Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for ZTEdge’s overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He’s the author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies and the host of the DrZeroTrust podcast.

Buy his book, out now!

If cybersecurity were a horror movie…

We are living in a world of constant threats and the realm of cyberspace seems more and more like a bad B movie horror flick. But is there a way to learn from the copious failures we see in horror movies and translate that to our plans for survival in cyber security? In this session we will detail and discuss some of the more obvious and interesting ways to fail at survival in both horror films and cyber security and detail specific ideas and concepts that can help us all emerge from the darkness.

How Tabletop Exercises Prepare Organizations for Creepy, Sinister, Spine-tingling Cybersecurity Threats

Paul has worked in the IT Industry for almost 25 years, over 15 of those in IT Security. With a broad and diverse working background including avionics, IT hardware engineering, software development and IT Security consultancy. Qualified and certified in all of those areas, including EC Council CHFI and ECSA.

Hidden benefits of social distancing. or Don’t leave the door open!

Physical access systems all too often use legacy hardware and software. This introduces weaknesses to IT system’s physical “protection”. ALL security professionals understand that with physical access, IT systems can (and most likely will) be compromised. Don’t leave the door open!

Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate at compromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways clients can mitigate or limit the impact of these weaknesses.

He spent 22 years in the U.S. Navy. He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations and Security Center (NOSC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOSC for six years. While there he created a Strategy and Training plan for the development of an expert team that took personnel with little or no experience and built them into expert team members for manning of the NOSC.

He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia and the UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences as well as many others. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, Advanced Penetration Testing for Highly Secured Environments 2nd Edition and Backtrack: Testing Wireless Network Security. He holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. He serves as a professional training consultant to the Oman Information Technology Authority, and developed the team to man the first Commercial Security Operations Center in the country of Oman. He has worked extensively with banks and financial institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, federal agencies, major banks and financial institutions throughout the globe. Some of his recent consulting projects include the Muscat Securities Market (MSM), Petroleum Development Oman and the Central Bank of Oman. He designed and implemented the custom security baseline for the Oman Airport Management Company (OAMC) airports. He created custom security baselines for all of the Microsoft Operating Systems, Cisco devices as well as applications. Additionally, he provides training and consultancy to the Oman CERT and the SOC team in monitoring and incident identification of intrusions and incidents within the Gulf region. He holds the CEH, ECSA. LPT, APT, CHFI and a number of other certifications.

Cyber Threat analysis tools, techniques and procedures to detect if your system has been compromised

This presentation will be packed with live demonstrations of practical defense and detection strategies.

His experience in the public / defense sectors is equally complemented by assignments undertaken for heavyweight world renowned corporations including Yahoo, Xerox, AT&T and Texas Instruments to name but a few. He is imminently qualified in his field in that he holds a string of professional qualifications in Networking to name a few (MCT, MCSE, Cisco, Network+) and IT Security (CIW-SA, Security+, CEH, ECSA, LPT, CHFI) besides a bachelor’s degree in science.

Wayne is currently the CSO for Sequrit CSI, responsible for the technical realm and security management, which includes consulting teams. He is a captain of a global operating group of penetration testers and security experts. Wayne and his group have delivered security assessments, Penetration Test assignments and customized training for International Corporations and many Government Agencies such as: EPA, FAA, DOJ, DOE, DOD + 8570: Air force, Army, Navy, Marines, FBI and Statewide Law Enforcement Offices in the USA.

In Europe: NATO, Europol, MOD (Military of Defense UK) various EU Law Enforcement, Dutch Ministry of Defense, Ministry of Justice, local European Law Enforcement: UK, Ireland, Switzerland, Belgium, Holland, Denmark.

Cyber Threat analysis tools, techniques and procedures to detect if your system has been compromised

This presentation will be packed with live demonstrations of practical defense and detection strategies.

Dr. Bryson Payne is a TEDx speaker, best-selling author of *Teach Your Kids to Code* and *Hacking for Kids*, award-winning cyber coach and online instructor with over 50,000 students in more than 160 countries, and the founding Director of the Center for Cyber Operations Education at the University of North Georgia, an NSA-DHS Center for Academic Excellence in Cyber Defense. He is a tenured professor of computer science at UNG, where he has taught aspiring coders and cyber professionals since 1998, including UNG’s #1 nationally-ranked NSA Codebreaker Challenge cyber operations team.

