is passionate about Threat Intelligence and Biohacking.
Currently, he leads Bitso’s Quetzal Team, the first in Latin America dedicated to Web3 Threats Research.
What if the North Korean government stumbled upon your LinkedIn profile and decided to offer you a job interview? It’s more common than you think…
Kevin Cardwell
Cyber2 Labs
Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate at compromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways clients can mitigate or limit the impact of these weaknesses.
He spent 22 years in the U.S. Navy. He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations and Security Center (NOSC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOSC for six years. While there he created a Strategy and Training plan for the development of an expert team that took personnel with little or no experience and built them into expert team members for manning of the NOSC.
He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia and the UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, Advanced Penetration Testing for Highly Secured Environments 2nd Edition and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman and the Central Bank of Oman. He designed and implemented the custom security baseline for the Oman Airport Management Company (OAMC) airports. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices as well as applications. Additionally, he provides training and consultancy to the Oman CERT and the SOC team in monitoring and incident identification of intrusions and incidents within the Gulf region. He holds the CEH, ECSA. LPT, APT, CHFI and a number of other certifications.
Shattered Security: The Need for a Cybersecurity Overhaul
In the ever-evolving landscape of cybersecurity, organizations face unprecedented challenges. The current approaches have failed miserably!
I will underscore the urgency for a paradigm shift towards proactive resilience and detection. The increasing frequency and sophistication of cyber-attacks have exposed vulnerabilities in traditional reactive security measures. This emphasizes the need for a comprehensive overhaul that prioritizes the anticipation of threats and the implementation of robust defense mechanisms that deploy deception concepts.
The sad thing is, we are spending billions on products that are not going to fix this problem. It is time to stop the insanity! The presentation calls for a collaborative effort among industry stakeholders to foster a culture of security awareness and to invest in cutting-edge solutions that can adapt to the dynamic nature of cyber threats. By embracing proactive resilience and detection, organizations will not only protect their assets but also gain a competitive edge in an increasingly digital world.
We’ll move beyond reactive patching and the practice of chasing the latest vulnerability, instead focusing on strategies that anticipate and mitigate threats. This includes building robust detection and response capabilities, as well as employing deception techniques to mislead attackers and disrupt their operations using tried and true practices that offer solid results. By adopting a proactive, layered and multi-faceted approach, organizations can build resilience and emerge stronger in the face of the ever-evolving cyber threat landscape.
Georgia Weidman
Founder, Shevirah, Bulb Security
Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, mentor, angel investor, and the author of Penetration Testing: A Hands-On Introduction to Hacking. Her work in the field of smartphone exploitation received a DARPA Cyber Fast Track grant and she has been featured internationally in print and on national television including ABC, BBC, Fox, NBC, and in the PBS documentary Roadtrip Nation: Life Hackers. She has presented and trained around the world including venues such as Black Hat, DEF CON, NSA, Oxford, RSA, and West Point.
Georgia founded Shevirah to create products for assessing and managing the risk of mobile devices in the enterprise and testing the effectiveness of enterprise mobility management solutions. She is also the founder of the security consulting firm Bulb Security.
She received the 2015 Women’s Society of CyberJutsu Pentest Ninja award and is a Professor at the University of Maryland Global Campus. She holds U.S. Patents #10,432,656 and #11,089,044 which are foundational to simulated phishing; as well as CISSP, Pentest+, and OSCP certifications. She has served as a subject matter expert with the CyberWatch Center’s National Visiting Committee, FTC’s Home Inspector IoT security challenge, and as a New America Cybersecurity Policy Fellow.
Mobility has disrupted the enterprise network on the scale that PCs disrupted mainframes. Yet most enterprises continue to approach security as if though there is still a hard perimeter with nothing but corporate-owned end points and apps. We look at practical solutions to this ubiquitous problem.
Lucas Teixeira Rocha
Oracle / University of Beira Interior
As a passionate full-stack web developer with a deep enthusiasm for technology, I have cultivated a diverse and extensive skill set in software development, contributing to a variety of projects across different industries. My technical expertise encompasses a wide spectrum of programming languages and solution platforms, making me adept at navigating complex technological landscapes.
Since embarking on my programming career in 2011, I have developed proficiency in an array of programming languages and frameworks. My repertoire includes JavaScript with its various frameworks and libraries (Express, NestJS, AdonisJS, loopback.io, React, Angular), C# with .NET Core, PHP with popular frameworks (Laravel, Symfony, Yii), Python using Flask, and Java with Spring. This broad skill set enables me to effectively tackle unique project requirements, ensuring that each solution I deliver is not only tailored to specific needs but also upholds the highest standards of quality and innovation. My commitment to each project goes beyond just meeting specifications; it’s about creating solutions that drive progress and make a meaningful impact.
- Get introduced on my Open-Source Laravel localization project and what made it to achieve 1M+ downloads.
- Learn about the experience of being a Open Source package maintainer, get advised (dos and don’ts).
- End the presentation inspired to do the same I did (or even better).
Darius Davis
Southside CHI Solutions
Darius J Davis is a Senior Security Engineer at CircleCI and the leader of Southside CHI Solutions, where he enhances the security of small businesses on the southside of Chicago. With a comprehensive background in system administration and product engineering, Darius has built and secured large-scale systems, specializing in cloud security, IAM, and incident response. As a security engineer, he is committed to educating the public on IT security risks. He has spoken at both major conferences like BITCON and smaller, local events in Chicago. Follow his insights on YouTube and TikTok at @talkingtechwithd.
Imagine the water you drink, cook with, and bathe in being at risk due to cyber threats. This talk dives into the challenges faced by water facilities and how they mirror those in other sectors. We’ll explore real-world incidents and provide actionable solutions to protect our essential resources.
