TRACK 1

Poor password habits often lead to system compromise.  The Roberts family has authored an open source tool called “The Domain Password Audit Tool (DPAT)” and will be presenting how it can be used to understand weak password use. The discussion will include background information on password hashing and how password cracking is accomplished by attackers.

Training Room 150

The Domain Password Audit Tool

Carrie Roberts

Darin Roberts

Cameron Roberts

TRACK 2

Covering a Windows evasion technique called “RIPlace” that when used to maliciously alter files, bypasses most existing ransomware protection technologies. EDR products are blind to this technique, meaning these operations will not be visible for future incident response and investigation purposes.

Training Room 213/209

Rendering Ransomware Detection and EDR Products Blind

Rene Kolga

Women in Tech Lunch

All are welcome but women will be seated first. Lunch is provided!

Room capacity is 50. Come early!

​

Click here for bios

Room 203

Come and hear from two leading women in the tech industry.

Jamie Dalton

​Tiffany Peterson

TRACK 1

This session will cover my story of transitioning from a Mattress Salesman to a Security Analyst. Anyone can make it in this industry if you have the drive and passion.  Attend if you're still deciding on which path in infosec to take.

Training Room 150

From Mattress sales to Infosec soldier

Chriss Hansen

TRACK 2

Explore the power behind software defined contextual analysis in the cloud that allows DevOps and Security teams to be more proactive without disrupting their day to day operations. 

Training Room 213/209

Cloud-Based Contextual Analysis as Code

Erkang Zheng

TRACK 1

Having trouble getting execs to buy into the idea of security? This talk is a crash course in getting business buy-in to securing your organization, and getting user buy-in, too. I'll share some spreadsheet tools that will help the business understand the value of security and see return on investment for security tools and personnel.

Training Room 150

$how Me the Money! (Getting Business Buy-in)

Carlotta Sage

TRACK 2

Today, organizations rely heavily on TLS and other encryption protocols to protect data inside and outside their network boundaries.  To achieve crypto-agility, organizations must not only be able to quickly respond to mass certificate replacement events but must also be able to demonstrate policy compliance of all certificates and identify any anomalies.

Training Room 213/209

Crypto-Agility: Responding Quickly to Cyber Security Events

Dave Brancato

Typically Industrial Control Systems are air-gapped, meaning no connectivity to the internet AT ALL. Industrial sites are now focusing on ability to remotely manage and aggregate data for analysis.  Done correctly, this yields positive results for your organization.

Let's Get Cyberphysical: Securely Bridging The Air Gap

Mike Curnow 

TRACK 2

Nearly every business today is a software business.  If unauthorized changes are made to this software, either deliberately by a bad actor, or accidentally through employee mistake, there could be severe consequences for the business.

Training Room 213/209

How to Use Code Signing to Protect your Critical Software Infrastructure

Eddie Glenn

TRACK 1

MineMeld is an open source, extensible Threat Intelligence processing framework.  In this session you'll learn how to install MineMeld and set up common configurations. We'll also cover adding new and custom sources and how to integrate outputs into your tools.

Training Room 150

MineMeld - there's gold in them thar hills!

Jason Reverri

TRACK 1

As technology and software industries continue to grow at a breakneck pace, my infrastructure has moved to the cloud, and Code Rules Everything Around Me. Application security has become critical to get right. This session will cover how to jumpstart your application security program. 

Training Room 150

Jumpstarting Your Appsec Program

Julia Knecht 

Jacob Lords

TRACK 1

SSH keys are widely used in every enterprise to provide privileged administrative access. Poor SSH key management practices expose businesses to costly security risks. Learn how to take SSH keys from an operational liability to a security asset.

Training Room 150

SSH Keys: Security Asset or Liability?

Bart Lenaerts