2023 Keynote

Madison Horn

Madison Horn, former U.S. Senate Nominee, has spent over a decade in cybersecurity, defending American interests against foreign adversaries, nation-states, and terrorist organizations. She has worked within both the startup ecosystem and global organizations, serving as a catalyst leader with an entrepreneurial spirit.

Her focus on removing barriers and defiant charisma allows her to build people-first organizations focused on excellence and creativity effectively. Her experiences have uniquely positioned her to play a hybrid role in teaching and influencing educational curriculum to advising on the development of global cybersecurity standards and regulations alongside government agencies. These extracurricular opportunities are a direct response to Madison’s level of technical expertise, business acumen, interpersonal skills, and her dedication in navigating complex problems across geographical, organizational, and cultural boundaries.

Madison’s current role as the Chief Executive Officer and Founder of Roserock Advisory Group allows her to continue advancing security for people, organizations, and the US, while also pursuing her passion for service in her work with her nonprofit, Restoring American Security.

Agenda

9:00 am

Center Room

MADISON HORN

Can I Punch You In The Face?

For too long, we have been in the ring with our guard down, underestimating our opponents and where they come from. But now, new fighters are stepping into the ring, with AI and quantum computing threatening to dismantle the fighting techniques that have served us for years. And if that weren’t enough, there are global hotspots that are throwing their weight around the arena, making the fight more lucrative and compelling. As cyber warfare becomes the main event, we are taking more sophisticated hits, from economic sabotage to hostile-disruptive maneuvers. Fights are spilling into society, with the most damaging being the weakening of trust and confidence in social and political systems. This has caused 91% of industry leaders to believe a catastrophic event will happen over the next year.

As defenders of the ring, we need to ask ourselves: How do we avoid getting punched in the face? When organizations don’t know what’s motivating their opponents, they’re not learning – they’re just dodging punches flat footed. Instead of waiting to be the victim of a knockout blow, we need to change our fighting strategy and start prioritizing active prevention techniques. After all, even the lightest of punches can break through our defenses if we’re not vigilant.

9:00 am

Center Room

MADISON HORN

Can I Punch You In The Face?

For too long, we have been in the ring with our guard down, underestimating our opponents and where they come from. But now, new fighters are stepping into the ring, with AI and quantum computing threatening to dismantle the fighting techniques that have served us for years. And if that weren’t enough, there are global hotspots that are throwing their weight around the arena, making the fight more lucrative and compelling. As cyber warfare becomes the main event, we are taking more sophisticated hits, from economic sabotage to hostile-disruptive maneuvers. Fights are spilling into society, with the most damaging being the weakening of trust and confidence in social and political systems. This has caused 91% of industry leaders to believe a catastrophic event will happen over the next year.

As defenders of the ring, we need to ask ourselves: How do we avoid getting punched in the face? When organizations don’t know what’s motivating their opponents, they’re not learning – they’re just dodging punches flat footed. Instead of waiting to be the victim of a knockout blow, we need to change our fighting strategy and start prioritizing active prevention techniques. After all, even the lightest of punches can break through our defenses if we’re not vigilant.

10:00 am

North Room

Kate Sharp

Battle For The Bus: An Exploration of Targeted Attack on Vehicles

Street vehicles have become more reliant on current technology for daily operations. This improvement in functionality broadens the attack surface and magnifies the potential consequences. Threat actors may use vulnerabilities in vehicle networks such as the Control Area Network (CAN) to execute targeted attacks against high-profile groups. The nature of these attacks goes beyond the scope of a digital environment and threatens physical safety, pressuring the offensive security field to find new talent and technology. This presentation focuses on the basics of understanding the usage and vulnerability of the CAN and presents an offensive security tool in its early development stages. 

Center Room

David Bullas

Mitigate Identity-Based Threats by Climbing the ITDR Maturity Model

Are you concerned about mitigating identity-based threats like account takeovers and insider threats? Take control and secure your organization with Identity Threat Detection and Response (ITDR). Join me for a talk on enhancing cyberattack preparedness by climbing the ITDR Maturity Model.

