Texas Cyber Summit: Full Schedule

9:00am CDT

Opening Remarks

Joseph Mlodzianowski,
Texas Cyber Summit
Joseph has a long history in Cyber Security and event coordination; nearly 20 years of bringing infosec and Cybersecurity education and events to attendees world-wide. The Texas Cyber Summit was created for the promotion and future of Cybersecurity. The San Antonio Cyber community is the second largest in the nation, and the Texas Cyber Summit's goal is to expand the expertise of Cybersecurity professionals and those interested in pursing a career in the field. The Texas Cyber Summit mission is to foster Education, Community, Involvement and training in the Cybersecurity field.

Speakers

Joseph Mlodzianowski

Founder, Texas Cyber Summit

Joseph Mlodzianowski Founder, Texas Cyber SummitJoseph has a long history in event coordination; nearly 20 years of bringing infosec and Cyber Security education and events to attendees. The Texas Cyber Summit was created for the future. The San Antonio Cyber community is the second... Read More →

Friday October 12, 2018 9:00am - 9:30am CDT
Texas Ball Room, Floor 2

KEYNOTE, OPENING REMARKS

9:30am CDT

Friday Morning Keynote

Ben
Christian, VP & Security Officer (Blue Team)
Developer (Builder), PoshSec Developer, Gamer, SciFi, Geek
Twitterz: @Ben0xA
IRC: Ben0xA on freenode in #burbsec,#poshsec,#derbycon channels
LinkedIn: Ben0xA
Emailz: web at ben0xa dot com
PoshSec Framework
Download from Github: https://github.com/PoshSec/PoshSecFramework

Speakers

Ben Ten (0xA)

Researcher, Binary Defense

Christian, VP & Security Officer (Blue Team), Developer (Builder), PoshSec Developer, Gamer, SciFi, GeekTwitterz: @Ben0xAIRC: Ben0xA on freenode in #burbsec,#poshsec,#derbycon channelsLinkedIn: Ben0xAEmailz: web at ben0xa dot comPoshSec FrameworkDownload from Github: https://gith... Read More →

Friday October 12, 2018 9:30am - 10:30am CDT
Texas Ball Room, Floor 2

KEYNOTE, SPECIAL GUEST

10:00am CDT

Sabotage Challenge I

Limited Capacity seats available

Sabotage
This session is a team-based, hands-on challenge where attendees race against the clock to sabotage other teams’ networks while defending their own network. Attendees will be divided into teams and will spend a short amount of time learning about their assigned network which consists of routers, switches, firewalls, and other network-related functions. When the game begins, an application will send heartbeats through each network and credentials to a random network node will be presented to each team. Teams must discover which node they can access in any one other of the teams’ network and change the configuration to cause the application’s heartbeat to fail. When a team’s heartbeat fails, they stop accumulating points and must repair the application’s data path by reversing the sabotage caused by an opposing team.
**** Bring your own Laptop ****
Michael Kowal Cisco
For the past 13 years, Michael Kowal has been involved with complex routing and switching designs and architectures at Cisco. He currently works with Universities, research institutions, and regional service providers to design carrier-class next-generation networks. Michael's technology focus within the Public Sector includes: BGP, IGP (OSPF/IS-IS), MPLS (L2/L3 VPNs), LISP, IPv6, DWDM, and ICN. Michael currently holds a CCDE & CCIEs in Routing & Switching, Service Provider, and Voice tracks. Michael also holds a Masters in Electrical Engineering from Stevens Institute of Technology.

Speakers

Michael Kowal

Architect, Cisco Systems

Friday October 12, 2018 10:00am - 2:00pm CDT
Floor 1 Lone Star 1

Sabotage, Hands-On

11:00am CDT

Carrying the SecURITy Shield – U R IT!

Limited Capacity seats available

Mr. Chris Knox
Mgr. Security Awareness and Analysis
CPS Energy
This session will examine an organization’s journey to create, deploy and enhance a security awareness program designed to change workforce behavior and reduce the risk of susceptibility to security-related incidents; specifically social engineering & phishing.

Speakers

Chris Knox

Mgr. Security Awareness and Analysis,, CPS Energy

Mr. Chris Knox Mgr. Security Awareness and Analysis, CPS EnergyThis session will examine an organization’s journey to create, deploy and enhance a security awareness program designed to change workforce behavior and reduce the risk of susceptibility to security-related incidents... Read More →

Friday October 12, 2018 11:00am - 12:00pm CDT
Floor 3 Executive Salon 3

11:00am CDT

I'm Pwned. You're Pwned. We're All Pwned

Limited Capacity filling up

I'm Pwned. You're Pwned. We're All Pwned
Troy Hunt,
Regional Director and MVP,
Microsoft
Mr. Troy is a Microsoft Regional Director and MVP, Pluralsight author and world-renowned internet security specialist. He spends his time teaching developers how to break into their own systems before helping to piece them back together to be secure against today’s online threats. He’s also the creator of Have I Been Pwned, the free online service for breach monitoring and notifications. Troy regularly blogs at troyhunt.com from his home in Australia.

Face it - it's going to happen.
It's going to happen to you, it's going to happen to your company and it's definitely happened to me! Security incidents are now just a part of normal everyday online life and we need to adapt to the new reality.
In this talk, we'll look at how security is changing and the things we can do to evolve our approaches in the era of the data breach. You'll see many of the common attacks organizations are falling victim to today, how our attitudes towards passwords are changing, how to get responsible disclosure right (both as an individual and an organization) and get a look inside some of the more modern security defenses out browsers offer us today. This talk is a mix of real world events, practical coding and face-palmingly painful security examples.

Speakers

Troy Hunt

Cyber Cyber, troyhunt.com

Mr. Troy Hunt Regional Director and MVP, MicrosoftMr. Troy is a Microsoft Regional Director and MVP, Pluralsight author and world-renowned internet security specialist. He spends his time teaching developers how to break into their own systems before helping to piece them back together to be secure... Read More →

Friday October 12, 2018 11:00am - 12:00pm CDT
Floor 3 Executive Salon 4

BLUE TEAM, DEFENSE

11:00am CDT

Challenges of Enterprise Segmentation

Limited Capacity seats available

Discussion will focus on the challenges faced in segmenting an enterprise environment, deciding on a strategy, selecting and designing a best solution, and what successful implementation requires.