Inna Vasilyeva
Senior Threat Intel Analyst & Reverse Engineer, HUMAN Security
Inna Vasilyeva is a Senior Threat Intel Analyst and Reverse Engineer at HUMAN Security. She has worked in advanced cyber intelligence analysis, reverse engineering, malware analysis and ethical hacking for the last 13+ years. Inna also actively tracks cybercrime and dark web activity including targeted malware. She has spoken at many worldwide conferences such as DEFCON, Black Hat US, Botconf, DCC, Underground Economy, FIRST, including winning or placing in multiple hacking competitions. In her time at HUMAN, Inna has contributed to a number of disruptions and takedowns, including the PARETO, Scylla, VASTFLUX and BADBOX/PEACHPIT operations.
Demystify how malware infiltrates your device, disguises itself as legitimate apps and leverages social engineering techniques. While exploring basic techniques to analyze the app’s code and how malicious apps behave when running.
Georgios Diamantopoulos
Zero to MVP
As an engineer, Georgios prides himself for being pragmatic and a generalist – engineering at its best is meant to bring an intention to life. To build a system that fulfills specific requirements over time. With over 12 years of experience working with or for startup organizations, he really knows what it takes to kickstart a project without sacrificing long-term goals like maintainability or scalability. Since he co-founded Zero to MVP in 2019, Georgios and his team have built over 25 systems that can pivot and scale.
Human and machine: the impact of living a tech-native life
I got my first computer when I was 11. After 29 years of 8+ hours/day of sitting, a journey through several fitness systems, a live dissection and my fair share of challenges, I am beginning to understand the impact.
“How can I invest in a lifetime of ability, free of pain and injuries?”
This is the question we’ll begin to unfold in this presentation. Drawing from anatomy, scientific research and my own practice, we’ll cover:
- The direct and long-term effects of sitting to our bodies
- Important but less popular truths about posture and ergonomics
- Practical ways to get started, from the moment you leave the room
Dr. Chuck Easttom, M.Ed., MBA, MS, MSSE, Ph.D2., D.Sc.
Scientist, Author, Professor
Dr. Chuck Easttom is currently in his own consulting practice both consulting and conducting research. He is also an adjunct lecturer at Georgetown University, adjunct professor at Vanderbilt University, and an adjunct professor at University of Dallas. He is the author of 43 books, including several on computer security, forensics, and cryptography. His books are used at over 60 universities. He has also authored scientific papers (over 70 so far) on digital forensics, machine learning/AI, cyber warfare, cryptography, bio-engineering, and applied mathematics. He is an inventor with 26 computer science patents. He holds a Doctor of Science (D.Sc.) in cyber security (dissertation topic: “A Comparative Study of Lattice Based Algorithms for Post Quantum Computing”) and a Ph.D. in Technology focused on nanotechnology (dissertation topic:“The Effects of Complexity on Carbon Nanotube Failures”), and a Ph.D. in computer science with emphasis on applied mathematics (dissertation topic “A Systematic Framework for Network Forensics Using Graph Theory”), as well as four master’s degrees (one in applied computer science, one in education, one in strategic and defense studies, and one in systems engineering).. He is a Senior Member of the IEEE and a Senior Member of the ACM as well as a member of IACR (International Association of Cryptological Research)a member of APS (American Physical Society), and INCOSE (International Council on Systems Engineering). He is also a Distinguished Speaker of the ACM (Association of Computing Machinery). and a Distinguished Visitor of the IEEE Computer Society, and a frequent speaker at conferences. He also currently holds 80 industry certifications (CISSP, CASP, CEH, etc.) He is a member of IEEE Software & Systems Engineering Standards Committee. Worked on the DevOps 2675 IEEE standards group 2017 to 2019 and currently a member of the IEEE Engineering in Medicine and Biology Standards Committee Standard for a Unified Terminology for Brain-Computer Interfaces P2731. He is also Vice Chair of IEEE P23026 – Systems and Software Engineering — Engineering and Management of Websites for Systems, Software, and Services Information. Chair of IEEE P3123 Standard for Artificial Intelligence and Machine Learning (AI/ML) Terminology and Data Formats. He frequently serves as an expert witness in computer related court cases. You can get more details at www.ChuckEasttom.com
AI including large language models has already been used by terrorists as well as cyber attackers and even child predators. And all current data suggests this will increase dramatically in coming years.
Allie Hunter
Cybersecurity Awareness Strategist | Author | Advisory Board Member
Allie Hunter is a Cybersecurity Awareness Manager and Advisory Board Member with experience in promoting cybersecurity best practices and awareness. She is dedicated to ensuring organizations understand and implement effective cybersecurity measures. Allie also volunteers as a Marketing Manager/Moderator for Fireside Chat with IT/Cyber Leaders and contributes to quality assurance initiatives with Women in Technology (WIT). Her diverse educational background includes degrees and certificates in Marketing Management, Fine Arts, and Psychology, along with IT and Cybersecurity from Kennesaw State University, College of Coastal Georgia and Emory University.
Learn how to revolutionize your cybersecurity awareness training with Allie Hunter’s groundbreaking “Hunter Method.” Utilizing relatable stories, employees become captivated while internalizing crucial lessons needed to protect themselves, their families, the organization and its customers.
Pallavi Deshmukh
Cloud Security Manager, Coupa Software
Pallavi is working as a Cloud Security Manager with over 14 years of experience, excelling in managing cloud security teams and passionate about penetration testing. As a dedicated advocate for application security and accomplished security researcher, Pallavi’s expertise extends to diverse domains, making her a valuable asset in fighting cyber threats. Her commitment to cybersecurity and pioneering work as a woman in application security promise to ignite lively discussions at the conference. Presented for the VulnCon conference.
