Hacker Halted Conference Speakers
Founder / Director Human Factor Security – JennyRadcliffe.com
Jenny Radcliffe has spent a lifetime performing physical infiltration, social engineering and security investigations. She specialises in various aspects of human manipulation including deception work, non-verbal communications, influence and persuasion techniques. She is the founder and Director of Social Engineering at Human Factor Security, is a regular global keynote speaker and is the host of award winning podcasts, vlogs and blogs on all aspects of the human element of security. Jenny can usually be found behind a mic, on top of a roof somewhere in the world, and believes there is always rum for pirates.
Where the Falling Angel meets the Rising Ape…
This talk looks at lessons learnt from over 30 years of social engineering and physical infiltration work. It details many incidents of “people hacking” over years of practice and looks forward to how these skills might continue to be applied in an ever more technical age.
Security Weekly, Founder & CTO
Paul Asadoorian spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. He is the founder of the Security Weekly podcast network, offering freely available shows on the topics of information security and hacking. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.
Security Isn’t Doomed If We Learn From The Past
Many security professionals encounter what we believe are new problems and attempt to come up with new solutions. While the threat landscape and how we implement IT systems have evolved, older tactics and techniques for solving problems still apply. In fact, many new buzzwords trace their roots back to concepts developed many years ago. In this presentation, we’ll discuss how threat hunting is not a new concept (and still very effective). We’ll take a look at Paul’s “enchanting security quadrants” and how they can positively influence your security posture. It doesn’t stop there as we cover examples of borrowing from the past in areas such as music, military strategy, and technology to avoid being doomed.
Dr. Chuck Easttom is the author of 26 books, including several on computer security, forensics, and cryptography. He has also authored scientific papers on digital forensics, cyber warfare, cryptography, and applied mathematics. He is an inventor with 15 computer science patents. He holds a Doctor of Science in cyber security (dissertation topic: a study of lattice-based algorithms for post quantum cryptography) and three master’s degrees (one in applied computer science and one in systems engineering). He also holds 44 industry certifications (CISSP, CEH, etc.) He was part of the team that created the CompTIA Security+, Linux+, and Server + exams. He created the OSForensics certification course and test, as well as EC Councils Certified Encryption Specialist. He was also on the team that created the CEH v8. He is also a Distinguished Speaker of the ACM and a frequent speaker at conferences.
Peering into the Dark Web
There is a great deal of misinformation about dark web markets. There are myths about what is and what is not there. However, the reality is that financial information, drugs, and child pornography are indeed rampant on the dark web. Terrorist activity is also a reality. This talk provides an overview of what is real and what is not, with references to actual dark web markets. Then investigative techniques are summarized. Dark web investigations are important to a wide range of investigators. Cyber threat analysts working for financial institutions need to know how to investigate dark web markets to determine if their companies information is being trafficked. Law enforcement officers need to know how to investigate criminal activity on the dark web. Intelligence and DoD personnel need to understand terrorism on the dark web. And those interested in human trafficking need to understand how to investigate the dark web.
Founder, Chairman, & CTO, Bugcrowd
Casey is the Founder, Chairman, and CTO of Bugcrowd. He is an 18 year veteran of information security, servicing clients ranging from startups to multinational corporations as a pentester, security and risk consultant and solutions architect, then most recently as a career entrepreneur. Casey pioneered the Crowdsourced Security as a Service model launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the https://disclose.io vulnerability disclosure standardization project in 2016. A proud ex-pat of Sydney Australia, Casey lives with his wife and two kids in the San Francisco Bay Area. He is happy as long as he’s in the passionate pursuit of potential.
Bios & pictures coming soon!
– Tyron Wilson
– Ian Coldwater
Track: Ahoy Matey! (Social/Human Side of Hacking)
Respected Information Security expert, advisor, evangelist, co-host on Paul’s Security Weekly, Tribe of Hackers, and currently serving in a Consulting/Advisory role for Online Business Systems. Over 37 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises and was part of the first penetration testing “red team” at NSA. For the past twenty years, has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation’s best known companies.
What are We Doing Here? – Rethinking Security
So much technology. So many smart people doing amazing things. Still so much is broken. I think we need to look at the history of InfoSec starting with the basic risk equation to decide if we’ve missed something. (We have). Technology is not the solution; it’s the problem.