Mr. Mario Balakgie
National Security Practice,
World Wide Technology, Inc.
Mario Balakgie joined World Wide Technology in 2013 after 28 years of professional experience in security in both the government and private sectors. During his tenure with the government Mario served as the Chief Information Security Officer for the Defense Intelligence Agency where he was responsible for information technology, data integrity and security, and global network communications. In this executive role Mario was instrumental in the establishment of key global information security capabilities for the Intelligence Community involving mitigation of advanced threats and implementation of security readiness and monitoring practices. He has served on special assignments to include the largest ever technology exploitation and forensic mission searching for evidence of weapons of mass destruction. Mario’s information security expertise has been called upon for Congressional testimony that ultimately established today’s federal standards for cyber protection.
As a Director in the Security Practice Mario delivers consulting services to clients by working with executives and addressing the demands of security on a global and enterprise scale. He leads a team of professionals with expertise to assist clients in defining comprehensive security and privacy programs mapped to business imperatives. This includes advanced technology solutions to support a range of clients and working with them to meet organizational requirements for establishing, implementing, monitoring, and maintaining a highly capable security program.

Speakers

Mario Balakgie

National Security Practice,, World Wide Technology, Inc.

Mr. Mario Balakgie INational Security Practice, World Wide Technology, Inc.Mario Balakgie joined World Wide Technology in 2013 after 28 years of professional experience in security in both the government and private sectors. During his tenure with the government Mario served as the Chief Information Security Officer for the Defense Intelligence Agency w... Read More →

Friday October 12, 2018 11:00am - 12:00pm CDT
Floor 3 Executive Salon 5

BREAKING CYBER, ARCHITECTURE

11:00am CDT

Cybersecurity for Automation Systems Challenges, Reality and Solutions

Limited Capacity seats available

Mr. Marco Ayala
Senior Principal Specialist,
AESOLNS.COM

In today's world of automation systems asset owners are struggling with connected technologies. There are still many with legacy control systems being assessed and even newly deployed systems have the same challenges as their predecessors. So what's the same or what's changed? The biggest realities being faced today is deployment, architecture, remote access and physical access practices. This presentation provides real world from the field "as-founds" and what we can do better as vendors, integrator, systems technicians and competent cyber warriors. This presentation also talks about the benefits of IIoT (Industrial Internet of Things) and its challenges of deployment, integration security and the term "Remote Control".
Topics we must face as safety and security leads and Health Safety and Environment advocates in today’s world.

Marco (Marc) Ayala has over 23 years and has .been involved in process automation and safety and is active in the Oil & Gas and Chemical Sector cyber security effort in the private sector. Mr. Ayala has as an end user from I&E and I&C through his career to handling advanced process control, maintained and designed enterprise historians and has worked with enterprise-IT to perfect a direct balance of ICS/SCADA Industrial-IT and demarc with Enterprise-IT. Marco has secured numerous plant processes in the US and abroad. Mr. Ayala worked for AkzoNobel for 14 years prior to joining Siemens Process Automation as their PCS7 AE Applications Engineer for the Gulf Coast. Mr. Ayala was a member of the US-Cyber Hub for Siemens.

Friday October 12, 2018 11:00am - 12:00pm CDT
Floor 3 San Antonio Ballroom

CRITICAL INFRASTRUCTURE, SCADA

11:00am CDT

10 Things every job seeker should know

Kathleen Smith
CyberSecJobs.Com/ClearedJobs.Net

Career search is not taught in school. So how do you learn the tips and tricks of a successful career search? Having spent 18 years in recruitment marketing, Kathleen Smith has seen both sides of the career search from the job seeker and recruiter viewpoints and she will be sharing the 10 things that job seekers will want to better understand in their career search.

Friday October 12, 2018 11:00am - 12:00pm CDT
Texas Ball Room, Floor 2

RECRUITING

11:00am CDT

Wiping The Slate Clean: The Ongoing Evolution of Wiper

Limited Capacity seats available

Mr.Edmund Brumaghin
Threat Researcher,
Talos Outreach

Wiper malware has been leveraged by attackers for years to facilitate the destruction of data and systems. In many cases, this malware has caused widespread operational issues for organizations and critical infrastructure all over the globe. Attackers have increasingly been leveraging and improving upon their wiper malware over the past several years. This talk will cover several notable examples of wiper malware, how they were distributed and the impacts that resulted from these attacks. It will also provide analysis of the technical capabilities present within wiper malware as well as the emergence of self-propagating wiper worms as a means for attackers to cause significant impact to target organizations very quickly.

Speakers

Edmund Brumaghin

Security Researcher, Cisco Talos

Mr.Edmund Brumaghin Threat Researcher, Talos OutreachWiper malware has been leveraged by attackers for years to facilitate the destruction of data and systems. In many cases, this malware has caused widespread operational issues for organizations and critical infrastructure all... Read More →

Friday October 12, 2018 11:00am - 12:00pm CDT
Floor 3 Executive Salon 2

RED TEAM, MALWARE

12:00pm CDT

Friday Keynote - The Future of Cyber Red Teams

Limited Capacity seats available

Rob Joyce
Senior Advisor for Cybersecurity Strategy,
National Security Agency
Mr. Rob Joyce is the Senior Advisor for Cybersecurity Strategy to the Director of the National Security Agency (NSA). Rob has worked at NSA since 1989, holding various leadership positions within both focus areas of NSA: the Cybersecurity and Signals Intelligence missions.
His previous assignment was Special Assistant to the President and Cybersecurity Coordinator at the White House where he led the development of national and international cybersecurity strategy and policy for the United States and oversaw implementation of those policies. He ensured that the Federal Government was effectively partnering with the private sector, nongovernmental organizations, all branches and levels of government, and other nations. In addition to the Cybersecurity Coordinator role, Rob was the Acting Deputy Homeland security advisor for six months and the Acting Homeland Security Advisor for a month, covering topics well beyond cybersecurity to include terrorism, health security and disaster response/recovery.
Mr. Joyce began his career as an engineer and is a technologist at heart. He received his Bachelors Degree in Electrical and Computer Engineering from Clarkson University in 1989 and earned a Masters Degree in Electrical Engineering from The Johns Hopkins University in 1993. Throughout his career with NSA, he has been the recipient of three Presidential Rank Awards: distinguished (2017), distinguished (2011) and meritorious (2006).
Mr. Joyce has served as a Scout Master and, until lawyers got in the way, enjoyed participating with the Boy Scouts in the annual World Championship of Punkin Chunkin, building a contraption to fling pumpkins for distance. Over the Christmas holidays, he runs a computerized light display synchronized to music, which is likely visible from the International Space Station.