South Room

Geoff Wilson

Keeping Out the Adversary With Attack Surface Reduction

Attack Surface Reduction is often the quickest way to improve cyber resiliency. Learn how to keep out the adversary using attack surface reduction techniques including Microsoft’s attack surface reduction rulesets, isolating crown jewels, and locking down PowerShell.

11:00 am

North Room

Ryan LaBouve

Hunting Before Day Zero

“Hunting Before Day Zero” is a talk that will delve into details of file and network access on Linux to expose signals of compromise that might indicate our systems are infected and possibly by a zero-day vulnerability!

Center Room

Kevin Sesock

Your Cybersecurity Training Sucks

Scared straight doesn’t work! Still walking your users through how to create a password? STOP! Start teaching your users how to use their Apple iPhone or Android built-in password managers, leaked password tools, and tap-to-pay, and gamify security to create a security culture in your organization.

South Room

Andrew Lemon

Black Swans and Rocket Launchers, what's actually in your threat model?

Pen Testers love showing off … sometimes a little too much. At what point do attacks move from within a customers relevant threat model and into something you would see in a James Bond movie. This talk dives into examples of going too far and learning how emulate relevant threats.

12:00 pm

Center Room

CISO Showdown

1:00 pm

North Room

Jamy Casteel

Intro to API Hacking

APIs have exploded in popularity. It’s imperative to learn the basics and common vulnerabilities so that you can understand the basics for testing APIs. This talk covers API basics, discusses the OWASP API Top 10 and includes learning resources for getting more familiar with the covered material.

Center Room

Todd Wedel

Why John Wayne Works: Social Engineering in the Wild Wild West

Back the blue. Don’t start a fight; always finish one. Hold the door. Yes, ma’m. Don’t mess with Texas. From serious to seemingly frivolous, we’re steeped in ways to think, act, and believe. What if those are all expressions of a “code” that social engineers can use to leverage better exploits?

South Room

Kallen Curtis

Threat Intel for Beginners

In this presentation, you’ll learn practical tools and tips on how you can use defensive threat intelligence to stay ahead of malicious threats and better protect your business.

2:00 pm

North Room

Rachel Schwalk

Misbehaving Binaries: Methods for Detecting LOLBin Abuse

If you’re struggling with detection and having to respond to malicious activity well after occurrence, this talk is for you. I will use a replicable process of identifying normal vs. malicious behavior of commonly abused binaries to create effective detection logic that is bound to catch evil.

Center Room

Susan Lindberg

Machine Learning for Managing Internal Risk: At the Intersection of Security and Privacy

Your boss is watching! While employee supervision isn’t a new idea, electronic monitoring and vetting using machine learning is relatively new. At the same time, consumer privacy law is being extended to employees. What are the hazards, and is bossware worth it?

South Room

Jonah White

EndPoint Security 101: The tools of the trade

Ever wonder what Endpoint Security is and what tools you should use to secure your devices of all different kinds? Jonah white from TrustDigital will discuss the ins and outs of the latest endpoint security tools that vendors offer today to help mitigate against the attacks of tomorrow.

3:00 pm

North Room

John Vecchi

xIoT Hacking Demonstrations & Strategies to Disappoint Bad Actors

I’ll demonstrate several hacks against xIoT (Extended Internet of Things) devices. Bad actor & defender stories will be shared. Research from over six years & millions of devices will be explored. Steps organizations can take to mitigate xIoT risks will be outlined.

Center Room

Ed Schaefer

From Security Last to Security First: How Threat Modeling Can Help Your Agile and DevOps Teams Make the Shift

Too many agile teams take a “security last” approach, relying on scans and automation to fix known vulnerabilities. Threat Modeling gives teams a shared language and model for security so they can think like an attacker and a tool to build into their schedule to really be “security first”.

South Room

James Lawler

Hardening Windows 10 (at home or anywhere) Made 'Easier'

I will take you through security settings that you can apply today to your win10 machine and some other settings that can be applied with caveats and what those may be. The goal is to give a simple approach to making your Windows a more hardened and secure operating environment for all.

4:00 pm

Center Room

Final Remarks and Raffle