Click here for links to our Discord server and Youtube livestream.

Time (PDT)

Track 1

Track 2

8:00 am


~8:15 am

Opening Remarks (Kellon)


Keynote (Tabitha Sable)

Let’s Destroy Infosec Together! (For Its Own Good)


9:00 am

IOC Dev 101 (James Hovious)
Indicators of Compromise (IOC) are the foundation for incident response and threat hunting activities. In this talk we will discuss what are IOCs, how use them to find malicious activity, and how you can build your own.

Cloud Security – An Introduction (Eduard Thamm)

Let me take you on a journey. Imagine your company has just decide to use the cloud. You are excited. The possibilities seem endless. But as always with uncharted territory,  here be dragons.

There are some charts and maps to help and guide you. However, you will need to be able to read them. This is what this talk is about. Giving you a basic understanding of the lay of the land and how to read the symbols on the map. I made this talk as vendor agnostic as possible and stick to fundamental concepts that apply no matter where you practice your (dev-[sec-])operational excellence. So without further ado make full sail…

10:00 am

Defending & Exploiting the WebPKI (James Renken)

WebPKI governance, practical deployment, interaction with other systems, and human factors.

A 10,000-Foot View of Cryptography (Ryan Castellucci)

Cryptography has a reputation of being an unapproachable subject. There is, however, a big difference between being a “researcher” advancing the field versus a “practitioner” using well understood tools. 99% of the time, neither building secure systems nor breaking insecure ones requires knowing how things work under the hood or even any math beyond basic arithmetic. The goal of this talk is to provide attendees with background information, vocabulary, and a basic understanding which algorithms are appropriate for solving common problems and why.

11:00 am

So you want to be a red teamer?  (Jorge Orchilles & Jean Maes)

Red Teaming is hot right now. Many people want to get into it just because it sounds cool. While we tend to agree, there are many things to consider. There is way more to red teaming than just “getting in” to organizations. Join us as we cover what red team is, why you may want to be a red teamer, and how to become a red teamer.

How to Run a Security Awareness Program (Ira Winkler)

With the increased focus on the human aspects of security and the user as a primary attack vector, there is an increased focus on security awareness as a discipline/ This presentation will step attendees through a creating a strategy to define goals of awareness programs, implement a process to deliver materials, determine what communications tools and tactics to use, determining the topics to address, and most important, determine the metrics to use to gauge program success and find tune the program to achieve measurable results. While it is intended for people who might want a career in less technical aspects of cybersecurity, anyone interested in the human aspect of cybersecurity will benefit from this presentation.

12:00 pm

Opening the Toolbox – A Guide to Pentesting Tools for CTFs   (Sam Ferguson)

In the world of pentesting, there are many tools for many jobs – sometimes even many tools for a singular job. So what tools should you be familiar with? In this talk, we’ll go through some of the common tools for each step of the pentesting process, how to learn how to use new tools, and how you can combine tools to fit your preferred workflow. 

Introduction to Security Design (J Wolfgang Goerlich)

Security happens where man meets machine. Or, fails to happen, as we see all too often. Blame the users. They’ll click anything. Blame the developers. Half their code is riddled with vulnerabilities anyways. Blame the IT staff. You’d think they’d at least know better. But perhaps, we’ve been placing the blame on the wrong places. This presentation will explore security’s role in designing and architecting experiences for users, developers, and more. Good security, after all, is useable security.

1:00 pm

Hack the Useless Box (Ean Meyer)

Thinking like an attacker is often presented in very technical terms requiring years of experience to perform threat modeling and vulnerability analysis. This can be very difficult for a beginner to grasp. However, determining how an attacker will attempt to bypass controls or enter a system is often more about thinking creatively. Outside the box if you will or in this case inside the useless box. In this talk we will examine the useless box. A box of which has a single function; to turn itself off. When presented with this box how would an attacker try and get inside it? What would they do to examine it? How might it be abused by an attacker or someone who doesn’t know they may break it? How could they stop it from turning itself off? During the talk we will evaluate the useless box using the Penetration Testing Execution Standard using plain terms that don’t require decades of red teaming knowledge. Further, we will discuss how the useless box could be protected from attacks and what questions you should ask to determine the risk from compromise of the useless box in an organization. Attendees will leave the talk with a simplified example they can use to frame everything from risk reviews to red teaming to creating controls to address abuse cases. 

