SCHEDULE

Speaker and talk overview appear below the schedule (in order by first name).

7:30AM Doors Open

8:30AM Opening Remarks

8:40AM Keynote: Heath Adams

9:20AM Break

9:30AM Track 1 ("Black Building")

Adam Anderson

Crossing the Sustainability Gap: What You're Doing Wrong in Security Awareness and How to Fix It

9:30AM Track 2 ("Ski Lodge")

David Branscome

"How did I miss that?" - Why SOC Analysts Might Overlook

10:15AM Break

10:25AM Track 1 ("Black Building")

Mark Schreiber

"Drones: A Converged Threat to Cyber and Physical Security Teams"

10:25AM Track 2 ("Ski Lodge")

Steven Cardinal

"Let's Talk About Risk, Baby!"

11:00AM Break

11:20AM Track 1 ("Black Building")

Tim Tomes (lanmaster53)

"{JWT}.{Misuse}.&Abuse"

11:20AM Track 2 ("Ski Lodge")

Juan Valencia

"Current State of our Threat Landscape"

NOON Lunch

1:00PM Track 1 ("Black Building")

Pentester Firing Squad

Heath Adams, Luke Kaputska, Michael Bryant, Mike Holcomb, Talib Usmani

1:00PM Track 2 ("Ski Lodge")

Barry Jones

"The Time I Accidentally Ended Up Combating Phishing and Fraud for a Year"

1:45PM Break

1:55PM Track 1 ("Black Building")

Michele Jordan

"Lessons Learned from the Radar Page"

1:55PM Track 2 ("Ski Lodge")

Tony Drake

"Incident Response for the Unprepared, Overwhelmed, Understaffed"

2:40PM Break

2:50PM Track 1 ("Black Building")

Chris Horner

"The Oldest Trick in the Book is Still the Best Trick in the Book"

2:50PM Track 2 ("Ski Lodge")

David Hyde-Volpe

"Transparent Proxies, Opaque Motives: A Case Study on current APT's BEC Operations"

3:30PM Break

3:40PM Track 1 ("Black Building")

Michael Lopez

"Hacking Made Easy: How AIs Outpace Human Exploit Developers"

3:40PM Track 2 ("Ski Lodge")

Aaron Hoffmann

"Grow Your Wings and SOAR: Getting Started with Automation for the SOC"

5:00PM After Party

TALK DETAILS

Aaron Hoffmann

"Grow Your Wings and SOAR: Getting Started with Automation for the SOC"

This talk will explore the potential of Security Orchestration, Automation, and Response (SOAR) platforms in enhancing the efficiency and effectiveness of Security Operations Centers (SOC). As the threat landscape continues to evolve and grow in complexity, the demand for fast and automated response is higher than ever. In response to this critical need, this talk will dive into the potential of automating routine tasks, streamlining workflows, and improving incident response times within a SOC environment.

The session will begin with an overview of the current SOC landscape, highlighting the challenges that impede efficiency and the significant role that automation can play in overcoming them. We will then delve into the basic concepts and implementation of SOAR platforms, providing real-life examples of their application and impact on SOC operations.

Our discussion's primary focus will be applying a possible maturity model for SOAR. This model provides a step-by-step pathway for incrementally enhancing SOC automation, starting from basic, reactive processes and evolving towards a proactive, predictive security posture.

We'll discuss key strategies for successfully traversing this maturity model, including establishing a culture of continuous improvement, prioritizing areas for automation, and nurturing necessary skill sets within the SOC team. Moreover, we'll also examine potential obstacles along the automation path and offer practical solutions to mitigate them.

By the end of the talk, attendees will have an understanding of how SOAR platforms, when guided by the SOAR maturity model, can revolutionize the way SOCs operate, paving the way towards improved security posture, increased efficiency, and enhanced resilience in the face of burgeoning cyber threats.

Aaron Hoffmann is an information security professional with eight years of experience building security teams and solutions for defenders. Aaron has worked across several industries including financial services, cloud computing, and retail and hospitality. Aaron specializes in developing content for SOAR platforms that enable security operations teams to automate their workloads. Aaron currently works for ReversingLabs as a SOAR Architect.

Adam Anderson

"Security Awareness"

Current state of the world:
Companies and organizations are currently experiencing far more cyber risk than ever before. In this crisis the most important tool we must reduce that risk is the cyber security professional (CSP).

