2023 Keynote
Madison Horn
Madison Horn, former U.S. Senate Nominee, has spent over a decade in cybersecurity, defending American interests against foreign adversaries, nation-states, and terrorist organizations. She has worked within both the startup ecosystem and global organizations, serving as a catalyst leader with an entrepreneurial spirit.
Her focus on removing barriers and defiant charisma allows her to build people-first organizations focused on excellence and creativity effectively. Her experiences have uniquely positioned her to play a hybrid role in teaching and influencing educational curriculum to advising on the development of global cybersecurity standards and regulations alongside government agencies. These extracurricular opportunities are a direct response to Madison’s level of technical expertise, business acumen, interpersonal skills, and her dedication in navigating complex problems across geographical, organizational, and cultural boundaries.
Madison’s current role as the Chief Executive Officer and Founder of Roserock Advisory Group allows her to continue advancing security for people, organizations, and the US, while also pursuing her passion for service in her work with her nonprofit, Restoring American Security.
Agenda
9:00 am
Center Room
MADISON HORN
Can I Punch You In The Face?
For too long, we have been in the ring with our guard down, underestimating our opponents and where they come from. But now, new fighters are stepping into the ring, with AI and quantum computing threatening to dismantle the fighting techniques that have served us for years. And if that weren’t enough, there are global hotspots that are throwing their weight around the arena, making the fight more lucrative and compelling. As cyber warfare becomes the main event, we are taking more sophisticated hits, from economic sabotage to hostile-disruptive maneuvers. Fights are spilling into society, with the most damaging being the weakening of trust and confidence in social and political systems. This has caused 91% of industry leaders to believe a catastrophic event will happen over the next year.
As defenders of the ring, we need to ask ourselves: How do we avoid getting punched in the face? When organizations don’t know what’s motivating their opponents, they’re not learning – they’re just dodging punches flat footed. Instead of waiting to be the victim of a knockout blow, we need to change our fighting strategy and start prioritizing active prevention techniques. After all, even the lightest of punches can break through our defenses if we’re not vigilant.
9:00 am
Center Room
MADISON HORN
Can I Punch You In The Face?
For too long, we have been in the ring with our guard down, underestimating our opponents and where they come from. But now, new fighters are stepping into the ring, with AI and quantum computing threatening to dismantle the fighting techniques that have served us for years. And if that weren’t enough, there are global hotspots that are throwing their weight around the arena, making the fight more lucrative and compelling. As cyber warfare becomes the main event, we are taking more sophisticated hits, from economic sabotage to hostile-disruptive maneuvers. Fights are spilling into society, with the most damaging being the weakening of trust and confidence in social and political systems. This has caused 91% of industry leaders to believe a catastrophic event will happen over the next year.
As defenders of the ring, we need to ask ourselves: How do we avoid getting punched in the face? When organizations don’t know what’s motivating their opponents, they’re not learning – they’re just dodging punches flat footed. Instead of waiting to be the victim of a knockout blow, we need to change our fighting strategy and start prioritizing active prevention techniques. After all, even the lightest of punches can break through our defenses if we’re not vigilant.
10:00 am
North Room
Kate Sharp
Battle For The Bus: An Exploration of Targeted Attack on Vehicles
Street vehicles have become more reliant on current technology for daily operations. This improvement in functionality broadens the attack surface and magnifies the potential consequences. Threat actors may use vulnerabilities in vehicle networks such as the Control Area Network (CAN) to execute targeted attacks against high-profile groups. The nature of these attacks goes beyond the scope of a digital environment and threatens physical safety, pressuring the offensive security field to find new talent and technology. This presentation focuses on the basics of understanding the usage and vulnerability of the CAN and presents an offensive security tool in its early development stages.
Center Room
David Bullas
Mitigate Identity-Based Threats by Climbing the ITDR Maturity Model
Are you concerned about mitigating identity-based threats like account takeovers and insider threats? Take control and secure your organization with Identity Threat Detection and Response (ITDR). Join me for a talk on enhancing cyberattack preparedness by climbing the ITDR Maturity Model.
