Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Here’s the schedule for this year. Registering here does not count. You MUST register to attend any of these. You may register here: https://www.bsidesslc.org/registration.html

You cannot manually add workshops to your schedule. You need to go register for them at https://www.bsidesslc.org/signup.html, and then the workshp will be added to your schedule.
View analytic

Log in to sync your favorites to your phone or calendar.

Thursday, March 9
 

9:30am

Welcome to BSidesSLC 2017!
Welcome, announcements, talking about BSidesSLC history, future.

Speakers
avatar for Sean Jackson

Sean Jackson

General Manager of BSidesSLC. Senior Security Engineer at Arctic Wolf Networks. Owner of Alliance Information Security. Hubby, father x5, pianist, crypto nerd, 1o57 FanBoi, hugger.


Thursday March 9, 2017 9:30am - 10:00am
Track 1 Salt Palace Convention Center

10:00am

A Continually Changing Industry: INFOSEC
The industry is under continual change with new technologies, methods of attack, and defensive strategies being formed. Companies are still struggling on how to tackle the phishing issues and exposures to their enterprise without any sign of slowing. As defenders or attackers, we need to have a mutual understanding of each other and the methods that are used. This talk dives into both offensive and defensive methods that are highly successful in attacking and defending enterprises. In addition, how as an industry do we handle changes, keep up with techniques, and continue to raise the bar on making it more difficult for hackers.

Speakers
avatar for David Kennedy

David Kennedy

TrustedSec & Binary Defense Systems
David Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David also serves as a board of director for the ISC2 organization. David was the former CSO for a Diebold Incorporated where he ran the entire INFOSEC program. David is a co-author of the book "Metasploit: The Penetration Testers Guide", the creator of the... Read More →

Bronze
avatar for Compunet

Compunet

Technical Marketing Director, CompuNet Inc.
avatar for UtahSaint

UtahSaint

Network Operations Manager, UEN


Thursday March 9, 2017 10:00am - 11:00am
Track 1 Salt Palace Convention Center

11:00am

Hadouken! Exploiting Street FIghter V to gain ring0
In late 2016 Capcom released an update for their PC game Street Fighter V. The update included a new anti-cheating mechanism implemented as a kernel driver. However instead of improving security of the system it instead weakened it.  We'll look at how this driver works and create a combo move that will KO the system and grant us ring0 access.
 

Thursday March 9, 2017 11:00am - 12:00pm
Track 1 Salt Palace Convention Center

11:00am

Pwned Cloud Society: Exploiting and Expanding Access within Azure & AWS
With more companies rapidly leveraging cloud providers for services, how do we more effectively exploit and expand access within these cloud-based environments?
 
 This session will help you hit the ground running with your next security assessment by demonstrating common weakness and misconfigurations I have seen in real world AWS and Azure implementations. This includes leveraging undocumented features to expand access, pivoting from the compute layer to cloud management interfaces, and manipulating logging to cover your tracks.
 
 Never fear, I will also show you some of the latest techniques on how organizations can better secure information systems within Azure & AWS by leveraging both standard cloud hardening techniques as well as implementing some unique and unconventional detection techniques.
 
 Cloud: it's a privilege, not a right.

Speakers
BK

Bryce Kunz

Bryce Kunz (@TweekFawkes) is an Senior Threat Specialist located within the Silicon Slopes who oversees active red team operations while researching unique access vectors primarily for cloud-based technologies (e.g. serverless compute, orchestration systems, etc...)


Thursday March 9, 2017 11:00am - 12:00pm
Track 2 Salt Palace Convention Center

11:00am

Remembering how we got here: Integrating defense-in-depth into DevOps culture
We are living in the age of the App where the term "low-level" likely refers to APIs instead of networks. In the world where public cloud is becoming the default, it's easy to forget how we got to a place where network access and availability is a given and you can build a successful startup without ever plugging in a server (or knowing what actually plugs in to a server for that matter). As organizations continue to adapt to this rapidly changing environment, a myriad of technology solutions create a complex support environment. We will discuss the intersection between DevOps culture and defense-in-depth from the infrastructure automation perspective, addressing common security concerns and mitigating approaches. Throughout the talk we keep in mind that customers and developers alike are all end-users of the complex systems we build and maintain.
 

Speakers
avatar for Kasim Esmail

Kasim Esmail

Director, Network Architecture, AppliedTrust
Kasim is Director of Network Architecture at AppliedTrust. His areas of specialty include network and infrastructure design and security, availability and performance tuning, strategic long-term planning, and auditing. He also has significant experience with large-scale network planning/design and implementation, including high-availability and disaster recovery, as well as converged technology integration.
avatar for Matt Krieger

Matt Krieger

Principal Security Architect, SportsEngine
Matt is a true full-stack systems architect with a focus on making easy-to-use networks and software systems as secure as possible. As Principal Security Architect at SportsEngine, he works with the entire organization to ensure customer data is protected by relevant policies, technical safeguards, and a culture of responsible data stewardship.


Thursday March 9, 2017 11:00am - 12:00pm
Track 3 Salt Palace Convention Center

11:00am

Intro to crypto Challenges and BSidesSLC 2016 Coin walkthrough
Limited Capacity seats available

https://www.bsidesslc.org/signup.html

This will be a quick intro to crypto coins following by a hands-on walkthrough of the BSidesSLC 2016 coin. Each stage will have 15-30 minutes to work on (individually or as a team). Afterwards, we’ll reveal the walkthrough for that stage. Later stages can be longer than 30 minutes depending.  We’ll have emails and files from 74rkus that we’ll send to teams upon completion of the stages to speed it along. During reveals, we’ll have recorded screen captures showing to show solutions (and avoid demo fail). Bottom line students will get insight on how to approach crypto challenges.

Speakers
avatar for Colin Jackson (d1dymu5)

Colin Jackson (d1dymu5)

Lockpick enthusiast, Physical Security, Splunk Fanboy
JJ

Jake Jones

(Jake)Information security, Blue teamer, with a decent Crypto Obsession.
avatar for Nathan Smith

Nathan Smith

Sr. Security Analyst
Family Life, Information Security and Assurance, Pentesting, Firewalls, Vulnerability Discovery, and Outdoors
MW

Michael Whiteley

Cloud Systems Administrator, Experticity
Information Security, Electrical Engineering, Ham Radio, Physical Security


Thursday March 9, 2017 11:00am - 1:00pm
Workshop 1 Salt Palace Convention Center

1:00pm

Red Vs. Blue CTF Thursday 1:00 - 3:00
Limited Capacity seats available

Have you ever detected an attack while it was happening?  Have you ever been the attacker?