Speakers

Rob Joyce

Senior Advisor for Cybersecurity Strategy, National Security Agency

Mr. Rob Joyce Senior Advisor for Cybersecurity Strategy, National Security AgencyMr. Rob Joyce is the Senior Advisor for Cybersecurity Strategy to the Director of the National Security Agency (NSA). Rob has worked at NSA since 1989, holding various leadership positions within both... Read More →

Friday October 12, 2018 12:00pm - 1:00pm CDT
Texas Ball Room, Floor 2

KEYNOTE, SPECIAL GUEST

1:00pm CDT

Friday 1pm Special Guest

Limited Capacity filling up

Mr. Jeff Moss
advises companies on security issues, both, electronic and physical, as well as speaking globally on the topic.
He sits on several advisory boards helping enterprises make informed decisions on cyber risks. In April 2011 Mr. Moss was appointed as the Chief Security Officer for the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit whose responsibilities include coordinating and ensuring the security, stability and resiliency of the Internet's unique global identifiers as well as maintaining the root zone of the Internet. This position involved managing the IT security of the ICANN networks and information systems, the physical security of ICANN facilities and meetings, and ensuring that ICANN meets its security and resiliency commitments to the multi stake holder community that oversees ICANN. This position involved extensive international travel and coordination with governments, law enforcement, and operational security communities in support of discussions around Internet Governance and security.
Mr. Jeff Moss is the founder and creator of both the Black Hat Briefings and DEF CON, two of the most influential information security conferences in the world, attracting over ten thousand people from around the world to learn the latest in security technology from those researchers who create it. DEF CON just had its 21st anniversary. Prior to creating Black Hat Briefings, Jeff was a director at Secure Computing Corporation where he helped establish their Professional Services Department in the United States, Asia, and Australia. His primary work was security assessments of large multi-national corporations. Jeff has also worked for Ernst & Young, LLP in their Information System Security division. Because of this unique background Jeff is uniquely qualified with his ability to bridge the gap between the underground researcher community and law enforcement, between the worlds of pure research and the responsible application of disclosure.

Speakers

Jeff Moss

Founder and Creator, Black Hat Briefings and DEF CON

Mr. Jeff Moss Founder and Creator, Black Hat Briefings and DEF CONMr. Moss advises companies on security issues, both, electronic and physical, as well as speaking globally on the topic. He sits on several advisory boards helping enterprises make informed decisions on cyber risks. In April 2011 Mr. Moss was appointed as the Chief Security Officer... Read More →

Friday October 12, 2018 1:00pm - 2:00pm CDT
Texas Ball Room, Floor 2

KEYNOTE, SPECIAL GUEST

2:00pm CDT

Real-life incident response: Attacks Against Security Devices

Limited Capacity filling up

Real-life incident response: An Evolution of Attacks Against Infrastructure and Security Devices

Mr. Omar Santos
Principal Engineer,
Cisco Product Security Incident Response Team (PSIRT)

Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. Omar is the author of more than twenty (20) books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), where he mentors and leads engineers and incident managers during the investigation and resolution of cyber security vulnerabilities.

Speakers

Omar Santos

Principal Engineer, Cisco

Omar Santos is an active member of the cyber security community, where he leads several industry-wide initiatives and standards bodies. His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing... Read More →

Friday October 12, 2018 2:00pm - 3:00pm CDT
Floor 3 Executive Salon 4

BLUE TEAM, Incident Response

2:00pm CDT

Building Products People Trust

Limited Capacity seats available

Building Products People Trust
Building security software is hard. Making it easy to understand and designing security software with trust and privacy in mind is even harder. At the end of this talk you'll have some practical advice from Duo Security's Mobile Product Manager, Taylor McCaslin, on building trust and designing empathy and into your security software. When security software is easy to use and trust, it is more effective.

Speakers

Taylor McCaslin

Product Manager, Duo Security / Cisco

Taylor McCaslinDuo Security, Mobile Product ManagerTaylor McCaslin is a multi-disciplinary technologist and Product Manager living in Austin, Texas. He currently works as a Mobile Product Manager at Duo Security. Taylor is an advocate and defender of privacy, consent, and inclusion.Taylor... Read More →

Friday October 12, 2018 2:00pm - 3:00pm CDT
Floor 3 Executive Salon 5

BREAKING CYBER

2:00pm CDT

Recent APT Campaign targeting Energy Sector Assets

Limited Capacity seats available

APT Campaign targeting Energy Sector Assets

Mr. Jonathan Homer
Chief, Industrial Control System Group,
U.S. Department of Homeland Security

Over the past year, a concentrated effort has been focused on specific energy sector critical assets, leveraging trusted relationships within supply chains and other partnerships in an attempt to gain access to corporate and control system networks. This technical discussion will review the threat actor’s tactics and techniques observed during multiple on-site incident response engagements conducted by the DHS NCCIC Hunt and Incident Response Team related to this campaign.

Speakers

Jonathan Homer

Chief, Industrial Control System Group,, U.S. Department of Homeland Security

Mr. Jonathan Homer Chief, Industrial Control System Group, U.S. Department of Homeland SecurityOver the past year, a concentrated effort has been focused on specific energy sector critical assets, leveraging trusted relationships within supply chains and other partnerships in an... Read More →

Friday October 12, 2018 2:00pm - 3:00pm CDT
Floor 3 Executive Salon 3

CRITICAL INFRASTRUCTURE, DEFENSE

2:00pm CDT

Community Based Career Development

Limited Capacity seats available

Kathleen Smith CyberSecJobs.Com/ClearedJobs.Net
Career development is typically seen as a progression of education, certification and job moves. However, to progress in our careers it is helpful to build both technical and non-technical skills in different environments to challenge us and give us the opportunity to learn. Community involvement strengthens not only the overall community but provides opportunities to stretch and learn new skills that support personal growth. We will review presenting, con management and competitions as ways to strengthen your career. This frank discussion by two community volunteers will outline how to evaluate these experiences and recommendations on presenting this information in your job search. Finally, we will address burnout, exhaustion and how not to burn bridges.