Marcelle Lee is a threat researcher with LookingGlass Cyber Solutions, an adjunct professor in digital forensics and network security, and she also provides security consulting and training services through her company, Fractal Security Group, LLC. She is involved with many industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu, the NIST Cyber Competitions Working Group, and the ISACA CSX Certification Task Force.
Marcelle has earned the CISSP, CSX-P, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|EH, CCNA, Security+, Network+, and ACE industry certifications. She holds four degrees, including a master’s degree in cybersecurity. In 2016 she received the Chesapeake Regional Tech Council Women in Tech (WIT) Award. Marcelle frequently presents at conferences and training events and is an active volunteer in the cybersecurity community. A list of her speaking engagements can be found at https://goo.gl/7pXpL8.
We talk a lot about why diversity is important and we are all familiar with the woeful inclusion stats. In this talk we will discuss why diversity is important from both the perspective of an organization’s bottom line and the individual contributor.
I am a security professional with over 6 years’ experience in the industry working in the Finance and Energy sectors. I have extensive experience in utilizing large amounts of data to find patterns that can detect fraud and security issues. I am also a Field Artillery Officer in the Army National Guard. My hobbies include wind surfing and ballroom dance.
Crew drills and running a tight ship
In most organizations that I’ve observed, the Security Operation Center has been modeled after the Network Operation Center. Running a Base Defense Operations Center, protecting a FOB in Afghanistan from the Taliban has given me a unique perspective on how to improve the way we run SOCs.
John O’Neil is the Data Scientist at Edgewise Networks. He writes and designs software for data analysis and analytics, search engines, natural language processing and machine learning. He has a PhD in linguistics from Harvard University, and is the author of more than twenty papers in Computer Science, Linguistics, and associated fields, and has given talks at numerous professional and academic conferences.
ACTS LIKE vs TALKS TO vs LOOKS LIKE: Finding Emergent Behavior in Networks
In any network bigger than one machine, it’s difficult to know what’s really happening. By processing netflow in different ways we can see different points of view and open new windows for understanding netflow data.
Alex Holden is the founder and CISO of Hold Security. Under his leadership, Hold Security plays a pivotal role in info-sec and threat intel, becoming one of the most recognizable names in its field. Holden is credited with discovering many breaches including Adobe, Target, JPMorgan, Yahoo, and parts of Equifax.
Online Dating Scams: AI Low Blows
Over time dating scams have claimed many victims, becoming an immense industry that uses psychological approaches, photographers, graphic designers, call centers, extortion and blackmail, as well as human trafficking. We will dissect this dark business and identify its patterns and vulnerabilities.
Pilar Speranza is Chief of Staff at Hold Security, where she tutor’s others on how to maneuver their way through the diverse world of hackers. Applying her street smarts, hidden ninja skills and social engineering artistry she pacifies malicious hackers, and they become her pawns disclosing their deepest, darkest secrets.
Online Dating Scams: AI Low Blows
Over time dating scams have claimed many victims, becoming an immense industry that uses psychological approaches, photographers, graphic designers, call centers, extortion and blackmail, as well as human trafficking. We will dissect this dark business and identify its patterns and vulnerabilities.
Chief Information Security Officer and Head of Global Infrastructure Services at Universal Weather and Aviation, a billion dollar, international aviation services company operating 50 locations in 20 countries. Responsible for all aspects of information security and all IT infrastructure teams and services.
Former Cyber Security Technical Fellow at The Boeing Company leading International IT Security Operations, Supply Chain Security, Application Security Assessments and Enterprise IT Risk.
Previously served as a U.S. delegate to the International Standards Organization’s (ISO) Cyber Security Sub-Committee, former member of (ISC)2’s international Application Security Advisory Board and the OWASP Global Projects Committee.
Industry recognized speaker at events including: Bsides, Blackhat, AppSec USA, National Software Assurance Forum and International Aviation Cyber Security Summit.
Graduate of the FBI CISO Academy at Quantico.
Certifications: CISSP, CSSLP, CRISC and NSA Certified Infosec Assessor.
MS in Computer Systems and a BS in Mechanical Engineering.
Hacking Your Career
Learn how to take charge of your future and ring success out of every opportunity. I had some hard lessons on my way to becoming the CISO of a billion dollar company and now you can benefit from those experiences. In this candid conversation, you will learn the secrets to kicking your career’s ass.