Dr. Payne is a Certified Information Systems Security Professional (CISSP®), Certified Ethical Hacker (CEH), SANS/GIAC GPEN and GREM, among other industry certifications. He was also the first Department Head of Computer Science at UNG and enjoys working with K-12 schools worldwide to promote computer science and cybersecurity education.

BrightSiPhon: Hacking Air-Gapped Systems

Air-gapped systems are buffered from the internet and other networks by being disconnected, but they’re not completely secure. This presentation reviews successful attacks and demonstrates how to use screen brightness to steal data across an air gap using just a PowerShell script and an iPhone.

Alex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Holden is credited with the discovery of many high-profile breaches including Adobe Systems, JPMorgan Chase, Yahoo, and many other high-profile breaches. Mr. Holden researches minds and techniques of cyber criminals and helps our society to build better defenses against cyber-attacks.

What’s Lurking in the Dark – An In-Depth Look into the Dark Web

Cybercrime dwells everywhere, and the bad guys use mainstream tools to commit their crimes. In 2021 the black markets are overwhelmed with data for sale. New rules and exploitation techniques get traded and weaponized within hours. Let’s dive in to how to strengthen defenses now and going forward.

Joshua Crumbaugh is an engaging and internationally respected cybersecurity subject matter expert, published author, and keynote speaker. During Joshua’s ethical hacking career, he has never encountered a single network that could keep him or his teams out. He has also accomplished many impressive social engineering feats, such as: talking his way into bank vaults, fortune 500 data centers, corporate offices, restricted areas of casinos, and more. His experience in all things security led him to realize something had to change. This realization led him to found PhishFirewall, where he is the Chief Technology Officer. Joshua is one of the world’s most accomplished ethical hackers.

How to Rob a Bank Over the Phone

Madinah S. Ali is the President & Co-Founder of SafePC Cloud- www.safepccloud.com. The company primarily focuses on data backup and recovery for midsize, enterprise, and government IT environments with an emphasis on cybersecurity. Ms. Ali formerly served as The Women in Technology (WIT) Chair/Board member for the International Association of Microsoft Channel Partners (IAMCP) Atlanta Chapter and currently serves as the Atlanta Co-Lead for The WIT Network. In 2020, she graduated from the Women in Cloud Accelerator Program.

Safe PC Cloud is a Managed Service Provider that focuses on data backup, IT security, and cloud-based applications. The company has its Microsoft Silver status. Ms. Ali received her Master of Applied Economics degree from Cornell University. She is a Magna Cum Laude Graduate of Florida A&M University.

She is currently completing her Microsoft Certified Trainer designation as a part of the Microsoft Learning Partner Program, which is comprised of the premier technical and instructional experts in Microsoft technologies, including Azure Data Backup and Recovery. Ms. Ali is currently a member of the Cybersecurity Tech Accord – which promotes a safer online world by fostering collaboration among global technology companies that are committed to protecting customers and users against malicious threats.

Over two years ago, she created the EdTech (Education Technology) Division with the focus of bridging the digital divide among women, African Americans, and Hispanics. To learn more about Safe PC Cloud’s Ed Tech division, you can go to their website-www.safepccloud.com/education, and her recent initiative with Microsoft Reskilling and upskilling initiative. Over the past two years, Ms. Ali has received awards for her community efforts in bridging the digital divide in 2019, she received the Susan L. Taylor Distinguished Community Partner for the University of Parents Program. In 2020, she received the Pathways to Success STEAM Sponsor by the National Coalition of 100 Black Women, Oakland Bay Area Chapter.

Why Email Security and Cybersecurity Training must be at the forefront of our new normal?

80% of the most common engineering attack is Phishing, Why Email Security and Cybersecurity Training must be at the forefront of our new normal? What is our new normal?

The new normal that a large majority of employees are working from home (WFH) and will continue to work from Home (WFH), post COVID. In this workshop we will discuss the growing vulnerabilities that companies face in our new normal, and why email security and cybersecurity training have to be at the forefront in order to avoid the most come cyberattack, phishing.

Rob Richardson is a software craftsman building web properties in ASP.NET and Node, React and Vue. He’s a Microsoft MVP, published author, frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development. You can find this and other talks on his blog at (https://robrich.org/presentations) and follow him on twitter at (@rob_rich)

Service Mess to Service Mesh

In our quest to secure all the things, do we jump in too quickly? We’ll use Istio and Linkerd as example service meshes, and look at the features we would expect from a service mesh. You’ll leave with a concrete understanding of the service mesh, and be ready to justify the investment.