While the CSP is key to cyber risk reduction, they are not the primary owner of risk or budget inside the organizations they serve. This means that the only way the CSP can effectively impact Risk is by working with other people inside the organization.

The vast majority of CSPs spend their time focused on the threats that cause risk and build up an array of skill sets to combat those threats. As such, the CSP are the primary source for the information the organizations they serve need to make good decisions.

Adam started life as a military brat in the air force, growing up in Germany and Florida. No, he doesn’t speak German anymore. Yes he can speak Floridian. He dropped out of the University of Utah after 96 credit Hours of downhill skiing, snowshoe camping, whitewater kayaking, rock climbing, and wilderness survival (Only got a B- on that one so trust, but verify in an emergency).

After saving the world from Y2K, Adam got into Cyber Security and has been in that world for 20 years. 15 years ago he launched his first of many companies. He has 14 failed companies (he calls these his non-profit work) and one successful exit. He currently has 5 companies in flight and raising a seed round for one of them.

Adam is the author of 4 books on cyber security and has given one TED talk on the subject.

Adam spent 3 years as the Entrepreneur in Residence at Clemson University’s MBA program and has developed a true love of helping other entrepreneurs get started or take the next step. He does this through working with incubators and accelerators, being a member of numerous entrepreneurial organizations, writing books, giving key notes, and coaching.

Adam has 20+ years of Cyber Security Experience, 15 years of Tech Entrepreneurship Experience, and a ton of lessons learned building 5 Cyber Security companies:

Successful, Multi-Million Exit (Palmetto Security Group)
Successful Funding and under professional Management (Hook Security)
Massive failure (Atlas Vault. BOOM! Writing Enterprise Software can be expensive!)
Cyber Research Firm (Element Security Group)
Psychological Security (PsySec)

It is completely appropriate to ask for his assistance when it comes to entrepreneurial relationships, cyber security, public speaking, puns, and the journey through start up, cashing in, selling out, and bro-ing down.

Barry Jones

"The Time I Accidentally Ended Up Combating Phishing and Fraud for a Year"

This is the entire story of the most intense year of my 20 year professional career. I was the sole developer hired by a company going through a circus-like ownership transition while criminals actively worked to defraud the 300,000 users of this 14 year old, high end marketplace.

We experienced late nights, numerous technical challenges, worked with abuse response teams, learned a lot of lessons about phishing and fraud, high emotions, death threats and at least one person lost a business that depended on the site. We built solutions to aggressively protect our users while simultaneously minimizing the disruption and annoyance to those same users was a unique challenge. The end result was the safest marketplace in the industry and it has remained so for the last 11 years.

Here’s the story from start to finish. Buckle up.

I'm a Fractional CTO Consultant as well as an advocate and professional instructor for DMARC, Anti-Phishing, PostgreSQL, Ruby on Rails, Elixir, SAFe and Gitlab with over 20 years industry experience.

In 2012 I unintentionally spent a full year designing and building techniques to protect the 300,000 users of a niche online marketplace against constant phishing and fraud in what was by far the most intense year of my entire career. Following this experience I've been able to share my work at M3AAWG in Atlanta, the Anti-Phishing Working Group's eCrime Summit in San Diego and spent 3 years immersed in the world of email security as the Director of Software for dmarcian.

These experiences showed me that I was able to have a unique perspective on the attack patterns of many criminals by implementing solutions as a reasonably small company, while most larger companies would observe these behaviors across different departments. Sharing what I've learned to protect people is my passion.

Chris Furtick

"Hacking Your Career with AI"

How to win friends, influence people and convey risk using ChatGPT. In this talk we’ll explore how leveraging artificial intelligence can assist cybersecurity professionals, land of new job, write reports that are meaningful and ultimately explain risk to business leaders.

Chris is a proven leader with a consultative voice that bridges the gap between technology and business outcomes. Technically proficient information security leader with experience advising C-level executives and technical engineers alike in fundamental and advanced information security tactics and strategies.

Chris Horner

"The Oldest Trick in the Book is Still the Best Trick in the Book"

People inherently are not stupid so why do smart people fall for social engineering tactics? The majority of breaches start with a social engineering component, so it's important to understand the psychology behind why these attacks are successful. As security practitioners, let's also go beyond the obvious phishing emails and give our clients high quality assessments that will prepare them for what they're going to see in a real world attack. This talk will discuss why social engineering tactics often work, ways to level up the tests we give to our clients, and how to protect ourselves, our family, our friends, and our clients to recognize and short circuit these kinds of attacks.