V. Susan Peediyakkal
V. Susan Peediyakkal is a Cyber Threat Intelligence (CTI) Lead Consultant in Booz Allen Hamilton’s Commercial Cyber Defense Program where she focuses on helping their clients establish and cultivate industry-leading cyber threat intelligence programs.
With over 14 years of cyber security experience, focused primarily in Threat Intelligence, she draws on her significant knowledge from working with various intelligence operations in the federal government and international commercial domains. Susan has been a part founding many new CTI programs for the United States Postal Service (USPS), the government of United Arab Emirates (UAE), and, most recently, she was appointed as the first cyber intelligence specialist for the judicial branch of government, hired specifically to establish a threat intelligence program for the US Courts network. In March 2018, she was named one of “10 Women in Security You May Not Know But Should” by one of the most widely-read cyber security news sites on the Web, Dark Reading.
Susan has served 18 years in the US Air Force (active and reserve), is trained in Project Management Professional (PMP) and GIAC Cyber Threat Intelligence (GCTI), and is a certified Splunk power user. She is the DC Chapter Lead for the Women’s Society of Cyberjutsu. She was there for the inception and creation of the non-profit Mental Health Hackers, and serves on the board as the Chief Wellness Officer. She also serves as a board member for EC-Council’s Global Advisory Board for Certified Threat Intelligence Analysts and the inaugural Advisory Board for the SANS Purple Team Summit. Wanting to help grow the cyber community to her hometown, Susan is the founder and co-director for BSides Sacramento, an infosec conference in California’s capital city.
Susan is a 500 hour Registered Yoga Teacher (RYT) and enjoys studying and teaching yoga in her free time, loves traveling extensively, and mentoring junior analysts in Cyber.
Social Media: The New Court of Public Opinion
The new court of public opinion is not only TV and radio, but all social media outlets. This talk will both present and challenge the audience in a different way than most presentations. We will explore different platforms, our unconscious biases, and how it plays into analysis of cyber operations.
Michael F D Anaya
A skilled, cybersecurity tactician with a wealth of knowledge in understanding both criminal and nation state actors.
At the end of 2018, I was given a tremendous opportunity to be the Head of Global Cyber Investigations and Government Relations for DEVCON (a leading company in the ad tech space). I lead a team focused on investigating online ad theft on the global scale as well as facilitating interactions with the U.S. government and its investigative units. I specialize in untangling all the complex and sophisticated ways threat actors attempt to obfuscate their activity. Where did I learn to do this? I am glad you asked!
Prior to joining the DEVCON family, I was a part of another stellar group of people. I started my career as an FBI Special Agent in Los Angeles, CA. There I addressing complex cyber matters, during which time I led numerous, expansive investigations including one that resulted in the first federal conviction of a US person for the use of a peer-to-peer botnet. I then was named a Supervisory Special Agent for the Leadership Development Program in Washington, D.C., charged with bringing together disparate divisions of the FBI focused on a workforce development program. This resulted in a more balanced and inclusive program. After the implementation of the program, I went on to lead a cyber squad in Atlanta, GA. There, I led a diverse group of Agents, Intel Analysts, and Computer Scientists in neutralizing nation-state and criminal threats. I secured one of the highest performance standards given by the FBI for the entire Atlanta cyber program.
One of my main focuses at DEVCON is information sharing, which I believe will be key to our collective success. This is not just limited to sharing with other businesses, but also key government entities. Given my experience, I can attest to the fact our adversaries work together, so shouldn’t we?
The Dark Side of AdTech: The Criminal Mind
With $50 billion up for grabs, we can’t afford to be complacent. Hackers know something you don’t: The ad industry is completely unregulated and there are billions for the taking. This is an immersive presentation given by a former FBI CyberAgent – credited as one of the FBI’s best speakers.
Track: Batten Down the Hatches (Defense)
Dr. Catherine J. Ullman
Dr. Catherine J. Ullman is a security researcher, speaker, and Senior Information Security Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a data forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness amongst faculty and staff via a comprehensive department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at several information security conferences including DEF CON and Hacker Halted. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.
A Theme of Fear: Changing the Paradigm
This talk is relevant to both red and blue teams because it examines the basic premise around which the entire industry is built. It’s thought-provoking, considers whether we are stuck in a rut that is ultimately unhelpful, and suggests there is a better way.
