BSides312: Meet Our Speakers

Steve Shelton (Keynote)

Steve Shelton helps people and organizations align achievement with purpose and meaning. He founded Green Shoe Consulting to research, educate, consult, and coach individuals and organizations on stress and burnout, as well as teaching skills and strategies to alleviate and reduce the negative consequences of these challenges. He combines decades of experience as a cybersecurity salesperson with industry giants like Symantec, RSA, and Proofpoint, with evidence based, applied psychology frameworks to help performers in various high stress environments perform their best.

When the Night Has Come: Finding Belonging in a World That Doesn't Understand Us

In a world where cybersecurity professionals are constantly on guard—protecting systems, data, and people—it's easy to feel isolated, misunderstood, and burnt out. But what if the real key to resilience wasn't just technical skill… but human connection?

This keynote is a soulful, entertaining, and emotionally resonant journey into the power of community, especially among the neurodivergent minds who make up so much of the hacker and infosec world. Blending storytelling, humor, science, and music inspired by Ben E. King's "Stand By Me," we'll explore what it means to truly belong—and how standing by each other can be the ultimate act of resistance in a high-pressure digital world.

You'll leave this talk reminded that you're not alone. You have a tribe. And we stand by each other.

Tamry Juntunen

I'm a summer-loving Capricorn, Chicago-transplant, clinical psychologist turned cybersecurity pro that is keenly interested in diversity and inclusion.

Empowering Neurodivergent Individuals in Cybersecurity: Strategies for Inclusion and Success

I have worked as a clinical psychologist for 16 years, assisting families with autistic children. After a recent switch into cybersecurity, I would like to share some ideas supported by empirical research on how to help neurodivergent individuals excel in IT/cybersecurity workplaces.

Filipi Pires

I've been working as Head of Identity Threat Labs and Global Product Advocate at senhasegura, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I've served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).

Misconfiguration-Driven Cloud Attacks: A Graph-Based Exploration

Exploring attack paths across AWS, Azure, GCP and OCI. Learn to dissect misconfigurations through graph-mode visualization, map potential attack paths, and implement practical mitigation using open-source tools. Elevate your defense strategy and fortify cloud environments against evolving threats.

Patrick Laverty

Patrick has 12 years experience as a penetration tester. He has multiple certifications and is the creator of the Layer 8 Conference, which has a sole focus on OSINT and Social Engineering. Patrick has given many conference presentations at BSides conferences up and down the east coast as well as in the UK and Singapore, on a variety of hacking topics, ranging from password cracking to web application hacking and social engineering.

Can a Hacker Murder Your City?

"Can you dump white powder into water tanks that feed a city of 50,000 people" is how it began. The task was to compromise a government critical infrastructure facility. Around 36 hours, what we found was...well, you'll have to attend the talk to find out!

Roy Talyosef

Roy Talyosef is a founding engineer at Kodem, a company specializing in application security solutions. Prior to joining Kodem, he was part of the Vulnerability Research team at NSO Group, where he contributed to the development of the Pegasus spyware. With extensive experience in identifying and exploiting software vulnerabilities, Talyosef focuses on enhancing security measures in cloud-native and distributed systems.

Adversarial Intelligence: Redefining Application Security through the eyes of an attacker

Join a deep dive with a Pegasus co-creator to expose how attackers exploit overlooked vulnerabilities. Analyze real-world attack chains, and TTPs, arming you with tactics to uncover and neutralize threats in most web-facing applications.

Kadi McKean

Kadi is a Community Manager whose passion for this dynamic field ignited during her early experiences with COBOL development and Mainframe solutions. Currently thriving at ReversingLabs, Kadi collaborates alongside developers and security researchers, helping others prioritize OSS risk and safeguard applications from potential threats.

Trailblazing: Lessons from Oregon Trail for the Secure Software Supply Chain

Dysentery, snake bites, drowning—classic Oregon Trail deaths. In app dev, a zero-day breach can be just as fatal. With open source making up 90% of software, choosing the right components is key. Learn how attackers sneak in malware and discover new ways to detect threats before they take you down.

Whitney Phillips

Whitney Phillips is a Security Consultant at TrustedSec, an information security consulting company based out of Ohio. Whitney has 14 years of experience in the information security and IT ranging from support tech, blue, purple and red team. Her primary focus now is Mobile and Web Application Penetration testing. Whitney has a Bachelor's in information security and Part 107 Drone Pilot. In her spare time, she volunteers for the Michigan Cyber Civilian Corps MiC3.

