SCHEDULE
Speaker and talk overview appear below the schedule (in order by first name).
​
Talk abstracts appear below the schedule.
7:30AM Doors Open
8:45AM Opening Remarks
9:00AM Keynote: Mike Holcomb
9:45AM Break
10:00AM Track 1 ("Main Building")
Human Networking: Leverage LinkedIn for Cybersecurity Jobs
David Meece
10:00AM Track 2 ("Ski Lodge")
​
Securing the Ship: Using Financial Impact to Navigate Cyber Threats
Adam Anderson
10:00AM Track 3 ("Downstairs")
​
Inexplicable Compute Services/Obscure Telemetry: The Challenge of ICS/OT Cybersecurity for Managed Security Services
Lonnie Best
10:00AM Sponsor Track ("Downstairs")
​
Kyle King - Checkpoint
10:45AM Break
11:00AM Track 1 ("Main Building")
Protecting Yourself From People Like Me
Chris Horner
11:00AM Track 2 ("Ski Lodge")
​
Defeating Doubt: How to Empower Early Cyber Professionals and Retain Great Future Talent
Markel Samuel
11:00AM Track 3 ("Downstairs")
​
Cyber Auditing of Critical Infrastructure
Jermaine Green
11:00AM Sponsor Track ("Downstairs")
​
Guidepoint
11:30AM Lunch
12:30PM Keynote: Lesley Carhart
1:15PM Break
1:30PM Track 1 ("Main Building")
Future Proofed: Empowering Young Minds for a Secure Digital World
Jennifer Funk & Bailey Marshall
1:30PM Track 2 ("Ski Lodge")
​
The Blue Teamers Guide to “Acing” Your Penetration “Test”
Brian Kirk
1:30PM Track 3 ("Downstairs")
​
4 Weeks of Wacky Web App Pentests
Aaron Wilson
1:30PM Sponsor Track ("Downstairs")
​
Parker Byrd - Hook Security
2:00PM Break
2:15PM Track 1 ("Main Building")
2024 Verizon Data Breach Investigative Report (DBIR) Key Findings
Joseph Silva
2:15PM Track 2 ("Ski Lodge")
​
We're Hardened. Now What?
Ben Acord
2:15PM Track 3 ("Downstairs")
​
OT / ICS Infrastructure Penetration Testing
Talib Usmani
2:15PM Sponsor Track ("Downstairs")
​
Zscaler
2:45PM Break
3:00PM Track 1 ("Main Building")
Pentester Firing Squad
Various
3:00PM Track 2 ("Ski Lodge")
​
Where is AI Taking Us?
David Branscome
3:00PM Track 3 ("Downstairs")
​
Unlock the Symphony of Success: How GRC is Music to Your Cybersecurity Ears!
Shawn Robinson
3:30PM Break
3:45PM Track 1 ("Main Building")
Old Game, New Rules: Zero-Cost Security in Multi-User Dungeons
Eric Hart
3:45PM Track 2 ("Ski Lodge")
​
Better, Not Best, Practices
Mackenize Morris
3:45PM Track 3 ("Downstairs")
​
Leveraging SOC Capabilities to Build Ransomware Resilience
Gabriel Schram
4:15PM Break
4:30PM Wrap Up & Wind Down
Pre-After Party Party
TALK ABSTRACTS
Adam Anderson - Securing the Ship: Using Financial Impact to Navigate Cyber Threats
On this voyage with Adam Anderson, you'll discover how to anchor your cybersecurity strategies with financial insights, ensuring your organization stays on course through turbulent cyber waters.
Shipmates will earn the achievements of:
​
- Charting the Course: How to translate technical cyber risks into financial terms that resonate with business leaders.
- Navigating with Precision: Techniques for using financial impact analysis to prioritize cybersecurity initiatives that protect the bottom line. -
- Captain’s Communication: Strategies to effectively communicate the value of cybersecurity investments, ensuring stakeholder buy-in and long-term security.
​
Join us to ensure your ship not only weathers the storm but sails towards greater profitability and security.
Aaron Wilson - 4 Weeks of Wacky Web App Pentests
This session will present four examples of anonymized screenshots from recent pentests. Each example will be walked through, step-by-step, while demonstrating four vulnerabilities which have been really unique to the presenter's experience of working on different client environments.
​
These vulnerabilities include:
Broken Access Control leads to HIPAA Violations
GraphQL Introspection leads to Cash Money ($$$)
A Broken UI Breaks MFA Logic
Source Code Disclosure makes me Admin!
Ben Acord - We're Hardened. Now What?
Perhaps we’ve arrived and the journey is over. Challenges in maintaining cybersecurity maturity such as the addition of new systems, continuous validation, and design exceptions require refined processes. This talk will focus on moving beyond punch lists and regularly scheduled audits or penetration tests to find the balance with a mature cybersecurity program. We’ll discuss key areas practitioners and leaders alike can add value beyond the initial security investment. After all, organizations undergo a great deal of effort to reach even a degree of cybersecurity maturity. In most cases this is a multi-year process with leadership sharing the analogy of a journey not a destination. There are many means of securing business systems: regulations, standards, frameworks, and industry tribal knowledge. Whichever path the organization is on these can often become end goals, rather than steppingstones of a broader strategy, with practitioners asking, ‘are we there yet?’ and auditors asking, “show me?”, both imply reaching a destination. Once the hardening coverage is acceptable for audit readiness it’s tempting to think we’ve arrived, but we know that’s not accurate. So, what do we do now?
