Opening Keynote: Stefani Goerlich

Stefani Goerlich is a multi-award winning author whose current project, Securing Sexuality, focuses on how technology is rewiring our intimate connections and why security and privacy are foundational to healthy relationships. She brings insights from dozens of experts on cybersexuality, sextech, and mental health, who’ve shared their knowledge with her during her weekly podcast and annual live event.

Securing Sexuality: Rewiring our Intimate Connections

Throughout time, folks looking for love (or lust) have found & formed relationships with one another by leveraging community networks – relatives, clergy, nosy neighbors, even matchmakers. For the first time in history, relationships are no longer mediated by other people, but rather by technology. From dating websites and social media to AI partners and connected sex toys, technology represents an evolutionary factor we have not seen since the agricultural revolution… and for the most part, tech companies are entirely unprepared. Attendees will learn how to critically examine both their use of technologies AND their relationship to these tools. They will be able to articulate a framework for digital health and apply its principles to relationships both online and off. We will critically examine surveillance culture as well as changing legal and social norms and explore the way these impact client safety across the lifespan. This presentation is relevant to anyone who uses technology to manage their personal information, cultivate and maintain their personal relationships, or to facilitate their professional work.

Closing Keynote: Chris Roberts

CISO, Hacker, InfoSec, Safety, CyberStuff Researcher, Advisor, Hacking is not a crime henchman, and various other names on the technical side of the world.

Currently Strategic Advisor for Nuspire and CISO and Senior Director at Boom Supersonic…. having previously served as a vCISO or advisor for a number of entities and organizations around the globe. Some of the more recent projects are focused within the Artificial Intelligence, Threat Intelligence, Identity, GRC, Cryptography, and Aviation/Transportation spaces.

I’ve been fortunate to be elbow deep in technology for more years than I care to remember, and these days am involved in both tactical and strategic discussions with clients across the spectrum of industries talking maturity, risk, and how to effect change.

Oh, and I’ve been called a Scottish Security Warlock….I’m kinda digging it.

Evolution of threat intelligence, tracking your boss for fun, profit, and protection

The world of Threat Intelligence is evolving, we started off with knowing little, evolved to trying to understand the landscape we live within (both in the physical and digital realms) and then took a turn in trying to understand the adversaries and their tactics. We’ve been mildly successful in each of these, but still have not taken much time to really understand ourselves, and those folks we’re meant to be protecting. Let’s break down the hoomans around us, what we should be looking for, how we can use Threat Intelligence to help them, educate them, and (sometimes) where necessary identify them as potential problem children. We keep hearing that we (the squishy bags of walking water and flesh) are the main attack vector, so lets do something about it by demonstrating how we profile, how we build an intelligence packet, and how we can use that to communicate change to those around us. Oh, and while we’re at it we can work on reducing the probabilities of adversaries actions. ALL this and more by actually using (and challenging) those vendors that flout their intelligence prowess…

Thamer AlJohani

My name is Thamer AlJohani, and I am currently a Ph.D. student at DePaul University. My academic and professional journey is primarily focused on the domains of Governance, Risk, and Compliance (GRC), with a background in cybersecurity. I hold a couple of certifications as an Ethical Hacker and a Penetration Tester, which has provided me with a comprehensive understanding of how governance and compliance frameworks intersect with risk management. I believe I am creative, adaptable, and motivated, and I am incredibly excited about the prospect of this Presentation!

Navigating Privacy in the Digital Era: A Comprehensive Exploration of GDPR and CCPA

From the historical evolution of privacy law to the challenges posed in our digital age, we critically examine the transformative impact of emerging technologies like social media, big data analytics, and cloud computing on personal data privacy. While acknowledging the progressive nature of GDPR and CCPA, these measures are more reactive than proactive responses to the unprecedented scale of data processing capabilities and global data flows. This exploration emphasizes the complexities surrounding consent, data sovereignty, and cross-border data transfers, illuminating the compliance hurdles faced by multinational corporations. By shedding light on the technological catalysts that made GDPR and CCPA imperative. I believe by the end of my presentation the audience will understand the dynamic interplay between technology and privacy law, underscoring the need for continual legal adaptation in the face of technological evolution.

