The Diana Initiative 2020: Full Schedule

Welcome to Diana Initiative 2020 Virtual Conference.
For more information, please see our web site here :
https://www.dianainitiative.org

8:00am PDT

Empathy as a Service to Create a Culture of Security

Feedback Survey

So-called "soft skills" are greatly undervalued in the Information Security industry. The very core of security involves humans. Rather than tackle human problems with zeros and ones, try to approach security with a more people-minded focus. A former librarian turned Information Security professional will go through examples of how addressing humans can ultimately help security. Using a 7-step framework from the library science discipline, the speaker will help you improve interactions with both colleagues and end users. You will come away with new ideas and a different outlook on how to improve the security posture of your organization.

Speakers

Tracy Z. Maleeff

Security Researcher, Krebs Stamos Group

Tracy Z. Maleeff, aka @InfoSecSherpa on Twitter, is a Security Researcher with the Krebs Stamos Group and has previously worked in security at GlaxoSmithKline and The New York Times Company. Prior to joining the Info Sec field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a... Read More →

Friday August 21, 2020 8:00am - 9:00am PDT
Stage 1

Keynote, Opening Keynote

9:00am PDT

Critical Infrastructure, Interconnected Risks, and Resiliency. Why Women Should Care?

Feedback Survey

This talk is specifically focused on increasing awareness about the interconnected of the internet not only in our day to day to lives but also into our critical civil infrastructure such as water treatment facilities, energy grids, hospitals, etc., she brings attention to the fact that just like essential workers are recognized as critical to continue BAU for our personal lives during the Covid-19 pandemic, these civic infrastructures are also essential services and that we must not wait for a serious incident like the pandemic to make us realize that but rather pay crucial attention to their safety and security and to the coupling impact they have on us proactively and work in strengthening their resilience. The talk highlights attention to the gender gap in cyber security and in this area and how women can help close this gap and gives an opportunity to discuss challenges and how to close them.

Speakers

Godha Bapuji

Founder, Women in Crisis Response

Friday August 21, 2020 9:00am - 9:15am PDT
Red Team Village Booth

Talk - Red Team Village

9:00am PDT

Security and storytelling: Strengthening behavioral habits and security culture at Robinhood

Feedback Survey

It’s unusual for companies to take a page from children’s books to train and educate their employees, but in this case, the Robinhood Security Engineering Team did just that. The information security industry frequently looks to experts on organizational behavior to help employees learn secure habits and create a strong security culture, but we may forget one of the best examples of shaping habits, lessons, and behaviors: children’s stories. Children’s stories help their young readers define, develop, and practice habits that contribute to greater societal norms. From introducing characters, explaining their motivations, and capturing their interactions with others and the surrounding environment, children’s books make it easy for readers of all ages to understand, learn, and aspire to certain behavioral frameworks. How can we, as security professionals, widen our perspectives on the human factor and help equip our employees with strong security habits?

Meet Crypto Cat. From inception to execution, we'll talk about how we bootstrapped, built, and launched Secure Sherwood Forest: a custom-built, interactive security game to educate employees on key security and privacy behaviors in a novel and engaging fashion. Through customized characters, a fantasy-based storyline, and a simple, internally-hosted, web-based game as our delivery mechanism, we’ll discuss the key security behaviors identified, how the game leveraged technology for hands-on decision-making and positive reinforcement of key habits, and the overall impact of the game on nurturing a collaborative and proactive culture of security at Robinhood.

We're looking forward to seeing you there! :)

Speakers

Jessica Chang

Sr. Technical Program Manager, Security at Robinhood, Speaker

Jess Chang is a Sr. Security Technical Program Manager at Robinhood Markets, Inc. As a speaker, she has presented talks and spoken on panels for global security industry conferences, peer companies, federally-funded research and development centers, and industry groups. Prior to joining... Read More →

Colin Seale

Software Engineer at Robinhood, Speaker

Colin Seale is a Software Engineer at Robinhood Markets, Inc. At Robinhood, Colin works on access management, security products, and crypto custody. Prior to joining Robinhood, he has had roles as a Security Researcher at OpenDNS, Software Engineer at Cisco, and Blockchain Security... Read More →

Friday August 21, 2020 9:00am - 10:00am PDT
Stage 1

Talk Track1

9:00am PDT

Application Security: OAuth 2.0 and OpenID Connect

Feedback Survey

OAuth and OpenID Connect are the two widely used protocols for authentication and authorization of delegated access to third party applications. Not only they provide a common framework that can be implemented across different platforms, but also allow a user to grant limited access to their resources without having to expose their credentials, thus making them inherently more secure. But OAuth can be exploited to steal the access tokens, which can then be used in lieu of user credentials. This presentation will discuss the key concepts related to OAuth and OpenID and the relevant security issues with them. The presentation will also give an insight into how we can mitigate the risks to OAuth and detect the abuse of access tokens

Speakers

Nitya Garg

LinkedIn, Speaker

Nitya works with LinkedIn Technology as Information Security Engineer – Threat Mitigation and Incident Response. She has about 7 years of experience in Information Security, most of which has been on Threat Detection, Intrusion Analysis, and Incident Response.She is passionate about... Read More →

Akanksha Chaturvedi

LinkedIn, Speaker

Akanksha works with LinkedIn Technology as a Senior Identity & Access Management Engineer. She has been working in this domain since past 7 years. She has an expertise in SSO, Active Directory, Authentication, Azure AD fields. Prior to joining LinkedIn, she has worked for Microsoft... Read More →

Friday August 21, 2020 9:00am - 10:00am PDT
Stage 2

Talk Track2

9:00am PDT

Virtual badge building with tinkercad

Feedback Survey

Come join me for a 1 hour session where we walk through building a virtual version of this year's “Off the Shelf” badge. Attendees will learn the basics of this easy to use virtual prototyping tool. Please go to TinkerCAD.com and sign up for a free account before the workshop begins.

Speakers

@TechGirlMN

Friday August 21, 2020 9:00am - 10:00am PDT
Village Workshops

Village Workshop

9:00am PDT

Introduction to Capture-the-Flag (CTF)

Feedback Survey

Speakers

Marcelle Lee

Senior Security Researcher, Secureworks

Cyber competitions and Women's Society of Cyberjutsu!

Jai

Owner, Hack3r Runway

Friday August 21, 2020 9:00am - 11:00am PDT
Stage 3

Talk Track3

10:00am PDT

Moving left in the SDLC

Feedback Survey

Jas will talk about how moving security left in the SDLC benefits the organization, reduced risk and improved security. How security works TOGETHER, Not against, Developers.

Speakers

Jaswinder Kaur

Senior cyber security engineer, T-Mobile

Jas is working with T-Mobile as a Senior cyber security engineer. Before that, she worked in the DC Government and Bank of America for many years. She is leading the blue team in her organization. For her, cyber security has never been more important, securing the important personal... Read More →

Friday August 21, 2020 10:00am - 10:45am PDT
Red Team Village Booth

Talk - Red Team Village

10:00am PDT

Incident Communications 101 - Breaking the Bad News

Feedback Survey

Enabling better communications between geeks and management. As humans we have had 60,000 years to perfect communication, but those of us working in IT, regardless of which side (Blue or Red Team), still struggle with this challenge. We have done our best over the centuries to yell "FIRE!" in a manner befitting our surroundings, yet today we seem utterly incapable of providing that very basic communication capability inside organizations. This talk will endeavor to explain HOW we can yell "FIRE!" and other necessary things across the enterprise in a language both leadership, managers and end-users understand.

Speakers

Catherine Ullman

Sr. Information Security Forensic Analyst, University at Buffalo

Dr. Catherine J. Ullman is a security researcher, speaker, and Senior Information Security Analyst at University at Buffalo with over 20 years of highly technical experience She also recently became certified in Mental Health First Aid. In her current job, Cathy is responsible for... Read More →

Friday August 21, 2020 10:00am - 11:00am PDT
Stage 1

Talk Track1

10:00am PDT

Trust, No Trust or Zero Trust - Myth Demystifying

Feedback Survey

Cloud is the new cool thing, everyone wants to be in cloud but what about security and compliance standards. How do organizations manage safety as well as security in the era of cloud. The concept of everyone inside the network being good or trusted is blown out of the water with cloud deployments. Effectively everyone is a tenant on a big server farm when it comes to cloud.

The only way forward is to not trust anything or what can be called a zero trust model. This talk will explore the concept of zero trust and will try to demystify zero trust models. The talk will focus on implementation and deployment scenarios of zero trust for organizations. How should the business prepare for the transition, what are the architectural requirements and what policies are required to be implemented?

We will conclude the talk with some recommendations based on our own experience dealing with zero trust deployments across a broad spectrum of clients and market segments.

Speakers

Vandana Verma

Security Solutions Architect, IBM

Vandana is a seasoned security professional with experience ranging from application security to infrastructure and now dealing with DevSecOps. She has been Keynote speaker / Speaker / Trainer at various public events ranging from Global OWASP AppSec events to BlackHat events to regional... Read More →

Friday August 21, 2020 10:00am - 11:00am PDT
Stage 2

Talk Track2

10:30am PDT

“Off the Shelf” Breadboard addition

Feedback Survey

In this 90 min workshop we will discuss the basics of building a prototype using a solderless breadboard and standard parts, as well as getting the project ready for code. Requires the parts listed here(link needed) as well a computer with the Arduino IDE installed (link) We’ll end the session with loading a test sketch to the Arduino.

Speakers

@TechGirlMN

Friday August 21, 2020 10:30am - 12:00pm PDT
Village Workshops

Village Workshop

11:00am PDT

Breaking Down Barriers to InfoSec for Neurodivergent Individuals

Feedback Survey

InfoSec is a daunting field for many. For people who are neurodivergent, this field can be even more challenging to get into. The goal of this lightning talk is to highlight some of the challenges and pain points that neurodivergent people may experience when contributing to open source InfoSec projects, when getting started in InfoSec as a new career, or when changing careers to InfoSec, and to provide implementable solutions to these challenges, that are designed to make a positive impact.

