Track 2
5 Feb 2022 3:00 PM - 4:00 PM

Ten years ago, Lockheed Martin introduced the Intrusion Kill Chain. Since then, it has morphed into the Cyber Kill Chain and remains as a widely used framework for cybersecurity and incident response strategy. However, ransomware does not fit into the traditional Cyber Kill Chain attack lifecycle, and many organizations make the mistake of simply folding ransomware attacks into existing incident response programs. What’s really needed is a new “Ransomware Kill Chain,” which can form the framework for ransomware response plans.

In this session, Nicole Hoffman, a Threat Intelligence Analyst and Kurtis Minder, CEO/Expert Ransomware Negotiator, both at GroupSense, will explain the best way to defend against ransomware is “The Ransomware Kill Chain.” They will explain the 15-step framework of the chain – from first access through encryption – by using client case studies and examples of custom-made ransomware playbooks. Discover the power and effectiveness of “The Ransomware Kill Chain” and keep your organization one step ahead during an attack.

Track 2
5 Feb 2022 2:00 PM - 3:00 PM

I love vulnerability management as a core discipline of what makes an effective security operations program because it can help to both reduce risk and improve efficiency. However, I still find many organizations are still stuck after rolling out a scanning tool (and then stopping). I've seen the reason for this being one of three main reasons (but there are more).


1 - Conflicting information between patching processes and vulnerability scanning tools

2 - Lack of guidance or frameworks to prioritize the growing list of vulnerability

3 - Very manual process without a clear understanding how to automate activities

This talk is for anyone who is working as a security analyst or leader who directly performs vulnerability management activities (identify, assess, triage, and track). Additionally, this will be really informative for those who have process inputs (any pentesters out there?) or outputs (IT and critical process owners).

This talk will give you all the tools and processes that you'll need to level up your program TODAY, without having to go ask for more budget (again).

Andy Jordan
Owner & Founder of New Genesis Solutions

Andy Jordan (CISSP, CISM, MCSA, MCP, Security+, Network+, ITIL v3, LeanIT) is the owner/founder of New Genesis Solutions, a managed services provider that focuses on cybersecurity program development and vulnerability Management services.

Andy has built and managed multiple security programs for numerous large and small organizations throughout his 15-year career. He uses lean and agile methodologies to create demonstrable value within complex infrastructure and security programs. He is an active figure in the information security community, having presented multiple times at Cactuscon.

Track 2
5 Feb 2022 11:00 AM - 12:00 PM

Have you struggled to get security baked into your DevOps process or have your security needs taken a back seat to "run fast and break things"? Just because we’re moving fast doesn't mean we can’t be secure. Join us for this deep dive into adding container scanning to a DevOps pipeline. We'll enumerate the security tool categories, and give you tips for adding these tools to your development workflow, build pipeline, and production monitoring setup. You can achieve a robust security posture and still release continuously.

Rob Richardson
@rob_rich

Rob Richardson is a software craftsman building web properties in ASP.NET and Node, React and Vue. He’s a Microsoft MVP, published author, frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development. You can find this and other talks at https://robrich.org/presentations and follow him on twitter at @rob_rich.

Track 2
5 Feb 2022 10:00 AM - 11:00 PM

While APIs have clear and obvious benefits, they’re also creating a rapidly-growing attack surface that isn’t widely understood and is sometimes completely overlooked by developers and software architects. With recent reports suggesting that by 2022, API abuses will be the most responsible vector for data breaches within enterprise web applications, securing them is a top challenge and must be a bigger priority.

The first step in accomplishing this goal is generating awareness around the most critical API-related vulnerabilities and ways of protecting these programs.

This significant gap in knowledge drove me to spearhead the development of the OWASP API Security Top 10 list, which was officially published at the end of 2019, to inform organizations, developers, and security professionals about the top issues impacting API-based applications. Since deploying, it has been adopted as the de-facto standard by many organizations and security specialists.

In this talk, I'll emphasize the uniqueness of API-centric design from the security angle, highlight the risks presented by API use, and show why an increased level of awareness is required to mitigate the risks. From there, I'll dive into the top security risks presented in the OWASP API Top 10 list, and provide example attack scenarios for each. Some offensive tips and tricks will be mentioned to get you hacking APIs.
Finally, I will share what we can expect to see when it comes to API exploitation moving forward as modern software is increasingly targeted by adversaries.

Erez Yalon
Head of Security Research at Checkmarx | Co-Founder of DEF CON's AppSec Village | Co-Leader of OWASP API Security Project
@erezyalon

Erez Yalon heads the security research group at Checkmarx. With vast defender and attacker experience and as an independent security researcher, he brings invaluable knowledge and skills to the table.
Erez is also leading the OWASP API Security Project and a founder of the AppSec Village in DEF CON.