Red versus Blue is a two hour hands-on workshop where participants experience security attacks from the perspective of an attacker and a defender.  Prizes are awarded to both attackers and defenders.

As a Blue Team participant, you'll be monitoring a live environment looking for anomalous behaviors.  It will be your job to identify the breach and make recommendations for remediation.  Blue team players will get hands-on experience using firewalls log collection tools for attack detection.

Red Team participants will receive a playbook with step-by-step instructions for a series of attacks against the Blue Team.  All necessary Red Team tools are included with Kali Linux.

This event is designed for players of all ages and abilities. Prizes will be awarded for high scores, insightful discoveries and collaboration skills.

What to bring:  A laptop capable of booting Kali Linux is required.

RvB has 16 available slots during each session (8 per team) with two teams facing off against each other. 

Speakers
S

Sobit

Security Cosmonaut, CompuNet


Thursday March 9, 2017 1:00pm - 3:00pm
Red Vs. Blue CTF

1:30pm

Man in the Cloud Attack
"Man in the Cloud" (MITC)  attacks rely on common file synchronization services (such as GoogleDrive and Dropbox) as their infrastructure for command and control (C&C), data exfiltration, and remote access. Without using any exploits, we show how simple re-configuration of these services can turn them into a devastating attack tool that is not easily detected by common security measures.

Speakers
AF

Adam Fisher

Enterprise Security specialist whose qualifications include a Bachelor’s Degree in Information Systems and a Master of Business Degree in Information Technology Management; a detailed knowledge of IMAG technologies and best practices. Ten years of experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations throughout Western Europe and North America.


Thursday March 9, 2017 1:30pm - 2:30pm
Track 1 Salt Palace Convention Center

1:30pm

Network Security Monitoring Product Evaluation
Selection of a network security monitoring (NSM) product can be a difficult process and proper instrumentation is critical to the success of a SOC.  The security world is in no short supply of vendors or solutions. However, the challenge remains determining which of the handful data points can be used reliably to make a procurement decision. We will share hard earned lessons from our experiences analyzing product reviews, validating performance claims, and field testing to validate implementations and real world performance. We will explain the framework we developed for evaluating performance criteria and describe the lab we built to execute tests in a controlled repeatable manner. We will then discuss how to distill test results into a concise report which aids in selecting a product that satisfies your prioritized requirements. In short what it takes to build a holistic and comprehensive view of the strengths and weaknesses of any IDS, SIEM, and other device you might be trying to evaluate.

Speakers
JD

James Dickenson

James is a guy that likes security stuff, his kids, family and snort rules. He's worn a Security Engineer hat for three years maintaining a fleet of IDS and SIEM boxes and all that entails.
avatar for Chris Tilley

Chris Tilley

Security Architect, Criterion Systems
Chris is a Security Architect and IT Consultant with 20 years of experience in Enterprise focused software development with a passionate interest in system integration, cyber security, and big data analysis. He enjoys video games, photography, and is a mediocre golfer. (@sefkac)


Thursday March 9, 2017 1:30pm - 2:30pm
Track 2 Salt Palace Convention Center

1:30pm

Planning a Purple Team exercise - the what why and how
Purple Teaming is the idea of using a Red Team exercise with clear training objectives for the Blue Team.
 Great exercises should not just be focused on testing a product, they should also test your active Blue Team members and their skills. But how does one start to think about a Purple Team exercise, how does one go about running one and what does it look like?
 In this talk we will explain what, why and how, to plan an effective purple team exercise and give some examples. Most enterprise networks are Windows heavy so examples will heavily lean on this.
 Testing Assumptions, gaps, blind spots is what being proactive is all about. This talk is both for the console folks and non-console folks.
 


Speakers
avatar for Haydn Johnson

Haydn Johnson

Haydn Johnson has over 4 years of information security experience, including network/web penetration testing, vulnerability assessments, identity and access management, and cyber threat intelligence. He has a Masters in Information Technology, the OSCP and GXPN certification. Haydn regularly contributes to the InfoSec community primarily via Twitter and has spoken at multiple conferences, namely Circle City Con, BSides Las Vegas and SecTor... Read More →


Thursday March 9, 2017 1:30pm - 2:30pm
Track 3 Salt Palace Convention Center

1:30pm

Advanced Wireless Attacks Against Enterprise Networks
Limited Capacity filling up

https://www.bsidesslc.org/signup.html

This workshop will instruct attendees on how to carry out sophisticated wireless attacks against corporate infrastructure. Attendees will learn how to attack and gain access to WPA2-Enterprise networks, bypass network access controls, and perform replay attacks to gain administrative control over an Active Directory environment. External wireless adapters and preconfigured live USBs will be provided to all workshop attendees, and material learned in the lectures will be practiced within a realistic lab environment.
Areas of focus include:
●    Wireless reconnaissance and target identification within a red team environment
●    Attacking and gaining entry to WPA2-EAP wireless networks
●    Bypassing network access controls (agent and agentless)
●    Firewall and IDS evasion
●    MITM and SMB Relay Attacks
Downgrading modern SSL implementations using partial HSTS bypasses

Speakers
avatar for Gabriel Ryan

Gabriel Ryan

Security Engineer, Gotham Digital Science
Gabriel is a pentester, CTF player, and Offsec R&D. He currently works for Gotham Digital Science, where he provides research and consulting capabilities for a diverse range of clients. Previously he has worked at OGSystems and Rutgers University. He also is a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. Things that make him excited include wireless attacks, evading antivirus, and playing with fire... Read More →


Thursday March 9, 2017 1:30pm - 5:30pm
Workshop 1 Salt Palace Convention Center

1:30pm

Practical Web Application Exploitation
Limited Capacity filling up

https://www.bsidesslc.org/signup.html

This is a hands-on practical workshop in which you will be attacking old vulnerable versions of popular web applications. This workshop will teach you the thought process and practical skills necessary to begin performing web application security assessments at a professional level. You will be taught how to efficiently identify, exploit, and document several of the most prevalent web vulnerabilities. We will also learn how these vulnerabilities can be remediated. We will delve into topics such as: SQL Injection (SQLi), Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and External Entity Injection (XXE). We’ll also briefly cover parameter manipulation, functional access control, and filter evasion.
This workshop is aimed at beginners with a background in technology. If you can install a virtual machine on your computer, know a few Linux shell commands, and have some exposure to technologies such as PHP and MySQL, then you’re the perfect candidate. If you’ve already started delving into web exploits and simply want to learn how to work more efficiently, even better (but not a requirement!). If you haven’t done any of the previous this workshop will have a bit of a learning curve, and may require some independent study beforehand.