Speakers

Rin Oliver

Content Marketing Manager, Esper

Rin is the Content Marketing Manager at Esper. They enjoy discussing all things open source, with a particular focus on diversity in tech, improving hiring pipelines in OSS for those that are neurodivergent, and removing accessibility barriers to learning programming. Rin is also... Read More →

Breaking Down Barriers to InfoSec for Neurodivergent Individuals pptx

Friday August 21, 2020 11:00am - 11:30am PDT
Stage 1

Talk Track1

11:00am PDT

No Mom, I’m not a Hacker

Feedback Survey

For years, red teamers had all the fun and garnered the notoriety. They broke in, stole everything, then left a report on the blue team’s desk with some vague recommendations. The blue team wasn’t cool, it wasn’t fun, and it wasn’t the destination. Well, as my dear friend Wonder Woman once said, “If no one else will defend the world, then I must.” Blue teaming is critical to our industry, and it is time that blue teamers get the credit and reputation they deserve. In this talk you will learn about the history of the hacker stereotypes, what blue teaming really is, and why you should be proud to be a blue teamer. You will walk away with tips to elevate the profile of your organization’s blue team while encouraging others to join the blue side.

Speakers

Danielle Knust

Security Risk Advisors, Speaker

Danielle has a broad technical background with focuses on network security and threat hunting. She has experience deploying security monitoring and remote access solutions to operation technology (OT), manufacturing, and lab environments. Additionally, she leverages industry accepted... Read More →

Friday August 21, 2020 11:00am - 11:30am PDT
Stage 2

Talk Track2

11:00am PDT

Deploying discreet infrastructure for targeted phishing campaigns

Feedback Survey

Phishing attacks are an extremely common attack vector that has been used for many years, and the potential impact and risk involved are well known to most Internet users. However, it is still a highly relevant attack vector being used in the wild, affecting many victims. Phishing attacks exploits the vulnerable human factor.
The words easy and phishing never really seem to go together. Setting up a proper phishing infrastructure can be a real pain. This talk aims to walk you through the whole process of deploying an phishing campaign infrastructure from the perception of an attacker.

Speakers

Sreehari Haridas (invisible)

Cyber Security Engineer, UST Global

Sreehari is an experienced Security Researcher, who has 3 years of professional experience. He is a Web application Penetration tester and a renowned Bug Bounty Hunter.Currently Sreehari is working as a Cyber Security Engineer at UST Global, formerly a security consultant with EY... Read More →

Friday August 21, 2020 11:00am - 11:45am PDT
Red Team Village Booth

Talk - Red Team Village

11:00am PDT

Carnegie Mellon University's (CMU) Information Networking Institute (INI) Information Session

Thinking about going to graduate school for computer science, electrical and computer engineering or information technology?

Carnegie Mellon University's (CMU) Information Networking Institute (INI) is attending the The Diana Initiative Virtual Conference on Aug 21-22, 2020 and we want to meet you!

Connect live and hear about our programs, career outcomes and admission criteria:

Information Sessions -

Aug 21 and 22 at 2 p.m. EDT

INI Admissions will be on hand for LIVE Q&A

Aug 21-22 at 4:00 p.m. and 6:00 p.m. EDT

Available to chat during the duration of the conference

Visit our virtual booth to learn more about the INI's four master's degrees in information networking, security and mobile and IoT engineering.

We are a department within CMU's highly-ranked College of Engineering. At the INI, you can customize a technical computer science and engineering curriculum to explore your interests, such as human-computer interaction, cybersecurity, operating systems, embedded systems, cloud computing, big data analytics, smart cars and more.

Friday August 21, 2020 11:00am - 12:00pm PDT
Expo Hall - CMU Booth

Expo Hall

11:30am PDT

Low Tech & Insecure: Building Better Boundaries at Work and in Life

Feedback Survey

Guidelines to developing your own, and respecting others’, physical, verbal, emotional and sexual boundaries. Tech folks don't go to HR conferences; even if they did, HR conferences won't provide this common framework for discussing boundaries and sexuality. All genders and orientations are welcome; you should leave this armed with information to help you navigate personal interactions with more confidence in your careers, at conferences and in your personal lives.

Speakers

Carlota Sage

Self, Speaker

Raised in the wilds of Alabama by angry chickens and crazy people, Wolfpack-educated in the Tar Heel/Blue Devil state, and indoctrinated into Security by Silicon Valley appliance vendors (which are either wolves or angry chickens…maybe both), Carlota has returned to the east coast... Read More →

Friday August 21, 2020 11:30am - 12:00pm PDT
Stage 1

Talk Track1

11:30am PDT

CTI Mindset as a Technique for Blue Teamers

Feedback Survey

What if I told you that it is possible for blue teamers to practice CTI everyday?! With minimal guidance and insight, blue teamers can learn how to see things through the eyes of a cyber threat intel analyst. We’ll step through multiple examples of how a CTI analyst would view data, intel, analysis, and situations so you can gain helpful perspectives when performing analysis for your organization. Learn about the cognitive biases and logical fallacies that are killing your analysis and what to do about it. Take away CTI strategies that you can use in your org.

Speakers

Dr. Xena Olsen

CTI Professional, Fortune 100 Company

Dr. Xena Olsen is a cybersecurity professional focused on cyber threat intelligence at a Fortune 100 company. She enjoys discussing all things cyber threat intelligence and can be found in various threat intelligence sharing groups, such as Curated Intel. She is a SANS Women’s Academy... Read More →

Friday August 21, 2020 11:30am - 12:00pm PDT
Stage 2

Talk Track2

11:30am PDT

Lessons Learned from Playing with String

Feedback Survey

The speaker is an avid craftsperson, with years of experience knitting shawls, crocheting stuffies, and, more recently, sewing cloth face coverings. Some of the lessons learned from these crafts include: the importance of planning, batch processing, when to automate a task, and how everyone, regardless of skill level, has something to contribute.

Speakers

Amanda Draeger

US Army, Speaker

Amanda makes magic by using sticks to turn fluff into stuff. She listens to the complaints of computers to pay the bills.

Friday August 21, 2020 11:30am - 12:00pm PDT
Stage 3

Talk Track3

11:30am PDT

Security at Coinbase

Feedback Survey

Speakers:
- Adrienne Allen, Director, Security GRC & Privacy at Coinbase
- Sasha Levy, Security Analyst, CSIRT at Coinbase
- Zassmin Montes de Oca, Product Security Manager at Coinbase
Moderators:
- Katie Wilson, Analyst, Third Party Risk at Coinbase
- Chitra Balu, Senior Security Architect

Speakers

Adrienne Allen

Zassmin Montes De Oca

Product Security Manager at Coinbase, Coinbase

Zassmin is passionate about application security and promoting women in technology. She started her career as a software engineer before co-founding Women Who Code, serving as their CTO and Board Vice Chair. Zassmin's interest in security propelled her into her current role as a Product... Read More →

Katie Wilson

Third Party Security Analyst, Coinbase

Chitra Balu

Sasha Levy

Friday August 21, 2020 11:30am - 12:30pm PDT
Stage 4 - Village Talks

Talk Track4

12:00pm PDT

Offensive GraphQL API Exploitation

Feedback Survey

Nowadays, the GraphQL technology is used by some of the big tech giants like Facebook, GitHub, Pinterest, Twitter, HackerOne. The main reason behind that is that GraphQL gives enormous power to clients.
But, with great power come great responsibilities. Since developers are in charge of implementing access control and other security measures, applications are prone to classical web application vulnerabilities like Broken Access Controls, Insecure Direct Object References, Cross Site Scripting (XSS) and Classic Injection Bugs. This talk will be explaining the common security impacts faced while using the Graphql APIs and how an attacker makes use of it to attack the underlying infrastructure and ex-filtrate sensitive data from an organisation.

Speakers

Arun S

Lead security consultant, Ibm

Arun works as a Senior Security Consultant @ IBM India Software Labs, with more than 6 years of experience. He is a chapter leader for the null open source security community in Bangalore, also conducted training and workshops at c0c0n and BSides Delhi security conferences.Arun... Read More →

Friday August 21, 2020 12:00pm - 12:45pm PDT
Red Team Village Booth

Talk - Red Team Village

12:00pm PDT

Broken Arrow

Feedback Survey

Friends and family ask for assistance installing WiFi or configuring smart devices in the house. They are now asking members of the InfoSec community for help ‘fixing my situation' to digitally detach domestic disputes.
The attendees will leave with the fundamentals to assist their community with the same fundamentals which are applied with Operation Safe Escape clients, NATO special forces training, and corporate Digital Forensic/Insider Threat centers.

The very same Internet of Things which are installed for convenience can form agilded, velvet lined cage with an Alexa or Siri voice.

I will discuss how our community can apply InfoSec principles and forensic principles to assist domestic abuse victims cutting the electronic cord to their abuser.

The counterintelligence mindset should be applied to the domestic situation what can be gathered, what sources and methods can be used against a person in their own house and how to detect the threat.

The talk will discuss the use of social media to detect physical surveillance, technical countermeasures for surveillance devices, lessons learned with forensics...and the ways to protect oneself against leaving data behind.

Speakers

Will Baggett

Revolutionary Security, Speaker

Prior to joining Revolutionary Security as a Senior Cybersecurity Consultant, Will has a solid foundation of applying innovative cyber solutions to the public and private sector. During his time in public service, he identified new cyber methods and capabilities to mitigate risk to... Read More →

Friday August 21, 2020 12:00pm - 1:00pm PDT
Stage 1

Talk Track1

12:00pm PDT

What if we had TLS for Phone Numbers? An introduction to SHAKEN/STIR

Feedback Survey

If you've noticed a surge in unwanted robocalls from your own area code in the last few years, you're not alone. The way telephony systems are set up today, anyone can spoof a call or a text from any number. With an estimated 85 billion spam calls globally, it's time to address the problem.

This talk will discuss the latest advancements with STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs), new tech standards that use well accepted public key cryptography methods to validate caller identification. We'll discuss the path and challenges to getting this implemented industry wide, where this tech will fall short, and what we can do to limit exposure to call spam and fraud in the meantime.

Speakers

Kelley Robinson

Twilio, Speaker

Kelley works on the Account Security team at Twilio. Previously she worked in a variety of API platform and data engineering roles at startups. Her research focuses on authentication user experience and design trade-offs for different risk profiles and 2FA channels. Kelley lives in... Read More →

Friday August 21, 2020 12:00pm - 1:00pm PDT
Stage 2

Talk Track2

12:00pm PDT

Products People Trust: Privacy, Consent, & Security

Feedback Survey

ABSTRACT
Most software today collects and tracks as much data as possible with no concern for privacy or user consent. Consumers and regulations are starting to demand change. It's time to focus on building trust with our users. Our products should collect only what data is necessary, should always receive consent before collecting data, and should have proper security in place to protect collected data.