Web apps often utilize template systems FreeMarker for embedding dynamic content. However, unsafely embedding user input can lead to Template Injection vulnerabilities. This paper explores an issue discovered in the Alfresco Community Edition, allowing attackers to perform SSTI, resulting in RCE.
Andrea Amico
Privacy4Cars
Andrea Amico’s 1000+ media mentions (TV, radio, podcasts, articles) and his signature blue hair make him one of the most recognizable and vocal experts on vehicle privacy and security. As the founder & CEO of Privacy4Cars, the first privacy-tech focused on automotive, Andrea brings a hacker mindset to the auto industry: disclosing vulnerabilities, authoring novel research, and creating solutions that are redefining the role of privacy for cars. He holds several patents, including for AutoCleared; a mobile tool used in 1,500,000+ vehicles to efficiently manage, execute, and log the deletion of Personal Information from cars. His https://VehiclePrivacyReport.com is a first-of-its-kind privacy disclosure tool that consumers can use to learn what their car collects, shares, and sells, and how to take action to reduce your vehicle’s data footprint: with manufacturers, auto finance companies, insurance companies, and more.
Cybersecurity podcast host and book author Carey Parker of Firewalls Don’t Stop Dragons and vehicle privacy expert Andrea Amico of Privacy4Cars get together by that dumpster fire that is vehicle privacy. They’ll share their stories and knowledge. You’ll never look at a car the same way again.
Ben Halpert
Ben Halpert is a man on a mission: to educate and empower today’s digital citizens in the workplace, at schools, and at home.
By day, he is the CSO at The Cyber Health Company providing individuals cybersecurity, online privacy, and digital hygiene services with 24/7 human support.
By night, he champions cyber ethics education throughout society via the 501(c)3 nonprofit Savvy Cyber Kids he founded in 2007.
Ben enjoys being on boards of organizations looking to enhance value and organizational resilience for the stakeholders they serve.
Ben is honored to speak and keynote at conferences and events worldwide. He has presented at the World Economic Forum, NACD directorship training, RSA Security Conference, GISEC Global, InfoSec World, SecureWorld, Cyber Future Foundation, IEEE, ACM, CSO50, CIO/CISO Summits and many other events over his career.
Ben was invited to present at TEDxKids@Vilnius (Raising Savvy Cyber Kids) and TEDxSaintThomas (Technology addiction and what you can do about it).
Based on his early research and experience in the then emerging field of Cloud Computing, Ben was invited to publish Auditing Cloud Computing: A Security and Privacy Guide through John Wiley & Sons. Ben was a contributing author to Readings and Cases in the Management of Information Security and the Encyclopedia of Information Ethics & Security, wrote the security column for Mobile Enterprise Magazine and has contributed to seven NIST special publications.
Through Savvy Cyber Kids, Ben provides cyber ethics educational and awareness sessions for parents, teachers, and students from preschool through high school. Ben is the award-winning author of The Savvy Cyber Kids at Home children’s book series (The Family Gets a Computer, The Defeat of the Cyber Bully, and Adventures Beyond the Screen).
As a trusted voice on a variety of cyber security issues, Ben has made numerous TV and radio appearances and has been featured in newspapers and magazines such as The New York Times, Wired, Bloomberg, BBC, Kiplinger, Good Morning America, Good Day Atlanta, CNN HLN, Fox News, RogersTV, RTVI, 11 Alive, WSB-TV, among others.
Learn how to revolutionize your cybersecurity awareness training with Allie Hunter’s groundbreaking “Hunter Method.” Utilizing relatable stories, employees become captivated while internalizing crucial lessons needed to protect themselves, their families, the organization and its customers.
Alexandre Horvath
CISO at Cryptix AG
Alexandre Horvath has over 20 years of experience in multinational organizations on a global level. A motivator, innovator, leader, and security enthusiast, he has solid knowledge of privacy, data protection, and cybersecurity. He has successfully managed international cross-functional teams and major IT security and risk programs. He has over a decade of strategic, operational, and project management leadership expertise in IT security and risk management. Alexandre specializes in service management, risk remediation, and delivery of global projects. In his role as a leader, he manages the triangle of cost, quality, and speed to market while considering strategy as well as emerging security needs.
On their 1st day, a deepfake remote hire will steal your secrets, plans, data, and install ransomware.
This expensive and soon-to-be widespread scam is designed to fool interviewers into believing that a “electronic caricature” is actually a highly qualified real candidate.
Himanshu Sharma
5ire
Himanshu Sharma, has been in the field of bug bounty since 2009 and has been listed in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many more with hall of fame listings as proofs. He was a speaker Botconf ’13, held in Nantes, France, RSA 2018 held in Singapore. He also spoke at the IEEE Conference in California and Malaysia as well as for TedX. Currently, he is the co-founder of BugsBounty, and consults various businesses . He also authored multiple books titled “Kali Linux – An Ethical Hacker’s Cookbook”, ” Hands-On Red Team Tactics” and others.
This talk covers how modern endpoint protection solutions like EDRs and XDRs detect malware with static, dynamic and behavioral analysis and then dives deep into our novel techniques used to bypass such solutions during real world red team engagements in sophisticated corporate IT ecosystems.