Friday October 12, 2018 2:00pm - 3:00pm CDT
Texas Ball Room, Floor 2

RECRUITING

2:00pm CDT

ICS201 Introduction to Threat Hunting on an ICS Network

Limited Capacity seats available

Mr. Dan Gunter
Principal Threat Analyst,
Dragos, Inc.
Dan Gunter is a Principal Threat Analyst at the industrial cyber security company Dragos, Inc. where he discovers, analyzes and neutralizes threats inside of ICS/SCADA networks. In this capacity, he performs threat hunting, incident response, and malware analysis mission for the industrial community. Previous to his role at Dragos, Dan served in a variety of Information Security roles as a Cyber Warfare Officer in the United States Air Force with duties ranging from Incident Response at the Air Force Computer Emergency Response Team to developing innovative capabilities for multiple Department of Defense partners. Dan has over 12 years' experience and has obtained the CISSP, GIAC GSEC, EC Council CEH and CompTIA Security+ certifications. He also holds a Bachelor of Science in Computer Science from Baylor University and a Master of Science in Computer Science from the University of Louisville. Dan previously presented at Blackhat and Shmoocon.

Speakers

Dan Gunter

Principal Threat Analyst, Dragos, Inc.

Dan Gunter is a Principal Threat Analyst at the industrial cyber security company Dragos, Inc. where he discovers, analyzes and neutralizes threats inside of ICS/SCADA networks. In this capacity, he performs threat hunting, incident response, and malware analysis mission for the industrial... Read More →

Friday October 12, 2018 2:00pm - 4:00pm CDT
Floor 3 San Antonio Ballroom

CRITICAL INFRASTRUCTURE, SCADA

2:00pm CDT

A Proper Introduction to Metasploit

Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Maybe you've heard about Metasploit, but don't know what all the buzz is about. Maybe you've used Metasploit, but never really learned it properly. Regardless of your background, this session will walk you through the basics of how to get the latest Metasploit improvements, how modules work under the hood, and a demonstration of EternalBlue to exploit Windows targets. Questions are welcomed and appreciated!

Requirements:
Our course will be hands-on, so you’ll need a laptop with the ability to run two virtual machines: a Kali Linux attacker and a Windows target. You’ll need to test out the two VMs in advance, using your choice of VMware or VirtualBox. Both VMs will need to be downloaded before the class:

https://s3.amazonaws.com/metasploit-training/TCS-Metasploit-Kali.zip
https://s3.amazonaws.com/metasploit-training/TCS-Metasploit-Win7-x64-SP1.zip

Unzip the files and double-click on the OVA to import it. If you have any questions, please don’t hesitate to reach out to me directly at Aaron.Soto@rapid7.com

Speakers

Jacob Robles

Senior Security Researcher, RAPID7

Jacob Robles, is on the Metasploit team at Rapid7 and works on porting proof-of-concept exploits to Metasploit modules and reviewing pull requests from community contributors. Previously, Jacob was a security consultant at Rapid7 and performed penetration testing for both internal... Read More →

Aaron Soto

Senior Security Researcher, RAPID7

Aaron Soto, is at Rapid7, focusing on Metasploit core improvements, helping first-time contributors submit pull requests to the metasploit-framework repo, and training newcomers to the InfoSec community. In his spare time, he wrecks cars at Lemons, carries around a ham radio, and... Read More →

Friday October 12, 2018 2:00pm - 5:00pm CDT
Floor 3 Executive Salon 2

RED TEAM, TOOLS & TACTICS

3:00pm CDT

The Offensive Defender | Cyberspace Trapping

Limited Capacity seats available

The Offensive Defender | Cyberspace TrappingRecorded: TrueThe attacker always wins because they have the advantage. Wrong. Any seasoned red teamer knows that they need to succeed at each stage of their compromise to achieve the objective. As defenders, we only need to stop them along one point in the intrusion. By leveraging our Home Field Advantage and weaponizing our networks with traps and snares, we have the opportunity to take the initiative and bring the fight to the intrusion set.
Attackers may have an untold and ever-growing number of tools and techniques to use during the attack, but they have a limited set of tried and true tactics. Targeting the adversary and poisoning their tried and true tactics lets us weaponize our environments where the Threat's own decision making is their undoing. When an attacker can never be certain if their own, unique tools are safe for them to use, their decision making is disrupted and the fight is already won. This talk is about the strategy of cyberspace trapping and includes a library of scripts and demonstrations for attendees to take with them and apply on day 0.

Friday October 12, 2018 3:00pm - 4:00pm CDT
Floor 3 Executive Salon 4

BLUE TEAM, DEFENSE

3:00pm CDT

Social Engineering, dont fall for it.

Limited Capacity seats available

Social Engineering, don't fall for it.
Mr. Jayson E. Street
Global Ambassador,
Defcon Groups

Jayson E. Street is the author of the book series "Dissecting the hack", and serves as a Global Ambassador for the Defcon Groups – The longest running hacking conference in the world. Additionally, Jayson serves as the Vice President of InfoSec for SphereNY. Highly sought as a global industry leader, he speaks at dozens of venues each year in the technical, business and academic arenas. Some examples from the past twelve months include: Defcon, DerbyCon, GRRCon, National Chamber of Commerce Events, National Banking Industry Events, National Private Security events as well as several other 'CONs and colleges on a variety of Information Security subjects in the United States and across the world. Jayson has been recognized for various achievements over the years including his nomination as of one of Time's persons of the year in 2006.

Speakers

Jayson E. Street

Global Ambassador, Defcon Groups

Mr. Jayson E. Street Global Ambassador, Defcon GroupsJayson E. Street is the author of the book series "Dissecting the hack", and serves as a Global Ambassador for the Defcon Groups – The longest running hacking conference in the world. Additionally, Jayson serves as the Vice... Read More →

Friday October 12, 2018 3:00pm - 4:00pm CDT
Floor 3 Executive Salon 3

CYBER 101, Social Engineering

3:00pm CDT

Don’t Panic, and Carry a Towel for Your Career

Limited Capacity seats available

While installing a babel fish would be helpful in many of life’s instances; a better understanding of career search and development does not have to be so gruesome. While we all think we know what “normality” is when searching for a new job, the pathways and answers are not always so clear. Let’s hear from two recruiters who have been around the galaxy a few times in several different types of companies to give you first hand, front line answers to your career search questions.