Tips and Tricks To Creating your Your First Conference Talk

Have you ever attended a security conference and thought about giving a presentation yourself, but don't know where to start? Well, I am here to help! This talk will guide you through the process of applying for a conference, writing the talk, and what to do when you get to the conference.

Dr. Catherine J. Ullman

Dr. Catherine J. Ullman is a security researcher, speaker, and Senior Information Security Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a data forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness amongst faculty and staff via a comprehensive department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at several information security conferences including DEF CON and BlueTeamCon. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.

Defending Beyond Defense

Assumptions burn defenders every day. Perhaps the most pernicious one is that systems and their controls will always work as designed. Understanding the problem with these assumptions requires immersion into the offsec space, not a new job. Learn how there's more to defending than just defense.

Dwayne McDaniel

Dwayne has been working as a Developer Advocate since 2014 and has been involved in tech communities since 2005. His entire mission is to "help people figure stuff out." He loves sharing his knowledge, and he has done so by giving talks at hundreds of events worldwide. He has been fortunate enough to speak at institutions like MIT and Stanford and internationally in Paris and Iceland. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and crochet.

What to Tell Your Developers About NHI Security and Governance

We tried yelling at the devs, but security being reactive makes issues with machine identities and their related secrets leaks so much worse. What if they need better guardrails and processes? If done right, it should take work off their plate. I think the path forward means talking NHI governance.

ギンジ🐾ターラノー (Ginji Terrano)

ギンジ🐾ターラノー (Ginji Terrano) is a spotted hyena that specializes in getting down to the wire and figuring out how things work at their core, then manipulating them to do things they don't normally do. ギンジ (Ginji) has spoken at several conferences on various topics from identity governance systems to, not only preserving arcade games, but how to use and integrate them for weight loss. ギンジ (Ginji) uses a breadth of experience to also give back to the community as co-lead of events & programming at Furvana (a convention benefiting various charities in Ocean Shores WA), and helping run the programming with DEFCON Furs (a group of cybersecurity enthusiasts at the DEF CON conference), both at it's event in Las Vegas, and during it's outreach content locally in Chicagoland at Midwest FurFest.

Open Sesame

Remember when you could change street lights with a TV remote? Sadly those days are gone for many places. With those IR receivers gone, how do emergency vehicles get the priority they need? Its time to go down the rabbit hole of signal priority and learn the (dirty) secrets of how things work today.

Olivia Gallucci

Olivia Gallucci is a Senior Security Engineer at SECUINFRA and a blogger: oliviagallucci.com. She is the founder of two companies—Offensive Services (security consulting) and OG Health & Fitness (personal training). Graduating at the top of her university, Olivia is passionate about education surrounding free(dom) and open-source software, assembly, and security research. She previously worked in offensive security at Apple, US Government, and Deloitte. Outside of cybersecurity, Olivia enjoys competitive sailing, cooking, and reading about famous computer nerds.

Unlocking macOS Internals: A Beginner's Guide to Apple's Open Source Code

Have you ever wondered how macOS works under the hood? For researchers, learning how to navigate Apple's open source code is a game-changer. This talk demystifies macOS internals through its open source ecosystem, giving you everything you need to start hacking these machines!

Chris Traynor

Chris is a Pentester at Black Hills Information Security (BHIS), where he is responsible for Pen Testing web apps, mobile app, APIs, and networks. He is also the owner of Ridgeback InfoSec (ridgebackinfosec.com) and has authored two cybersecurity classes (Offensive Tooling Foundations and Offensive Tooling for Operators) which he teaches via Antisyphon Training. Chris has nearly two decades of experience in Web/Mobile development, QA automation, and Penetration Testing.

Pentest Pains

Come hear first-hand accounts of pentest pains and understand what common mistakes can make it painful for everyone involved. Whether you're just starting out or have been bleeding blue, red, or purple for years. These stories contain lessons which can help make your next engagement more successful.

Danielle McGuire

Danielle McGuire has 9 years of experience in electric power cybersecurity and the security of industrial control systems more generally. When she's not doing that, she enjoys working on her FOSS EVSEtool, reading 19th-century history, and concocting various fermentations and braises. Her main technical toolkit includes Python, bash, C, and microcontrollers/SBCs; she is currently learning Rust, containerization, RISC-V, and radio. She would love to meet people and chat, good icebreakers include 'how can I get started with hacking EV chargers?' and 'what is the relationship between cybernetic and surveillance capitalism?'.

Securing the Grid of Tomorrow

The electric grid has remained largely static for over a century, but the ongoing climate crisis requires rapid and drastic modernizations. In turn, innovative technologies like DERs, AMI, EVSE, V2G, and even SCADA in cloud challenge traditional ICS security thinking & require innovative solutions.