Carey Parker
Founder & CEO at Privacy4Cars
Carey Parker is an author, podcast host, speaker and retired software engineer. Carey’s early interests in computers and electronics culminated in a masters degree in Electrical Engineering from Purdue University and a 28-year career in software engineering. After working for large and small telecom firms, Carey retired from the rat race in 2020. Deeply disturbed by the Snowden revelations, Carey wrote a comprehensive book on cybersecurity and privacy aimed squarely at non-technical readers. Now in it’s 5th edition, the book Firewalls Don’t Stop Dragons spawned a successful podcast of the same name, which combines important cyber news with interviews of security and privacy experts. In retirement, Carey’s mission is teaching everyday people how to defend their digital devices and protect their personal data.
Cybersecurity podcast host and book author Carey Parker of Firewalls Don’t Stop Dragons and vehicle privacy expert Andrea Amico of Privacy4Cars get together by that dumpster fire that is vehicle privacy. They’ll share their stories and knowledge. You’ll never look at a car the same way again.
Omkar Joshi
Lead Security Engineer, Coupa Software
- More than 11 years of experience in Security domain especially Pentest, Application Security, Forensics Investigation
- Currently Leading OffSec team @ Coupa Software
- Passionate Red teamer, Security researcher
- Reported multiple vulnerabilities in products, applications and acknowledged with CVE’s
- Holds prestigious certifications that testify to his expertise and commitment to the cybersecurity industry, including Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO) and much more.
- Presented across conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon
Web apps often utilize template systems FreeMarker for embedding dynamic content. However, unsafely embedding user input can lead to Template Injection vulnerabilities. This paper explores an issue discovered in the Alfresco Community Edition, allowing attackers to perform SSTI, resulting in RCE.
Wayne Burke
Vice President Co-Founder at Cyber2 Labs LLC
Wayne Burke is internationally recognized for his commitment and work experience, achievements and contributions to the IT and Cyber Security Industry. Currently specializing in many offensive and defensive Ai technologies for Robotics such as Drones, building and managing new high-tech security tools, custom hardware solutions for Bio-Medical products, Digital Forensics, Penetration Testing, Mobile Security and radio frequency using specialized SDR’s.
Wayne and team have delivered Security assessments, Penetration Test assignments and customized training for International Corporations and many Government Agencies such as: EPA, FAA, DOJ, DOE, DOD, Air Force, Army, Navy, Marines, FBI, NSA and many more USA Gov bodies.
In Europe: United Nations, NATO, Europol, MOD (Military of Defense UK) various EU Law Enforcement, Dutch Ministry of Defense, Ministry of Justice, local European Law Enforcement: UK, Ireland, Switzerland, Belgium, Holland, Denmark.
ASIA: Singapore Gov, Philippines’ Presidential Office, the Undersecretary, and Cyber Crime Police Specialist Unit. Jakarta, Tax Investigations Office. Various Malaysian Gov agencies. His experience in the public / defense sector is equally complemented by assignments undertaken for heavyweight world renowned corporations.
Imminently qualified in his field in that he holds a string of professional qualifications in Networking to name a few (MCT, MCSE, Cisco, Network+) and Cyber Security (CPENT, CEH Master, ECSA, CPTS, LPT, CHFI, CTIA, CSA, Security+ and CCE) besides a bachelor’s degree in science.
Navigating the Double-Edged Sword: The Risks and Benefits of AI/ML in Computer Security
In 2024, Artificial Intelligence (AI) stands as a pivotal technology in the realm of computer security, presenting both unparalleled benefits and significant risks. This presentation will delve into how AI is transforming security practices, enhancing threat detection, and automating responses to cyber threats. We will explore the advanced capabilities AI brings to predictive analytics, allowing for proactive defense strategies against emerging threats.
However, the integration of AI in cybersecurity also introduces new vulnerabilities. Malicious actors are increasingly leveraging AI to create sophisticated attacks, including automated phishing schemes and AI-driven malware that can adapt and evolve. The presentation will discuss the potential for AI to be used in adversarial attacks, where attackers manipulate AI systems to bypass security measures.
Moreover, ethical considerations and the need for robust AI governance frameworks will be highlighted, emphasizing the importance of ensuring AI systems are transparent, accountable, and secure. We will also examine case studies of AI-driven security in action and the lessons learned from their implementation.
By balancing the discussion on both the promise and peril of AI in cybersecurity, this presentation aims to provide a comprehensive understanding of how to harness AI’s potential while mitigating its risks, ensuring a secure digital future.
Keith Turpin
The Friedkin Group
Chief Information Security Officer (CISO) at The Friedkin Group, a multibillion-dollar international consortium of automotive, hospitality, entertainment, sports, and adventure companies.
Recent accomplishments while leading cyber security at The Friedkin Group:
- 2024 Orbie Award – Houston Large Enterprise CISO of the Year
- 2023 Forbes 20 Best Security Programs in the U.S.
- 2023 CSO Online CSO50 Award
- 2023 Cyber Defense Magazine Top 100 CISOs
Former Chief Information Security Officer (CISO) and Head of Global Infrastructure at Universal Weather and Aviation, an international aviation logistics company operating more than 50 locations in 20 countries.
Former Technical Fellow at The Boeing Company leading:
- International IT Security Operations
- Supply Chain Security
- Enterprise IT Risk
- Software Security
Former U.S. delegate to the International Standards Organization’s (ISO) Cyber Security Sub-Committee
Former OWASP Global Projects Committee Member
Former Transportation Sector Chief for the Houston FBI InfraGard program
Graduate of the FBI CISO Academy at Quantico
BS in Mechanical Engineer and MS in Computer Systems
Doing your job is not the same as managing your career. Your job is what you do today, but your career is what you will be doing 5 years from now. Getting what you want in the future is about laying down the right ground work for success today. Find out what that means in this candid conversation.