I am a Security Engineer with Triaxiom Security in Charlotte, NC and work on pentest and social engineering assignments. I have over 20 years of public speaking experience to audiences of all sizes.

David Hyde-Volpe

"Transparent Proxies, Opaque Motives: A Case Study on current APT's BEC Operations"

This is a cybercrime story time that will highlight a very common MFA bypass technique that many IT professionals, we spoke with, didn't know was possible.

In a recent cybersecurity investigation, we unearthed a compromise within a client's Microsoft Azure ecosystem. The threat actors had leveraged the client's Azure Subscription, deploying a robust network of virtual desktops supplemented by essential infrastructure. These virtual setups spanned across four distinct Azure regions worldwide and demonstrated reasonable technical sophistication combined with clean operational security. After successfully ousting the intruders, we proceeded with an analysis of their illicit activities. The perpetrators, about ten persons, represented a small group of a larger, organized cybercrime group.

David Hyde-Volpe is the CTO and Principal Engineer for the Vizius Group, bringing his strengths in secure coding, statistical modeling, penetration testing, and security architecture to the team.

David Branscome

""How did I miss that?" - Why SOC Analysts Might Overlook Evidence in a Threat Investigation"

Threat investigation can be a tiring task, but at the same time, it has significant impact on the organization. This is often reflected in the burnout rate of threat analysts in the SOC. The complexity of modern attacks also makes it likely that SOC analysts will miss details that are critical to their investigations. Why does this happen, though? How can your organization reduce the likelihood of it happening? In this session, we'll look at the reasons why people frequently draw incorrect conclusions, and the negative impact this has on your customer's threat investigations. This discussion will help you understand ways to automate investigations, but it can also provide talking points for you to help your SOC managers better train their people in threat hunting.

David is a Global Partner Solutions Architect for Security, Compliance and Identity at Microsoft. In this role, David is responsible for training and supporting Microsoft partners on the latest security compliance and identity solutions, including Microsoft 365, Azure and Windows.

Juan Valencia

"Current State of our Threat Landscape"

In its 16th year of publication, Verizon's Data Breach Investigations Report is the de-facto global authority on today's threat landscape. With data from almost 100 contributor from more than 80 countries, Verizon's DBIR provides a detailed view into the world of cyber crime, the threat actors behind these acts, their tactics, and how they exfiltrate data.

Juan is an Executive Consulting Partner within our Cyber Security Consulting organization, leading our Executive Consulting team and our Verizon Cyber Risk Monitoring (CRM) Consulting services. In his current role, Juan provides executive-level cyber security consulting and advisory services that includes risk management, risk scoring, and strategic journey maps to CIOs and CISOs around the world. Juan is a Veteran of the United States Army and 1990 Persian Gulf War.

Mark Schreiber

"Drones: A Converged Threat to Cyber and Physical Security Teams"

To educate and cut through the hype of drones we see today, a physical security professional that helps large companies implement drone and counter-drone technologies will provide the key information needed for information security professionals. He will review the current capabilities of drones and counter-drone systems, identify their legal and regulatory operating environments, and discuss practical actions that all organizations can implement to address this disruptive technology.

Mark is a Professional Physical Security Engineer and Technical Consultant. I regularly speak at conferences, provide training sessions on physical security, and I am involved in multiple industry organizations as volunteer leader, standards development contributor, and ISO Standards liaison.

Michael Lopez

"Hacking Made Easy: How AIs Outpace Human Exploit Developers"

The evolution of large language models (LLMs) like GPT-4 has drastically reduced the "time to exploit", transitioning from weeks and months to just hours or minutes. This advancement not only amplifies the potential risks in the cybersecurity landscape but also empowers even unskilled personnel to develop exploits. Our presentation will highlight how LLMs can generate effective exploits from basic CVE descriptions, demonstrating the ease with which these models can convert information designed for protection into malicious code. We'll also showcase a detailed comparison of exploit creations under varied input scenarios, emphasizing the importance of understanding and mitigating the accelerated threat posed by LLM-driven exploit development. The findings underscore a worrying future with regards to cyberspace.