Speakers
avatar for Jessica Ryan

Jessica Ryan

Jessica breaks websites. She aspires to break more websites. She has worked as a security consultant for four years, performing penetration tests and vulnerability assessments for clients through the UK and Europe. She has an unhealthy obsession with obscure cryptographic challenges, and is determined to solve the Voynich Manuscript. She thinks that blockchain technology and NFC are also pretty cool. In her free time she enjoys competing in CTFs... Read More →


Thursday March 9, 2017 1:30pm - 5:30pm
Workshop 2 Salt Palace Convention Center

2:30pm

InfoSec Parenting
As our children grow, their curiosity and understanding of the world grow with them. When our children come of age, they question everything we do and no longer accept "no"as an answer. Much like our children, our business partners are also growing. Today's typical employee is exposed to technology at home and at work. Gone are the days when employees have no knowledge of technology. And, because of this, the business no longer accepts "no" as an answer when it relates to security issues. This opportunity means that we must correctly access the risk of security gaps and communicate this risk to the business in means they will understand. Doing so will help us forge a better relationship with our business partners, serve their needs better, and provide better security for our organizations.

Speakers
avatar for Thomas Elegante

Thomas Elegante

Tom Elegante has over 12 years of experience in the Financial Industry. He has spent many of those years in risk management. He has been in Information Security for over 2 years and brings an interesting, perverse, view to the practice.


Thursday March 9, 2017 2:30pm - 3:00pm
Track 1 Salt Palace Convention Center

2:30pm

Your political campaign needs a CISO
Let's step outside the political rhetoric and partisanship battleground of the 2016 POTUS campaign and take a "lessons learned" walk through the many InfoSec-related events that occurred along the way.
 
 Although the DNC hacks dominated the cyber news there were many smaller incidents that deserve to be recognized and considered through the lens of a security team doing an after-action report.
 
 Future candidates for major political positions now need to hire someone to worry over email servers, OSINT, disinformation, data mining, database security, spear-phishing, website security, protecting PII, and whether your mistakes will fuel an escalation of cyber war.

Speakers
JJ

J0N J4RV1S

Jon is a long-time resident of the Internet and wants to help make it a safer place for everyone. He created SecureUtah.org to promote HTTPS adoption and UtahWatch.org to publicly track which prominent Utah websites implement HTTPS correctly. He is a avid proponent of digital security, data privacy, usable encryption, and InfoSec diversity, and hopes to inspire others to join him in championing these issues.


Thursday March 9, 2017 2:30pm - 3:00pm
Track 2 Salt Palace Convention Center

2:30pm

How To Build a SOC For Mid-Sized Companies
It’s the SOC, stupid! That’s what you need to combat the modern cyber threats and attacks. A SOC is what most large enterprises use to protect their environment and it involves a combination of people, process and technology. It is perceived to be a costly and complex. However, if you are a mid-sized company with limited budget and limited resources, you are fighting the same advanced threats. How would you build a SOC and run it like the Fortune 500 companies do on a limited budget?

Speakers
avatar for Sam McLane

Sam McLane

Arctic Wolf Networks


Thursday March 9, 2017 2:30pm - 3:00pm
Track 3 Salt Palace Convention Center

3:00pm

NIST Risk Management Framework and why it should be utilized
Will talk about the NIST Risk Management Framework (RMF) and why it should be used when developing new security strategies.  RMF is what the Government is trying to standardize to and it provides many benefits to industry.  Provide a basis on what is available and how to start understanding the benefits of a risk based analysis.

Thursday March 9, 2017 3:00pm - 3:30pm
Track 1 Salt Palace Convention Center

3:00pm

I've Upped My Attitude, So Up Yours! (How to maintain a positive outlook as a security professional)
As infosec professionals we often are perceived as negative and unwilling to budge from our point of view. This talk will discuss some ideas on how to work within other teams, social engineering at times, and how to overcome some of those misconceptions.

Speakers
avatar for Nathan Smith

Nathan Smith

Sr. Security Analyst
Family Life, Information Security and Assurance, Pentesting, Firewalls, Vulnerability Discovery, and Outdoors


Thursday March 9, 2017 3:00pm - 3:30pm
Track 2 Salt Palace Convention Center

3:00pm

Tales from the Crypt--ology
Delve into some of the cryptography world's unsolved mysteries - learn why they're so hard to crack, some of the fascinating history behind them, and the open source tools being developed in an effort to solve them.

Speakers
avatar for Tiberius Hefflin

Tiberius Hefflin

Security Assurance Analyst, Portland General Electric
Tibbs recently graduated from the University of West of Scotland with a degree in computer security. She has relocated to Portland, OR, where she evangelizes for privacy and security while doing security assurance work for Portland General Electric. She is passionate about encouraging small children to take the plunge into STEM and about laughing at cats on the internet.


Thursday March 9, 2017 3:00pm - 3:30pm
Track 3 Salt Palace Convention Center

3:30pm

USB Device Analysis
You already know that USB devices present a danger of infection to users, but how do you determine the level of risk? To make things harder, there are advanced USB devices and OS exploits that can infect even your examiner workstation if you don’t take the appropriate precautions. I will walk you through an investigative methodology to both discover the threat quickly, and protect your assets in the process.

Speakers
JH

James Habben

James Habben is a consultant where he provides security guidance, incident response management, and breach investigations for companies large and small.


Thursday March 9, 2017 3:30pm - 4:30pm
Track 1 Salt Palace Convention Center

3:30pm

Going past the wire: Leveraging Social Engineering in physical security assessments
Many organizations have started understanding the value they can get with a physical security assessment. However, after having one performed, they are left with a network penetration test report. Unfortunately, many consulting firms do not know how to go past the wire and evaluate the physical security of an organization including their employees. During this talk, Stephanie will discuss the methodology she utilizes at Snowfensive when performing a physical security assessment. This method covers everything from OSINT and on-site reconnaissance, crafting pretexts, multiple attack vectors, and tips and tricks.