AUDIENCE
This talk is intended for creators of digital products. Anyone who involved in the design, development, and launch of web and mobile applications and services. The concepts in this talk are simple, but their impact and intricacies when implemented in products are complex and nuanced. Attendees at all levels of experience and career tenure will find value in the concepts of this talk.

INTRODUCTION
Technology companies are developing a bad reputation for abusing data collection policies and for failing to secure sensitive data they collect from their customers. Silicon Valley values companies that grow fast and have lots of users. In pursuit of these goals and ideal metrics, technology companies make seemingly innocuous decisions to get features out with as much adoption as possible. Unfortunately, this usually means turning on features on by default, automatically opting users in: all without any care around consent of that choice and the data collection and privacy implications that may be associated with a particular feature.

It’s not that anyone intentionally made these decisions with ill intent, it’s instead a lack of understanding the indirect implication to privacy, consent, and security of data that these features then introduce to a product or service.

This talk will reference real world examples of seemingly simple product and software decisions that lead to loss oftrust, lack of data collection consent, and failure to secure
data that was collected. We will also analyze the impact these problems introduce to a business. We will look at practical tips to build trust in your software while designing features for consent with privacy and security in mind.

OUTCOMES/CONCLUSION
At the end of this talk attendees will have practical advice on building trust into software products. Attendees will leave with a new understanding of the concepts of trust, privacy, consent, and security as it relates to data collection, analysis, and storage within digital applications and services. Attendees will also leave with real world examples to reference and share this knowledge as they build new digital products and services at their companies.

Speakers

Taylor McCaslin 🏳️‍🌈

GitLab, Speaker | Career Village Volunteer

Taylor McCaslin (he/him) is a multi-disciplinary Investor, Product Manager, and Technologist living in Austin, Texas. He currently works as a Senior Product Manager at GitLab focused on Security. Taylor also runs a small angel investing fund focused on impact investing with companies... Read More →

Building Products People Trust Diana pdf

Friday August 21, 2020 12:00pm - 1:00pm PDT
Stage 3

Talk Track3

12:30pm PDT

How an SRE became an application security engineer (and you can too!)

Feedback Survey

I made the leap from site reliability engineer to application security engineer late last year. What made it possible to move from security as a hobby to security as a job? A mix of research, workshops, meeting people, and focusing on the security-related parts of the job I already had. I’ll tell you what I studied, what I realized I already knew, and what was actually useful in the interview process (including links, a reading list, and other specifics).
Slides with notes here: https://docs.google.com/presentation/d/15-KXy1vYknYNdNN3vKLQNiwSGHsysg9AWhhOiaiAmY4/edit?usp=sharingBlog post version with links here: https://breanneboland.com/blog/2020/01/27/how-an-sre-became-an-application-security-engineer-and-you-can-too/

Speakers

Breanne Boland

Product security engineer - security partner, Gusto

Breanne Boland is a product security engineer with the Security Partnerships team at Gusto. Before moving into security, she was a site reliability engineer and an infrastructure engineer, working in healthcare and govtech. Prior to that, she was a professional writer, and she still... Read More →

Friday August 21, 2020 12:30pm - 1:00pm PDT
Stage 4 - Village Talks

Talk Track4

1:00pm PDT

Internal Red Team Operations Framework - Building your practical internal Red Team

Feedback Survey

This talk is about building a practical internal red team. This is not an easy task. For organizations, it is essential to have an internal offensive team to continuously perform adversarial simulation to strengthen the security posture and enhance blue team capabilities. Many variables needs to be taken care of before going forward with such an initiative. Most important thing would be assessing the progress and maturity of the red team building process.

Explains various steps to create an internal offensive team/red team from scratch and increasing the capabilities gradually on different phases. This talk introduces a proven way of building internal offensive teams, Internal Red Team Operations Framework. (IRTOF)

Speakers

Abhijith B R (abx)

Friday August 21, 2020 1:00pm - 1:45pm PDT
Red Team Village Booth

Talk - Red Team Village

1:00pm PDT

Carnegie Mellon University's (CMU) Information Networking Institute (INI) LIVE Q&A

Information Sessions -

Aug 21 and 22 at 2 p.m. EDT

INI Admissions will be on hand for LIVE Q&A

Aug 21-22 at 4:00 p.m. and 6:00 p.m. EDT

Available to chat during the duration of the conference

Friday August 21, 2020 1:00pm - 2:00pm PDT
Expo Hall - CMU Booth

Expo Hall

1:00pm PDT

Cyber Harassment: Things I wish I knew when sh1t went sideways

Feedback Survey

Cyber harassment is a grey area in both legal and forensic capability. Protecting one’s self can feel impossible, however it is not!

Are words on the internet/emails/private messages considered harassment, seen as threatening, or just freedom of speech?

I will share the first-hand extensive knowledge on options. Life tossed me a curveball, which resulted in a life experience which lets me share how to help individuals through a series of options to be protected and for additional help.

Do not feel helpless, evidence can be gathered. Protective orders can be obtained. Individuals who have been harassed causing mental trauma have the right to file for FMLA (NOT just for babies folks!). This allows them to take the necessary time off work without having a fear of losing employment.

The options provided will include tips on how to document and obtain evidence, tips for interviewing lawyers to find an attorney that meets specialized standards for cyber, and how to reach out to get help that can protect an individual in their career.

I truly wish I knew during my experiences these options and by sharing my experiences, as long as one person is helped, then it makes my adventure worth it.

Speakers

Laura Johnson

Speaker

Laura Johnson is a Senior Security Engineer, who started her career by joining the military unaware of how much she would fall in love with "security and things". Earlier in her career, Laura held roles such as Maintenance/Integrator, Network Engineer, Consultant, and Managing Security... Read More →

Friday August 21, 2020 1:00pm - 2:00pm PDT
Stage 1

Talk Track1

1:00pm PDT

More than just pipelines: DevSecOps

Feedback Survey

Although DevSecOps is currently a favourite industry buzzword many of us have limited knowledge on how to “do” it. Most vendors are selling mini versions of their tools meant to squish into your already crowded pipeline and calling it a day. This talk will define DevSecOps then discuss several strategies (high level ideas) and tactics (hands on keyboard) for fast and effective application security practices in a DevOps environment, all of which will take place OUTSIDE your pipeline.

When AppSec professionals operate in a DevOps environment they need to respect ‘the 3 ways’ (efficiency of the entire system, fast feedback and continuous learning), while ensuring they consistently release secure software. The current trend in this area is to add mini or partial versions of traditional security tools into your pipeline, breaking builds and/or slowing developers down immensely. For a change of perspective, this talk will detail how to implement a complete application security program without heavy reliance on pipelines.

Speakers

Tanya Janca

CEO and Founder, We Hack Purple

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around creating secure software. Tanya has been coding and... Read More →

Friday August 21, 2020 1:00pm - 2:00pm PDT
Stage 2

Talk Track2

1:00pm PDT

I’m a hunter! Cyber Intelligence the new(ish) frontier.

Feedback Survey

Threat hunting and cyber intelligence is not new but interest in it is growing, and with good reason. Cyber intelligence helps fill in gapsand hunting helps find hidden threats. It's an important area that doesn't get enough attention. Companies and organizations should understand why knowing their threat space could help them prevent attacks, infections, breaches and other issues. I also hope to show another field in infosec, that might be of interest to those looking for a new area to learn.

Speakers

Yasmine ‘amira Johnston-Ison

Senior Threat Researcher at Fidelis, Speaker

Army SIGINT vet who grew up in the intelligence world with a passion for cyber threat intelligence and malware."A target is a target and a network is a network - human or digital. In the shadows, it’s one in the same." - Yaz

Friday August 21, 2020 1:00pm - 2:00pm PDT
Stage 3

Talk Track3

1:00pm PDT

Ten Things Every Cyber Security Job Seeker Should Know

Feedback Survey

Maximize your job search efforts and turn them into successes with recommendations to evaluate, refine, and improve your strategy. This presentation offers women in cyber security the tools they require to take expert control of their job search and achieve their career goals through ten essential tips.

Job seekers will benefit from insights into understanding the different types of recruiters, deciphering the importance of certifications, and leveraging the right avenues for self-promotion and networking. We’ll also dive into developing career search products like your resume and social media content, as well as methods to obtain experience including home labs, competitions, internships, and more.

This session will thoroughly explore ten crucial job search tips while also sharing findings from an industry survey, which examines the impact of volunteering in your professional community. By actively engaging in the community, cyber professionals can network, gain experience, and create opportunities for continued learning in order to progress their careers. By applying these guidelines and taking necessary responsibility for one’s job search, individuals will embark on the road to success in the cyber security job market.

Speakers

Courtney Schwarten

Outreach Advocate, ClearedJobs.Net / CyberSecJobs.com

Courtney Schwarten, Outreach Advocate for CyberSecJobs.com and ClearedJobs.Net, gives job seekers the resources they need to be successful in their next careers. In this role, she advises and coaches cleared professionals, transitioning military, and cyber security professionals and... Read More →

Friday August 21, 2020 1:00pm - 2:00pm PDT
Stage 4 - Village Talks

Talk Track4

1:00pm PDT

“Off the Shelf” Soldering addition

Feedback Survey

In this 90 min workshop we’ll build step by step the “Off the Shelf” badge. TOOLS REQUIRED — SOLDERING IRON, WIRE STRIPPER AND A SMALL WIRE CLIPPER you will also need solder, flux and possibility some solder braid or a solder sucker . Requires the parts listed here(link needed) as well a computer with the Arduino IDE installed (link) We’ll end the session with loading a test sketch to the Arduino

Speakers

@TechGirlMN

Friday August 21, 2020 1:00pm - 2:30pm PDT
Village Workshops

Village Workshop

2:00pm PDT

Into the unknown: From a stay-at-home parent to an InfoSec career

Feedback Survey

The problem: stepping into an industry that is constantly growing, changing, and impossibly complex. How do you know where to start? How can you even dare to catch up or at least come close? Everyday, the cybersecurity industry grows. These are not shallow topics to be understood in a weekend seminar. Even one area is enough to spend a lifetime of research on. So, from the outside, what hope do you have to join this industry, especially if you didn't choose this path initially?
A real life story about stepping into the unknown. From a stay-at-home parent to an InfoSec career. Without a college degree, after 10 years of being a stay at home mom, and now a single mother, I want to share with the audience how I stepped into the cybersecurity field. How I went from knowing almost nothing about IT security (spoiler, I had the same 6 character password everywhere!) to being a social engineer and participating on security research projects at an international IT security company.
This talk can encourage the audience to push themselves towards their life goals, regardless of how they start. I will share tips and tricks that helped me transition into a fulfilling career that I love, in a more unconventional method.