Elizabeth (Liz) is VP Operations at SCYTHE, planning, directing, and overseeing the day-to-day operations of a growing adversary emulation platform start-up company. She brings to SCYTHE over a decade of legal, policy, and business experience within the information security field. Prior experience includes serving as the Senior Assistant City Attorney with the City of Atlanta responsible for advising Hartsfield-Jackson Atlanta International Airport on technology policy and projects and as a member of the immediate incident response team for Atlanta’s ransomware incident. You can listen in as Liz hosts SCYTHE’s CISO Stressed Podcast or engage with Liz on Twitter via @lawyerliz.

Disrupting Ransomware Franchise Pitch Meetings

Simple can be scary. And scary can be profitable. While the first horror movie (or ransomware attack) may make back its budget, the real box office returns come from building a franchise. In this session we will track evolving ransomware and threat actor business modeling parallels to a horror franchise pitch meeting and opportunities to disrupt their profit margins.

Dr. Chuck Easttom is the author of 34 books, including several on computer security, forensics, and cryptography. He holds a Doctor of Science in cyber security, a Ph.D. in Nanotechnology, a Ph.D. in computer science, and three master’s degrees (one in applied computer science, one in education, and one in systems engineering). He is an inventor with 23 computer science related patents. He is a senior member of both the IEEE and the ACM. He is also a Distinguished Speaker of the ACM and a Distinguished Visitor of the IEEE. Dr. Easttom is currently an adjunct professor for Georgetown University and for University of Dallas.

The impact of machine learning on cyber security

Machine learning can be used for both defensive and offensive purposes. Both will be explored in this talk, including the most recent advances in this area. The talk will provide some background, but is focused on the cutting edge of research in this field..

A recognized cybersecurity practitioner and thought leader, Jessica Gulick began her career as an engineer 25 years ago. She has since led cyber security teams, launched and grown IT and cyber firms through her WOSB Katzcy, and is now focused on cracking the code on how to tackle the cybersecurity talent problem. She founded the U. S. Cyber Games in collaboration with the National Initiative for Cybersecurity Education (NICE) program at the National Institute of Standards and Technology (NIST) in 2021. As Commissioner of the US Cyber Games, and advocate for cyber-as-a-sport, her goal is to disrupt status quo thinking and build an inclusive, cyber community that accelerates cyber talent and inspires the workforce of tomorrow.

Gaming the Sytem – Let’s Hack the Talent Problem

It’s time to disrupt our old way of thinking about talent, and not just the pipeline. Leaders across every sector know the truth…how we find cyber talent today will never fill the widening talent gap. With millions of jobs and nowhere near enough identified talent, we must hack the talent problem by innovating new ways to close the gap in cyber talent. The eSports and gaming industries hold the key to building high-performing, competitive security teams. By building a safe and legal place to hack and defend, we can double down on key skills like complex-decision making, predicting hostile strategies, and increase cognitive creativity.

Laura Samsó Pericón is a researcher bridging the gap between Cyber and Drone technology. She is a subject matter expert with 15+ years of civil-defense international experience focused in R&D, innovation, program/project management and business development in the Earth Observation and Cyber areas, in concrete in the fields of Unmanned Aerial Systems (UAS) and Satellites. Her interests also range from geopolitics to intelligence technologies.

Her background is Electronics and Aerospace and Science Technology marinated with sports and nonprofit activities. Now working for Airbus Defence and Space in the PMO Cross Program UAS Department and in parallel, speaker for different worldwide events.

She defines herself as “curiosity hungry” and with an entrepreneur mindset, ready to explore the world and co create.

Hacking Use Cases Drones and Ethics

Are you curious? The future is amazing: Networked sensors, increasing automation and AI are putting us in the verge of new services but also exposing new vulnerabilities.Get insight on ethics & drones, cyberwarfare aspects, data Exchange, decision making and some technical aspects of hacking drones.

Kirsten is the Sr Director of Recruiting at Novetta, an advanced analytics and full spectrum cyber security company. She studied HR Management at University of Maryland. After a short while working as a software developer, then help desk manager, she combined her love for technology and HR by becoming a Technical Recruiter and has been doing so for over 20 years. For the last decade, Kirsten has been primarily supporting the Information Security field, and is best known in the community for her volunteer activities especially her involvement in the Car Hacking Village from its inception!