Tom Updegrove
Internetwork Service LLC
I cut my teeth on a Tandy Coco, made toast with a Commodore Amiga 2500 in the 80′. Became a Microsoft Systems Engineer & Cisco Network Associate in the 2000′. If I am not researching the trend in Cyber you will find me in the park doing Tai Chi or at Martial Posture the Martial Arts school I founded slugging it out with my Amigos. Self Defense has many levels.
In this presentation, we explore the integration of shellGPT, an advanced AI model, into ethical hacking practices. As cyber threats evolve, so must our tools and methodologies. We’ll demonstrate how shellGPT can be utilized in various stages of ethical hacking
Todd Renner
FTI Consulting
Mr. Renner is a senior cybersecurity expert with more than 25 years of experience leading complex global investigations, cyber intrusion response, digital asset tracing, cryptocurrency theft recovery, preparedness and crisis management. Mr. Renner advises clients on cybersecurity and data privacy topics including third-party risks, insider threats, counterintelligence risks, forensic investigations, cross-segment risk management, cyber fraud protection, regulatory compliance including CFIUS and NYDFS, assessorships and monitorships, and international cyber incidents. He leverages a technical background and strategic perspective when dealing with complex cyber challenges and the associated risks businesses are facing.
Prior to joining FTI Consulting, Mr. Renner was a Federal Bureau of Investigation (FBI) Supervisory Special Agent, leading high-profile international cyber investigations that resulted in increased corporate protection, risk mitigation, prevention techniques, and actor attribution.
While at the FBI, Mr. Renner advised victims of cyber events, from informing corporate board rooms and C-Suites on cyber risk to handling ransomware, business email compromise, advanced persistent threats (APT), cryptocurrency thefts, counterintelligence threats, and other investigations. In recent years, Mr. Renner led multiple efforts to successfully recover over $100 million in stolen proceeds from cyber criminals.
Mr. Renner served in a diplomatic role as an FBI Supervisor in the United Kingdom, working daily with the UK’s‚ National Cyber Security Centre and Ireland’s‚ National Cyber Security Center. He was directly responsible for increasing global collaboration between industry and government partners, leveraging his extensive international operations experience, and applying geo-political visibility to ongoing cyber events.
Mr. Renner also served in a leadership role at the National Security Agency (NSA), leading enterprise-wide national security cyber operations. He led collaborative efforts across business units and field offices to develop and implement technical solutions to prevent, protect, and defend against some of the world’s‚ most advanced threats.
A highly decorated cybersecurity expert, Mr. Renner has been awarded multiple awards for his contributions to the cybersecurity community, including the FBI Director’s Award and the Director of National Intelligence Meritorious Unit award. Mr. Renner was selected as a member and supervisor of the FBI’s Cyber Action Team (CAT), a team of forensically trained cyber experts who deploy globally for incident response and threat hunting during the most critical cyber incidents, on behalf of the US government.
Mr. Renner has been retained as a cybersecurity expert in various cases, providing his expertise in legal proceedings. He has authored multiple expert reports and has testified in federal court cases, sharing his opinion on the topics of digital forensics and the cybersecurity industry.
Mr. Renner is committed to improving the cyber security talent pipeline and giving back to the community. He served as an Adjunct Professor of Cybersecurity at Mercer University and created ongoing programs at the high school-level to promote STEM awareness, recruiting and training tomorrow’s cyber leaders.
Following a career as an FBI Agent, pursuing justice for those who were victimized by threat actors, the speaker will share his experiences of chasing threats from nation state and criminal actors to now, his work with companies facing a different threat: from litigation and regulatory actions.
Sergey Chubarov
Chubarov, Freelance
Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years’ experience on Microsoft technologies.
His day-to-day job is to help companies securely embrace cloud technologies.
He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, eCPTX, MCT Regional Lead, EC Council CEH, CPENT, LPT, CCSE, CEI, CREST CPSA, CRT and more.
Frequent speaker at local and international conferences like Global Azure, DEF CON, Black Hat Europe, Wild West Hackin’ Fest, Security BSides, Workplace Ninja, Midwest Management Summit, Hack in the Box etc.
Prefers live demos and cyberattacks simulations.
Session explores a world where security analysts have an AI-powered sidekick that not only assists but also enhances their capabilities.
Attendees will see how OpenAI, GPT-4 and Microsoft Copilot for Security empower security professionals to catch threats others miss and strengthen their expertise.
Justin Varner
Chief of Innovation @ RadZen Inc
Justin Varner is a seasoned and passionate security professional with over 18 years of experience in the industry across a variety of security domains and disciplines.
His career started as a cryptographer at NASA where he spent time redesigning the cryptographic messaging system used to communicate from the mission control center to the International Space Station. During a focused and driven career, he has had the opportunity to work across a multitude of different industries in various roles that have ranged from security architecture to offensive security to DevSecOps and everything in between.
His most recent endeavors have been focused on helping others improve their ability to rapidly detect breaches and generally bolster their overall security posture with simple and pragmatic means and methods.
Justin embraces any opportunity to teach fundamental security concepts to those who need help but have no idea where to look, and he prides himself on being able to break down and articulate complex topics in a fun, interesting, and engaging manner that appeals to people from all backgrounds.
Breaches continue happening at unprecedented levels with huge financial impact to the global economy year after year.
This talk discusses a different way of thinking about breach detection that is intended to improve alert fidelity, reduce time-to-detection, and mitigate the impact of a breach.
Andrew Amaro
klavansecurity.com
Andrew is a highly skilled engineer and a former member of the Canadian Armed Forces.
With close to 20 years of experience in security and threat intelligence, he has an impressive track record.