Speakers

Michel Quiroz

insighti, Speaker

Michel currently works for insighti, an IT security company, as the head of business development during the week and dresses-up as kid's characters for parties and events on the weekend, you know, like Elsa or Wonder Woman. You could say that she does social engineering for a living... Read More →

Friday August 21, 2020 2:00pm - 2:30pm PDT
Stage 1

Talk Track1

2:00pm PDT

My AWS Access Key Nightmares... and Solutions

Feedback Survey

As a Security Engineer, a lot of things worry me. Between S3 buckets possibly being open to the public, firewall rules exposing endpoints accidentally, and insecure coding practices, I need to stay on my toes. But those are possible to audit for and address. No, the thing that keeps me up at night is the possibility of someone leaving the keys to our kingdom sitting around somewhere: AWS Access Keys. Journey with me into my nightmare scenarios, and hear me talk about the solutions that allow me to get back to sleep afterwards.

Speakers

Emily Gladstone Cole

Speaker

Emily is currently a Staff Security Engineer for Agari Data, Inc., and spends a lot of time thinking about the ways that DevOps and Security intersect. Emily has performed critical organizational roles of security research, incident response, product security, devops engineer, system... Read More →

DI My AWS Access Key Nightmares and Solutions pdf

Friday August 21, 2020 2:00pm - 2:30pm PDT
Stage 2

Talk Track2

2:00pm PDT

How to sink the ducky and other tricks

Feedback Survey

Unified logs contain a wealth of information that can be used to detect malicious USB devices like rubber ducky and bash bunny. Unified logs can also help find lateral movement and other malicious activity . . . once you know where to look. This presentation will cover some tips for detection using unified logs, and some gotchas for searching unified logs.

Speakers

Megan Carney

Detection Engineer, Target

Megan Carney has been an analyst/bad news giver in several different environments over the past ten years or so. She spends most of her time searching for all the places badness might hide. Can often be found staring into the abyss. It's true the abyss stares back.

Friday August 21, 2020 2:00pm - 3:00pm PDT
Stage 3

Talk Track3

2:00pm PDT

Ch-ch-changes!

Feedback Survey

Don Donzal from eLearnSecurity, sponsor of this year's Career Village, interviews three industry veterans about the many various paths into cybersecurity. Ping Look will bring her experiences as a technical hiring manager for defense and response, Sara Pickering as a human resources consultant and recruiter, and Carlota Sage as an IT leader turned vCISO, to paint a picture for the audience of the many twisty-turny paths you can take to get into Cybersecurity, and especially what hiring managers look for when hiring candidates without a security background.

Speakers

Carlota Sage

Self, Speaker

Don Donzal

Community Director, eLearnSecurity

whoami - I’m a Dad, a Community Director & an Editor-in-Chief.Don Donzal is the founder of The Ethical Hacker Network (EH-Net), a free online magazine and community for security professionals. EH-Net was acquired by eLearnSecurity (eLS) in 2017 to bolster their free educational... Read More →

Sara Pickering

Director of Talent Development, ISE

Sara Pickering is the Director of Talent Development at Independent Security Evaluators (ISE). Self-proclaimed HR Nerd, she works with business leaders to ensure that people strategy aligns with company values and culture. Sara strives to build trust and high levels of employee engagement... Read More →

Ping Look

Senior Director, Detection & Response Team, Microsoft

Ping Look is passionate about bringing people together to solve problems and currently at the helm of Microsoft’s Detection & Response Team. Prior to joining Microsoft, Ping was engaged at Optiv, formerly known as Accuvant LABS, where she managed one of the most technically proficient... Read More →

Friday August 21, 2020 2:00pm - 3:00pm PDT
Stage 4 - Village Talks

Talk Track4

2:30pm PDT

Conference Submissions for the Faint of Heart

Feedback Survey

Submitting a talk to a conference is quite overwhelming, even for seasoned speakers and presenters. The CFP process, while often documented, still results in submissions that may make a good idea tough to evaluate by the review team, and eventually they may be rejected. How could a first time submitter to a seasoned pro go about ensuring they share their ideas to the right audience and past muster with the review committee. In this talk we plan to present a general primer on how to make the submission the best it can be, reduce your stress, and ensure that you will have the tools required to confidently present your ideas to the target audience.

Speakers

Amelie Koran

Splunk, Inc., Sr. Tehcnology Advocate

Amélie is a Senior Technology Advocate at Splunk, focused on helping organizations transform, grow and secure themselves in the ever evolving world of technologies and their accompanying challenges. She arrives at Splunk after nearly 25 years as a technologist, from systems administration... Read More →

Nicole Schwartz

Product Manager, Secure Composition Analysis - GitLab, Speaker

Nicole Schwartz (@CircuitSwan) is a Product Manager for the GitLab Secure team. In her career, she has been in Product, System Administration, and Agile coaching. Before her career ever started she was a Hacker. When she isn’t working, she volunteers at and attends conventions (you... Read More →

Friday August 21, 2020 2:30pm - 3:00pm PDT
Stage 1

Talk Track1

2:30pm PDT

Guardians of the cloud: the sysadmin's guide to cloud security

Feedback Survey

Organisations are rapidly moving applications to the cloud to support remote work in the COVID-19 era, leaving sysadmins and security teams to secure a sprawling mass of cloud-based infrastructure. It's easy to "lift and shift" on-premises administrative practices to cloud environments. However, cloud systems are prime targets for attackers and require a new approach to administration. So what is the most secure way to manage your Tier 1 servers running in AWS, application development in GitHub and business collaboration in Slack?

In her talk, Bronwyn will compare the threat models of cloud and on-premises systems. We will learn about best practices for secure cloud administration, including the importance of Identity and Access Management for effective cloud security. Bronwyn will share real-life lessons learned from working on cloud migrations, illustrating the challenges faced when on-premises administration concepts are applied to cloud environments.

Friday August 21, 2020 2:30pm - 3:00pm PDT
Stage 2

Talk Track2

3:00pm PDT

Carnegie Mellon University's (CMU) Information Networking Institute (INI) LIVE Q&A

Information Sessions -

Aug 21 and 22 at 2 p.m. EDT

INI Admissions will be on hand for LIVE Q&A

Aug 21-22 at 4:00 p.m. and 6:00 p.m. EDT

Available to chat during the duration of the conference

Friday August 21, 2020 3:00pm - 4:00pm PDT
Expo Hall - CMU Booth

Expo Hall

3:00pm PDT

College Students “Driving” Digital Crash Reconstruction

Feedback Survey

In order to address the massive growth of digital evidence available in criminal investigations, the St. Joseph County (IN) Cyber Crimes Unit began a partnership with the University of Notre Dame in 2015. Unlike any other cyber crimes unit in the country, they took a leap of faith and began employing students as sworn law enforcement personnel and digital forensics examiners. We are two of those investigators. In this role, we conduct digital forensics examinations on real cases, write and execute search warrants, and testify in court. When we are not actively working on a case, we conduct research and testing, looking for novel ways to apply technology and digital forensics to existing real-world problems.

Since the inception of traffic crash reconstruction in 1985, its methods and formulas have remained relatively unchanged. So, we asked: can technology revolutionize traffic crash reconstruction? In this talk, we will discuss research that we have done related to the feasibility of using data automatically collected by a smartphone to reconstruct traffic crashes. We have found that depending on user interaction with the phone, it may be possible to build a detailed timeline of events leading up to, during, and after a crash. This timeline can include not only user interaction with the phone, but also detailed GPS information and vehicle speeds. Finally, we will talk about how our research can address the limitations of existing crash reconstruction methods and show case examples of where we have applied this research to local cases.

Speakers

Brianna Drummond

St. Joseph County Cyber Crimes Unit, Speaker

Brianna Drummond is a senior undergrad at the University of Notre Dame studying Political Science and Russian with a minor in Cyber Safety and Security. In addition to being a student, Brianna is a Senior Investigator for the St. Joseph County Cyber Crimes Unit. She also holds the... Read More →

Laura Hernandez

St. Joseph County Cyber Crimes Unit, Speaker

Laura is a senior undergrad at the University of Notre Dame studying Sociology with a minor in Cyber Safety and Security. She is currently a Senior Investigator in the St. Joseph County Cyber Crimes Unit in Indiana, where she works as a digital forensic examiner. She is also certified... Read More →

Friday August 21, 2020 3:00pm - 4:00pm PDT
Stage 1

Talk Track1

3:00pm PDT

Secrets of the Second Factor

Feedback Survey

Bored by talks convincing you to setup 2FA, as if you haven’t already had it on your MMORPG account for a decade?

There's more to MFA than protecting an account from a bad, reused, or dumped password. Let's go discover all the dirty little secrets in $company using the MFA logs!

Break the barrier of complacency that comes with a multi factor system! Explore all the obvious security violations of risky login habits. I’ll step through why you should be logging every authentication attempt and read the logs to discover all the hidden secrets that could have been unnoticed for years. Things slip by other data sources and behavior analysis tools but become clear when you know how to spot the secrets in the second factor.

Speakers

Bace 16

DC919, Speaker

BACE16 was bored as a firewall engineer so she started a Def Con Group in RTP, NC, DC919, to re-discover the joys of hacking with a community. Building on this, she also volunteers for BSides RDU and is a founding member of Cackalacky Con. She eventually found her calling as an incident... Read More →

Friday August 21, 2020 3:00pm - 4:00pm PDT
Stage 2

Talk Track2

3:00pm PDT

A case against “Google it”: A cognitive science approach

Feedback Survey

"Google it" is a great one-liner, but it doesn't follow how people learn. People new to the infosec field have a lot to navigate during their learning. Mentors and education programs should develop a model of learning based on human cognition. There is an overwhelming amount of information and even more opinions on how to begin learning cybersecurity. Not to mention, not everyone is an excellent technical writer or writes content without considering their audience. Accordingly, telling a new learner to just "Google it" can be cognitively overwhelming, disrupts learning, and may cause people to not pursue infosec as a career or hobby.