Turn Bad Job Ads into Opportunities

Half of you reported that you ignore bad job ads (don’t even give them a second look). But what if hiring managers ignored a bad resume without even giving them a chance? Trust me, for every bad job post, there are just as many bad resumes.

So how do we meet in the middle? Let’s figure that out!

There are plenty of obstacles already for candidates, particularly poc, women, and under-represented or marginalized groups, so lets not let sucky job post be another roadblock.

I have taught managers for years how to write better descriptions and candidates how to write better resumes, and I will continue to do that. I even spoke at multiple conferences over the last few years for that purpose.

My focus in this series is to create a clear way of getting around and through bad descriptions. Honestly, I don’t think we can ever really fix that problem completely, at least not expect companies to get it right every time. So we’ll put a fun twist on it, turn it into a project (we all love challenges right), and make every job post into an opportunity to our next best career journey move. Presented by Kirsten Renner, the Sr Director of Recruiting at Novetta, an advanced analytics and full spectrum cyber security company.

‘

Scott Applegate is the Global Incident Response Manager for Dentons, the largest law firm in the world, where he manages cybersecurity operations and incident response for 180 offices in more than 80 countries. A retired U.S Army officer with more than 28 years of experience in leadership, management, communications, and security, Mr. Applegate has served in a variety of positions in peacetime and war including two combat tours in Iraq. Among his assignments, Mr. Applegate served as the Joint Staff, J5, Cyber Policy Division Deputy Division Chief and Program Manager for the Joint Staff’s Cyberspace Security Cooperation and International Engagement portfolio; as the Current Operations Director for Defensive Cyberspace Operations for the U.S. Army, managing the defense and incident response of 2.2 million computers across multiple networks; and as the Director of the U.S. Army Red Team conducting multidisciplinary, information warfare-based vulnerability assessments of major military commands on three continents. Mr. Applegate has also served as an adjunct professor teaching graduate-level courses in ethics, cybersecurity, and cyber conflict for more than a decade at the George Washington and Georgetown Universities. Mr. Applegate has a Bachelors’ Degree and two Master’s Degrees. He is a published author and speaker. He currently holds the CISSP-ISSMP, CISSP, GCIH, and CEH certifications. Mr. Applegate lives in northern Virginia with his wife Sara, and their two children Preston and Marley. In his spare time, he barbeques, brews homemade beer, and enjoys running and exercise.

Ransomware Defense? Go back to Boot Camp!

What do you need to do to protect your networks from ransomware? A look at trends in ransomware attacks reveals the truth‚ it’s not that the bad buys are great hackers, it’s that the good guys are failing at the basics.

Mauro Eldritch is an Argentine Hacker & Speaker, Founder of BCA and DC5411.

He was a Speaker at DEF CON (six times!), ROADSEC (LATAM’s biggest security conference), DEVFEST Siberia, DragonJAR Colombia (biggest spanish-speaking conference in LATAM), P0SCON Iran, Texas Cyber Summit and EC-Council Hacker Halted among other conferences (25+).

In the past, he worked for many government organisms such as Ministry of Security, Federal Revenue Administration, Ministry of Health, Ministry of Economy, Ministry of Production and both SecBSD & FreeBSD Projects.

COVID-1984: Propaganda and Surveillance during a Pandemic

What does a propaganda apparatus look like from the inside? How do groups dedicated to setting trends and censoring the opposition party? What if we infiltrate a sock puppet account to understand all this better? What if… and only what if… we identify whos running it in the shadows?

Brad Rhodes, Head of Cybersecurity for zvelo in Greenwood Village, CO, holds numerous professional certifications including CISSP-ISSEP, CISM, PMP, C|EH, RHCSA, and GIAC (GCED, GMON, and GCIH) to name a few. He has over 24 years of experience in the military, government, and private sectors. Brad continues to serve in the US Army Reserves as a Cyber Warfare Officer leading the next generation of Soldiers in today’s Cyber fight. His most recent assignment was leading the national-level Cyber Shield 2021 exercise for 800+ participants across the 54 States and Territories. Brad’s major research areas include utilizing Open Source capabilities to help organizations close gaps in their security, characterize the cyber operating environments, and gain visibility into stacks of Big Data. He’s been known to drown a few Lego people to illustrate the practical reality of cyber effects.

Understanding the Cyber Threat Intelligence (CTI) Process

So you’re interested in Cyber Threat Intelligence (CTI)? Great! Do you know where to start? No? Then this session is for you! Let’s have a conversation and take the mystery out of the process, sources, and use cases so you can integrate CTI into your organization and improve your defenses!