Friday October 12, 2018 3:00pm - 4:00pm CDT
Texas Ball Room, Floor 2

RECRUITING

3:00pm CDT

Regulatory requirements for risk assessments

Limited Capacity seats available

Legal and Regulatory Cyber Compliance Presenting legal and compliance topics relevant for today’s cybersecurity professionals. This presentation will include discussions of current laws including NYDFS 500, NAIC Model Laws, GLBA and various topics from the FFIEC among others.
Additional topics will include meeting regulatory requirements for risk assessments and a presentation of the various cybersecurity testing models for financial institutions such as the FFIEC CAT. Recent successful cyber-attacks have led the various federal and state legislative bodies to start increasing their regulation over the cybersecurity industry by including new requirements in new laws and regulations that cyber professionals should be aware of. The presenters will also discuss the best use of cyber security legal compliance in raising cyber awareness of executives who may not normally face heightened cyber compliance requirements. Finally, the presentation will be followed by a Q&A Session with the speakers who are experienced in regulatory cyber law and compliance.

Mr. Jason Edwards
Compliance Director for Cybersecurity,
USAA
Jason Edwards, has over 20 years of IT/Cybersecurity experience in various sectors such as military/government, insurance, digital security, banking, and energy. Jason currently works for USAA as the Compliance Director for Cybersecurity. He serves as the primary compliance advisor for the CISO and Information Security teams at USAA on regulatory compliance matters.
Jason has earned the CISSP as well as both a B.S. and M.S. in Information Technology/Security. Jason is currently in his final year of a doctoral program working to complete a dissertation on the 'Regulatory Cybersecurity Testing of Financial Institutions'. After earning his doctorate, Jason intends to pursue a second doctorate and possibly teach at the doctoral level.
Mr. Griffin Weaver
Attorney,
USAA
Griffin Weaver, is an attorney at the United Services Automobile Association (USAA), where is a member of the Enterprise Operations Counsel Group. Griffin serves as the primary legal counsel on issues related to cybersecurity, da

Speakers

Jason Edwards

Principal, Amazon Security

Jason Edwards is a Cybersecurity veteran with more than 20 years of experience in various sectors, including technology, military/government, insurance, digital security, banking, and energy. As a 22-year veteran of the US Army, Jason has served in Armor & Cavalry and as an IT/Cyber... Read More →

Griffin Weaver

Attorney, USAA

Mr. Griffin Weaver Attorney, USAAGriffin Weaver, is an attorney at the United Services Automobile Association (USAA), where is a member of the Enterprise Operations Counsel Group. Griffin serves as the primary legal counsel on issues related to cybersecurity, data security, insider threats, and financial cyber regulat... Read More →

Friday October 12, 2018 3:00pm - 5:00pm CDT
Floor 3 Executive Salon 5

BREAKING CYBER, Policy

3:00pm CDT

Sabotage II

Limited Capacity seats available

Sabotage IIThis session is a team-based, hands-on challenge where attendees race against the clock to sabotage other teams’ networks while defending their own network. Attendees will be divided into teams and will spend a short amount of time learning about their assigned network which consists of routers, switches, firewalls, and other network-related functions. When the game begins, an application will send heartbeats through each network and credentials to a random network node will be presented to each team. Teams must discover which node they can access in any one other of the teams’ network and change the configuration to cause the application’s heartbeat to fail. When a team’s heartbeat fails, they stop accumulating points and must repair the application’s data path by reversing the sabotage caused by an opposing team

Speakers

Michael Kowal

Architect, Cisco Systems

Friday October 12, 2018 3:00pm - 7:00pm CDT
Floor 1 Lone Star 1

Sabotage, Hands-On

4:00pm CDT

What's Lurking in your Source Code

Limited Capacity seats available

What's Lurking in your Source CodeRecorded: TrueIcebergs are deceiving. What you see is just a fraction of the whole picture. Same goes for software, what is being innovated and iterated on is only a small portion of the whole, while the majority of the code is based on open source packages downloaded from various places on the internet. Sounds great, right? Get free, open source code to help you develop your next product faster? Yes, and no.
Today, many open source packages have known and unknown vulnerabilities. This is why knowing what’s in your open source code is crucial to preventing security gaps in your code. It’s obvious that people DON’T know what’s on that free code as Security breaches are at an all time high.
How, in an Enterprise security market worth hundreds of billions of dollars, can these kinds of hacks be so commonplace? The reality is CISO’s, Risk Officers and even CEO’s are looking to protect against these breaches far too late in the process. While they focus on protecting their networks, appliances and applications they fail to understand in these instances that they’ve already been breached.

Friday October 12, 2018 4:00pm - 5:00pm CDT
Floor 3 Executive Salon 4

BLUE TEAM, DEFENSE

4:00pm CDT

Seven Steps to Effectively Defend Industrial Control Systems

Limited Capacity seats available

Seven Steps to Effectively Defend Industrial Control SystemsSeven strategies that can be implemented today to counter common exploitable weaknesses in “as-built” control systems..
Mr. Jonathan Homer
Chief, Industrial Control System Group,
U.S. Department of Homeland Security
Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it’s not a matter of if an intrusion will take place, but when. The capabilities of our adversaries have been demonstrated and cyber incidents are increasing in frequency and complexity. Simply building a network with a hardened perimeter is no longer adequate. Securing ICSs against the modern threat requires well-planned and well-implemented strategies that will provide network defense teams a chance to quickly and effectively detect, counter, and expel an adversary. This presentation presents seven strategies that can be implemented today to counter common exploitable weaknesses in “as-built” control systems.

Speakers

Jonathan Homer

Chief, Industrial Control System Group,, U.S. Department of Homeland Security

Friday October 12, 2018 4:00pm - 5:00pm CDT
Floor 3 San Antonio Ballroom

CRITICAL INFRASTRUCTURE, ARCHITECTURE

4:00pm CDT

One Social Profile to Rule Them All – Social Media Exploitation

Limited Capacity seats available

One Social Profile to Rule Them All – Social Media Exploitation
If you have been on the internet the last 10 years, then you likely are using some form of social media. You probably have heard of phishing however, could social media be used for phishing and what potential danger could occur from social media sources? Find the answer to those and other phishing related questions based on a real penetration test that leveraged phishing as a means to deliver advanced exploitation. The speaker is the author of various penetration testing, forensics and SOC best practices titles giving his real world experience with social media exploitation.