In this presentation, mentors and those that create educational content for infosec professionals will learn the cognitive apprenticeship (Collins et al., 1987) model of learning and cognitive load theory (Sweller, 1994; Sweller, 2006; Sweller et al., 2011). Cognitive apprenticeships are the same as a traditional mentor-mentee relationship, except it provides a cognitive framework of how to learn. The four phases of modeling, scaffolding, fading, and coaching will be discussed in context to a Windows system administrator who wants to transition into a cybersecurity professional. The presentation will discuss how to train a Windows System Administration to apply the CSC Security Controls to Windows and Linux using a cognitive apprenticeship approach. Cognitive load theory is one way of explaining how instructional design helps or hinders transferring information from short-term memory, which has a small storage capacity, to long-term memory, which has a much larger storage capacity. When cognitive apprenticeships are practiced in context to how people learn, it will reduce the mentor and mentee's cognitive load and create a more engaging learning experience to facilitate long-term retention of what is learned.

Speakers

Duane Dunston

Associate Professor, Champlain College

Duane Dunston is an Associate Professor of Cybersecurity at Champlain College. He has been in Information Security for over 20 years working in both the education and government sectors. He focuses on risk management, cryptography, security education, and using technology for social... Read More →

Friday August 21, 2020 3:00pm - 4:00pm PDT
Stage 3

Talk Track3

4:00pm PDT

Reclaiming Your Space in Cyber Security: Speak Out, Speak Up, Speak Often

Feedback Survey

There is a great global discussion happening about the ways in which systemic racism and gender bias reveal themselves across various aspects of our society. From #BlackLivesMatter to #Me too to #Timesup, there is a massive movement on the part of large swaths of American citizens that incremental progress is no longer enough. Americans seems ready for a sweeping change in the very definition of what America is, what we truly value and who the beneficiaries should be of a long-broken system.
This public discourse is visceral, its uncomfortable and its disruptive. But it is necessary. It was unavoidable. Women, minorities, and other marginalized groups now have growing public support to transform discourse into action, draft new policies, and advance new ways for our society continues tovalue difference – across the board. More of them today are choosing to “Speak Out, Speak Up and Speak Often” in advocacy for more control over their lives.
The Cybersecurity industry acts as a microcosm of the broader society in which it sits. Therefore, it is not exempt from the same demand for a revolution – a change in the way women are treated, minorities are kept out, and the responsibility for diversity and inclusion is placed on the victims of the treatment over and over again. The first black or female employee in any security team is the one who “breaks the boundaries”, therefore innately a change agent. But we all as an industry have to make space for those who are different. We must allow them to use their unique voice and value them as equals. It now the time for action.
The purpose of this talk will be to discuss the responsibility of the cyber security industry to move over, open doors and make space for more women and minorities to “Speak Up, Speak Out and Speak Often”.

Speakers

Jules Okafor

CEO, RevolutionCyber

Juliet Okafor, J.D., is a cybersecurity professional who has combined her knowledge of the legal system and cybersecurity solution models into success stories across fortune 500industries throughout the USA. Her ability to scope, plan and design the creation of an OT Cybersecurity... Read More →

Friday August 21, 2020 4:00pm - 5:00pm PDT
Stage 1

Keynote, Closing Keynote

4:00pm PDT

Entrepreneurial Adventures: Starting Your Own Company

Feedback Survey

So you’re not crazy, you just want to start your own company. Which kinda takes a level of crazy to pull it off. We’ll talk through what it takes to be an entrepreneur, ideation and the phases of startup, different kinds of companies (service, product, non-profit), how and why (or why not) to raise capital, types of investors, legal requirements, working (or not) with friends, challenges, building total/service addressable market size, back-office administration, employee benefits, equity (what is an RSU?), pricing, Intellectual Property Rights, economics, and resources for more information and networking. Will include anecdotes and insights my experiences starting several companies and from multiple Founders across the spectrum.

Speakers

Bryson Bort

CEO, SCYTHE

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity... Read More →

Keenan Skelly

CEO, ShyftED, Inc.

As the CEO of ShyftED, Inc., a Security Awareness company for all humans, Keenan Skelly provides engaging awareness software and strategic business insights for cybersecurity. Skelly, a former Army Explosive Ordnance Disposal Technician, and Chief, Comprehensive Reviews for DHS, has... Read More →

Diana Initiative Entrepreneurial Adventures Starting Your Own Company pptx

Friday August 21, 2020 4:00pm - 5:00pm PDT
Stage 4 - Village Talks

Talk Track4

5:00pm PDT

Social Hour

Come on in to the "Networking" area and you will get randomly paired with another person for a chat.

We recommend bringing a drink, a snack, and recreating hallwaycon / quiet party!

Friday August 21, 2020 5:00pm - 6:00pm PDT
Networking Area

Social

8:00am PDT

What Does it Mean to Be a Barrier Breaker?

Feedback Survey

We often assume 'Barrier Breaker' means that someone was 'the first' or 'the only' to do something and what happens after that is almost a foregone conclusion . That's not how barriers get broken. It's kind of like saying, "a single drop of water breaks the dam", when we know that it takes a critical mass of water, a flood, before the dam will break. In security, especially, we reward the 'lone hacker' who discovers a zero-day and tend to dismiss those that come behind who identify similar classes of vulnerabilities or the same vulnerability presented in different ways--as if those discoveries aren't equally remarkable. Barrier breaking isn't a one-person phenomenon, it is a movement of people committed to change. Using a handful of examples, I will highlight some barrier breakers in our industry and provide actionable methods that each of us, day by day, and byte by byte, can use to become better barrier breakers.

Speakers

Yolonda Smith

Head of Cybersecurity at Sweetgreen, Opening Keynote Speaker

Yolonda Smith is the Head of Cybersecurity for sweetgreen, a fast-casual salad restaurant chain with over 100 locations across North America whose mission is inspire healthier communities by connecting people to real food. In this role, she is responsible for the development and operationalization... Read More →

Saturday August 22, 2020 8:00am - 9:00am PDT
Stage 1

Keynote, Opening Keynote

9:00am PDT

Critical Infrastructure, Interconnected Risks, and Resiliency. Why Women Should Care?

Feedback Survey

Speakers

Godha Bapuji

Founder, Women in Crisis Response

Saturday August 22, 2020 9:00am - 9:45am PDT
Red Team Village Booth

Talk - Red Team Village

9:00am PDT

It's a Human Thing: Strategies for Navigating Diversity & Inclusion in your Organization

Feedback Survey

Over the last several years, the infosec community has preached the importance of Diversity & Inclusion in the space. But what does that look like? How can infosec leaders put realistic measures and policies in place to achieve a diverse and inclusive work force? In this session, I will cover both good and bad strategies used by companies over the last two years; highlight the do and do not for organizations of all sizes; and discuss with the audience how to navigate Diversity & Inclusion during socially charged times. The audience will leave with real implementation measures; guidance on what to steer clear of; and a community to continue the discussion after the talk.

Speakers

Keenan Skelly

CEO, ShyftED, Inc.

Saturday August 22, 2020 9:00am - 10:00am PDT
Stage 1

Talk Track1

9:00am PDT

IoT Honeypots and Rogue Appliances

Feedback Survey

Honeypots AND IoT security, all in one place? Yes, why YES I tell you, and this is it! Oh sure, honeypots are not new, but how they are used is what makes this talk just a little bit different. Presented for your viewing pleasure will be IoT specific honeypot configurations, some deployed with k8s (some not) and how they are used to not only trap attacks against your IoT devices but also detect attacks FROM a compromised IoT device.

Introduction - who I am and where this idea came from (2 mins)

Introduction to IoT devices and why they continue to be a serious issue with consumer and corporate security. I will discuss the 5 verticals of IoT devices while focusing on some of the typical attacks that have been used in the past few years. It is important to understand why vendors produce insecure devices and that they will continue to do so. (3 mins)

Introduction to Honeypots and key issues with planning, architecture and deployment. One of the biggest issues with honeypots is not setting them up, but using them the right way. Now referred to as “deception tech”, honeypots can provide a level of detection and defense against rogue IoT devices. Several examples will be presented with recorded sessions (or live demos if the demo gods are in a good mood) showing how to plan and deploy the right honeypots to the right environments. (5 mins)

Now for the fun! In this next section I will show IoT honeypots used for protection in the wild. The wild will consist of your home network, corp network, and even deployed in DMZs and other locations. Several examples of how honeypots were used to detect “angry appliances” doing things they should not have been doing will be shown. A more recent example in my own private home network will show how an intelligent thermostat was found to be scanning the network. This sections gets fun with various devices from light bulbs, IoT hubs and more. (10 mins)

Summary and Key Takeaways - Here I bring it all to a conclusion by providing key takeaways for the How and the Whys of planning and deployment and what to expect from private and hostile environments. The key point here is that attendees will walk away with real tools and ideas to use right away and not just some theory. This is actually a detailed section reviewing key points of the takeaways, not just a summary slide (10 mins)

Q&A - (5 mins)

5 minutes to spare from a 40 minute session!! Woo Hoo!

Demos will make this fun, with one live and a couple of recorded demos to cap it all off.

Key takeaways: 1. Different levels of IoT devices 2. Threat modeling techniques for IoT devices 3. Honeypots and deception tech - not your mother’s honeypot 4. Planning stages - this is CRITICAL for successful deployment 5. Setting up collectors/SIEM for analysis 6. CCAD

Speakers

Kat Fitzgerald

Security Engineering Mgr, Google

Based in Seattle and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral... Read More →

Saturday August 22, 2020 9:00am - 10:00am PDT
Stage 2

Talk Track2

9:00am PDT

Levelling up the Estrogen in the Cyber World

Feedback Survey

The lockdown has forced almost everyone into digitalization. But as the scale of the number of people doing remote work has increased so has the complexity and vastness of cyberattacks.

Now, from the point of a female engineering student, it’s hard to find a lot of female colleagues in the tech field.‘The International Journal of Gender, Science and Technology’ and many others have published studies regarding the gender gap of women in technology, cybersecurity being one of the fields. And we believe it is our duty to do something for the cause.

If you have ever been intrigued by cybersecurity and wanted to learn, the next question is HOW. Well, we may have the best answer to that, CTF’s. CTFs’ are coding competitions to the Cyberworld teaching you how to work up to escalate privileges from lowkey “bugs”.

Yes, we all know that there are tons of resources on the Internet. But that’s exactly the reason why we lose track. In this talk, we shall introduce you some Crypto and a little bit of Reverse Engineering and shall give you an idea of how to get started and how to navigate your way into the cyber realm. We shall also talk about existing opportunities for women and how to make the most of it.

