Back To Schedule
Friday, October 25 • 9:00am - 2:00pm
Campfire Stories - 15 minutes each

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
9:00am - Branden Miller - Email header analysis... the hard way
There is a treasure trove of data that one can get from email headers. Many tools provide this data in easy to read formats automatically, but, to fully understand what is going on, one must understand the types of data. This talk will introduce the data, help the user synthesize the data, and turn it into intelligence.

9:20am - Frank Vianzon - Anatomy of a phishing attack
Per the Verizon Breach Report of 2018, phishing is on the rise. In this talk we will look at a few really good phishing e-mails that I received and break down how to recognize it, how to protect yourself against it and how to perform a basic analysis of what the phishing e-mail is doing using the Burp Proxy Suite

9:40am - Heather Lawrence - Higher Ed and the Infosec Skills Gap
Some 37% of the 2018 ISC2 Workforce Study indicated that they were concerned about the lack of skilled cybersecurity personnel while almost 60% indicated that their organization is at risk due to the staff shortage. This talk discusses the current availability and quality of infosec higher education, how few institutions are preparing their students with the skills they need, and effective training methods that organizations can use to bridge the gap in-house.

10:00am - Bob Hewitt - Our Adventure with an Awareness Training Escape Room
Are you as tired of Annual Awareness Training as your users are? It might be time to change up your approach to Security Awareness Training with some gamification. Escape Rooms can be fun and a great opportunity for team building while demonstrating your Information Security Awareness objectives. Participants are faced with a series of scenarios that require actions that reflect your organizations policies, procedures and best practices.

10:20am - Josh Fu - The Real Deal about AI
Artificial Intelligence(AI) is impacting our world in previously unimaginable ways and vendors love to say they use it. But how does it really work? If you are looking for the real deal about this industry buzzword, this is the talk for you. We will cover the history of this incredibly innovative technology, what it is and what it is not, the steps required to produce a solution, the subfields that make up AI, how various industries are using it, and at the end of the presentation provide the reference list for you to dive deeper into this next generation field and get started for yourself.

10:40am - Bronwen Aker - URL Hacking - How to Cut the Tracking Cruft
Have you ever read a web page and wondered what all that weirdness in the URL means? It’s not rocket science, but there is madness behind the method of how those URLs are put together, and you can learn how to use it to your advantage. Hidden in plain view are the tracking codes companies like Google, LinkedIn, Amazon, and others use to track where you go online and how you got there. Trimming those codes from your URLs is easy, makes your links friendlier, and prevents would-be online trackers and their marketing masters from keeping tabs on you. Come along as we hack some URLs so you can clean that marketing malware from the links you use and share with others.

11:00am - Edward Ruprecht - When logging everything becomes an issue
Discussing potential issues with logging Sysmon and PowerShell logs. Potential sensitive data leakage, best practices, and scalability issues.

11:20am - Josh Rykowski - Gamification and Andragogy - A Match Made for Workforce Empowerment
In this talk I discuss the series of trials and tribulations faced when developing a programming competition aimed at energizing a large (approximately 700 individuals) existing employee population within our organization and trying to stoke their excitement about learning how to script and program.

1:00pm - Heath Adams - What I Learned After a Year as a Cybersecurity Mentor
Cybersecurity professionals are life-long learners. We put in our 40+ hours a week at work, but it never ends there. The field is constantly changing. Every day, something new comes out. A new exploit. A new patch. New software. A tactic that worked yesterday might no longer work today. Because of this constant state of metamorphosis, a cybersecurity pro is always studying. We are reading news articles. We are catching up on Twitter. We are working on certifications, on a CTF, or whatever it is that keeps our endorphins escalated. We never stop.

Many people come in seeing the sexy, only to bail when they realize the level of effort needed to succeed. In my belief, this is why we have (and always will have) a shortage in the field. This talk will provide guidance and resources available to network, find jobs and succeed in the field of cybersecurity.

1:20pm - Bruce Norquist - STRIDE Threat Model of a Cloud Application & Associated Cloud Baggage
This presentation is on a generic SAAS application and associated Cloud Stack’s Threat Model.
The central theme of this discussion uses VISIO drawings of the SAAS, PAAS, and IAAS and the related STRIDE set of threats.

STRIDE is a model of threats developed by Praerit Garg and Loren Kohnfelder at Microsoft for identifying computer security threats. It provides a mnemonic for security threats in six categories.
The threats categories are:
•    Spoofing of user identity
•    Tampering
•    Repudiation
•    Information disclosure (privacy breach or data leak)
•    Denial of service (D.o.S)
•    Elevation of privilege


Bruce Norquist

Bruce Norquist has been hooked and working security since he touched his first B3 level Compartmentalized Mode Workstation in 1994. He retired from the Army National Guard after 24 years as an Information Operations and Combat Engineer officer at NORAD/USNORTHCOM. His first Cloud... Read More →
avatar for Bronwen Aker

Bronwen Aker

Bronwen Aker has played with computers since elementary school when she was introduced to FORTRAN programming using bubble cards. She worked for twenty years in web development, and as a technical trainer, before entering the world of cybersecurity. Today she is a graduate of the... Read More →
avatar for Branden Miller

Branden Miller

Branden Miller retired from the US Navy in 2011 after 20 years as a Cryptologic Technician. He has held several jobs within Computer Network Operations including those of a Computer Network Defense Analyst and a Computer Network Exploitation Analyst. After retirement, he has enjoyed... Read More →

Frank Vianzon

Frank Vianzon works in Corporate Risk Management during the day but also writes and teaches classes at the local colleges and is a Board Member at OWASP. Frank currently holds three SANS certificates for GPEN, GCWN and GISP.
avatar for Bob Hewitt

Bob Hewitt

Bob works for a Software as a Service provider that services charitable foundations and financial institutions where he is responsible for program management, compliance, SOC operations, penetration testing, and privacy. He consults several organizations on beginning and managing... Read More →
avatar for Josh Fu

Josh Fu

Josh Fu (Twitter @jfusecurity) is a security professional at Cylance and was the founder of the west coast chapter of the International Consortium of Cybersecurity Professionals (ICMCP). His ability to turn technical concepts into easy-to-understand plain English has led him to present... Read More →

Edward Ruprecht

Lead Cyber Security Engineer at FM Global
avatar for Heather Lawrence

Heather Lawrence

Heather Lawrence is a data scientist for the Nebraska Applied Research Institute who earned her undergraduate and masters degrees in Computer Engineering from the University of Central Florida. In previous lives she was a USN nuke, VA photographer, NCCDC winner, Hack@UCF mom, and... Read More →
avatar for Josh Rykowski

Josh Rykowski

Josh Rykowski @ryko212 currently serves as a Cyberspace operations officer for the US Army where he has lead a Cyber Protection Team and worked to develop specialized training for those same teams. On his convoluted path to cybersecurity he obtained a Bachelors of Science in Electrical... Read More →
avatar for Heath Adams

Heath Adams

Heath Adams is a Senior Penetration Tester. He has a strong background in network administration and information security, including penetration testing, network design and implementation, and network security. Heath currently holds multiple cybersecurity related certifications, including... Read More →

Friday October 25, 2019 9:00am - 2:00pm MDT