Sara Anstey

Sara Anstey is the Director of Data Analytics and Integration at Novacoast who is passionate about empowering businesses to use everyday data to make strategic business decisions. She believes that the intentional adoption of a data-driven culture can be a key differentiator to companies in today’s security climate. Sara has experience in custom web development, artificial intelligence, data analytics, business intelligence, and applied statistics. She also watches The Bachelor on Monday nights while drinking wine with her cat Oreo, and hopes to redefine the way people think of security professionals and women in technology.

Educating Your Guesses: How To Quantify Risk and Uncertainty

At its core, cybersecurity is all about risk. We need to understand, report, and mitigate our risk. However, the industry adopted methods for analyzing risk lead to inaccurate assessments, invalid math, and ultimately bad decision making and spending. I will show you why, and how to fix it.

Dr. Catherine J. Ullman

Dr. Catherine J. Ullman is a security researcher, speaker, author, and Principal Technology Architect, Security, at the University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and Blue Team Con. Cathy is a contributor to the O’Reilly title 97 Things Every Information Professional Should Know and the author of the Wiley title The Active Defender. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.

Dumpster Fires: 3 things about IR I learned by being a firefighter

Threats surround us like a ring of burning fire. Unfortunately, incident response doesn’t come naturally to an operational mindset focused on reactive problem solving. Come hear about surprising parallels between fighting real fires and the fire-fighting that passes for today’s incident response.

Jake Hildreth

Jake Hildreth is a man of many roles - a devoted husband, a fun-loving dad, and a seasoned IT expert. With over twenty years entrenched in the world of technology, he serves as a trusted Senior Security Consultant at Trimarc, leading Trimarc's Active Directory (AD) Security Assessment. Jake's daily mission involves bolstering the digital fortifications of major corporations, ensuring their AD security is rock solid. His creations, Locksmith and BlueTuxedo, attempt to alleviate the burden on overworked AD administrators, while his CISSP certification stands as a badge of his wide-ranging expertise and experience.

Protect Your Most Sensitive Users With This One Weird Trick!

Presenting that "One Weird Trick" of Active Directory security: The Protected Users Group (PUG)! It's been lingering in Windows Server since 2012 R2, but it's the undercover legend few have heard of — surprisingly, it's older than some viral memes! This talk shines a spotlight on the PUG's impressive protections used to shield sensitive accounts from common attacks. Picture it as a crash course on how PUG thwarts attackers, complete with demos that'll make you want to cheer.

Yet, it's not all heroics; we'll explore the PUG's quirks and constraints, because even powerful tools have their limits. Stay tuned for the ultimate guide on slipping your VIPs into this exclusive club, using a not-so-secret approach. Wrapping up the talk will be a chat about SharpPug, the trusty sidekick that guides admins through the process of adding users to the Protected Users Group safely.

Dwayne McDaniel

Dwayne McDaniel has been working as a Developer Relations professional since 2015 and has been involved in the wider tech community since 2005. He loves sharing his knowledge and enthusiasm about Git, Open Source tools, and tech in general and he has done so at over a hundred events all over the world. He has been fortunate enough to speak at institutions like MIT, Stanford, and far-off places like Paris and Iceland. You can see some of his past talks on Drupal.tv and WordPress.tv.

Dwayne currently lives in Chicago, right beside Lake Michigan. Outside of tech you might find him leading an event after-party to a Karaoke spot or quietly knitting a new hat.

Championing Security: Scaling Security At Every Level

Security teams are outnumbered. Securing every network, device, API, user, and system is an endless task. How can we hope to keep up in an ever-evolving threat landscape? It is time for an age of champions. Security Champions. Let’s rethink how security can look and feel across the whole org.