As a former Technical Operations Agent and Senior Manager of the Counter Terrorism\Proliferation Technology Group at the Canadian Security Intelligence Service (CSIS), Andrew continued to excel in his security career at the National Head Quarters (NHQ) and the Ottawa Regional office.
He has a wealth of experience leading and coordinating technical teams on data exploitation, physical access, online anonymity, and digital surveillance operations, in support of Canadian national security investigations.
In 2019, Andrew transitioned to the private sector, where he specializes in social engineering, dark web navigation, online privacy, risk management, and cyber attack incident response planning.
Andrew is a seasoned physical and cyber security operator, advisor, and consultant. He has recently collaborated with other industry experts from the Intelligence and Cyber Security community to establish Klavan.
*CSIS (Canadian Security Intelligence Service)
*Physical access includes: Perimeter breach and TSCM assessments (Technical Surveillance Countermeasures)
Step into cyber warfare’s shadows with firsthand intelligence insights. Explore critical infrastructure’s vulnerability and strategic cyber attack maneuvers. Together, let’s fortify defenses and shape a safer digital future.
Jeremy Straub
North Dakota State University
Jeremy Straub is the director of the North Dakota State University Cybersecurity Institute and an Associate Professor in the North Dakota State University Computer Science Department. His research spans a continuum from autonomous technology development to technology commercialization to asking questions of technology use ethics and national and international policy. He has published more than 60 articles in academic journals and more than 100 peer-reviewed conference papers. Straub serves on multiple editorial boards and conference committees. He is also lead inventor on two U.S. patents and a member of multiple technical societies.
Autonomous cyber attack and defense capabilities were science fiction and are now very real threats and weapons in the next generation of cyber (and conventional) warfare. This talk discusses the state of these capabilities and how explainable AI and the cyber kill chain concept can enable them.
Len Noe
CyberArk Technical Evangelist
Len Noe, a Technical Evangelist, White Hat Hacker, and Transhuman at CyberArk Software, is a dynamic and influential speaker on the international security circuit. With an impressive track record of delivering impactful presentations in over 50 countries and at renowned security conferences worldwide, Noe’s expertise leaves a lasting impression. Notably, he has graced the stage at the prestigious World Conference in The Hague, C.E.R.T. EU, and has been invited to address multiple governments.
Len is the author of Human Hacked: My life and lessons as the worlds first augmented ethical hacker. With his first book Len exposes the subculture of Transhumans and the capabilities available to this new breed of human, along with the cyber security risks they pose.
Len is a co-host of the Cyber Cognition Podcast and a thought leader in the field of Transhumanism. With his upcoming book, he shares a captivating narrative of his personal evolution, solidifying his position as one of the world’s foremost authorities in this transformative movement. As a futurist, Len’s insights and expertise are highly sought after.
Len’s passion for the Transhuman/Human+ movement is unparalleled, and he actively employs microchip implants to pioneer advancements in cyber security and enhance the human experience. His groundbreaking research has garnered global recognition, appearing in multiple global news outlets, while his regular appearances on top-tier security podcasts showcase his ongoing contributions to the field.
With a rich history as a Black/Grey Hat Hacker, Noe’s extensive practical experience has shaped his skills. Over the course of 30 years, he has honed his expertise in web development, system engineering/administration, architecture, and coding. For the past ten years, Len has devoted his focus to information security from an attacker’s perspective Actively engaging with the Texas information security communities and organizations like the Autism Society, Len continuously demonstrates his commitment to making a positive impact beyond the realm of technology.
Transhumans, individuals enhanced with technological augmentations, are no longer just a concept from science fiction—they exist and walk among us today. Historically, these individuals have been perceived either from a medical standpoint, with enhancements designed to aid those with disabilities, or as full cyborgs, a notion confined to the realms of speculative fiction. However, with the advent of Brain-Computer Interfaces (BCI), SMART technologies, and consumer products, the boundary between the physical and biological is rapidly disappearing, transforming the landscape of human capability and interaction.
Today’s headlines increasingly reflect scenarios reminiscent of science fiction movies, highlighting the profound implications of these advancements for cybersecurity. Augmented humans, with their integrated technological enhancements, pose a significant cyber threat to modern security controls. These transhumans can perform sophisticated cyber attacks such as URL redirections, phishing, smishing, and even man-in-the-middle (MiTM) attacks, all executed from technology embedded beneath their skin. The integration of such advanced tech within the human body renders traditional security measures inadequate, necessitating a rethinking of our defensive strategies.
We are living in a future world today, and it is crucial to recognize and acknowledge this reality to ensure our security. The presence of transhumans necessitates a paradigm shift in our approach to cybersecurity, calling for the development of new strategies and technologies to defend against the unique and evolving threats they present. This presentation aims to illuminate with multiple demonstrations including implant initiated MiTM attacks, Phishing, Smishing, and full automated Linux attacks. The expanding landscape of cyber threats posed by transhumans is a real. The urgent need for complimentary and layered security solutions to safeguard our society in this new era of human evolution is already here.
Brad Dixon
Principal Information Security Consultant at ivision
Brad Dixon is a principal consultant in cybersecurity at ivision. His primary practice areas are IoT, embedded, Linux systems, threat modeling, and web applications. As a secondary focus he is a software developer responsible for creating REST API test automation tools and production tools used on all ivision engagements. He is a two time DEF CON presenter (2016, 2019) most recently for his work on how to cheat at the Zwift virtual cycling application.
They Tried to Halt Us… But it Didn’t Work
So, why aren’t all the hackers halted? Lots of reasons, but there is one word which makes the all difference. Know what it is? We’ve learned a lot from our experiences performing adversarial testing of networks, applications, and devices and want to share the techniques that worked and the lessons you can learn from them. You’ll get some practical advice on what you can do to better defend your organization and maybe next time you’ll be the one halting the hackers.