Speakers

Sandra Bino

B-tech Undergrad

I'm a B-tech Undergrad student who has been playing CTF's for the past two years out of pure interest and also for the adrenaline rush right after I get a flag. I am also a member of teambi0s the #1 CTF team in India (I've been lucky ) also TeamShakti, an amazing group of girls from... Read More →

Meenakshi S L

Student

Meenakshi S L is a CTF player with Team bi0s, the No.1 CTF team in India. She is also a part of Team Shakti, a group of bubbling young female minds set out to make their mark in the cyber world through CTFs, talks and workshops. She is currently pursuing her undergraduate degree... Read More →

Saturday August 22, 2020 9:00am - 10:00am PDT
Stage 3

Talk Track3

9:00am PDT

Basic Arduino coding using virtual Badge

Feedback Survey

We’ll go through the basics of writing an Arduino sketch using the basic commands of DigitalWrite, Delay, and DigitalRead, as well as recycling code using Objects and loops.

Speakers

@TechGirlMN

Saturday August 22, 2020 9:00am - 10:30am PDT
Village Workshops

Village Workshop

10:00am PDT

Moving left in the SDLC

Feedback Survey

Jas will talk about how moving security left in the SDLC benefits the organization, reduced risk and improved security. How security works TOGETHER, Not against, Developers.

Speakers

Jaswinder Kaur

Senior cyber security engineer, T-Mobile

Saturday August 22, 2020 10:00am - 10:45am PDT
Red Team Village Booth

Talk - Red Team Village

10:00am PDT

DevSecOps – It’s A Team Sport

Feedback Survey

DevSecOps derives its own name from being an amalgamation of formerly three separate common teams within most IT organizations, Development, Security and Operations. With the onslaught of new technologies and methods to build, deploy and secure such solutions, it's become paramount to unite and streamline these traditionally separate activities. This doesn't come without its own set of challenges; from turf wars to knowledge and abilities, with most of the effort trying to wed-up the right puzzle pieces to ensure overall team successes. 
There’s also no success in this area given to a group of “rock stars” or “prima donnas” but more from “roadies” and “sidemen” who work to make sure the whole show is going to be good rather than try to take center stage. Finding, identifying, and nurturing the staff and talent that is willing to work through the change not only within the IT organization, but are also ambassadors to the rest of the organization to help them through the new ways of exploiting the new ways of integrating technology into business.

Speakers

Amelie Koran

Splunk, Inc., Sr. Tehcnology Advocate

Saturday August 22, 2020 10:00am - 11:00am PDT
Stage 1

Talk Track1

10:00am PDT

Hacking into Android Ecosystem

Feedback Survey

There are more than 2.5 billion devices on Android today. That implies any vulnerability can potentially lead to a massive privacy breach or security attack. So, how does the security landscape looks like for Android, are there known privacy limitations or security threats? How do you look into the internals of an Android app? How do you look into the internals of Android itself? This talk will answer these questions for the audience. As a part of the talk, we will cover the following:
1. Overview of Android Security Landscape: Present day's security and privacy posture of Android, the attacks and challenges in defence.
2. Android Apps Internals: How to reverse engineer Android App and see what it does?
3. FRIDA: Using FRIDA to explore Android Apps Ecosystem
4. Design of malwares and spywares
5. Current situation, exploitation, risks and future.

Speakers

Aditi Bhatnagar

Microsoft, Speaker

Aditi Bhatnagar is a security enthusiast who is presently working as Software Engineer in end point security team, developing defender solutions for Android platform at Microsoft. She is actively involved in researching the privacy and security aspects of evolving Android landscape... Read More →

Saturday August 22, 2020 10:00am - 11:00am PDT
Stage 2

Talk Track2

10:00am PDT

Testing all the things - We can't catch 'em all and who's accountable anyway?

Feedback Survey

Suppliers, systems, sites, apps, devices, vulnerabilities and all the brewing bright ideas. What's riskiest? What do we tackle first? How much can we reasonably do? What about tyres we can't kick?

No-one can test (or fix) all the things, but we're told to try, even when we get the call just before it goes live. But there's no Tardis, money tree, or vending machine stocked with specialists and no-one can be accountabile for something they can't influence, or don't understand.

I'll be sharing lessons learned about those pinch points and showing simple risk-based ways to share the burden across the whole organisation Delegating work to prune the pipeline. Embedding accountability. Recognising where the orginanisation might not be mature enough to change. Moving things left - back to the bright ideas factories - so there's time and space to tackle the tyres we really have to kick, or call out the fact there just aren't enough hours in the day.

Speakers

Sarah Clarke

Data Protection & Security GRC Specialist, Speaker

Sarah started out in IT and network security, but has spent the last decade tackling challenges linked to doing security and data protection governance at scale. She moved away from the tech coalface after seeing colleagues burnt out, often because they didn't have data and sponsorship... Read More →

Saturday August 22, 2020 10:00am - 11:00am PDT
Stage 3

Talk Track3

11:00am PDT

Deploying discreet infrastructure for targeted phishing campaigns

Feedback Survey

Speakers

Sreehari Haridas (invisible)

Cyber Security Engineer, UST Global

Saturday August 22, 2020 11:00am - 11:45am PDT
Red Team Village Booth

Talk - Red Team Village

11:00am PDT

Carnegie Mellon University's (CMU) Information Networking Institute (INI) Information Session

Information Sessions -

Aug 21 and 22 at 2 p.m. EDT

INI Admissions will be on hand for LIVE Q&A

Aug 21-22 at 4:00 p.m. and 6:00 p.m. EDT

Available to chat during the duration of the conference

Saturday August 22, 2020 11:00am - 12:00pm PDT
Expo Hall - CMU Booth

Expo Hall

11:00am PDT

Exploiting Sexual Exploitation

Feedback Survey

Online sexual harassment is one of the most overlooked crimes on both the interwebs and irl. Victims need help, and way fewer resources exist to support them. From cyberstalking cases, to revenge porn posts to deepnude takedowns, Labac helps victims of abuse defend and prevent targeted attacks.

This talk details our crew’s efforts to flip the table against online abusers. We will outline various tactics used against historical targets, such as technical attacks and policy exploits. We’ll also discuss how you can help.

Speakers

K T

LaBac, Speaker

Threat Hunter. Founder, Labac.

Aaron DeVera

Speaker

Bot Detective. Founder, Labac.LaBac is a hacker collective combatting tech-enabled abuse. LaBac serves on the NYC Cyber Sexual Assault Taskforce, a city-wide initiative dedicated to fighting online sexual exploitation. The LaBac collective curates the Museum of Modern Malware at... Read More →

Saturday August 22, 2020 11:00am - 12:00pm PDT
Stage 1

Talk Track1

11:00am PDT

Hiding In The Clouds: How Attackers Can Use Applications Consent for Sustained Persistence and How To Find It

Feedback Survey

Applications are modernizing. With that, the way permissions for these applications are granted are also changing. These new changes can allow an attacker to have sustained persistence in plain sight if we don’t understand how these work and where to look. What’s the difference if an application has permissions or an application has delegated permissions? Why did that admin account consent to that application, should I be worried? Is that application overprivileged? I have thousands of apps, how do I account for this? In this session we will look to demystify and bring clarity to these questions. You’ll understand these new application models and how they can be abused for sustained persistence, how these permissions work and what overprivileged looks like and finally, how to find them in your environment.

Speakers

Mark Morowczynski

Principal Program Manager, Microsoft

Mark Morowczynski (@markmorow) is a Principal Program Manager on the customer success team in the Microsoft Identity division. He spends most of his time working with customers on their deployments of Azure Active Directory. Previously he was Premier Field Engineer supporting Active... Read More →

Bailey Bercik

Microsoft, Speaker

Bailey Bercik (@baileybercik on Twitter) is a Program Manager in the customer facing arm of the Identity Engineering division at Microsoft. As part of the “Get-To-Production” team, she acts as a trusted advisor to Fortune 500 enterprises deploying Azure Active Directory. She's... Read More →

Saturday August 22, 2020 11:00am - 12:00pm PDT
Stage 2

Talk Track2

12:00pm PDT

Offensive GraphQL API Exploitation

Feedback Survey

Speakers

Arun S

Lead security consultant, Ibm

Saturday August 22, 2020 12:00pm - 12:45pm PDT
Red Team Village Booth

Talk - Red Team Village

12:00pm PDT

BlueZ Cluez: Getting to Know the Linux Bluetooth Protocol Stack

Feedback Survey

There are many opportunities to learn about various protocols through the Internet of Things. One such protocol, Bluetooth, is a wireless protocol used for communicating data between devices from 2.400 to 2.485 GHz over short distances. This presentation introduces Bluez, a Bluetooth stack available in Linux, as a tool that researchers can utilize to study the protocol and identify potential vulnerabilities between devices exchanging data. In this case, we will leverage BlueZ and its features to control a light bulb. The presentation intends to cover the set-up and installation of pertinent tools in order to scan, identify devices, connect with the targeted device, and change the light bulb’s LED color. Audience members will walk away with a solid foundation of BlueZ and how to interact its tools to scan, connect, and tinker with devices.

Speakers

Ria Baldevia

King's College London, Speaker

Ria Baldevia is a student at King's College London pursuing her PhD in digital humanities.

Saturday August 22, 2020 12:00pm - 1:00pm PDT
Stage 1

Talk Track1

12:00pm PDT

Women in Threat Intelligence - from on the ground to in the cloud

Feedback Survey

Introduction: A brief history of female intelligence operatives and cyber threat intelligence leaders from all over the world and a challenge to the audience to keep these key points in mind for discussion after the presentation:

As you honor the contributions of the threat intelligence experts in this overview, keep mental notes of how they embraced traditional and nontraditional masculine and feminine traits to accomplish their mission.
Challenge yourself to check thoughts of bias, social conditioning and the temptation to judge based on very limited information about the individuals being portrayed.
At the end of this presentation, we will discuss the power of diversity and equanimity in a world class Threat Intelligence Team.

Female Intelligence Operatives and Leaders
State of Affairs - statistics about women in senior leader positions and what we can do to continue to improve the odds of women being successful in threat intelligence and cyber security

Recruiting efforts to reduce bias in job descriptions, necessary skills, education, certifications, "right fit", etc.
Number of female CEOs, CISOs
Number of women on boards of directors - certification courses to help you prepare

Answering the call is critical, even if you don’t see the path to your intended outcome.