Anita Nikolich

Speaker is a cybersecurity researcher at a university, specializing in network security and cryptocurrency analytics.

Senior Citizens Fighting Scammers

People age 65+ lost $1.3B to digital scams in 2022. That was just what was reported, so we know the amount is higher. Not to mention their shame and embarrassment over falling for an obvious scam or romance ploy preying on lonely people. Security training using 'gamification' is like chocolate covered broccoli - it's not really tasty but it's good for you. How do you tailor this for older people who are not digital experts? You create a fun game with a side of learning! Our non-profit (dartcollective.net) created a free, mobile spy-themed game, Deepcover, in which players solve puzzles to advance to the next level. At each level they're exposed to a variety of deceptive tactics to become more familiar with the language scammers speak, and are awarded with additional intel to help prevent SCAMM (the Society for Covert Attacks and Mass Manipulation) from succeeding. We are in beta and looking for feedback and help spreading the word to get this in the hands of older people!

Whitney Phillips

Whitney Phillips is a Security Consultant at TrustedSec, an information security consulting company based out of Ohio. Whitney has 12 years of experience in the information security and IT ranging from support tech, blue, purple and red team. Her primary focus now is Mobile and Web Application Penetration testing. Whitney has a Bachelor’s in information security and Part 107 Drone Pilot. In her spare time, she volunteers for the Michigan Cyber Civilian Corps MiC3.

Whitney has present at : DEFCon Speaker Speaker at GrrCon Security Conference CypherCon Day of Shecurity TrustedSec PodCast Speaker at podcast Breaking into Cyber Security.

Mobile Application Penetration Testing

In this talk, I introduce how to test mobile applications from an attacker perspective. I will show different rooting and jail breaking software for both Android and iOS that I have had personal experience with and ways to obtain both Android APKs and iOS IPAs. And I will finish the talk going over various tools used to perform testing. This talk will have references to the tools I use and examples. This tools will range from static analysis of the application, reverse engineer and different ways to bypass jailbreak and root detection. This talk is a high level over view and way to get started in mobile testing. I have been a mobile tester for 6 years now and have watched it grow tremendously. I have given this talk at DEF CON, GrrCon and CypherCon and I am adding and updating as I go.

Ryan Wisniewski

Ryan is a long time member of the incident response and threat intelligence community. His focus over the last decade is helping cloud and SaaS companies prevent, detect, and remediate malicious activity within their environments. He currently leads one of the top cyber security research teams at Obsidian Security with a focus of disrupting adversarial activity within SaaS environments.

The SasS and The Furious: A deep dive in SaaS compromises

Hold onto your keyboards, folks, because this ain't your grandma's security talk. We're strapping in for a wild ride through the lawless landscape of SaaS attacks, where bad actors are tearing up the digital tarmac and your data's the prize money.

For the past year, your friendly neighborhood threat intel nerd has been knee-deep in breach reports and incident logs, sifting through the wreckage like a cyber-mechanic after a data derby. What I found ain't pretty: social engineering slicker than a used car salesman, malware masquerading as innocent applications, and attack paths so twisted they'd make a hacker's hair curl.

But buckle up, buttercup, because it ain't all doom and gloom. We're gonna peel back the hood on these cyber crooks, exposing their favorite attack patterns and pit stops. You'll learn to spot a phishing email quicker than a stock car driver sees a checkered flag, and we'll build some detection tools so tight, even the most cunning hacker will need a crowbar to get through.

This ain't just about fear-mongering, folks. This is about taking back the wheel of your cloud security. We'll leave you with actionable tips and tricks to turn your SaaS platform from a vulnerable jalopy into a cyber-fortress on wheels. So, whether you're a seasoned security pro or a cloud newbie still figuring out where the gas cap is, get ready to hit the ground running in this high-octane exploration of SaaS attacks. Just remember, in the wild west of the internet, knowledge is your nitro boost, and vigilance is your V8. Let's show these cyber bandits the dust they deserve!