We’ll be hosting the conference live on April 30th. The conference will start at 9AM CST and run for 6 – 7 hours, or until we’re tired. We’re looking at three tracks with a blend of defensive security, offensive security, and security auditing.
All streams will be hosted here directly, so we look forward to you joining us on April 30th!
We’re hosting training classes on April 28 and 29. All training will be conducted remotely. We’ve got some excellent classes lead by experts in the field lined up below.
Follow us for the latest news on the conference on Twitter.
Are you looking to sponsor? Check out our FAQ for more information.
We are thrilled to announce that Tanya Janca will be joining us as our keynote speaker.
Founder of WeHackPurple
Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.
Training – April 28 & 29
Incident Response with Digital Forensics
Donovan Farrow - Alias Forensics
April 28 - 29
Ransomware, phishing attacks, insider threats, business email compromise. All these and more are attack vectors you need to know how to handle as information security professionals. Knowing how to soundly handle devices and what to do with them forensically can make or break your recovery process. In this class, we’ll be taking an in-depth look at digital forensics and how it applies towards various incident response situations. You’ll get hands-on experience with a few different forensic tools and as well as learn the do’s and don’ts of forensic incident response.
Red Team Fundamentals for Active Directory
Eric Kuehn - Secure Ideas
Focused on explaining the fundamentals of Active Directory and how different aspects can be exploited during penetration tests, this course covers different attacks and explains the details of why they work. We also explore how an environment can be made resilient to attacks or detect malicious activity. The course includes hands-on exercises exploring common misconfigurations which are commonly seen in Active Directory. We then exploit these issues to pivot and escalate our access, ultimately gaining full control of an AD Forest.
Professionally Evil Container Security
Cory Sabol - Secure Ideas
Learn the ins and outs of container security. We start with some foundational lessons on containers and container orchestration. This is followed with container security concerns, configuration issues, and how to abuse them. The lessons include hardening tips and guidelines. This class is focused primarily on Docker and Kubernetes but can be applied to other container technologies.
Audit Analytics Anyone Can Do
Trent Russell - The Audit Podcast
April 29 (4 hours)
Audit analytics can be overwhelming and fearful. Some might spend more time developing excuses on why not to use analytics than trying to learn the basics. In this seminar, Trent will take us through multiple analytics techniques so you too can learn not only the basics but advanced techniques as well. This course isn’t about concepts. This course is about how to actually do an analysis. We’ll also walk through not only how to develop analytics, but how to develop analytics competencies within your own team. Trent will also walk us through using analytics for IT General Controls testing and how best to use analytics for SOX procedures. Additionally, Trent will provide real-world use cases for using predictive analytics, text-based analytics, and fraud analytics techniques within the audit function.
Cyber-attacks against the organization. A primer for Management, Auditors, and non-technical staff
Jonathan Kimmitt - Tulsa University
In this one day session the class will be covering the primary methods that an attacker might use against an organization. I will be performing live attacks against a mock environment and we will discuss what they are, how they work, and how to defend from a non-technical point of view. The class attendees will see the attack and the results, and they will have opportunities to discuss the risk, management decisions, and security controls.
IT Fraud and Countermeasures
Richard Cascarino - Richard Cascarino & Associates
April 28 - 29
With the increasing growth of fraudulent activities within the business world it has
- Become essential that auditors are able to:
- Examine data and records to detect and trace fraudulent transactions
- Interview suspects to obtain information and confessions
- Write investigation reports, advise clients as to their findings and testify at trial
- Be well-versed in the law as it relates to fraud and fraud investigations
- Understand the underlying factors that motivate individuals to commit fraud
Fraud prevention and investigation, in particular IT fraud, have become an everyday part of corporate life and the auditor must gain expertise in this area. The workshop covers such issues as the tasks of the forensic auditor, computer fraud and control, abilities required of the fraud auditor, the type and nature of common frauds, and the auditor in court.
Vendor and Contract Management for IT Management and Auditors
Jonathan Kimmitt - Tulsa University
In this one-day session the class will cover the review process for contracts and service agreements. Students will learn how to perform a high-level review of contracts, and then do a deep dive as it relates to IT related items. This is a highly interactive discussion-based class. We will be reviewing contracts and building a checklist for understanding the contract terms. This class will help you provide valuable input to your General Counsel and contract managers, while helping your IT department protect your data and systems.
Code of Conduct
Everyone deserves to attend a learning event, community or professional, with a reasonable expectation of good behavior. The BSidesOK Team expects that while attending this conference you treat everyone with the love and respect you wish to receive. This applies to all attendees, speakers, volunteers, vendors, and anyone in between. We feel that if you do that, then this conference will once again run smoothly and we will all have a good time.
Don’t be an ass!