Mr. Joseph Muniz
Architect/ Security Researcher,
Cisco Systems.

Joseph Muniz is an architect at Cisco Systems and security researcher. He has extensive experience in designing security solutions and architectures for the top Fortune 500 corporations and US Government. Examples of Joseph’s research is his RSA talk titled Social Media Deception quoted by many sources found by searching “Emily Williams Social Engineering” as well as articles in PenTest Magazine regarding various security topics.

Speakers

Joey Muniz

Architect/ Security Researcher,, Cisco Systems

Mr. Joseph Muniz Architect/ Security Researcher, Cisco Systems.Joseph Muniz is an architect at Cisco Systems and security researcher. He has extensive experience in designing security solutions and architectures for the top Fortune 500 corporations and US Government. Examples of... Read More →

Friday October 12, 2018 4:00pm - 5:00pm CDT
Floor 3 Executive Salon 3

CYBER 101, Social Engineering

4:00pm CDT

Transitioning Careers? Upskilling in cybersecurity when you need it most

Limited Capacity seats available

Mr. Robert Sawyer
Product Marketing Manager for Rackspace Managed Security

Mr. Marcus Benavidez Director Open Cloud Academy
Marcus Benavidez, is the director of Open Cloud Academy, a unique hands-on learning academy that provides students the knowledge, skills, and confidence they need to enter into the IT workforce. Marcus has held numerous roles in his 11 year career at Rackspace including positions in sales and account management. Marcus holds a degree in Criminal Justice from the University of Texas at San Antonio and looks forward to welcoming his first bundle of joy early next year.

Mrs. Samantha Domingo Senior Security Researcher, RAPID7
Samantha Domingo , is a world-class business professional and Military Talent & Technical Recruiter with over a decade of experience in human resources, talent acquisitions, healthcare, technology, and international business development/relations. Samantha’s extensive education and business experience are a direct result of her exposure to the military culture and more than 20+ years of living abroad in 13 different countries. The enriching experiencing of living and traveling abroad for much of her life has allowed Samantha to gain an unfettered appreciation for cultural diversity and a unique perspective on business.
With a worldview and keen focus on military talent recruitment to technology, she joined Rackspace in 2018 and is aligned with Cyber Security & Technical Product recruitment. Samantha is the Military Talent & Technical Recruiter assisting with talent acquisitions branding & military hiring strategy development as part of Rackspace’s Diversity & Inclusion initiatives. She is a Hiring Our Heroes MSEEZ IT Technical Chair, a USO Pathfinder, a Veterati Mentor & an active volunteer in the community assisting military families with career transition to the civilian sector. As a Military Spouse of an Air Force Veteran & a Military Brat of a retired Air Force Command Chief, she brings a unique perspective, deep experience and a Fanatical passion to the organization’s military talent & cyber security recruitment efforts.

Friday October 12, 2018 4:00pm - 5:00pm CDT
Texas Ball Room, Floor 2

RECRUITING

5:30pm CDT

Panel: Smart City Challenges and Opportunities

Smart City Challenges and Opportunities

Speakers

Paula Gold-Williams

President & CEO, CPS Energy

Craig Hopkins

Chief Information Officer, City of San Antonio

Rob Joyce

Senior Advisor for Cybersecurity Strategy, National Security Agency

Friday October 12, 2018 5:30pm - 6:30pm CDT
Texas Ball Room, Floor 2

CRITICAL INFRASTRUCTURE, SPECIAL GUEST

7:00pm CDT

Movie: 300

Limited Capacity seats available

Movie is Rated R
In 480 B.C. a state of war exists between Persia, led by King Xerxes and Greece. At the Battle of Thermopylae, Leonidas king of the Greek city state of Sparta, leads his badly outnumbered warriors against the massive Persian army. Though certain death awaits !

Friday October 12, 2018 7:00pm - 10:30pm CDT
Floor 3 San Antonio Ballroom

Movie

8:45am CDT

Saturday Opening

Limited Capacity seats available

Welcome to Saturday !

Speakers

Joseph Mlodzianowski

Founder, Texas Cyber Summit

Saturday October 13, 2018 8:45am - 9:00am CDT
Texas Ball Room, Floor 2

KEYNOTE

9:00am CDT

Saturday Keynote

Chris Nickerson, CEO of Lares, has spent the last 20 years of his career leading, inspiring, and sometimes irritating, the security industry. With Lares co-Founder Eric M. Smith, he created the unique methodology used at Lares to assess, implement, and manage information security realistically and effectively. Collaborating with a group of other InfoSec researchers, he founded the Penetration Testing Execution Standard (PTES), and is working with the Red Team Alliance Training Collective to create a certification for Red Team Testing. He is one of the founders of the Security BSides conferences, he’s been a keynote, speaker, and/or trainer at more than fifty InfoSec conferences worldwide, including DEFCON, CyberWeek, and BlackHat. He’s a member and certification holder with ISACA, on the board of CREST, and holds CISSP, CISA, BS7799, and NSA IAM certifications. His book, Red Team Testing, is upcoming from Elsevier/Syngress. And despite all that, he is perhaps best known for his appearance on the TV show Tiger Team on TruTV, and his TED Talk, Hackers are all about curiosity, and security is just a feeling.

Speakers

Chris Nickerson

CEO, Lares

Mr. Chris Nickerson CEO, LaresChris Nickerson, CEO of Lares, has spent the last 20 years of his career leading, inspiring, and sometimes irritating, the security industry. With Lares co-Founder Eric M. Smith, he created the unique methodology used at Lares to assess, implement, and manage information security realistically and effectively... Read More →