Bailey Marshall / Jennifer Funk - Future Proofed: Empowering Young Minds for a Secure Digital World
We would like to engage the audience to think about the risks, vulnerabilities and threats that our youth face as it relates to cybersecurity. Youth are susceptible to a breadth of cyber attacks from Cyberbullying, online stalking, Identity theft, and sextortion (which as lead to 22 reported cases of youth suicide). We would like to cover age appropriate explanations and mitigations, parental controls, how youth can build safe online habits, importance of open communication with parents, mental health and online safety, social media literacy (understanding the risks), gaming safety and more.
Brian Kirk - The Blue Teamers Guide to “Acing” Your Penetration “Test”
Just like an academic test, your organization will get more out of penetration testing activities if you take the time to prepare in advance. This talk will take you behind the scenes of a penetration test to assist you with preparing your environment for both ethical and malicious hackers and removing the ‘easy wins’ from their toolkits. Additionally, we will cover the types of testing you should be considering as well as why monitoring testers as they perform their work is a benefit that many organizations miss out on.
Chris Horner - Protecting Yourself From People Like Me
As a pentester, some of my assignments include running social engineering tests. This presentation shows what kind of information is online about people and companies, how I find and use that information in social engineering campaigns, and most importantly how to take back some level of control to protect our privacy. Most of it is focused on personal privacy - how this information got out there in the first place, why it's not a good thing, how to find and delete it, all mixed in with my personal experience of going through this process. It also contains examples of successful social engineering campaigns demonstrating exactly how seemingly innocent information can be used against an individual or organization.
David Branscome - Where is AI Taking Us?
"Tools like ChatGPT, OpenAI and DALL-E have burst onto the scene with a usability and simplicity that makes the use of AI seem to be easy enough for a child to use.
But is that good or bad? The answer may depend on who you ask.
In this discussion, we'll look at how nation-states are using AI tools to shape public opinion to achieve their political and strategic goals. We'll look at the cyberinfluence campaigns surrounding COVID-19 and the ongoing war in Ukraine, as well as the use of AI to digitally manipulate media for political gain.
We'll also investigate the tools being developed to counter these trends and help ensure the information we consume can be trusted.
David Meece - Human Networking: Leverage LinkedIn for Cybersecurity Jobs
"Cybersecurity and Information Security are two in demand, challenging, growing fields in the world we live in. They are also quite challenging to find employment in, particularly if one has little or no prior experience. It is not enough to simply apply to open positions; an up and coming cyber professional must find ways to stand out and set themselves apart from competition.
​
In this session, I will be going over tips on how to gain valuable cyber experience as well as how to grow your network and expand your reach in order to more easily begin your career in cybersecurity/information security.
​
I will be presenting professional networking techniques to stand out to hiring managers and recruiters.
Also, we'll explore different career paths such as (Blue team), (Red Team) and (GRC) to choose from in the industry. And, explain which certifications are needed for the sector of Cybersecurity they decide to pursue.
​
Learning how to leverage LinkedIn efficiently is a skillset everyone needs to learn to acquire for job hunting. This presentation will help both aspiring cybersecurity and more well-seasoned professionals learn how to leverage social media platforms like LinkedIn to progress in their careers and personal development skills.
Eric Hart - Old Game, New Rules: Zero-Cost Security in Multi-User Dungeons
"In this talk, I will share my journey of managing an online text-based adventure game, focusing on the security controls I have implemented so far. A central theme of this discussion is the exploration of zero-cost services available to hobbyists and students, demonstrating how individuals can gain hands-on experience with enterprise-level tools without being employed by enterprises. Attendees can expect insights into leveraging these resources for enhancing their own projects and skill sets. Additionally, there might be a mention of some exciting BlackMUD challenges featured in the DC864 CTF.
​
BlackMUD
BlackMUD, an online Multi-User Dungeon established in 1993, is one of the longest-running MUDs still active today. This game offers a rich text-based adventure experience, where players can explore vast environments, engage in combat, and embark on quests. Over the decades, BlackMUD has cultivated a dedicated community and continues to be a beloved platform for both new and veteran players.
​
To play, connect to blackmud.com:2000 over TELNET.