Track 2
4 Feb 2022 4:30 PM - 5:30 PM

A common misconception about automation is that it needs to be complicated and requires a specific skillset. This talk is to show that automation CAN be simple and achieve the desired objective. We will discuss how to break larger problems into smaller pieces to develop a repeatable solution.

Daniel Chun
Mandiant, Principal Consultant

Daniel Chun is a Principal Consultant in Mandiant’s Phoenix office. As a part of the Incident Response team, provides emergency services to clients when a security breach occurs.

Prior to joining Mandiant, Daniel spent time as a consultant where he helped build security programs, conducted investigations, and delivered training. He has been involved in malware analysis, payment card forensic investigations (PFI), and security operations development in various industries; including healthcare, industrial, financial, aerospace, and hospitality.

Track 2
4 Feb 2022 3:30 PM - 4:30 PM

The industrial revolution was powered by coal and steam. They were the power that enabled innovation and propelled the world down the road that has brought us to where we are today. The next revolution is on the horizon, and it’s an information revolution. Smartphones, smart homes, and smart assistants are proliferating our lives. Artificial intelligence is becoming in integral contributor to how this technology adds value to the our lives. The capabilities of the cyber security ecosystem must keep pace with this evolution. During this session we will cover how artificial intelligence is being used to fuel the next generation of cyber security ecosystems. We will see how it can be used to improve accuracy, speed and efficiency of enforcement technologies while enhancing the information used to make business and security decisions. On the other hand, how could AI & Machine Learning be used against us? If we have the technology, so do our adversaries.

Aaron Rose
Cyber Security Evangelist & Member of the Office of the CTO at Check Point Software Technologies

Aaron Rose is a Cyber Security Evangelist, Security Architect & Member of the Office of the CTO at Check Point Software Technologies. A subject matter expert in Cloud, Internet of Things, and Application security; Aaron has focused his career on securing organizations & their resources beyond the perimeter of the traditional network firewall.

An avid international traveler, Aaron welcomed the opportunity to spend three months in Tel Aviv’, Israel training with Check Point’s research & development teams at the company’s global headquarters.

Track 2
4 Feb 2022 3:00 PM - 3:30 PM

In today’s world, we mainly focus on the importance of the cybersecurity analyst, the CIO, the CISO.
But the fact is many other roles are essential to cybersecurity. Michelle Winters initiative to open doors to newcomers to the industry is bringing attention to a larger conversation. As members of the cybersecurity community, how can we help increase inclusion, diversity, and access to untapped talent?
Utilizing her role as manager of customer success, Michelle shares her experience, strategy, and results in generating more opportunities for newcomers to the industry.

Michelle Winters
Cybereason, Customer Success Manager

Michelle Winters was born in Mexico and moved to the United States in 2001. She graduated from the University of Texas-San Antonio and began her IT journey in 2006, working as an IT Admin for Toyota Motor Manufacturers. She then joined Rackspace as a support engineer and found her passion for helping customers. Ever since then, Michelle has expanded her skills and helped startups get enterprise-ready for servicing customers.
Michelle has a passion for helping others and ensuring the door is always held open to equal opportunities for all, especially to women and people of color.
She is a customer-driven optimist that’s always willing to learn—a soon to be published author, mother, and equal rights advocate.

Track 2
4 Feb 2022 2:00 PM - 3:00 PM

There are two kinds of companies: those where leadership cares and… those where they don't. No amount of personal heroics, technical awesomesauce, or the world's greatest tool is going to change that and have the business suddenly get it. Your leadership is an elephant. Large. Moves only when it wants. Tramples things. And… the cleanup! So, how do we move the elephant when and where we want?

We'll talk how to get leadership buy-in for your risk management program, how to translate this for different kinds of offensive/threat assessments (vulnerability assessments, penetration testing, red teaming, and purple teaming), metrics (including real-world data) derived from a detection maturity model I created with business context (alignment) from my work with blue teams. Come with questions and curiosity, leave with actionable insights to build or mature your risk assessment program.

Bryson Bort
SCYTHE Founder/CEO
@brysonbort

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider.
‍
Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.

Track 2
4 Feb 2022 10:00 AM - 11:00 AM

While disinformation has been around since the age of antiquity, in recent years it has taken centerstage as a highly disruptive force. In this talk I make some comparison cases for how malware and expanding compromise in a computing environment, has direct parallels to how biases and heuristics are exploited in human cognitive software during a disinformation campaign. The talk will conclude with the introduction of a disinformation kill chain.

Mike Manrod
CISO, GCE
@CroodSolutions
https://www.linkedin.com/in/manrod/

Mike presently serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff and information assets across the enterprise. Previous experiences include serving as a threat prevention engineer for Check Point and working as a consultant and analyst for other organizations.

He is also a co-author/contributor for the joint book project, Understanding New Security Threats published by Routledge in 2019, along with multiple articles/whitepapers. When not working, he spends time playing video games with his kids or doing projects around the farm.