Beginning his career in cyber Electronic Warfare with the U.S. Navy, Michael specialized in offensive operations. He later served in the U.S. Army as enlisted (17C) and as a contractor, focusing on threat intelligence and incident response. During this tenure, he worked directly with the U.S. Cyber Command and NSA. After a brief time at a leading tech startup, he now leverages his extensive cyber expertise as a senior cyber engineer and as an instructor.

Michele Jordan

"Lessons Learned from the Radar Page"

Sixteen years of managing the Cyber Threat Intelligence Dashboard, affectionately known as the Security Wizardry Radar Page, has provided some interesting insights into how the state of vulnerability management and cybersecurity has changed over the years. Michele will discuss what has been seen as improvements, challenges, and fails in the attempts to manage cybersecurity in environments including Corporate, Industrial Control, Medical, Physical Controls, and others.

Steven Cardinal

"Let's Talk About Risk, Baby!"

Every great security framework starts with understanding risk, and yet so many organization barely get past the thumb in the wind method of "yea, we kinda know where our big risks are". They look at things like the RMF, shudder, and close the PDF. Getting started with risk assessments doesn't have to be painful. In this talk we'll discuss some simple ways to get started with identifying and measuring risk that you can knock out in a couple hours. Don't let your security program wallow because you're focusing on the wrong priorities.

Steven Cardinal is an experienced, customer-focused information technology and security professional with expertise in establishing, implementing, and monitoring information security programs, including risk assessment, vendor management, architecture, security awareness and training, policy development, and system standards and baselines. Mr. Cardinal’s work prior to Soteria includes serving as Manager, Security Technology and Interim CISO at the Medical University of South Carolina, Sr Engineer at Centurum, and VP of IT and Security at Adheris.

Tim Tomes

"{JWT}.{Misuse}.&Abuse"

JWTs are an incredibly flexible tool that make life easier for developers because they are standardized, widely supported, and include important security features by default. However, like any powerful tool, JWTs can be dangerous when used incorrectly, or for unintended purposes. In this talk, I aim to shine a light on common JWT misuse and abuse. I'll start by briefly describing JWTs and common use cases for them. I'll then present real world scenarios of misuse and abuse from applications that I've tested as a consultant, and written as an engineer. As I present each scenario, I'll demonstrate the various features and failures live, and discuss how the specific implementation of JWTs can be hardened. The end result will be an enlightening and entertaining presentation of information and experience that will provide the viewer with a practical knowledge of how, and how not, to use JWTs.

Tim is an Application Security Professional with over 30 years of experience in the information technology and security industries. From network architecture design to software development to full-scope penetration testing, Tim has worked in multiple disciplines as both a manager and technician for the United States Military and private industry. Now focusing exclusively on web applications, Tim hones his development and security skills through managing multiple Open Source software projects, conducting consultative engagements, and providing training through PractiSec, a company for which he is also the founder. Tim has a strong belief in contributing to the community and does so through writing technical articles, speaking at conferences, and mentoring the next generation of web application security professionals.

Tony Drake

"Incident Response for the Unprepared, Overwhelmed, Understaffed."

The IR consultants always says the same thing about incident response "Have a Plan, Follow the Plan". In the military they say "No plan ever survived contact with the enemy". The fact of the matter is that incident response in the real world is more like the latter than the former. Everyone knows how to work an incident when everything is wrapped up in a tight little bow, the tools are deployed, the data is accessible, and everyone is in agreement on exactly what to do and how. This talk isn't about those incidents. This talk is about the incident that happens when you are a one man shop with no tools and no resources and you need to work things out in a hurry. This talk offers guidance and ideas to get you started on what you can do now to prepare, and what you can do then, in a hurry, when your preparation timeline was out of sync with the attackers.

Tony Drake has over 25 years of experience in information security and systems administration. He has worked in roles ranging from systems design and administration to incident response, tactical intelligence, and managing pen tests. He has worked for the last 15 years in various roles in financial firms including brokerage, banking, exchange and payments in roles ranging from jack-of-all-trades "security guy" to tactical intelligence and malware analysis. He has worked in all aspects of Pen Testing from scoping, and planning to managing results, to incident response. In his current role he serves as Lead Researcher for the Intelligence Team at the Intercontinental Exchange and the SME for Tactical Intelligence and Malware Analysis. He holds a CISSP as well as SANS certifications in Incident Response, Web Application Pen Testing, Network Pen Testing and Threat Intelligence, and OSINT.