Gabriel Schram - Leveraging SOC Capabilities to Build Ransomware Resilience
This presentation explores a comprehensive approach to strengthening an organization's ability to prevent and withstand ransomware attacks by leveraging Security Operations Center (SOC) capabilities, thereby minimizing their impact. This talk will address the current ransomware threat landscape. Organizations can track their ransomware resilience by mapping compliance frameworks to ransomware mitigation, which involves examining the differences in the effectiveness of their respective controls. Developing ransomware resilience also involves identifying single points of failure, their compensating controls, and establishing effective testing metrics to align key controls with compliance requirements. A top-down approach to security governance is essential, with the SOC maintaining contact points across departments and establishing escalation criteria for specific types of incidents. SOC communication and awareness across departments improves the prioritization and hardening of specific users and systems. A SOC significantly enhances ransomware resilience through proactive intelligence and reactive testing. Threat intelligence feeds allow a SOC to understand potential attackers and their TTPs. This data informs other areas of security operations (detection, response, and threat hunting). SOCs are informed on what to hunt for based on current attack patterns and alerts. Strategic threat hunts can yield further intelligence, enhancing detection and response, and so on. Validation of these capabilities is achieved through purple team testing to bridge offensive and defensive cybersecurity practices. Purple team exercises ensure that specific actions based on threat intel trigger alerts correctly and timely.It is crucial for a SOC to be a stakeholder in the organization's communicated and tested IRP. Conducting tabletop exercises using the IRP and runbooks ensures a cohesive and swift reaction in the event of a ransomware incident, enhancing overall ransomware resilience.
Jermaine Green - Cyber Auditing of Critical Infrastructure
This session discusses the current state of risks posed to US Critical Infrastructure, including a high-level overview of the delegated function of the US Govt SERC fulfills in an effort to ensure the reliability and security of the Bulk Electric System(BES), aka, The Grid. We will also cover a high-level overview of the audit process, rules of procedure and classification of cyber assets within this environment followed by a deep-dive into the CIP-005 standard that dictates the separation of assets and traffic deemed within the scope of CIP.
Joseph Silva - 2024 Verizon Data Breach Investigative Report (DBIR) Key Findings
The Verizon DBIR is one of the definitive reporting on the cybersecurity incidents and data breaches seen across the world. We have over 80 contributors, ranging from government agencies, our own VTRAC consulting investigations, as well as both public and private companies, providing us with information on the attacks they've experienced over the last year. The analysis of this data provides useful insight into what led to the incidents, how threat actors operate, and what industries are being targeted by said threat actors. This can, in turn, help organizations prepare, prioritize, and protect their organizations from attack.
Lonnie Best - Inexplicable Compute Services/Obscure Telemetry: The Challenge of ICS/OT Cybersecurity for Managed Security Service
"Over the better part of the past decade, Managed Security Services Providers (MSSPs) and Managed Detection and Response (MDR) services have evolved to become quite good at solving cybersecurity challenges like internal security staffing issues, budget constraints, and cybersecurity expertise. These services often are capable of detecting and responding to traditional cyber threats, and are able to deliver their services fully-remote and with great scalability.
Now, however, as the threat to critical infrastructure becomes a much more apparent issue, MSSPs and MDR services are increasingly facing the challenges associated with delivering the same type of capabilities to Industrial Control Systems (ICS) and Operational Technology (OT) environments. But while threat actors are making the pivot from attacking the Enterprise to meddling in the ICS/OT network, can these services providers make the same pivot in defense? This talk will seek to highlight some of the challenges they face."
Mackenize Morris - Better, Not Best, Practices
A common theme that has been extracted from the lessons learned of consulting on ICS cybersecurity for dozens of organizations has been that better practices beat out best practice recommendations with feasibility, cost, likelihood of implementation and improvement in security posture. Year over year of recommending best practices is met with reevaluating unchanged environments because lofty ambitions can lead to decision paralysis. This is a flaw in best practices, while they are theoretically the community agreed upon baseline for security, they leave something to be desired in the roadmap of an organization’s maturity. We have tried to remedy this with maturity roadmaps like C2M2 or CMMC but these too leave something to be desired as they offer abstract qualifications about practices that can be self-diagnosed into maturity class. In the meantime, all discrete and published security controls surround best practice implementation. Instead, lets focus on the better practices. A showcase of lessons learned from a few instances where a better practice to the current was a superior recommendation than a more often quoted best practice.
Markel Samuel - Defeating Doubt: How to Empower Early Cyber Professionals and Retain Great Future Talent
"Imposter syndrome is real in any industry, particularly in technical fields such as information security, it is prompted with feelings of self-doubt and inadequacy despite evidence of competence within the recruitment process. This is a common challenge faced by many incoming cyber professionals as they embark on their careers in the fast-paced and demanding field. In this talk, we will explore the impact of imposter syndrome on incoming cyber professionals and discuss strategies for overcoming it, as well as the role of hiring managers and executives in fostering supportive work environments.
Shawn Robinson - Unlock the Symphony of Success: How GRC is Music to Your Cybersecurity Ears!
In the realm of cybersecurity, Governance, Risk Management, and Compliance (GRC) serve as the orchestrator of an organization's security strategy, harmonizing various components to create a symphony of protective measures. With the increased focus on cyber from the SEC and CISA along with the NIST 2.0, the unsexy topic of GRC is moving to the forefront in the minds of cybersecurity professional.
Talib Usmani - OT / ICS Infrastructure Penetration Testing