Brian has spent most of his career working in the data protection field. He is currently a Sales Engineer with Digital Guardian providing Data Loss Prevention (DLP) and Endpoint Detection and Response (EDR). Prior to joining DG, Brian was at InteliSecure, a Denver based data protection consulting company, as a professional service engineer. Brian also created a DLP testing website called dlptest.com (www.dlptest.com) which allows for easy testing of DLP policies and reveals DLP capabilities.
Are Your Cloud Servers Under Attack
For this presentation, I built out a test lab in AWS and allowed someone to hack the servers. I will talk about what we saw when we opened RDP to the internet, what the hackers did once they got in, and someone trying to kick me off my own servers.
Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers and customer-hosting environments for Harvard University, Endeca Technologies (Oracle), American Express, Fidelity UK, Bank of America, and Nike. Most recently, Peter was on the founding team at Infinio Systems where he led product and technology strategy.
Multidimensional Attack Path Analysis: Eliminating Network Blind Spots
What happens when you change your view of what matters on your network? Understanding how attackers use low friction pathways helps you prioritize what to protect. This session will simplify how to narrow massive amounts of network data and learn which network targets are most at risk.
Currently a Senior Security Specialist at AppRiver, LLC., his team is responsible for global network deployments and manages the SecureSurf global DNS infrastructure and SecureTide global spam & virus filtering infrastructure as well as all internal applications. They also manage security operations for the entire company. He holds a CISSP certification in addition to a Bachelor of Science degree with a major in biology from Ursinus College and a Master of Science degree with a major in microbiology and biochemistry from the University of Alabama. He is a 2000 graduate of Leadership Santa Rosa and a 2001 graduate of Leadership Pensacola. He is also well-versed in ethical hacking and penetration testing techniques and has been involved in technology for more than 20 years.
Jim has presented at NolaCon, ITEN WIRED, BSides Las Vegas, BSides Atlanta, BSides San Francisco, CircleCityCon, DEF CON, DerbyCon, CypherCon and several smaller conferences. He is a regular contributor to the Tripwire Blog and Peerlyst. He has presented training classes at CircleCity Con and BSides San Francisco. He regularly attends national security conferences and is passionate about conveying the importance of developing, implementing and maintaining security policies for organizations. His talks convey unique and practical techniques that help attendees harden their security in practical and easy-to-deploy ways.
Jim is a senior staff member with BSides Las Vegas, a member of the ITEN WIRED Planning Committee and the President of the Florida Panhandle (ISC)2 Chapter. He served as President and CEO of GridSouth Networks, LLC, a joint venture between Creative Data Concepts Limited Inc. and AppRiver, LLC., and founded Creative Data Concepts Limited, Inc.
He stays connected with the InfoSec and ethical hacker community and is well-known by his peers. In addition to his work at AppRiver, he devotes his time to advancing IT security awareness and investigating novel ways to implement affordable security controls.
When not at the computer, Jim can be found working out, playing guitar, traveling or just relaxing with an adult beverage.
DNS: Strategies for Reducing Data Leakage & Protecting Online Privacy
DNS is the foundational protocol used to directly nearly all Internet traffic making the collection and analysis of DNS traffic highly valuable. This talk will examine ways in which you can effectively limit the disclosure of your online habits through securing the way your local DNS resolvers work.
Omri Segev Moyal
Born with a curiosity for learning how things work and a passion for assessing and dissecting them. Malware Researcher and Threat Intelligence expert with global experience in military, industrial, intelligence, communication and financial organizations. Expertise as a testing provider of advanced malware solutions in both laboratory and enterprise production environments.
Focus on Your malware, Not Infrastructure!
Serverless technology has been on the rise for the past few years. While developers heavily utilizing this technology, security researchers are left behind. This talk introduce how serverless can serve researchers in their tasks and explore a complete project, MalScanBot as our case study.
Former developer specializing in writing secure software and exploiting insecure software.
Loose Lips Sink Ships: Why your application tells me how to hack it
Robust error outputs, OPTIONS, version headers, X-Powered-By, are all awesome pieces of information for an attacker. In this talk, we’ll discuss how you can leverage these low level information disclosures to get to higher ranked vulnerabilities.