Speakers
avatar for Snow

Snow

Snowfensive
Stephanie Carruthers is a social engineering professional. After winning a black badge at DEF CON 22 for the Social Engineering Capture The Flag, Stephanie started Snow Offensive Security in 2014, a small boutique consultancy that provides social engineering focused services such as phishing, vishing, physical security assessments, penetration testing and red team exercises. Stephanie specializes in Open Source Intelligence (OSINT) gathering... Read More →


Thursday March 9, 2017 3:30pm - 4:30pm
Track 2 Salt Palace Convention Center

3:30pm

Red Teaming the Board
Red teaming as an infosec practice has centered lately around showy exploits, social engineering, and ski-mask style hacking. This is just the tip of the iceberg, to better align security teams with what business leaders need, we need to get back to our adversarial roots by focusing on a broader spectrum of threats, how businesses can be harmed, and how to uncover them from a process perspective. This talk will focus on how and where we as security practitioners can apply red teaming techniques in the corporate environment, going beyond the same old live fire hacking exercises with war games, business process reviews, and competitor/market analysis. The goal of this talk is to empower security teams to better align themselves with not only IT and engineering departments, but the core business objectives and directives in place at their respective organizations.

Speakers
RW

Robert Wood

Robert Wood runs the security team at Nuna, whose core directive is to protect one of the nation's largest collective healthcare data sets. Previously, Robert was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with strategic clients across the United States in an advisory capacity. Throughout his career, Robert has approached problems from the red teaming perspective, identifying how and why... Read More →


Thursday March 9, 2017 3:30pm - 4:30pm
Track 3 Salt Palace Convention Center

4:00pm

Red Vs. Blue CTF Thursday 4:00 - 6:00
Limited Capacity seats available

Have you ever detected an attack while it was happening?  Have you ever been the attacker?

Red versus Blue is a two hour hands-on workshop where participants experience security attacks from the perspective of an attacker and a defender.  Prizes are awarded to both attackers and defenders.

As a Blue Team participant, you'll be monitoring a live environment looking for anomalous behaviors.  It will be your job to identify the breach and make recommendations for remediation.  Blue team players will get hands-on experience using firewalls log collection tools for attack detection.

Red Team participants will receive a playbook with step-by-step instructions for a series of attacks against the Blue Team.  All necessary Red Team tools are included with Kali Linux.

This event is designed for players of all ages and abilities. Prizes will be awarded for high scores, insightful discoveries and collaboration skills.

What to bring:  A laptop capable of booting Kali Linux is required.

RvB has 16 available slots during each session (8 per team) with two teams facing off against each other.

Speakers
S

Sobit

Security Cosmonaut, CompuNet


Thursday March 9, 2017 4:00pm - 6:00pm
Red Vs. Blue CTF

4:30pm

The Aftermath of a Fuzz Run: What to do about those crashes?
Fuzzing is a highly effective means of finding security vulnerabilities - new, easy to use and highly effective fuzzers such as American Fuzzy Lop and libFuzzer have driven its increased popularity. Once a fuzz run has found cases that crash the target application, each must be reduced, triaged and the root cause found to enable a fix. In this presentation, David Moore will describe tools, tactics and techniques for performing post fuzz run analysis on the resulting crashes with the goal of fixing the vulnerabilities.
 
 The first section of the talk will introduce/review fuzz testing and memory corruption bugs. Then a complete crash triage/root cause analysis workflow will be outlined including the use of corpus and test case minimizers, debuggers and reverse debuggers and automated memory analysis and crash triage tools such as Valgrind memcheck, Crashwalk, and Address Sanitizer. Finally, examples of memory corruption bugs of varying degrees of exploitability will be presented.
 
 This talk is suitable for anyone with some C programming experience and an interest in using fuzzers to find security vulnerabilities. Attendees will learn how to effectively analyze, triage and fix crashing cases.

Speakers
DM

David Moore

CEO, Fuzz Stati0n
David Moore is founder and CEO of Fuzz Stati0n. He has been involved in software development and security for the past 20 years, working with NeXT, Apple, Weblogic and Azul Systems. David's trophy case includes public recognition from Google, Twitter, Netflix, Linux, Ruby, Python, and PHP. Fuzz Stati0n was founded to improve security for everyone. David has extensive speaking experience giving technical presentations and training to... Read More →


Thursday March 9, 2017 4:30pm - 5:30pm
Track 1 Salt Palace Convention Center

4:30pm

If System = ICS, Then Pwn4g3 > Root
Got root?  Great.  Got physics?  No?  Defender wins.  
 
 Total pwn4g3 of an Industrial Control System (ICS) requires more than rooting a system.  Successful attacks require 2 payloads, one to control the technology and one to control the process.   
 
 ICS attacks are therefore more complex attack strategies, different tool kits, and more time to implement.  They also lead to more mistakes.  (Hacker foo and practical physics rarely play well together the first time they meet!)   
 
 What happens when mistakes are made during an ICS attack?  *Physical changes to closely monitored processes
 *Repeated errors interrupting normal automation operations
 *An unusual occurrence of defensive advantage
 
 Let's talk about how ICS attacks are planned, common signs attackers are developing the physics payload, and how to defend the process. 
 

Speakers
BR

Bri Rolston

Bri Rolston is the ICS Security Lead for Monsanto Corporation where she works with the supply chain, OT, and ICS teams. She still works occasionally as a Critical Infrastructure Security Researcher for the Idaho National Laboratory (INL). Her work requires lots of caffeine, research, data mongering, and quality geek time. | | In past lives, she has been a cyber security researcher, threat manager, security architect, incident... Read More →


Thursday March 9, 2017 4:30pm - 5:30pm
Track 2 Salt Palace Convention Center

4:30pm

PRIVACY AND SECURITY WHICH COMES FIRST? OR HOW DO I TALK TO MY INFORMATION SECURITY GROUP ABOUT GETTING PRIVACY INTO THE CONVERSATION.
Privacy and Information Security both share the control space, the question is how are controls implemented to meet regulatory requirements for both control areas.  This presentation will deal with the issue of Privacy and Information Security and the misconception that the two are one in the same and the same controls can be used to meet regulatory requirements for both areas.  My perspective is from the healthcare arena and patient perspective with regulations where we deal with the privacy and the security rules. What I am trying to do is get the recognition that we are talking about an apples and oranges situation and we need to treat the two as very different control perspectives.  My focus will be on Privacy and hopefully I can get you to add it to your Information Security Team and ITS Teams awareness and get them to understand the differences between Privacy and Information Security.   I want to provide you with some talking points that I hope will allow you to open that dialog and get a seat at the table and allow them to understand the critical nature of Privacy and the differences between Privacy and Information Security.

Speakers
JS

Jerry Smith

I work for the University of Utah in the Privacy Office as an Information Security and Privacy Analyst. I have been with the U for six-years, prior to that I worked for the State of Utah doing Information Security for Human Services, Health, DABC and ITS for about twelve years. I worked as a Data Security Administrator for Zions Bank and did mainframe security and worked as a computer operator for O.C. Tanner.