Disaster medicine - fraud (benefits of being a female firefighter)
911 Commission - we brought teams together to correlate intelligence and investigations in very creative ways
Combating botnets and nation state attacks at a global level
Sim Swap cases - information sharing across industry and sectors

Building a world-class threat intelligence program

Training teams to challenge outcomes, grow, learn, reduce and be aware of bias
Partnering with key stakeholders inside and outside the company
Presenting to senior leadership and the CISO Advisory Board
Laying the foundation for diversity, inclusion and bringing people from underrepresented populations into the field through mentorship, training, networking, hiring

Speakers

Jodie Ryan

Sr. Manager Threat Intel & Countermeasures, Speaker

Jodie Ryan is a Sr. Manager of Threat Operations at Verizon Media. Her teams of Cyber Threat Intelligence Analysts and Countermeasures Engineers produce custom detections and threat advisories to lead intelligence-driven mitigation efforts across all Verizon Media properties such... Read More →

Saturday August 22, 2020 12:00pm - 1:00pm PDT
Stage 2

Talk Track2

12:00pm PDT

So, I Made A Microdot

Feedback Survey

Microdots have a long and storied history in the transfer of information over obscured channels. In the same family of invisible inks and stenganography, microdots were the OG side channel attack and were used to great effect throughout the cold war.
But the advent of more modern methods of data storage and transfer have rendered film microdots obsolete. In this talk, I discuss the technical concepts behind how I made the microdot, and a modern twist on microdot methodology to bridge the gap between analog and digital microdot creation and use.

Here's a rough outline:
Introduction - 2 min
What is a microdot? - 2 min
History of the microdot - 2 min
methodology overview - 2 min
1-step method - 7 min
2-step method - 7 min
analog/digital hybrid - 5 min
Operational security considerations - 3 min
Challenges - 3 min
wrap-up & questions - 7 min

Speakers

Emily Crose

n/a, Speaker

Emily Crose has been working in the field of information security for over 10 years. Previously she has worked at the CIA, NSA, and US Army INSCOM. In her free time, she runs the Hacking History project and co-authors The Teletypist.

So, I made a microdot pdf

Saturday August 22, 2020 12:00pm - 1:00pm PDT
Stage 3

Talk Track3

12:00pm PDT

Arduino coding using the bread board or soldered badge

Feedback Survey

We’ll go through the basics of writing an Arduino sketch using the basic commands of DigitalWrite, Delay, and DigitalRead, as well as recycling code using Objects and loops.

Speakers

@TechGirlMN

Saturday August 22, 2020 12:00pm - 1:30pm PDT
Village Workshops

Village Workshop

1:00pm PDT

Internal Red Team Operations Framework - Building your practical internal Red Team

Feedback Survey

Speakers

Abhijith B R (abx)

Saturday August 22, 2020 1:00pm - 1:45pm PDT
Red Team Village Booth

Talk - Red Team Village

1:00pm PDT

Carnegie Mellon University's (CMU) Information Networking Institute (INI) LIVE Q&A

Information Sessions -

Aug 21 and 22 at 2 p.m. EDT

INI Admissions will be on hand for LIVE Q&A

Aug 21-22 at 4:00 p.m. and 6:00 p.m. EDT

Available to chat during the duration of the conference

Saturday August 22, 2020 1:00pm - 2:00pm PDT
Expo Hall - CMU Booth

Expo Hall

1:00pm PDT

Automating Threat Hunting on the Dark Web and other nitty-gritty things

Feedback Survey

What's the hype with the dark web? Why are security researchers focusing more on the dark web? How to perform threat hunting on the dark web? Can it be automated? If you are curious about the answers to these questions, then this talk is for you. Dark web hosts several sites where criminals buy, sell, and trade goods and services like drugs, weapons, exploits, etc. Hunting on the dark web can help identify, profile, and mitigate any organization risks if done timely and appropriately. This is why threat intelligence obtained from the dark web can be crucial for any organization. In this presentation, you will learn why threat hunting on the dark web is necessary, different methodologies to perform hunting, the process after hunting, and how hunted data is analyzed. The main focus of this talk will be automating the threat hunting on the dark web. You will also get to know what operational security (OpSec) is and why it is essential while performing hunting on the dark web and how you can employ it in your daily life.

Speakers

Apurv Singh Gautam

Threat Researcher, Cyble

Apurv Singh Gautam works as a Threat Researcher at Cyble. He commenced work in Threat Intel 3 years ago. He works on hunting threats from the surface and dark web by utilizing OSINT, SOCMINT, and HUMINT. He is passionate about giving back to the community and has already conducted... Read More →

Saturday August 22, 2020 1:00pm - 2:00pm PDT
Stage 1

Talk Track1

1:00pm PDT

Unmasking the Avengers: Shifting Roles of Facial Recognition

Feedback Survey

Your voice may be your password, but what happens when it’s your face and there’s a data breach or the data is wrong? What happens to your privacy and security when all of the data is right?

No longer solely for use by protestors or comic book characters, facial recognition algorithms are racing to adjust for the increased use of facial masks in public. Caught up between protests and COVID19 are cellular data and biometric data sets, shared with and utilized by law enforcement in often unintended ways. A growing number of public/private partnerships are providing law enforcement access to large data pools. Information that in some cases is incorrect. We’ll take a deeper dive into how privately collected location sharing and facial recognition data is being increasingly leveraged by government and law enforcement.

Speakers

Elizabeth Wharton

SCYTHE, Speaker

Elizabeth (Liz) Wharton is a technology-focused business and public policy attorney who has advised researchers, startups, and policymakers at the federal, state, and local level. She is the Chief of Staff at SCYTHE as well as a member of the Technology & Innovation Council with Business... Read More →

Suchismita Pahi

Acting Chief Privacy Officer, Rally Health, Inc.

Suchi Pahi is a data privacy and cybersecurity attorney with a passion for tech. Her goal at conferences is to make privacy and cybersecurity law more accessible and transparent for people who are directly impacted by these legal frameworks, and to explore new developments on the... Read More →

Saturday August 22, 2020 1:00pm - 2:00pm PDT
Stage 2

Talk Track2

1:00pm PDT

Getting Paid Like a Boss

Feedback Survey

Described as the "talk I wish I had when I was starting out", come get all your compensation questions answered. When you are comparing job offers or a raise, what does everything like "Total Compensation" really mean? When they are offering equity, stocks, restricted stock, stock options, or talking about their employee stock purchase plan, what does that mean to you? When do you get those stocks? Do you have to pay for them? Are they guaranteed? What's vesting mean anyway? Do you know how to negotiate multiple offers and make sure you're getting paid for your experience? Learn all about the basics (and where to do more research) on all the terms that might get tossed your way. You'll be in a better position to understand, research, and negotiate all the bells and whistles that come with tech job offers.

Speakers

Tracie Martin

Principal Security Engineer/Founder, DefendCon

Tracie Martin is a Principal Security Engineer at a really big book store. Previously she's worked in a variety of roles in various tech companies such as Google, Microsoft and Twitter. She is passionate about making security accessible and approachable to everyone and changing the... Read More →

Saturday August 22, 2020 1:00pm - 2:00pm PDT
Stage 3

Talk Track3

2:00pm PDT

Cyber Performance and Risk Quantification: Enabling Security Decision Makers

Feedback Survey

Abstract
Cyber risk has graduated from a being a non-traditional risk to a mainstream risk that underpins major organizational capabilities. Security personnel – spread across the spectrum from operations to the echelons at the C-suite are faced with the juxtaposition of risk and reward in a technology enabled world.
In this talk we explore, what makes the task of taking prudent decisions to secure technology and reduce cyber risk arduous. We also discuss the need to diversify cognitive intellect (gender, race, culture etc.) that drives cyber risk mitigation and how effective quantification techniques can strengthen decision making in the security realm.
Elemental and strategic decisions are often taken based on experience and not quantitative data-driven analysis. In instances where decisions are taken to proactively mitigate risk, it is often inevitable to reflect and wonder if resources were overspent on a threat that may never have materialized. After all, in the world of security the absence of certain outcomes is a measure of success.
The inherent challenge in security decision making is often exacerbated with a plethora of unstructured and irrelevant data. The quantification of cyber risk is a supplemental and essential part of the security decision-making dialogue. At the lowest level cyber performance quantification allows first line defenders to track effectiveness of activities across the board. At an Executive level, quantification allows for prudent allocation of resource and intellect to bolster organizational defensive capabilities.
Detail Outline

Introduction [2 mins]
- Background and experience
- Why cyber quantification matters?
The decision maker’s dilemma [6 mins]
- The security decision chain hierarchy
- Data Fatigue
- Decision inertia
- The hindsight bias: Anticipating the known
- Paradox of risk versus unknown or insufficient reward
Cognitive diversity in decision making [3 mins]
- Role of diversity in leveraging / mitigating risk
- Role of diversity in reacting to risk
- Role of intellectual diversity in prioritizing security decisions
The makings of robust quantification [6 mins]
- Quantification models
- Active engagement
- Consequence modeling
- Contextualization of intelligence
- Nudge theory
Benefits and parting words [3 mins]
- Enabling deliberate decision making
- Increasing accountability
- Increasing situational and consequence awareness

Speakers

Mysore Shruthi

Speaker

Mysore Shruthi is a Senior Cyber Risk Advisory Consultant. Her primary focus is on helping organizations gain data-driven transparency into security performance while managing cyber risk. Having lived in four countries, she brings her global perspectives on cyber risk decision science... Read More →

Saturday August 22, 2020 2:00pm - 2:30pm PDT
Stage 1

Talk Track1

2:00pm PDT

How To See Your Own Perception Bias

Feedback Survey

Updated Title: "What I Learned About Bias From Crossing the Gender Divide"

Five years ago my career was skyrocketting upwards, but that changed when I brought my gender expression inline with my gender identity. As a result of transitioning, I experienced a shift in bias that no one could have prepared me for -- but it's not what you're thinking. In the two years that followed, I received over 30 rejections for roles and levels that I had previously held. I anticipated that I would run into stereotypes and negative bias, but the most surprising change in bias was internal.

Years of practicing meditation gave me a direct awareness that our perceptions are coloured by our past experiences, but as this body's hormones changed, so too did my own perception of the world! The interplay between memory and sensation, which occurs continually in each of us, is known as "perception bias", and I have some news for you: we're all biased -- and that's OK.

What matters is what we do with it.