South Room
Geoff Wilson
Keeping Out the Adversary With Attack Surface Reduction
Attack Surface Reduction is often the quickest way to improve cyber resiliency. Learn how to keep out the adversary using attack surface reduction techniques including Microsoft’s attack surface reduction rulesets, isolating crown jewels, and locking down PowerShell.
11:00 am
North Room
Ryan LaBouve
Hunting Before Day Zero
“Hunting Before Day Zero” is a talk that will delve into details of file and network access on Linux to expose signals of compromise that might indicate our systems are infected and possibly by a zero-day vulnerability!
Center Room
Kevin Sesock
Your Cybersecurity Training Sucks
Scared straight doesn’t work! Still walking your users through how to create a password? STOP! Start teaching your users how to use their Apple iPhone or Android built-in password managers, leaked password tools, and tap-to-pay, and gamify security to create a security culture in your organization.
South Room
Andrew Lemon
Black Swans and Rocket Launchers, what's actually in your threat model?
Pen Testers love showing off … sometimes a little too much. At what point do attacks move from within a customers relevant threat model and into something you would see in a James Bond movie. This talk dives into examples of going too far and learning how emulate relevant threats.
12:00 pm
Center Room
CISO Showdown
1:00 pm
North Room
Jamy Casteel
Intro to API Hacking
APIs have exploded in popularity. It’s imperative to learn the basics and common vulnerabilities so that you can understand the basics for testing APIs. This talk covers API basics, discusses the OWASP API Top 10 and includes learning resources for getting more familiar with the covered material.
Center Room
Todd Wedel
Why John Wayne Works: Social Engineering in the Wild Wild West
Back the blue. Don’t start a fight; always finish one. Hold the door. Yes, ma’m. Don’t mess with Texas. From serious to seemingly frivolous, we’re steeped in ways to think, act, and believe. What if those are all expressions of a “code” that social engineers can use to leverage better exploits?
South Room
Kallen Curtis
Threat Intel for Beginners
In this presentation, you’ll learn practical tools and tips on how you can use defensive threat intelligence to stay ahead of malicious threats and better protect your business.
2:00 pm
North Room
Rachel Schwalk
Misbehaving Binaries: Methods for Detecting LOLBin Abuse
If you’re struggling with detection and having to respond to malicious activity well after occurrence, this talk is for you. I will use a replicable process of identifying normal vs. malicious behavior of commonly abused binaries to create effective detection logic that is bound to catch evil.
Center Room
Susan Lindberg
Machine Learning for Managing Internal Risk: At the Intersection of Security and Privacy
Your boss is watching! While employee supervision isn’t a new idea, electronic monitoring and vetting using machine learning is relatively new. At the same time, consumer privacy law is being extended to employees. What are the hazards, and is bossware worth it?
South Room
Jonah White
EndPoint Security 101: The tools of the trade
Ever wonder what Endpoint Security is and what tools you should use to secure your devices of all different kinds? Jonah white from TrustDigital will discuss the ins and outs of the latest endpoint security tools that vendors offer today to help mitigate against the attacks of tomorrow.
3:00 pm
North Room
John Vecchi
xIoT Hacking Demonstrations & Strategies to Disappoint Bad Actors
I’ll demonstrate several hacks against xIoT (Extended Internet of Things) devices. Bad actor & defender stories will be shared. Research from over six years & millions of devices will be explored. Steps organizations can take to mitigate xIoT risks will be outlined.
Center Room
Ed Schaefer
From Security Last to Security First: How Threat Modeling Can Help Your Agile and DevOps Teams Make the Shift
Too many agile teams take a “security last” approach, relying on scans and automation to fix known vulnerabilities. Threat Modeling gives teams a shared language and model for security so they can think like an attacker and a tool to build into their schedule to really be “security first”.
South Room
James Lawler
Hardening Windows 10 (at home or anywhere) Made 'Easier'
I will take you through security settings that you can apply today to your win10 machine and some other settings that can be applied with caveats and what those may be. The goal is to give a simple approach to making your Windows a more hardened and secure operating environment for all.
4:00 pm
Center Room
Final Remarks and Raffle