Saturday October 13, 2018 9:00am - 10:00am CDT
Texas Ball Room, Floor 2

KEYNOTE, SPECIAL GUEST

9:00am CDT

Sabotage Challenge III

Limited Capacity seats available

Speakers

Michael Kowal

Architect, Cisco Systems

Saturday October 13, 2018 9:00am - 2:00pm CDT
Floor 1 Lone Star 1

Sabotage, Hands-On

10:00am CDT

Target-Based Security Model

Limited Capacity seats available

Speakers

Garett Montgomery

Saturday October 13, 2018 10:00am - 11:00am CDT
Floor 3 Executive Salon 5

CRITICAL INFRASTRUCTURE, SCADA

10:00am CDT

Joe, Mary, John and Valarie - Your largest Threats

Limited Capacity seats available

These names are normal. They come to work on-time every day. They are your top
performers. They have names similar to Edward. Edward comes to the office, does
a great job, and seems like an average analyst. He is also the most famous Insider
Threat. Joe, Mary, John and Valarie are too. Mary is a great contributor to the team.
She brings breakfast tacos to the whole office. She seems nice, someone you
would like to work with. Underneath the surface, she feels that the organization she
is working for is doing something inherently, or ethically wrong. What you didn’t
know when you hired Mary is that she would be a threat.
You didn’t know that her independence and drive would also lead to her inability to
be loyal to anyone’s interests except her own. She began working for the company
feeling as if she had a sense of belonging, until the day she realized that her
interests were diverging from the company’s. It was at this moment, she became
frustrated. She felt betrayed. Ultimately, she felt a sense of duty to correct these
actions, and so she did. Mary was an analyst who had access to all kinds of critical
information. She was cleared at your highest classification level. She became an
insider threat. Could you have known this before you hired her? We believe you can.
Creating an Insider Threat Program based on human data analytics coupled with
traditional tactics and preventive measures allows us to identify these potential
threats to our organization and our customers.

Speakers

Angel Crockett

CEO and Founder, Inflow

Angel Crockett is the CEO and founder of Inflow, a National Security Company,headquartered in San Antonio, TX. Her mission is making it matter, contributing toall customers’ missions with a core focus in defending the cyber domain withoffensive and defensive measures, creating... Read More →

Saturday October 13, 2018 10:00am - 11:00am CDT
Floor 3 Executive Salon 3

CYBER 101, TOOLS & TACTICS

10:00am CDT

ATT&CKing the Enterprise

Limited Capacity seats available

Many organizations are struggling to validate whether their security controls are working as intended. In this talk Marcus will discuss how to leverage the MITRE ATT&CK framework in order to validate enterprise security controls for free.
MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, planning security improvements, and verifying defenses work as expected.

Mr. Marcus Carey Founder and CEO, Threatcare
Marcus J. Carey is the founder and CEO of Threatcare. He is a hacker who helps organizations build, measure, and maintain cybersecurity programs. Marcus started his technology voyage in U.S. Navy Cryptology and working at the National Security Agency (NSA).

Speakers

Marcus Carey

Founder and CEO, Threatcare

Mr. Marcus Carey Founder and CEO, ThreatcareMarcus J. Carey is the founder and CEO of Threatcare. He is a hacker who helps organizations build, measure, and maintain cybersecurity programs. Marcus started his technology voyage in U.S. Navy Cryptology and working at the National... Read More →

Saturday October 13, 2018 10:00am - 11:00am CDT
Floor 3 Executive Salon 2

RED TEAM, TOOLS & TACTICS

10:00am CDT

Cyber Threat Response (CTR) Clinic

Limited Capacity seats available

Cyber Threat Response (CTR) Clinic to perform attack and defend scenarios - Choose your adventure. CTR was created to teach you WHY certain defense capabilities are critical for preventing a future compromise of your network. Help Mr. Black be attacker using Kali Linux and other tools to exploit systems, infect endpoints with Ransomware and exfiltrate data to be sold on the Darknet. Defend the fictitious hospital using Firewall, IPS, Breach Detection, NetFlow Analytics, SIEM, Access Control and Vulnerability Management. Join the cyber cat and mouse game however, you must bring your own laptop to play! Note: No harm will be done to your system as the entire environment is in an isolated container.

Speakers

Moses Frost

TSA, Cisco Systems

Mr. Moses Frost Security Architect, CiscoSomeone or another has employed Moses Frost for the last 19 years. He started with BBS’s and ran a few, in the early 90’s, and his first non-Microsoft Operating System was Slackware and Linux 1.2 He is now employed Cisco Security Architect... Read More →

Saturday October 13, 2018 10:00am - 11:00am CDT
Floor 3 Executive Salon 4

RED TEAM, TOOLS & TACTICS

10:00am CDT

Threat Hunting on ICS Networks

Limited Capacity seats available

Hands on Threat Hunting and Analysis of attacks on Industrial Control Networks.

Speakers

Dan Gunter

Principal Threat Analyst, Dragos, Inc.

Saturday October 13, 2018 10:00am - 12:00pm CDT
Floor 3 San Antonio Ballroom

RED TEAM, TOOLS & TACTICS

11:00am CDT

Hacking the Elections

Limited Capacity seats available

Speakers

Sean Gallagher

IT & National Security Editor, ARSTECHNICA

I cover the intersection of information technology, information security, national security and defense, and national infrastructure for Ars Technica. I'm a former US Navy officer and a former IT contractor, and have covered the defense , government and enterprise technology beats... Read More →

Saturday October 13, 2018 11:00am - 12:00pm CDT
Floor 3 Executive Salon 5

BREAKING CYBER

11:00am CDT

Dynamic VM Tool Chain Utilizing Unikernels

Limited Capacity seats available

Speakers

Alex Speasmaker

Software Developer,, Starlab

Mr. Alex Speasmaker Software Developer, Star LabAlex Speasmaker has a degree in Computer Science from Texas State University has been working in the cybersecurity industry for over 5 years and has been doing development with Xen for almost 2 of those years. He currently works for... Read More →

Saturday October 13, 2018 11:00am - 12:00pm CDT
Floor 3 Executive Salon 3

CYBER 101

11:00am CDT

Cyber Intel Jobs are not the same

Limited Capacity seats available

Mr. Derek Baker
Mr. Andy Cheng

Saturday October 13, 2018 11:00am - 12:00pm CDT
Texas Ball Room, Floor 2

RECRUITING

11:00am CDT

Keeping Up With The APTs

Limited Capacity seats available

Red Teaming against large enterprise environments requires a large amount of specific technical and operational knowledge. Any effective attacker must learn common configuration and visibility gaps that provide efficient ways of bypassing detection and response capabilities. This talk will discuss cutting-edge tools, tactics, and procedures (TTPs) used to compromise enterprise networks during covert red team operations. We will present case studies of real-world attacks against clients and the methodology we used to accomplish our objectives without detection.
This talk will discuss trends in payload execution such as weaponizing native Windows binaries to execute arbitrary payloads. We will additionally demonstrate how Mandiant uses these execution methods for common tasks during active engagements. This will include DO's and DONT's for lateral movement in enterprise networks, as well examples of our favorite persistence techniques and how they can be used in conjunction with the latest payload trends in targeted, stealthy attacks.