Speakers

Aeva Black

Open Source Hacker, Azure Office of the CTO, Microsoft

Once described as "an ancient and powerful open source dragon," Aeva Black is a dot-com veteran, an open source hacker, and a queer and non-binary geek. They work in the Azure Office of the CTO to improve the state of open source software supply chain security, and to support teams... Read More →

Saturday August 22, 2020 2:00pm - 2:30pm PDT
Stage 2

Talk Track2

2:00pm PDT

Breaking into Cybersecurity or Increasing Your Knowledge For Free (or Close to It)

Feedback Survey

Are you trying to break into Cybersecurity? Let me share with you creative ideas to fund your cybersecurity quest for knowledge and advance your career. There are many resources to help you gain the skills you need to get a job in cybersecurity or to keep your existing skills sharp or develop new skills. Take advantage of the opportunities you have as a woman and/or a minority because the cybersecurity industry needs diversity and your talents are needed and in demand. Let’s help you remove some of the obstacles to achieving your cybersecurity goals and dreams.

Speakers

Serenity Smile

Target

Breaking into Cybersecurity DI talk 8 22 20 pdf

Saturday August 22, 2020 2:00pm - 2:30pm PDT
Stage 3

Talk Track3

2:30pm PDT

Election Security 101

Feedback Survey

Election security in the United States is one of the most complex and difficult cybersecurity challenges facing our country today. Outdated and vulnerable equipment, chronic underfunding, untrained personnel, and a bewildering diversity of jurisdictions and laws are only the beginning of the problems the country faces going into the 2020 election cycle, and experts agree that little to nothing has been done to solve them. All of this in addition to the struggles the country faces with the onslaught of COVID-19.
In 2017, the DEF CON Voting Machine Hacking Village was convened by myself and my fellow organizers, Matt Blaze, Harri Hursti, and Jake Braun. Together, we opened up the previously restricted voting machinery for public, good-faith hacking efforts to explore and educate the security challenges inherent in these machines. In my talk, I will be giving an overview of the overall state of the industry for election security in the U.S. going back to the 2000 Florida recount. Among the topics, I’ll be addressing are how the industry got to its current state, what we can do to improve it, and the individual findings of the three DEF CON Voting Machine Hacking Village reports released since 2017. Our findings have also been featured in a newly released HBO documentary, "Kill Chain".

Speakers

Maggie MacAlpine

Nordic Innovation Labs / DEF CON Voting Village, Speaker

Maggie MacAlpine is an election security specialist and one of the co-founders of the DEF CON Voting Machine Hacking Village. Over the course of ten years spent in the election security field, MacAlpine has been a contributing researcher on the “Security Analysis of the Estonian... Read More →

Saturday August 22, 2020 2:30pm - 3:00pm PDT
Stage 1

Talk Track1

2:30pm PDT

Bug Bounty Craze

Feedback Survey

Bug bounty has been a long time craze, and becoming a necessity to keeping organizations safe by crowd sourcing their security. As the demand increases, the supply needs to increase as well. However, getting into the bug bounty space can be tricky and hard to start. This talk approaches the history of bug bounty, the current legal landscape, and the next steps for bug hunting, including how to get started and which tools to use.

Speakers

Chloé Messdaghi

CEO and Founder, Global Secure Partners

For over ten years, Chloé Messdaghi has advised and developed impactful solutions that have driven growth and innovation while transforming security teams to become resilient. Her work has helped businesses unlock opportunities to enhance trust, mitigate risk, and become purpose-driven... Read More →

Saturday August 22, 2020 2:30pm - 3:00pm PDT
Stage 2

Talk Track2

2:30pm PDT

7 Tips for Women To Get To the Top in Technology

Feedback Survey

Learn how to boost your career in the technology industry as a woman in a male dominated workplace.
Listen to my story as a female leader in Tech and discover some simple steps you can take today to fast-track your career in IT; find out what concrete actions you can implement today to boost your own career in Tech;

Speakers

Perrine Farque

Diversity consultant in Tech, Inspired Human

Perrine Farque is an award-winning diversity consultant in Tech who was nominated in the Top 50 Most Influential Women in UK Tech. Perrine drove the strategy at Tech companies including Facebook, PagerDuty, Pivotal, Nlyte Software and AvePoint for over a decade. During her career... Read More →

Saturday August 22, 2020 2:30pm - 3:00pm PDT
Stage 3

Talk Track3

3:00pm PDT

Carnegie Mellon University's (CMU) Information Networking Institute (INI) LIVE Q&A

Information Sessions -

Aug 21 and 22 at 2 p.m. EDT

INI Admissions will be on hand for LIVE Q&A

Aug 21-22 at 4:00 p.m. and 6:00 p.m. EDT

Available to chat during the duration of the conference

Saturday August 22, 2020 3:00pm - 4:00pm PDT
Expo Hall - CMU Booth

Expo Hall

3:00pm PDT

Digital Forensics and Data Finding

Feedback Survey

New technologies help us be more productive by remembering what we've done, where we've been, what files we've opened, people we've contacted, and things we didn't even know we wanted help remembering.

By identifying what artifacts are left behind by technologies we use and create, we can better control our own information and that of our users. This talk presents digital forensics and the world of the endpoint device.

How can we tell what breadcrumbs are left by doing everyday tasks on our computers and cell phones?

How effective can users be at clearing their tracks and deleting evidence of what they've done?

In this introductory level talk, the field of digital forensics (DFIR) will be introduced. Attendees will learn about the kinds of data that can be recovered on computers and cell phones by digital forensic examiners.

Speakers

Lodrina Cherne

Principal Security Advocate, Cybereason

Lodrina Cherne is Principal Security Advocate at Cybereason + a DFIR instructor at SANS. Ask her how to fight for people wrongly impacted by tech.

Saturday August 22, 2020 3:00pm - 4:00pm PDT
Stage 1

Talk Track1

3:00pm PDT

The Bug Hunter’s Methodology v4: Reconnaissance

Feedback Survey

The Bug Hunter’s Methodology is an ongoing yearly installment on the newest tools and techniques for bug hunters and red teamers. This version explores both common and lesser known techniques to find assets for a target. The topics discussed will look at finding a targets main seed domains, subdomains, IP space, and discuss cutting edge tools and automation for each topic. By the end of this session a bug hunter or red team we will be able to discover and multiply thier attack surface. We also discuss several vulnerabilities and misconfigurations related to the recon phase of assessment.

See slides here: https://docs.google.com/presentation/d/1HHzkmREYNGLAT8UY_nnNgG7yJFuaR9tj_UaahF92oqw/edit

Speakers

Jason Haddix

Director, Speaker

Father, hacker, educator, gamer, & nerd. I am passionate about information security. Not only is security my career focus but it’s my hobby. I absolutely love my job.In my previous role as Director of Penetration Testing I led efforts on matters of information security consulting... Read More →

Saturday August 22, 2020 3:00pm - 4:00pm PDT
Stage 2

Talk Track2

3:00pm PDT

There were NO REFRESHMENTS at the Networking Event...Tales of a Clueless First Year Cybersecurity Student

Feedback Survey

In 2018, Marylyn Harris started as a "Clueless" Cybersecurity Student. A Registered Nurse, U.S. Army Veteran and Social Entrepreneur, Ms. Harris boldly decided to pivot her twenty year healthcare career to Cybersecurity. During this session, Ms. Harris will share her experiences and "lessons learned" during her career pivot to Cybersecurity. Resources to start, grow and fund a Cybersecurity education, career and business will be discussed.

The session will highlight:

- Knowing Yourself
- Articulating your Value Proposition
- Locating Powerful Resources
- Learn the Cybersecurity Ecosystem and Landscape

Ms. Harris will provide a sheet of Resources to ALL participants.

Speakers

Marylyn Harris

IT Security, Harrland Healthcare Consulting LLC

Marylyn Harris is a former U.S. Army Nurse, Gulf War Veteran and Social Entrepreneur that pivoted her career to Healthcare Cybersecurity in 2018. Ms. Harris began her Information Technology (IT) studies by entering a five (5) day CompTia Network+ Bootcamp and dropped out on the morning... Read More →

Saturday August 22, 2020 3:00pm - 4:00pm PDT
Stage 3

Talk Track3

4:30pm PDT

Gatekeeping, Gaslighting & Grieving: Excelling Despite The Ugly Phases of Your Security Development Life Cycle

Feedback Survey

This talk will apply a common SDLC model to career development: Planning, Threat Modeling, Testing, Deployment, and Maintenance. Our peers can typically use this 5-step model throughout their careers with no roadblocks. However, women are often suffering in silence through 3 extra unspoken phases in our security development life cycle: gatekeeping, gaslighting, and grieving.
Also overlooked: Black women and sisters of color face unique barriers to career success. Diversity efforts are often not intersectional, network access controls are designed to keep us out, and our threat models are different from industry peers.
This keynote will use the SDLC model to bring these vulnerabilities to the forefront. The audience will leave empowered with strategies to help them excel despite the ugly phases of the career life cycle. The speaker will also talk openly about money, a conversation that is long overdue.

Speakers

Keirsten Brager

Sr. Security Consultant/NERC-CIP SME, Closing Keynote Speaker

Keirsten Brager is a Sr. Security Consultant/NERC-CIP SME in critical infrastructure and was recently named one of Dark Reading’s top women in security quietly changing the game. She is also the author Secure The InfoSec Bag: Six Figure Career Guide for Women in Security. She produced this resource to help women strategically plan their careers, diversify their incomes, and fire bad bosses. Keirsten holds a M.S. in Cybersecurity and several industry certifications, including GICSP & CISSP. As an active member of the Houston security community, Mrs. Brager has participated in a number of panels and public speaking engagements promoting strategies for success. In her free time, she loves sharing career advice, studying Black history, and convincing women not to quit the industry... Read More →

Saturday August 22, 2020 4:30pm - 5:30pm PDT
Stage 1

Keynote, Closing Keynote

5:30pm PDT

Closing Remarks

Feedback Survey

Speakers

Nicole Schwartz

Product Manager, Secure Composition Analysis - GitLab, Speaker

Saturday August 22, 2020 5:30pm - 6:00pm PDT
Stage 1

Talk Track1

6:00pm PDT

Social Hour

Come on in to the "Networking" area and you will get randomly paired with another person for a chat.

We recommend bringing a drink, a snack, and recreating hallwaycon / quiet party!

Saturday August 22, 2020 6:00pm - 7:00pm PDT
Networking Area

Social