Technical Track

The Technical Track is for systems and network security professionals and administrators who work with the technical engineering aspects of information security. Examples of topics included are network penetration testing, technical standards and best practices, intrusion detection, forensics, incident handling, hacking and attack techniques (at a technical level) and protecting the networks, systems, devices and services that form the infrastructure of our organizations.


T3 – Employing Digital Workers for Security Automation

Jonathan Borgesen

Over the past five years the Cyber Security landscape has changed drastically. Since 2013 there has been 9,727,967,988 records lost or stolen. There are currently around 7.6 billion people on the planet. 2 billion more breaches than there are people in the world!

Based on this explosion of malicious activity, organizations are looking for ways to decrease the amount of time that bad processes are running on a network. Typically, this is attempted by sharing information between tools while leveraging automation through API’s. However, this tends to be a very time extensive and complex method which can leave organizations unable to take full advantage of the investment they made.

There is a better way. Robotic Process Automation (RPA). With RPA, organizations can create an agnostic approach to automation that doesn’t require days of coding or scripting (as API’s tend to require). Instead, an integration can be programmed within hours. Depending on the integration, an organization can shorten their threat window from years, months, or weeks – to minutes. This inevitably provides greater value to current legacy tools. Additionally, it allows understaffed security teams to focus on strategy rather than spending cycles reviewing logs and manual investigations.

Bio

Jonathan Borgesen is the Principal Security Consultant for SMP. Jonathan has a decade of experience in the Cyber Security Industry. During that time Jonathan has focused on educating organizations on modern threats as well as the best course of action to protect against those threats. Through this methodology, Jonathan has assisted many organizations in meeting their security goals, whether it be on the Endpoint, Network, or Cloud. Jonathan is passionate about leveraging automation to assist organizations ability to address skills shortages and an increasing threat landscape.

T4 – Machine Learning in Information Security

Dain Perkins

This presentation will discuss machine learning topics as they relate to information security (MLIS). Topics will begin with some important taxonomy and nomenclature, then move through basic models and types of learning. We will discuss some techniques that have proven useful in the real world and finish up with some thoughts on where MLIS might be headed. Today’s session will be delivered from the perspective of a security guy who has realized that paying better attention in Calc. 3 would have been really helpful.

This presentation will boil down some of the ocean of information gathered in recent months to focus on understanding the point of AI in security, some of the models used for anomaly detection & threat hunting, effectively putting AI to work in the infosec space, and how these techniques can help address real world challenges.

Bio

Dain Perkins has been working in the Information Security / Information Technology space for just over 25 years. He is currently employed at PatternEx as Director of Sales Engineering; working with clients, data scientists, programmers, and product managers to develop new and better ways to employ advanced machine learning techniques that address the problems of threat detection. Dain holds a BSc in IT/IS and is a CISSP.

T5 – Exploring How Memory-Mapped Files Hide From Antivirus and Execute Malicious Code

Ben Holder

Did you know, that not only can well-known exploit code be dumped into memory-mapped files (MMF) and remain undetected, but that attackers can use to C# to execute that code directly out of MMF.

Join Sirius penetration tester, Ben Holder to find out how shell dumped into non file-backed MMF can remain undetected while in-depth scans are run, and learn techniques that will allow a memory address to be repeatedly identified and utilized for code execution.

Bio

Ben Holder has over two decades of IT security experience working as a penetration tester, security researcher, and all-around “breaker of things”. He spent 10 years in the U.S. Navy, and led the CCNA/MCSE education courses that submariners went through prior to assuming IT leadership positions within the fleet. He subsequently worked in submarine weapon system R&D for General Dynamics as the security implementation and design lead. For the last six years, he has focused on penetration testing, gap and regulatory assessments (GRC), and security team development. He currently helps manage and develop Sirius’ Threat Assessment Program.

T6 – Adopting AWS – Learn How to Deploy AWS Services Securely

Jeremiah Sahlberg

Implementing new technologies without fully understanding their capabilities can lead to disaster for your organization and your customers. Amazon Web Services (AWS) offers a plethora of services that provide large computing capacity to companies and individuals, quickly and easily. Unfortunately, we’ve recently seen major corporations sustain large breaches as a result of this practice. How and why are S3 buckets getting compromised? How secure are serverless websites? In this presentation we will take a deep dive into AWS and the shared responsibility you and Amazon have to protect your cloud assets. You’ll walk away with the necessary tools to safely and securely deploy solutions into AWS.

Bio

Jeremiah Sahlberg is the Director of Information Security at Tevora and has over 20 years of security experience. He holds CISSP, CISM, PCI QSA certifications. Mr. Sahlberg is an executive security consultant and advises clients on establishing security programs and compliance management.

Previously, Mr. Sahlberg held the Senior Director of Protect Operations at NBCUniversal and was the CISO for Tekmark Global Solutions.

Mr. Sahlberg has presented at NCUA-ISAO (2018), NCTA (2017), SINET (2016), New York State Cyber Security Conference (2014 & 2012), and Nevada Digital Government Summit (2010). He guest lectures at NPower and sits on the BoA for Liberty University’s School of Engineering.

T7 – Building the Panopticon: Logging and Alerting With Free Tools

Matthew Gracie

The goal in Jeremy Bentham’sPanopticon was to allow for the complete observation of a large building by a single watchman. This is similar to what threat hunters and blue teamers want – a single point from which to observe all potentially malicious activity happening on a network. This talk presents a toolset that can provide this visibility using a mixture of no-cost and open source tools, deployed on commodity hardware. Learn how to set up alerts for software installations, service restarts, honeytokens, or any other indicator, for zero additional dollars in security spend.

Bio

Matthew Gracie has over a decade of experience in information security, working to defend networks in higher education, manufacturing, and financial services. He is currently an Information Security Engineer with Blue Cross and Blue Shield of Western New York. Matt enjoys good beer, mountain bikes, Debian-based Linux distributions, and college hockey, and can be found on Twitter as @InfosecGoon.

T8 – Data Hoarders: Finding Needles in Stacks of Needles

James Pleger

Over the last 10 years, security has gone from “We need more data!” to “Please don’t send us anymore”. This talk will review techniques and strategies designed to help analysts, hunters and engineers take a more successful approach towards analyzing large (TB+) amounts of data. By the end of the talk, participants should have some new ideas and approaches on how to tackle finding needles in a mountain of needles without getting overwhelmed.

Bio

James Pleger, CYDERES Director of Threat Intelligence, has been working on security problems for over 12 years, focusing primarily on the defensive side. He has held a wide range of positions; from reverse engineering software in assembly to building high performing threat intel teams. Over his career, James has worked on many interesting projects; including large scale malware analysis platforms and automated exploitation tools.
–>