Jeff Foley
10:00 am - 10:50 am
The OWASP Amass Project has long served as a powerful tool for mapping external attack surfaces. Recent enhancements have elevated its discovery capabilities by incorporating insights into the organizations that register internet namespaces and IP address ranges. This talk will explore how leveraging Legal Entity Identifiers and RIR RDAP data enables more accurate and expansive identification of assets—not only for a target organization but also for its partners, suppliers, and third-party services. These improvements help organizations perform deeper risk assessments and enhance their overall security posture. Attendees will learn how to use these new features to uncover hidden exposure and dependencies across complex digital ecosystems.
Jeff Foley has over 20 years of experience in information security, specializing in research, security assessment, and attack surface management. He leads Amass, an OWASP Flagship Project providing guidance and tools for mapping and discovering assets, and is Head of Research at KYND, advancing cyber risk technology. Previously, he was VP of Research at ZeroFox and Global Head of Attack Surface Management at Citi, launching its first exposure management program. Jeff began as a contractor with the U.S. Air Force Research Laboratory, later serving at Northrop Grumman as SME for Offensive Cyber Warfare R&D and Director of Penetration Testing. He has spoken at numerous conferences and taught at academic institutions on offensive security, cloud security, and attack surface management.
Matthew Gracie
11:00 am - 11:50 am
Every threat hunt, every incident response, and every bulletin from your ISAC comes with a wealth of intelligence that you can leverage to spot suspicious or malicious activity in the future. The process of taking that information and turning it into reliable, repeatable alerting is known as Detection Engineering. In this talk I will demo the free and open Security Onion platform, the methods by which it can generate or ingest logs about your environment, and how we can use that log data to trigger alerts for potential incidents. Whether you're looking for artifacts in network traffic, file structures, or endpoint logs, it's easy to create new detection rules so your analysts are aware when something suspicious rears its head.
Matthew Gracie is a defensive security specialist with fifteen years of Blue Team experience in higher education, manufacturing, financial services, and healthcare. He is currently a Senior Engineer on the professional services team at Security Onion Solutions, as well as an adjunct professor of Cybersecurity in the graduate school at Canisius University. Matt is also the lead organizer of Infosec 716, a monthly meetup for security enthusiasts in Western New York, and the BSides Buffalo technology conference. He enjoys good beer, mountain bikes, open source security tools, and college hockey, and can be found on Bluesky as @InfosecGoon.
Gregory Stachura
1:00 pm - 1:50 pm
Not all security analysts are strong coders or scripters, but they know what they need and when they need it. This talk will go through examples of how you can take a script written by one of your stronger coders and enable the rest of your team to build their own automations, workflows or integrations with low or no code solutions. Learn the options at your disposal for empowering your analysts to streamline their jobs to get quicker resolutions and free them up to focus on proactive security rather then reactive security measures.
Greg is a Senior Manager at Security Risk Advisors where he has helped run and manage an MSSP offering for a 24/7/365 CyberSOC services, focusing more recently on innovating in the SOC space. Greg has architected, deployed, and managed SIEM environments, orchestration and a utomations platforms, and developed custom tools for SOC analysts. He also has extensive background in Incident Response playbook development, log analysis, and forensics in health care, financial, and academic environments. Greg earned his MBA from the Rochester Institute of Technology with an Advanced Certificate in Information Assurance. Prior to joining Security Risk Advisors, Greg worked extensively in the financial, healthcare, and education sectors.
Clay Cooper
2:00 pm - 2:50 pm
Federated authentication is the gateway to zero-trust networking and access to the explosion of SaaS products that contain your company's data. How do you know that those products are correctly handling your single sign-on responses? We'll talk about the common SSO protocols, how they work, how to test that they're configured securely, and see some hypothetical ways that they've gone wrong in the past.
Clay Cooper is an IAM Platform Engineer at Rochester Institute of Technology, working with the team that manages the accounts, authentication experience and platforms, and identity data for students, employees, alumni, contractors, and guests for the Rochester campus and a number of campuses worldwide.