Joshua is a Global Information Security Leader with 13 years of professional experience. Joshua currently serves as Equifax’s Senior Director of Global Mainframe Security where he has responsibility for transforming zSeries, iSeries, and pSeries platform security around the world. Prior to joining Equifax, Joshua served in security leadership roles, leading transformation initiatives, since 2013 at Delta Air Lines. Key accomplishments at Delta include deploying the $12 Million QRadar SIEM in 90 days, leading the $15 Million APT & IDS Defence Initiative, building the off-shore Security Operations Centre (SOC), and launching the Strategic Fraud Detection practice which identified nearly $4 Million in fraud in the first 90 days. Prior to joining Delta, Joshua’s experiences included roles in IT Audit, Software Development, Database Administration, and Finance at The Coca-Cola Company, Deere & Company (John Deere), & Kimberly-Clark.
Joshua served on Cisco’s Strategic Security Threat Defence Advisory Forum between 2016 and 2017 and Deloitte’s Aviation Executive Roundtable from 2014 through 2016. Joshua regularly speaks publicly on Information Security at forums including IBM Interconnnect, ISACA Atlanta Geek Week, Georgia Institute of Technology’s Institute for Information Security & Privacy, and Georgia State University. Joshua has extensive professional and personal travel experience and has visited 42 countries across 6 continents.
Joshua is a Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA), he is a graduate of the University of Iowa with Bachelor of Business Administration (BBA) degrees in Finance and Management Information Systems (MIS), he holds a professional certificate in Cyber Security from the Georgia Institute of Technology, and is currently pursuing his Master of Science in Information Security from the University of London.
Demystifying and securing Big Iron: making the mainframe just another platform
How do we begin to secure the mainframe and treat it as “just another platform”? This presentation will walk the audience through a journey where we break down the basics of the mainframe platform and discuss how we can begin the transformation needed to secure the platform.
Track: Run a Rig and Give no Quarter (Offense)
Jeff Nichols, Ph.D.
What Happens When 70 Universities, 7 National Labs, the Military, and 1000 Volunteers Hold a Cyber Defense Competition?
Oak Ridge National Lab, in cooperation with six other labs, hosts a cybersecurity CTF focused on energy systems. This challenge includes a green team who use the system while it’s under attack. Join us as we discuss the unique challenge of attacking and defending our strange SCADA system.
Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys attending information security conferences, contributing blogs to various outlets, training in Brazilian Jiu-Jitsu (spoken taps out A LOT!), and flying his drone. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. Joe has contributed material for the likes of AlienVault, ITSP Magazine, CSO Online, and Dark Reading and is a regular Forbes contributor.
7 Habits of Highly Effective Adversaries
As someone who spent their whole career on the blue team, I am working on moving to the red team. This presentation talks about the TTPs to be successful as an adversary, whether operating as a penetration tester or red team operator while leveraging blue team experience.
Bhavin Patel is a Sr. Application Security Engineer specializing in penetration testing and exploit development of new innovative technology at NCR. Moving away from operational security to security R&D allows Bhavin to practice exploit development and security research more intuitively with securing the everyday. Started his adventure in breaking technologies during my primarily life in Zimbabwe and Botswana, dusty countries with legacy technologies that needed to be pawned. He is currently pursuing his Master’s in Computer Science with a focus in Robotics and Machine Learning at Georgia Tech. He holds several security certifications that include: CISSP, CSSLP, OSCP and CEH. Bhavin has participated in several South Eastern Collegiate Cyber Defense Competitions (SECCDC) in the United States of America during his academic career and has worked on multiple consulting penetration testing engagements for healthcare, financial, retail, consulting, and technology industries. One of his favorite mantras is from Mr. Robot: “When you see a good move, look for a better one.”
Argh! Savvy BOF, it’s time you learned how to loot!
As humans, don’t fully fathom our capabilities on this pursuit of innovation. Whether it be through creativity or technology. This balancing factor requires people to develop and break technologies continuously to make everyday secure. I will showcase how new security professional can hack!
Manuel Nader is a Security Researcher at Trustwave Spiderlabs. He works on tracking new vulnerabilities, identifying how those vulnerabilities are exploited and writing code that detects the presence of or exploits those vulnerabilities. Previously worked in the offensive side of security and before that he worked on the defensive side of security. Manuel’s favorite independent research involve web attacks.
Breaking Smart [Bank] Statements
Explanation of how I find and exploit a security flaw (bad implementation of cryptography) in a bank statement, sent via email, of one of the biggest banks in Mexico.