Thursday March 9, 2017 4:30pm - 5:30pm
Track 3 Salt Palace Convention Center

7:30pm

Hacker Puzzles, DJs, and DC801 Hacker Space
Come out and work on the Hacker Puzzles with like-minded friends. We're RIGHT NEXT DOOR to Crown Burger, so grab some dinner. We're above a bar, so grab a drink. I don't think they'll let you leave with your drink, Crown Burger will let you leave with your burger. :)

We'll have hacker music provided by the ever amazing Skittish & Bus, JakeFromS7a73farm, and Metacortex. Many, if not all, puzzle authors will be there to give hints to the penitent and weepy.

When you get to the con, you'll have a USB with mixes from all three DJs. That's nice, but you should really hear them live. :)

Moderators
DH

Danny Howerton

Danny is a SLC local with previous experience in Network Security Administration, IDS/AppID Signature writing, and Pentesting is now a Threat Analyst at Proofpoint and is responsible for tracking malware trends, campaigns, and actors. He has presented at a whole bundle of conferences and will leave it as an exercise to the user to figure out what ones.
avatar for Sean Jackson

Sean Jackson

General Manager of BSidesSLC. Senior Security Engineer at Arctic Wolf Networks. Owner of Alliance Information Security. Hubby, father x5, pianist, crypto nerd, 1o57 FanBoi, hugger.
JJ

Jake Jones

(Jake)Information security, Blue teamer, with a decent Crypto Obsession.

Thursday March 9, 2017 7:30pm - 11:00pm
801Labs 353 E 200 S, Salt Lake City
 
Friday, March 10
 

10:00am

I want to help with application security, but I'm not a developer
Application security is a team-wide activity and, even if you aren't a software developer, you can contribute. We'll cover several ways someone with a passion for security can help teams improve overall security, including threat modeling, security and privacy reviews, incident response planning, and other activities.

Speakers
JO

John Overbaugh

John Overbaugh, President and Owner of infoSecure, holds the CISSP, GSLC, GWAPT and GCIH certificates. He has taught and developed curriculum for CISSP prep courses, and teaches on secure software development internationally. John has been involved in software security since 1999 when he led his product group through Microsoft's secure development life cycle. When he's not speaking, John enjoys spending time with his family, motorcycling... Read More →


Friday March 10, 2017 10:00am - 11:00am
Track 1 Salt Palace Convention Center

10:00am

Facing the Kobayashi Maru: Incident Response Tabletop Exercises
Multiple compliance frameworks require testing your Incident Response Plan. Unfortunately, that is usually the extent of their guidance. Tabletop Exercises have quickly become a very popular method of evaluating Incident Response Plans. During this discussion, JC will explain the Tabletop Exercise process including designing, conducting, and reporting. JC will also discuss which organizations will benefit most from a Tabletop Exercise and other methods of testing for both more and less mature organizations.

Speakers
J

JC

JC is a U.S. Marine Corps veteran and Grand Poobah at Snow Offensive Security. JC has over ten years of experience in information technology with an emphasis on Digital Forensics and Incident Response (DFIR). In his career, he has provided incident response services for hundreds of engagements across all business sectors ranging from administrative lockdowns to enterprise-wide security incidents and forensic analysis. | In his new role with... Read More →


Friday March 10, 2017 10:00am - 11:00am
Track 2 Salt Palace Convention Center

10:00am

Beyond Wardriving: Tracking Human Beings with RF Technology
In this talk we'll explore the use of RF technology to track human beings, with a focus on handheld devices. We'll discuss strange and often terrifying methods of mapping wireless communication to human behavior, from packet sniffing trashcans to retail devices that monitor your movements and customer satisfaction. You may even notice some startling overlaps between the techniques used by law enforcement and data driven marketing agencies. Finally, we'll demonstrate implications of this technology within a physical security context. You may ask yourself by the end of this talk: what are we but our metadata?

Speakers
avatar for Gabriel Ryan

Gabriel Ryan

Security Engineer, Gotham Digital Science
Gabriel is a pentester, CTF player, and Offsec R&D. He currently works for Gotham Digital Science, where he provides research and consulting capabilities for a diverse range of clients. Previously he has worked at OGSystems and Rutgers University. He also is a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. Things that make him excited include wireless attacks, evading antivirus, and playing with fire... Read More →


Friday March 10, 2017 10:00am - 11:00am
Track 3 Salt Palace Convention Center

10:00am

Red Vs. Blue CTF Friday 10:00 - 12:00
Limited Capacity seats available

Have you ever detected an attack while it was happening?  Have you ever been the attacker?

Red versus Blue is a two hour hands-on workshop where participants experience security attacks from the perspective of an attacker and a defender.  Prizes are awarded to both attackers and defenders.

As a Blue Team participant, you'll be monitoring a live environment looking for anomalous behaviors.  It will be your job to identify the breach and make recommendations for remediation.  Blue team players will get hands-on experience using firewalls log collection tools for attack detection.

Red Team participants will receive a playbook with step-by-step instructions for a series of attacks against the Blue Team.  All necessary Red Team tools are included with Kali Linux.

This event is designed for players of all ages and abilities. Prizes will be awarded for high scores, insightful discoveries and collaboration skills.

What to bring:  A laptop capable of booting Kali Linux is required.

RvB has 16 available slots during each session (8 per team) with two teams facing off against each other.

Speakers
S

Sobit

Security Cosmonaut, CompuNet


Friday March 10, 2017 10:00am - 12:00pm
Red Vs. Blue CTF

10:00am

Introduction to Malware Analysis Part 1
Limited Capacity filling up

https://www.bsidesslc.org/signup.html

This workshop will not be for grizzled malware analysts. This workshop is intended for those who are new to malware analysis or have a very limited exposure to it.  I will cover everything you need to start analyzing malware without learning how to reverse engineer binaries. I will cover, setting up a safe sandbox environment, detonating samples, identifying malware families,  and collect IOC's, and gathering as much information you can about a sample that you may come across.  
Current Working Outline:
  • Types of malware commonly seen today
  •    Web based
  •       Malicious websites that point to Exploit Kits
  •       iframes
  •       javascript
  •       java/flash objects
  •    File based
  •       Binary executables
  •       Microsoft Office Documents
  •       Visual Basic Scripts
  •       javascript files
  •       wsf files
  • Setting up a Sandbox Environment
  •    Setting up VPN access for your sandbox
  •    Installing and using tools for dynamic analysis
  •    Staying safe
  •       Handling of samples
  • Routing all VPN access through VPN
  • VM Snapshots
  • Static analysis of samples
  •    Strings
  •    Script extraction
  •    Script obfuscation
  •    Dynamic Analysis
  •    Watching behavior of sample detonation
  •       Process Hacker 2
  •       Child Process Spawning
  •       Process Migration
  • Process Memory Dumping
  •    Strings
  •    Fiddler 2
  •    HTTPS inspection
  •    Wireshark
  •    RegShot
  • Malware family identification
  •    Understanding family behaviors
  •    Memory Dump
  •    Strings in memory
  •    Volatility
  •    C2 communication methods
  • Tying it all together
  • Building IOCs from all the information we gathered from our analysis
  • If there is time, a peek into Cuckoo, automated Dynamic Analysis