From Military History to Information Security: How a Liberal Arts Education can Help you be Successful in Infosec (Sam Grubb)

While a history (or other liberal arts degree) might seem like the anti-thesis of information security, there are many important skills, like report writing and analytical thinking, that are shared between the two fields. Join Sam Grubb as he discusses how liberal arts skills can help you rise to the top in an information security career and why it’s important to not just focus on technical skills when considering a career in infosec. 

2:00 pm

Investigation and Analysis – Quick Guide for New SOC Analysts  (Gyle dela Cruz)

Have you ever wondered what the typical tasks are that SOC (Security Operations Center) analysts do on a daily basis? Or wondered how you’ll start doing an investigation or do some security alerts analysis? If you do, then join this session to learn more. 

A Series of Unfortunate Windows Events (Matthew Gracie)

Windows Events are one of the most useful tools available for monitoring what’s happening on your network’s endpoints — nearly everything a computer does generates an Event that can be logged for later review. This talk will present an overview of how Windows computers generate these logs and free tools for collecting, enhancing and analyzing them, including triggering alerts and building dashboards and visualizations. Gaining full visibility into everything happening on your network is easier than you think.

3:00 pm

How to explore the Dark Web (Kim Crawley)

There is a whole part of the web that can only be accessed by special software. We call it the Dark Web, because users and servers on it are anonymized by layers of encryption. Not everything that happens there is illegal. But the Dark Web is a haven for planning cyber attacks, selling malware, and stolen data. In this talk, I’ll show you how to explore the Dark Web for OSINT without breaking the law.

What I’ve Learned about Threat Modeling (Isaac Lewis)

Threat modeling is a crucial activity for anybody working in software, but for somebody just starting out, it’s super intimidating. What do you search for? What’s the goal of threat modeling? Why should I care? In this talk, we’ll try to answer these questions and introduce some concepts and resources that will help you on your threat modeling journey.

3:30 pm

Who’s Chopping Onions in Here? An Intro to Tor & Privacy-Preserving Technology (Cassandra Young)

Millions of people all over the world use Tor to stay anonymous on the internet, whether for privacy, or illicit purposes. But what does privacy mean in this context, and how exactly does Tor work to protect it? Is it the only option out there, or just the most well-known? This talk will introduce basics of privacy, onion encryption and routing, and some common attacks and defenses.

A SOC Adventure (Bryson Bort)

In the vein of old school Choose Your Own Adventures, this is a custom created story that leads the audience through an incident response including technical and business considerations. The audience votes through a live poll on decision points in the story including detection, identification, response, remediation, and threat hunting for like compromises.

4:00 pm

(above talk continued)

Volunteering FTW: A quickstart guide to exploring infosec (Tabatha DiDomenico)
Are you new to infosec or ready to network and expand your career? Either way, volunteering at industry events will expose you to people, opportunities, and ideas that will boost your learning, career, and give back to this community. This talk is a primer on volunteering for conferences, how to find them, what to expect, drawing boundaries on your time, common pitfalls, and the many advantages of jumping in. Ready to drink from the firehose of service-learning?

4:30 pm

Core Concepts of AWS Security (Ryan Stalets)

The cloud, especially Amazon Web Services (AWS), is secured differently than most are used to. While fundamentals (such as least privilege) always apply, securing applications in AWS requires a different mindset than on-premise datacenters and traditional apps. In this talk, we will cover several core concepts at a high level that anyone who builds or secures applications in AWS must understand. Participants will leave with a bullet-point list of concepts that can be immediately used to gain a better understanding of their own AWS environment.  

(Track 2 closed)

5:00 pm

Closing Remarks (Kellon)

Closing Remarks (Kellon)