Mr. Scheferman is a mission-driven 20+ year cyber security industry professional with a strong reputation for effective leadership, exceptional public speaking, candid thought leadership, and the proven ability to shape and shift industry outlook. He is an advisor and confidant to many.

Mr. Scheferman keeps a hyper-current beat on the threat landscape and how it continues to fundamentally change business/mission cyber risk dynamics. Battle-hardened from years of red-teaming, incident response and cyber consulting, and having served as the technical lead and final security risk determination for the Navy’s Certification Authority (thousands of systems per year, with over 800 validators and 30 risk analysts feeding these risk determinations), he draws his perspective from significant real-world high-stakes (multi-billion dollar programs and Fortune 10 enterprise) experience. He is the founder of Armanda Intelligence, LLC, with a mission of providing CxO/board advisement, strategy and threat intelligence. Currently, Principal Strategist for Eclypsium, Inc.

The Three Most-Often Overlooked Defender Advantages over the Adversary – A Call to Arms!

Invisible, yet palatable. Without form, yet, measurable. Universally applicable to the cyber challenge, and yet rarely executed with intent. Now more than ever, these three critical defender advantages are lost arts that categorically shift the balance of power: Velocity, Anticipation, and Attitude

Sharee English is Chief Security Officer & Managing Partner with WECybr, a woman-owned cybersecurity firm based in Boise, Idaho. WECybr’s mission is to help small and mid-sized businesses navigate sophisticated technology and embrace simpler, more effective responses to their cybersecurity challenges. Sharee brings almost 30 years of deep technology experience, having spent most of her career in major cities as an IT security executive. She has built technology and training solutions her entire career and is passionate about cybersecurity education.

Beware of Corporate Cat-Phishing: How to protect your company from possible fraud

We live in a time where it is easier than ever to deceive people. The concept of catfishing is familiar to most professionals due to the many online dating scams, but did you know this same technique is used to infiltrate HR departments, gain access to company information, and ultimately steal all corporate assets? Catfishing is the act of pretending to be someone else online in the hopes of gaining money, leverage, or social interaction. As one of the prominent forms of Social Engineering, this talk will discuss types of corporate catfishing, how to recognize catfish red flags, and how to protect your company from fraud.

Jean works on developing and maintaining new tools revolving around security insights, specifically for Alphabet entities. He also works on Threat Assessment projects and various community outreach efforts such as the Google CTF. Previously Jean worked as a Team Leader Technology Consultant at Accenture, specialized in the banking sector, as well as UBS AG.

Jean has a Masters in Food Science Engineering from ETH Zurich and was a visiting graduate student at Stanford University where he worked on cancer research.

The Forgotten Helpers: “You dig the hole, we provide the shovel”

2 am. Saturday morning. A major software vulnerability has just been disclosed. Our security teams are scrambling to make sure the vulnerable packages have been patched. But what about business units that still run their own IT? How do we know who to contact?

Where can we file such time-critical bugs? During such an incident, time is of the essence. Incident responders need to know where to find certain critical information without wasting time.

This is what our work is about: identifying and making important data available. Based on a set of guiding principles we developed, we provide a holistic and comprehensive internal infrastructure as well as a set or processes to identify, organize, normalize and provide data so that, when a critical security situation arises, no time is wasted looking for the required information. In this talk we discuss the following: guiding principles, process of identifying potential important information, how to best aggregate and transform it, and how to make it available reliably. We look at practical and real-life examples, including some of the difficulties we face. Note that this talk will not focus on any actual product/solution but aims primarily to simply give a glimpse into the “backoffice” of cybersecurity, the work that goes on behind the scenes.

With over 15 years experience in security research and engineering – Tal possesses an unprecedented understanding of the Application and Serverless Security landscape. Most recently Tal co-founded CloudEssence, a cloud-native security technology company that enables organisations to extend security observability to applications developed in cloud-native architectures. CloudEssence was acquired by Contrast Security in 2021. Previous to CloudEssence, Tal was head of security research at Protego Labs, a Serverless security start-up that was acquired by Check Point.

Tal currently leads Contrast Security’s new innovation centre in Israel and teaches at the cybersecurity master’s program at Quinnipiac University. He is also an AWS Community builder and an OWASP leader, where he evangelizes serverless security to the community, leads several Open-Source projects including OWASP Serverless Security Top 10 and DVSA (an insecure-by-design serverless app for training purposes) and trains hundreds of developers and security teams around the world.