 

ISOs/Software needed:

  • OSX or Linux Host OS (can probably use BSD too but ¯\_(ツ)_/¯  ). Feel free to bring Windows if you are feeling brave and able to troubleshoot yourself
  • VPN client on host OS with access to burnable public IP
  • Desktop Virtualization Software (I will be using VirtualBox)
  • Windows 7 32 bit Installation inside said Virtualization Software 
  • OfficeMalScanner
  • Process Hacker 2
  • Fiddler 2
  • Wireshark
  • HideToolz
  • RegShot

Speakers
DH

Danny Howerton

Danny is a SLC local with previous experience in Network Security Administration, IDS/AppID Signature writing, and Pentesting is now a Threat Analyst at Proofpoint and is responsible for tracking malware trends, campaigns, and actors. He has presented at a whole bundle of conferences and will leave it as an exercise to the user to figure out what ones.


Friday March 10, 2017 10:00am - 12:00pm
Workshop 2 Salt Palace Convention Center

10:00am

Wireshark Crash Course for Beginners
Limited Capacity filling up

https://www.bsidesslc.org/signup.html

This two-hour hands-on workshop focuses on basic packet capture analysis using Wireshark. It is targeted at those who have never/rarely worked with packet captures. Topics include: Brief review of networking models and understanding how the layers fit in wireshark. Walkthrough of captures including ping, traceroute, dhcp, ftp, http, http with TLS. Wireshark filters. Wireshark features, such as extracting objects, following conversations, using statistics, decrypting traffic. Along the way, attendees will also pick up information about TCP vs UDP, ephemeral ports, TTL, TCP flags, ICMP types, and other tidbits.

Speakers
RJ

Robert Jorgensen

Robert Jorgensen is a cybersecurity professional with expertise in cybersecurity strategy and execution and 20 years of experience in various technology roles. He holds multiple information security certifications, including CISSP, CISA, and GXPN, as well as networking and systems certifications from Microsoft, Novell, and Cisco. A Utah native, Robert received his Master of Science in Information Systems from the University of Utah. Robert is... Read More →


Friday March 10, 2017 10:00am - 12:00pm
Workshop 1 Salt Palace Convention Center

11:00am

Security and Ops in Startups
In a startup, security and operations discipline can be easy to put off until later. This talk will look at how adding concepts like change control, testing, regular patch management and centralized logging, common in regulated environments, can be implemented efficiently. In any web services startup, these processes can help rather than hinder productivity,  both in terms of stabilty and security.

Speakers
avatar for Daniel Jeffery

Daniel Jeffery

Cyberhoplologist, Linux Foundation
Dan is a serial blue teamer. As an infrastructure/cloud/security/manager generalist he's implemented and maintained everything from SIEMs to SANs to HSMs. He apparently enjoys regulated environments and playing mind games with auditors from FFIEC, PCI and FedRAMP to the joys of WebTrust .


Friday March 10, 2017 11:00am - 12:00pm
Track 1 Salt Palace Convention Center

11:00am

The surveillance capitalism will continue until moral improves
The War on Privacy is ongoing and it is escalating.   Invasions into your privacy have become sneakier, highly automated, difficult to avoid and increasingly convoluted to opt-out from.  Content platforms and advertising networks are actively seeking and developing new technologies to collect and correlate the physical identities, movement, characteristics, and Internet activity of consumers. 
 
 Skip this talk if you're already familiar with and prepared to defend against:
 -  Instant facial recognition & correlation at scale
 -  Geo-fenced content delivery
 -  Retailer & municipal WiFi tracking
 -  Unblockable browser fingerprinting
 -  Cross-device ultrasound beaconing
 -  Inescapable data brokers
 
 Data poisoning and obfuscation may be our only chance for survival.  Come with me - what I will show you is only the shore on a continent of horror.

Speakers
JJ

J0N J4RV1S

Jon is a long-time resident of the Internet and wants to help make it a safer place for everyone. He created SecureUtah.org to promote HTTPS adoption and UtahWatch.org to publicly track which prominent Utah websites implement HTTPS correctly. He is a avid proponent of digital security, data privacy, usable encryption, and InfoSec diversity, and hopes to inspire others to join him in championing these issues.


Friday March 10, 2017 11:00am - 12:00pm
Track 2 Salt Palace Convention Center

11:00am

Container Secrets Done Right
Containers are taking the world by storm, but security is lagging behind.  Reflex Engine leverages the power of ABAC and runs in a unique manner to create highly secure containerized applications.  Come learn how.

Speakers
BG

Brandon Gillespie

Brandon has a breadth of experience through his career including CTO, CIO, Director of Operations, Security and Infrastructure, Architect, Consultant, Engineer, Developer, and Project Manager across the public, private, and nonprofit sectors. He is directing platform and tech efforts at Divvypay.com, is the author of the book Activator: Success in the Tech Industry with Design Thinking and Reflex Engine, an OSS ABAC based ephemeral... Read More →


Friday March 10, 2017 11:00am - 12:00pm
Track 3 Salt Palace Convention Center

1:00pm

NMAP 101
An introduction to the popular network scanner NMAP. We'll go through host and service discovery using different types of scans, using the NMAP Scripting Engine (NSE), and even write a simple script of our own.

Speakers
CD

Christopher D Hopkins

Active participant in the Utah InfoSec community for the last three years. I've worked Tech Support, System and Network Administration, and Software Development.


Friday March 10, 2017 1:00pm - 1:30pm
Track 1 Salt Palace Convention Center

1:00pm

On-Demand Outlier Detection [OD^2] to Optimize Threat Analytics
Detecting outliers/anomalies are essential for querying and pivoting for malicious/unauthorized activity in the network. More often than not, organizations incorporate multiple levels of security using various products available to them to protect and defend their endpoints and network against cyber threats. Signals about potential threats are therefore derived from different sources.
 