Laura Samsó Pericón
Researcher bridging the gap between Drones and Cyber
Laura Samsó Pericón is a researcher bridging the gap between Cyber and Drone technology. She is a subject matter expert with 15+ years of civil-defense international experience in the fields of Earth Observation and Cyber areas. Her background is Electronics and Aerospace and Science Technology marinated with sports and nonprofit activities. She defines herself as “curiosity hungry” and with an entrepreneur mindset, ready to explore the world and co create.
Hacking the AI: Can you trust the decision making process?
Artificial Intelligence (AI) synergy with decision making processes is growing across commercial and military applications; and the moment when machines will surpass human intelligence is getting closer.
Events such black swans together with a combination of digitalization, AI, cyberwarfare and other exponential technologies could proliferate and accelerate the adoption of new concepts and technologies creating new dystopian horizons.
An example of this are System of Systems in the uncrewed vehicle’s realm, the so-called Manned-Unmanned Teaming (MUM-T). This is reshaping cross-domain systems, missions, and decisions and how wars are fought.
Autonomy is propelling those interconnected systems, while AI merges human-machine capabilities through AI-powered MUM-T decision making processes. As humans and machines collaborate more and more, new challenges such as trust and transparency issues in AI will rise. How to ensure a decision taken by Human-Machine is not result of hacking event? How AI supported decision making processes could be better trusted? The research delves into the challenges, vulnerabilities and new capabilities.
Gregory Carpenter
Chief Security Officer at KnowledgeBridge International
Gregory Carpenter is Chief Security Officer of KnowledgeBridge International. He manages corporate security including information technology, information security, and data and analytics solutions to a broad customer base.
Gregory is a Fellow at the Royal Society for the Arts and was selected the National Security Agency’s Operations Officer of the Year. He serves on the Board of Directors for ATNA Systems, is a Senior Advisor for ARIC, Inc., and formerly sat on the Board of Advisors for EC-Council University and the International Board of Advisors for the Mackenzie Institute.
He served 27 years in the military. Before joining KBI, Gregory served as Vice President for Cyber Operations of NSLT Consulting, Chief of Security Testing for Titania Solutions Group and Chief Operations Officer of PragmatikIO. Gregory also worked as the Counterintelligence Division Chief for the Army Research Labs and was Chief of Special Space Operations, Functional Team Lead for Electronic Warfare, and Chief of the Global Team at the National Security Agency.
Gregory holds a Bachelor of Science degree, a Master of Science degree, and a Doctorate in Public Health. He is a Certified Information Security Manager, LEAN Six Sigma Black Belt, and ISO-9000 lead auditor.
Navigating the Shadows: A Beginner’s Guide to the Dark Web
Curious about the dark web but unsure where to start? Scared of the doom and gloom stories? “Navigating the Shadows” is your gateway to understanding the hidden corners of the internet. This comprehensive workshop introduces newcomers to the dark web’s landscape, exploring its diverse content and the tools required to access it safely. Using a free Linux distribution and essential software, you’ll learn how to browse securely while gaining insights into this often-misunderstood part of the web. Bring a thumb drive and join us for a hands-on experience that demystifies the dark web and equips you with the knowledge to safely explore with confidence.
Brian Nmezi
Director, Cyber Security at Beyond, Inc.
Brian Nmezi is a highly accomplished cybersecurity professional with a proven track record of leadership and expertise in securing critical infrastructures.
Throughout his career, Brian has held pivotal roles in prominent organizations, driving security operations, engineering, and risk management initiatives.
His educational background in computer science combined with advanced studies in cyber security and a comprehensive array of certifications underscores his dedication to maintaining the highest standards of information security and compliance.
He is excited to deliver this talk with Justin at Hacker Halted to highlight real-world examples where deception technology provided valuable insight into adversarial behavior as it was happening that allowed him to quickly engage his defenders to mitigate the impact of a breach and protect the organization from catastrophe
Breaches continue happening at unprecedented levels with huge financial impact to the global economy year after year.
This talk discusses a different way of thinking about breach detection that is intended to improve alert fidelity, reduce time-to-detection, and mitigate the impact of a breach.
Paige Needling
President and CEO of Needling Worldwide LLC
Erdal Ozkaya
Chief Cybersecurity Strategist – Group CISO at MAVeCap
With an impressive tenure exceeding over 25 years in IT and security, Dr. Erdal Ozkaya is a distinguished figure in the global cybersecurity landscape, dedicated to defending organizations from virtual perils.
Serving as the CISO for MAVeCap, a Venture Capital firm that invests in and fosters cutting-edge concepts, including cybersecurity advancements, Dr. Ozkaya is at the vanguard, crafting cybersecurity strategies and guiding the information security risk management for a portfolio of 15 companies.
Dr. Ozkaya’s commitment extends across a spectrum of revered cybersecurity forums and scholastic bodies, where he contributes his expertise as a board member, consultant, educator, and author.
Equipped with a doctoral degree in information technology and esteemed credentials such as CCISO and MCSE, Dr. Ozkaya is zealous about navigating cybersecurity quandaries and propelling digital innovation across the corporate realm and society at large.
His extraordinary leadership and acumen have not gone unnoticed, garnering recognition as a top 50 tech luminary by IDC and CIO Online, and earning the prestigious title of Global Cybersecurity Influencer of the Year from the InfoSec Awards.
On their 1st day, a deepfake remote hire will steal your secrets, plans, data, and install ransomware.