Until she’s accepted for a Mars mission, Amber Welch is pursuing the advancement of personal information privacy and security as a Data Protection and Risk Specialist at McKinsey & Company. Amber has previously managed security and privacy governance for a suite of SaaS products and worked in companies creating ERP, CRM, event planning, and biologics manufacturing software.
Data Access Rights Exploits Under New Privacy Laws
The right to access all personal data under new privacy laws has opened new attack vectors for phishing, OSINT, and “legal DDoS.” This talk covers data access exploits for privacy vulnerabilities, red teaming privacy rights, defense strategies for security teams, and data subject request validation.
Following a series of 5 strokes and major head injuries, Mandy is no longer in the construction engineering industry. She used her life hacking prowess from a non-traditional background (such as skipping five years of K-12 schooling while working on a ranch and then graduating from a giant, traditional high school in 2.5 years with a 4.2 GPA) to re-establish neuro control using her electrical system, her tongue against her teeth, and perseverance. Now, as a happy dyslexic autie (autistic person) she is pursuing all things InfoSec with an emphasis on Incident Response, Neuro Integration, Artificial General Intelligence, and Community, pressing forth to improve the lives of InfoSec professionals and long term ethical neuro tech for those unable to express themselves to their own satisfaction. She enjoys art, travel, naps, speaking, continuing and broadening her own recovery, and good people, and hopes to be half the person her service dog, Trevor, is.
MUTINY. ANALOG HUMAN CAPABILITIES vs AI (or: ANALOG AI PWNAGE)
BLOOD. MUSCLE. ELECTRICITY. Could mitigating incomplete human experience data sets and unconscious bias come from ANALOG HUMAN categorization/quantifying? I lived it. See how devastating brain injury led me to use these to rebuild cognitive and sensory function and how muscle holds new light for AI.
Track: Shiver Me Timbers (Latest tech/Misc)
Pukhraj Singh is a cyber threat intelligence analyst with 14 years of experience.
He played an instrumental role in the setting up of the cyber defence operations centre of the Indian government, under the Prime Minister’s Office.
Pukhraj was the first threat intelligence professional to be laterally inducted (direct entry) into the government from the private sector after the 26/11 error attacks.
It was a multi-disciplinary tenure ranging from geopolitical doctrine formulation, eventually approved by the prime minister, to the very brass-tacks of cyber operations.
Later, he spent some time at Aadhaar, India’s flagship national biometric ID project as its first cybersecurity manager.
Pukhraj also had very brief stints in the private sector, working with Symantec Canada’s DeepSight, industry’s first threat intelligence team, and other innovative American, Canadian, and Israeli firms.
He has spoken at a variety of national security fora and hacking conferences (keynotes at Nullcon, BSides Delhi and RootConf). Pukhraj’s opinion pieces have appeared in leading Indian journals and newspapers.
Emerging Threat Ontologies & Taxonomies: Deconstructing National Cyber Shields
Almost every defensive innovation in the last decade is trying to solve one problem: interoperability. It’s the reason why shared threat ontologies & taxonomies like STIX-TAXII, OpenC2 & ATT&CK arose.
We would study their evolution — deconstructing how national cyber shields actually operate.
Andrea Amico – Privacy4Cars
Andrea Amico is a vehicle privacy and cybersecurity advocate. After co-chairing the Compliance Committee at the International Automotive Remarketers Alliance (IARA) and realizing the inadequacy of tools for the protection of personal data stored in automobile systems, Andrea founded Privacy4Cars.com, the first and only mobile app designed to help erase Personally Identifiable Information (PII) from modern vehicles. In February 2018, during the development of the Privacy4Cars app, Andrea discovered that many vehicle makes, models, and years could be attacked via the Bluetooth protocol to expose the personal information of previous vehicle users such as stored contacts, call logs, text logs, and in some cases even full text messages without the vehicle’s owner/user being aware and without the user’s mobile device being connected to the system. It is estimated that the hack, named ‘CarsBlues’, may affect tens of millions of vehicles in circulation worldwide based on estimates from the Auto-ISAC with whom Andrea collaborated on a disclosure affecting 22 vehicle makes to date.
Andrea lives in Georgia and will be an adjunct professor of Engineering Ethics at Kennesaw State University this fall.
The $750 billion vehicle data gold rush – pirates ahoy!