 The primary challenge to detecting outliers in a highly multidimensional space is  the "curse-of-dimensionality". We collect over 4000 network atttributes and this results in the data looking very similar to each other in the original embedded vector space, rendering outlier algorithms ineffective. Attackers often maquerade the attack vectors to look like benign traffic and often the "tell" is in one or few of the network attributes. The significance of these smaller set of features is often lost when looking for outliers in the high-dimensional space.
 
 In this talk, we will discuss a first-of-its-kind approach in the security industry to use minimal signals about malicious activity from different sources to learn new anomalous activity on demand. We will discuss various subspace clustering methods to determine appropriate subspaces where the outliers become "pronounced". We will also discuss ways to generate explanations for the outliers in this space, without which it is hard to validate and interpret outlier predictions.
 
 User feedback is highly critical in on-demand learning systems both to course-correct the learning algorithm and to validate the predictions. In the last part of the talk, we will focus on effective user-feedback mechanisms to strengthen on-demand learning, by building dashboards for efficient data projection and visualization of the outliers.

Speakers
avatar for Parasaran Raman

Parasaran Raman

Sr. Data Scientist, Eastwind Networks
Applied Machine Learning Researcher. | University of Utah CS PhD.


Friday March 10, 2017 1:00pm - 1:30pm
Track 2 Salt Palace Convention Center

1:00pm

Green Eggs and Hacks
Do you like to go to DEF CON?
 Would you like to take your kids?
 Yes I love to go to DEF CON,
 but it is no place for kids!
 I would say you might be wrong,
 maybe you can take the kids along.
 Learning and playing is such fun.
 Taking kids to DEF CON can be done.
 Picking locks and the SE CTF,
 meeting new friends and the EFF!
 The next generation, watch it grow.
 DEF CON! Oh, the places you'll go!

Speakers
avatar for nibb13

nibb13

Security Engineer, CompuNet
husband, father, and infosec geek


Friday March 10, 2017 1:00pm - 1:30pm
Track 3 Salt Palace Convention Center

1:00pm

Red Vs. Blue CTF Friday 1:00 - 3:00
Limited Capacity seats available

Have you ever detected an attack while it was happening?  Have you ever been the attacker?

Red versus Blue is a two hour hands-on workshop where participants experience security attacks from the perspective of an attacker and a defender.  Prizes are awarded to both attackers and defenders.

As a Blue Team participant, you'll be monitoring a live environment looking for anomalous behaviors.  It will be your job to identify the breach and make recommendations for remediation.  Blue team players will get hands-on experience using firewalls log collection tools for attack detection.

Red Team participants will receive a playbook with step-by-step instructions for a series of attacks against the Blue Team.  All necessary Red Team tools are included with Kali Linux.

This event is designed for players of all ages and abilities. Prizes will be awarded for high scores, insightful discoveries and collaboration skills.

What to bring:  A laptop capable of booting Kali Linux is required.

RvB has 16 available slots during each session (8 per team) with two teams facing off against each other.

Speakers
S

Sobit

Security Cosmonaut, CompuNet


Friday March 10, 2017 1:00pm - 3:00pm
Red Vs. Blue CTF

1:00pm

Introduction to Malware Analysis Part 2
Limited Capacity filling up

This is merely a placeholder for the second half of the four-hour workshop. You must register for the workshop here: https://www.bsidesslc.org/signup.html

Speakers
DH

Danny Howerton

Danny is a SLC local with previous experience in Network Security Administration, IDS/AppID Signature writing, and Pentesting is now a Threat Analyst at Proofpoint and is responsible for tracking malware trends, campaigns, and actors. He has presented at a whole bundle of conferences and will leave it as an exercise to the user to figure out what ones.


Friday March 10, 2017 1:00pm - 3:00pm
Workshop 2 Salt Palace Convention Center

1:00pm

Reclaim your privacy, improve your security, and detox your data
Limited Capacity seats available

Do you want to regain some control over the information and data that you share online?  Do you want to know how to communicate privately and securel ?  Do you want to reduce what advertisers, ISPs, and websites know about you?

Have you let yourself install too many apps, clicked "I agree" a few too many times, lost track of how many accounts you've created?  Don't despair!  This privacy and security workshop is designed just for you!

By the end of this workshop you will:
Install one of two good options for a VPN
Begin to practice online compartmentation
Clean up and privatize your social media accounts
Understand and experience browser fingerprinting
Have a password manager installed with 2FA enabled
Know how to securely communicate with a trusted contact
Know how to (mostly anonymously) buy and use a prepaid card

This workshop features an accelerated and enhanced version of the 8-Day Data Detox Kit, originally produced by Tactical Tech and Mozilla.  The instructor will walk participants through the guide and supplement the kit's instructions with real-world examples and additional actions that will increase your privacy while improving the security of your accounts and devices.

Participants will receive a paper copy of the kit along with printouts of supplemental information and links.  Participants are expected to bring their own devices and have a beginner to intermediate skill level with browsing the Internet and using and configuring their device.

Speakers
JJ

J0N J4RV1S

Jon is a long-time resident of the Internet and wants to help make it a safer place for everyone. He created SecureUtah.org to promote HTTPS adoption and UtahWatch.org to publicly track which prominent Utah websites implement HTTPS correctly. He is a avid proponent of digital security, data privacy, usable encryption, and InfoSec diversity, and hopes to inspire others to join him in championing these issues.


Friday March 10, 2017 1:00pm - 3:00pm
Workshop 1 Salt Palace Convention Center

1:30pm

Get Started Writing Nmap Scripts
Ever look at an Nmap NSE script and think, "one day I should learn to write one of these"?  If so, today is your lucky day!  This presentation is all about how to get started writing NSE scripts.  We will cover an overview of Nmap's scripting engine, look at the basics of Lua, the core requirements of an NSE script and then move into writing a few of simple scripts.  This presentation's goal is to get you familiar enough with Nmap scripting to start writing your own scripts for problems you have at work.  So let's dive in and get started!

Slides and scripts are located at https://github.com/tadaka/nse-scripts/ 

Speakers
avatar for Jason Wood

Jason Wood

Founder, Paladin Security
Jason Wood is the founder of Paladin Security where he provides penetration testing for clients and creates online security training courses. He has years of experience performing penetration tests for financial institutions, SaaS companies, health care companies, critical infrastructure and government organizations. When he's not working, Jason tinkers with hardware hacking and wishes he had room for a model railroad.