This expensive and soon-to-be widespread scam is designed to fool interviewers into believing that a “electronic caricature” is actually a highly qualified real candidate.
Russ Ollis
Principal Solutions Engineer, Trend Micro
Russ Ollis is a Principal Solutions Engineer at Trend Micro, where he focuses on Security Operations and Cyber Risk. With more than 25 years of experience in Security and Information Technology, Russ has a proven track record in helping customers improve operational and cybersecurity outcomes through modernization, tool rationalization, and platform adoption.
Throughout his career, Russ has held a variety of roles in both public and private organizations and brings an interesting perspective to security operations and risk management. Russ has contributed to numerous industry panels and has held a variety of roles.
A veteran of the US Navy and father of three, Russ was an on-again, off-again student for many years while raising his family and working professionally, ultimately completing his under-grad at Limestone University. Russ holds a variety of industry certifications and, when time allows, is an adjunct professor in the NC Community College System.
Navigating the Evolution of Cybersecurity: AI’s Role in Securing Your Infrastructure from Past to Future
In the ever-evolving landscape of cybersecurity, staying ahead of threats is imperative. As we reflect on the past, embrace the present, and prepare for the future, the integration of artificial intelligence (AI) into security infrastructure has emerged as a disruptive technology in safeguarding digital assets. Join us at this exclusive event led by Trend Micro as we delve into the dynamic journey of AI’s impact on cybersecurity. From historical insights to current advancements and future projections, discover how AI is reshaping the defense mechanisms against cyber threats, fortifying your infrastructure, and empowering organizations to navigate the digital frontier with confidence.
Rahul Vashista
Offensive Security Consultant at Emirates NBD
At the forefront of cybersecurity at Emirates NBD, my role as an Offensive Security Consultant is underpinned by a robust foundation in network security, cultivated through rigorous academics and hands-on challenges like the Dante and Rasta Pro Labs. Our team’s strategy hinges on proactive defense, leveraging cutting-edge research and red team assessments to fortify digital assets against evolving threats.
My technical prowess in computing is matched only by a commitment to continuous learning and improvement, evidenced by a suite of advanced certifications including CRTO. The analytical skills honed at NorthCap University and during previous tenure with Deloitte and the Government of India are critical in navigating the complexities of offensive cybersecurity, ensuring the safeguarding of critical infrastructures and client trust.
This talk covers how modern endpoint protection solutions like EDRs and XDRs detect malware with static, dynamic and behavioral analysis and then dives deep into our novel techniques used to bypass such solutions during real world red team engagements in sophisticated corporate IT ecosystems.
Chris Roberts
Deepfake Cyber Strategist at World Wide Technology
Chris has been in our industry since before its inception (the lack of hair helping to identify this). His most recent projects have been focused within the aerospace, deception, deepfake, identity, cryptography, AI/AdversarialAI, and services sectors. Over the years, he’s founded or worked with numerous organizations specializing in human research, data intelligence, transportation, cryptography, and deception technologies. These days he’s working on spreading risk, maturity, collaboration, and communication messaging across the industry. (Likely while coding his augmented EEG driven digital clone that’s monitoring his Internet usage, and tea and biscuit consumption!) When not working he can be found in Eureka, Missouri charging round the countryside on a mountain bike, or hunkered down with the kids experimenting on ways to take over the planet. From an observability perspective he’s large, hairy, often wears a kilt, and can be found on stage with a cuppa tea in hand trying to explain to audiences why they must ask more questions before clicking life’s big red button.
Steve Graham
SVP, EC-Council
Steven Graham serves as Senior Vice President of EC-Council | Global reporting directly to the CEO. Steve joined the company in 2005 as a strategic consultant and accepted a full-time position in 2006 tasked with building the North American business of the organization. Dissatisfied with traditional education deficiencies, Steven has focused on the use of technology in the transfer of knowledge and skills for 15+ years. Spanning his time at EC-Council, Steven has led the development of multiple divisions for the company including iClass (EC-Councils online learning division), iLabs (EC-Councils Education Technology/Cyber Range division), Academia (EC-Council’s tailored education division for k-12, 2 and 4 year institutions), as well as EC-Councils US Government business units serving our armed forces. Steven regularly serves on various boards and committees dedicated to the development of the cyber security profession and is passionate about the use of advanced technologies in the classroom and in support of the continuous development of tactical cyber security skills. Steve is an active member of a variety of committees within EC-Council including the Executive Committee (EXCO) responsible for top executive leadership and direction for the global organization, EC-Council’s management committee, Product Council, Security Council, Technology Council, and the Academia Leadership Committee. Steve’s most notable achievements at EC-Council include the listing of three certifications from EC-Council into Department of Defense Directive 8570/8140, Mapping of programs to over 300 Job roles spanning the US NAVY, US ARMY, US AIR FORCE, and US MARINE CORPS. Steve also led the development of EC-Council’s Academia division resulting in the successful publication of nearly 40 books in cyber security currently used at more than 3,000 partner schools including community colleges, 2, and 4 year institutions including a variety of large US Academic brands and their accredited degree programs. Academia currently influences the education of over 60 thousand students each year in North America. Lastly, Steve was a key strategist in the concept and strategic development of a fully asynchronous Cyber Range solution that has influenced hands-on training capability for cyber security students across the globe and led to EC-Council’s current Performance Based Training and Performance Based assessment platforms. This asynchronous cyber environment has had over 1,000,000 unique launches since its initial launch and has been the cornerstone for training and education programs across the globe utilizing EC-Council content. Steve resides in Tampa, Florida and in his off-time is an avid fisherman, master’s level classical and flamenco guitarist, husband, and father of four young children.