Vehicle data may be worth $750b by 2030. Problem: vehicle security, privacy, and user awareness of risks are inadequate. Andrea Amico will share some exploits including his “CarsBlues” which exposes people’s personal data, affects 22 makes, and is still a 0-Day for tens of millions of vehicles.
Alexa is a snitch!
You’re not paranoid, your voice assistant is listening. And what’s worse, Alexa is stitching on you! What is she hearing? Where is she sending it? And is there anything we can do to stop her?!
Join me as we discuss the current state of security around voice assistants. And how to silence them.
Jocelyn Matthews is Community Manager at Storj Labs, a company focused on decentralized cloud object storage that is affordable, easy to use, private and secure. She is responsible for building and nurturing the technical community contributing to Storj Labs and the great blockchain and decentralization ecosystem. Her focus is to grow a vibrant ecosystem to which everyone brings their best selves, a place for developers to contribute to the project and build applications on top of the platform, as well a place for storage node operators to get assistance building supply for the network.
Jocelyn is a former Rosberg-Geist Fellow at the Center for African Studies at UC Berkeley. Her ethnographic social research has received grant funding from the Sultan Grant for Arab Cultural Studies; UC Berkeley Center for Race and Gender Studies; HASTAC Humanities, Arts, Science and Technology Alliance Collaboratory; and the National Science Foundation (NSF). She is a former lab member at CITRIS (the Center for Information Technology Research in the Interest of Society) Banatao Institute. In her spare time, she is an active member of the Bay Area Black Designers group and Elpha. She cares very much about diversity, inclusion and equity, values she brought to bear both as a former faculty member of the California college system and while teaching underserved teens in Oakland.
- Lesbians Who Tech Summit 2019 speaker
- Microsoft Womens’ Group speaker
- AIGA Design Week 2018, host and speaker
- AIGA Diversity & Inclusion series, presenter
AIGA Diversity & Inclusion series, panel moderator
Building Diverse Blockchain Communities for a Decentralized Future
As new communities form around blockchain and decentralization technologies, women must be involved to realize its potential. Learn how the confluence of blockchain, open source and its principles of transparency will contribute to societal shifts and economic empowerment for women in coming years.
Jeff has been involved in the network security industry for over 20 years, working with Intrusion Detection, Vulnerability Assessment, Data Loss Prevention and other network security tools. He currently works for Symantec as a Senior Security Engineer in the Mid-Atlantic Region helping enterprise organizations increase their security posture. Jeff was a founding member and officer of the Delaware ISC2 Chapter, and actively serves on the Academic Advisory Boards of Embry-Riddle Aeronautical University, Anne Arundel and Delaware Tech. He is passionate about building up a culture of mentoring young security professionals in our industry and has been published on this topic. A strong advocate of building better cyber collaboration with Law Enforcement, Jeff is a graduate of the FBI Citizen’s Academy and a member of Infragard and HTCIA. He currently lives in Newark, Delaware with his wife and two children and outside of the technology industry is active in his church and local community.
Cloud Proxy Technology [The Changing Landscape of the Network Proxy]
This class will cover the distinctions between traditional proxy technology and the emergence in recent years of cloud proxy and why it matters to organizations today. We will review real use cases and their corresponding screen shots to provide a stimulating session.
Michael Hudson is the founder of CHAP Security, which currently is the Executive Director of the Company. He is also CEO of INTROEXON Ltda, a Company that Develops Software for Medical platforms, doing research and development in Information Security, protection of patient data and medical charts (HCE). With over 10 years dedicated to computer security he specializes in the analysis of malware and Vulnerability Research. His experience also includes Host Intrusion Detection Systems (HIDS) and over 6 years of experience in international security consulting the Government, the military and individuals.
Criminal Inteligence, TRAME Protocols attacks and shutdown.
Little is currently known about the TRAME protocols, their interaction in SCADA and their failures in PCBs. Showing the real possibilities of stopping a meter, or attacking a power station without the need for malware can be exciting.
Ian is the CEO of NanoVMs – he was first given his set of slackware floppies in the year of 94. He is an acolyte of Andrew Tanenbaum and hasn’t looked back since. He’s on a mission to upgrade the world’s infrastructure one linux box at a time.
Unikernels – Friend or Foe?
Unikernels have long been promised to be the next generation of cloud infrastructure for their security, performance and server density. So are unikernels all they are chalked up to be? What are their benefits? What are their problems?