Friday March 10, 2017 1:30pm - 2:30pm
Track 1 Salt Palace Convention Center

1:30pm

Threat Modeling 101: Hands On
The Microsoft threat modeling tool has been available since 2013, yet few people understand how to conduct an effective threat model (and follow-up on findings). In this talk, we will perform an actual threat model and I will demonstrate the features and weaknesses of the latest release of Microsoft's threat modeling tool.

Speakers
JO

John Overbaugh

John Overbaugh, President and Owner of infoSecure, holds the CISSP, GSLC, GWAPT and GCIH certificates. He has taught and developed curriculum for CISSP prep courses, and teaches on secure software development internationally. John has been involved in software security since 1999 when he led his product group through Microsoft's secure development life cycle. When he's not speaking, John enjoys spending time with his family, motorcycling... Read More →


Friday March 10, 2017 1:30pm - 2:30pm
Track 2 Salt Palace Convention Center

1:30pm

Windows Credential Attacks, Mitigation, and Defense
Windows credentials are arguably the largest vulnerability affecting the modern enterprise.  Credential harvesting is goal number one post-exploitation, and hence it provides an appealing funnel point for identifying attacks early in the kill chain.  Unfortunately, credentials are diverse and numerous in Windows, and so are the attacks.  With significant credential theft mitigations released in Win8.1, Win10 and Server 2012/2016, both red and blue teams require an enhanced understanding of Windows credentials.  Red teamers may suddenly find their favorite techniques obsolete, while the blue team needs to take advantage of available mitigation techniques as soon as possible.  Credential types, attack tools, and mitigation will all be discussed, giving insight into both sides of the equation.

Speakers
CT

Chad Tilbury

Technical Director, CrowdStrike
Chad has been conducting incident response and forensic investigations since 1998. As Technical Director for CrowdStrike, he provides technical leadership for the services team, driving innovation to support customers in IR, remediation, forensic support, penetration testing, and compromise assessment. Chad is a Senior Instructor at the SANS Institute and co-author of the FOR408 and FOR508 courses.


Friday March 10, 2017 1:30pm - 2:30pm
Track 3 Salt Palace Convention Center

2:30pm

Federal Bug Bounty Programs: Hacking the Feds for Fun and Profit (Mostly Profit)
A presentation detailing my adventures and experiences with the US Department of Defense open bug bounty programs. Details of the types of vulnerabilities one might find through these programs, both "textbook easysauce" and "OMG who would do that?" levels of difficulty. Will also provide some guidance and suggestions for sucessfully finding, exploiting, documenting and managing your own vulnerabilities and most importantly, getting paid to hack.

Speakers
avatar for Corpsman801

Corpsman801

Application Security and Penetration Testing
The Corpsman is retired military, spent many years in trauma and combat medicine. Now working in application security, he helps engineering organizations develop more secure software, and then turns around and runs penetration tests and red team engagements against them. He has successfully hacked both the Pentagon and the Army and managed to stay out of prison. He has not beaten anyone with a folding chair in 3 weeks, so he is adjusting to... Read More →


Friday March 10, 2017 2:30pm - 3:00pm
Track 1 Salt Palace Convention Center

2:30pm

De Falsis Deis: Social Contracts
Social engineering; it's a little more common and complicated than you might think. Wherever people live and work together, a social contract is formed. First theorized by Socrates and further expanded by Tom Hobbes, John Locke and Jean-Jacques Rousseau, this system is so fundamental most people take part in it unwittingly. Social hackers can use this to their advantage - and by breaking the social contract, we are all left vulnerable to attack. In this talk I will discuss how social contracts develop and how hackers use this natural human behavior against their targets.

Speakers
avatar for Tiberius Hefflin

Tiberius Hefflin

Security Assurance Analyst, Portland General Electric
Tibbs recently graduated from the University of West of Scotland with a degree in computer security. She has relocated to Portland, OR, where she evangelizes for privacy and security while doing security assurance work for Portland General Electric. She is passionate about encouraging small children to take the plunge into STEM and about laughing at cats on the internet.


Friday March 10, 2017 2:30pm - 3:00pm
Track 2 Salt Palace Convention Center

2:30pm

Biometrics: Fantastic Failure Point of the Future
Biometrics is all the rage. It has been touted as the best of all possible authentication methods. Very soon, your customers and standards boards will be requiring you implement some sort of biometric factor for authentication. Before you head down that road, you need to know the pitfalls to avoid before becoming the next big breach in the news. The very nature of biometrics requires special handling and forethought. Learn how biometric authentication is performed and how to safely secure biometrics to protect your users and future-proof your authentication.

Speakers
avatar for Adam Englander

Adam Englander

Senior Engineer, iovation
Adam Englander is a virtual crime fighter for iovation with over 25 years of experience in building communities and applications. He travels the globe increasing awareness and understanding of the threats facing the computer science community from hackers and fraudsters. Adam is heavily involved in the developer community in his home town of Las Vegas. He is the founder of PHP Vegas, and a coordinator for PyVegas and the Las Vegas Developers... Read More →


Friday March 10, 2017 2:30pm - 3:00pm
Track 3 Salt Palace Convention Center

3:00pm

Together, We Could Land a Plane: Our Unconventional Community as our Strength
Most of us have an ideal stereotype of a "great hacker" in our minds - somebody who started young, made it big, and has a superior set of skills in every niche. In reality, that's not what what the vast majority of us look like. It's time for us to stop feeling ashamed of our lives before we were professional hackers, as well as our hobbies we believe are unrelated to the field. In reality, our wide range of expertise and experiences is fundamental to solving the huge challenges we will face through 2017 and beyond. This collaborative keynote will help you find ways to apply your non-infosec skills, education, and hobbies to tackling the seemingly impossible problems many of us fear to face. You will leave inspired with new ideas for your own infosec talk, blog, podcast, or research project.

Speakers
avatar for Lesley Carhart

Lesley Carhart

Lesley Carhart (GCIH, GREM, GCFA, GPEN, B.S. Network Technologies, DePaul University) is a 17 year IT industry veteran, including 8 years in information security (specifically, digital forensics and incident response). She speaks and writes about digital forensics and incident response, OSINT, and information security careers, and she is highly involved in the Chicagoland information security community and regional hacking conferences. In her... Read More →

Bronze
avatar for Compunet

Compunet

Technical Marketing Director, CompuNet Inc.
avatar for UtahSaint

UtahSaint

Network Operations Manager, UEN


Friday March 10, 2017 3:00pm - 4:00pm
Track 1 Salt Palace Convention Center
 

Twitter Feed