Serverless Security Top 10

I will follow explain and demonstrate the top security risks for serverless applications. How they are different from what we used to and how we the devops can become secdevops by understanding the risk and applying best practices. I will also cover available tools.

Mathew J. Heath Van Horn is an Assistant Professor of Information Technology at the State University of New York, Delhi. Dr. Heath Van Horn has two master’s degrees: Computer Science and Information Resource Management. His Ph.D. is in Information Technology because while he still loves the math and dreams in 1’s and 0’s, he found more interest in exploring how cyber is being used. He loves to talk geek and yet can hold his own in a board room. Major Heath Van Horn is retired from the United States Air Force after serving 23 years in various cyber roles including discrete electronic repair, project management, software testing, cyber training, and leading teams of cyber personnel. He started a small retail business but missed the energy of young adults in IT and sold the very profitable business to be a professor. In this role, he educates, but more importantly, fuels the passion for cyber in tomorrow’s experts. Students are amazing and Professor Heath Van Horn enjoys offering independent studies for students to explore their ideas. Matt inherited a passion for riding from his father and rides his dad’s 99 Dyna Wide Glide Harley Davidson in support of The Patriot Guard with the road name “Double Tap”; a callsign he was bestowed while serving in Iraq. His commander noted that then Captain Heath Van Horn effectively used cyberspace to hit every target twice, much like a rifleman would shoot an enemy combatant twice. Dr. Heath Van Horn has served as a hacker and a referee for various regional Collegiate Cyber Defense Competitions for the last 5 years.

Cyber Dogfighting

Vivienne Suen is a cybersecurity architect with a flair for storytelling and over 15 years’ experience advising IBM customers on IT solutions and strategy. A featured speaker at numerous conferences and user groups, she thrives on demystifying the complexities of cybersecurity and designing practical solutions to meet clients’ security needs. An unabashed technology optimist with a passion for music, Vivienne is a strong believer in nurturing diverse viewpoints, creating new connections, and the power of a well-crafted analogy. She lives in Montreal with her husband and son.

He’s INSIDE the house!

Could something like the SolarWinds attack be occurring in our homes? Perhaps it is and you might not even know. Have you invested in or looked at security posture of your home network, devices, and family members? In this new world of working from home, increased use of consumer IoT, our love of smart devices, and the Internet-connected nature of 21st century life – we are much more open to surveillance, reconnaissance, and potential personal cyber attacks.

Just as it’s safe to leave the house again, let’s talk about what may already be creeping into or throughout your home, and the technological and all too human things that go bump in the night.

Kristina Krasnolobova is a Cyber Security Analyst for Sentara Healthcare. Sentara Healthcare is a not-for-profit health system that has twelve hospitals and 30,000 employees serving Virginia and North Carolina. Kristina is a repeat industry speaker who is passionate about sharing her expertise and skills with others. She is co-organizer of BSidesNOVA and a strong believer in giving back to the community so in her spare time she volunteers at conferences and other technology related events.

As a strong believer in volunteering, I want to share a story on how giving back to community can positively affect your life and life of others.

Jake Williams, the CTO and Co-Founder of BreachQuest and Rendition Infosec, has two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding BreachQuest and Rendition Infosec, Williams worked with various government agencies in information security. Williams is an IANS Faculty Member and works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.

The living dead hunting down and killing zombie assets

Zombies, zombies everywhere! No, it’s not Night of the Living Dead, it’s the forgotten assets causing a breach. A large number of incidents we work involve zombie assets (often as an initial entry vector). In this session, we’ll talk about how to find and eliminate them, before they bite your org.

FBI Supervisory Special Agent (SSA) Todd Renner leads a team of investigators focused on imposing risk and consequences on nation state cyber actors (APT) and a team pursuing international financially-motivated cyber criminals.

Prior to his promotion to the Atlanta Field Office, SSA Renner was the FBI Assistant Legal Attaché (ALAT) in London, England, integrated with United Kingdom and Irish authorities, investigating complex international counterintelligence and computer intrusion activities.

Through the FBI scope – What it looks like when the “1%, the snipers, the first-round killers” are successful

The FBI has unique visibility into the cyber threat landscape, from speaking with the person/people behind the keyboard to discussions with victim companies. This talk will cover the FBI’s viewpoint on cyber criminal and nation state threats.