Speakers

Evan Pena

Global Red Team Lead, Mandiant, a FireEye Company

Mr. Evan Peña Global Red Team lead, Mandiant, A FireEye CompanyEvan Peña is the Global Red Team lead for Mandiant, a FireEye Company. Evan has years of experience in enterprise information technology administration, leading covert red team operations to evaluate incident response... Read More →

Saturday October 13, 2018 11:00am - 12:00pm CDT
Floor 3 Executive Salon 2

RED TEAM, TOOLS & TACTICS

11:00am CDT

Real-life incident response: An Evolution of Attacks Against Infrastructure and Security Devices

Limited Capacity seats available

Real-life incident response: An Evolution of Attacks Against Infrastructure and Security Devices

Speakers

Omar Santos

Principal Engineer, Cisco

Saturday October 13, 2018 11:00am - 12:00pm CDT
Floor 3 Executive Salon 4

RED TEAM, TOOLS & TACTICS

1:00pm CDT

KEYNOTE 2

Limited Capacity seats available

A National Cybersecurity Fellow at DC-based think tank New America, Rob was named one of Passcode's Influencers, awarded EnergySec's Cyber Security Professional of the Year 2015, and was inducted into Forbes' 30 under 30 for Enterprise Technology 2016 as one of "the brightest entrepreneurs, breakout talents, and change agents" in the sector. A passionate educator, Rob is the course author of SANS 1CS515 "ICS/SCADA Active Defense and Incident Response," the only ICS-specific incident response course in the world, and the lead author of SANS F0R578 "Cyber Threat Intelligence."
Rob pursued cybersecurity in the U.S. Air Force, where he served as a Cyber Warfare Operations Officer in the U.S. Intelligence Community. He has performed defense, intelligence, and attack missions focused on identifying and remediating hostile nation-state adversary operations.

Speakers

Robert M. Lee

CEO National Cybersecurity Fellow at DC-based think tank New America

Saturday October 13, 2018 1:00pm - 2:00pm CDT
Texas Ball Room, Floor 2

KEYNOTE, SPECIAL GUEST

2:00pm CDT

Ridealong Adventures - Critical Issues with Police Body Cameras

Limited Capacity seats available

Recorded: TrueThis talk will include vendor responses, new firmware, additional attacks, and more demos!
The police body camera market has been growing in popularity over the last few years. A recent (2016) Johns Hopkins University market survey found 60 different models have been produced specifically for law enforcement use. Rapid adoption is fueling this meteoric increase in availability and utilization. Additionally, device manufactures are attempting to package more and more technology into these devices. This has caused a deficiency in local municipalities' skills and budget to accurately assess the attack surface and exposure to the organization. Furthermore, departmental policies and procedures governing the secure deployment of these devices is largely insufficient.
At Texas Cyber Summit, we will be introducing tactics, techniques, and procedures to assess the security of these devices. We will cover attacks against the physical devices, RF components, smartphone app's, and desktop software. The capabilities demonstrated and discussed will encompass publicly and privately available technologies. Additionally, the talk will cover multiple products and vendors, shedding light on industry wide issues and trends. Finally, we will be releasing software to detect and track various devices and tie these issues into real world events.

Mr. Josh Mitchell Principal Cybersecurity Consultant, Nuix
Reverse Software Engineer and programmer with 11+ years experience in software reverse engineering, malware analysis, vulnerability analysis, and exploitation development. Developed software on Unix, Linux and Windows platforms in the Python, Ruby, C++, C, and Assembly languages. Experienced with debuggers, IDEs, application fuzzers and reverse engineering tools. Strong grasp of operating system fundamentals, including interrupts, threading, virtual memory, device drivers and memory management techniques. Possess a knowledge and understanding of operating system internals, device drivers, integration of code with the operating system kernel. Also experienced with code and resource optimization. Have exercised presentation skills in conference, laboratory and classroom settings, demonstrating research findings and giving lectures.

Saturday October 13, 2018 2:00pm - 3:00pm CDT
Floor 3 Executive Salon 4

BLUE TEAM, DEFENSE

2:00pm CDT

Why its time to take a chainsaw to AI

Limited Capacity seats available

AI / ML is overhyped and fails. Learn how AI really works in cyber malware hunting. Don't believe the hype of the magic of your vendors.

Speakers

Aamir Lakhani

Senior Security Researcher, FortiGuard Labs

Aamir Lakhani is a leading Senior Security Researcher for FortiGuard Labs at Fortinet. He is responsible for providing IT security solutions to major enterprises and government organizations. Lakhani creates technical security strategies and leads security implementation projects... Read More →

Saturday October 13, 2018 2:00pm - 3:00pm CDT
Floor 3 Executive Salon 5

BREAKING CYBER

2:00pm CDT

Preventing Radiological Sabotgge at US Nuclear Power Plants

Limited Capacity seats available

The intent of the Nuclear Power Plant Cyber Security Plan is to protect the health and safety of the public from radiological sabotage as a result of a cyber-attack as described in 10 CFR 73.1. 10 CFR50.34(c), “Physical Security Plan,”. Nuclear Power plants have to be protected from a dual cyber threats, Radiological Sabotage and Ensuring the Electrical Grid is safe from terroristic attacks.
This presentation will focus on the Regulatory Requirements that US Nuclear Power Plants have to meet and maintain to eliminate Radiological Sabotage at Nuclear Power Plants.

From the initial start back in 2004 to today where all US Nuclear Power Plants are being inspected by the Nuclear Regulatory Commission.
How the change from analog to digital systems for Nuclear Plants has changed the whole process for ensuring they are protected against cyber threats.
Implementing Cyber Security controls on Safety, Security and Emergency Preparedness Systems.
Ensuring we have meet and exceeded the expectations set forth by the Nuclear

Speakers

Dennis Rawlings

Manager of Cyber Security and Information Security, South Texas Nuclear Operating Company

Mr. Dennis Rawlings Manager of Cyber Security and Information Security, South Texas Nuclear Operating CompanyI am the Manager of Cyber Security and Information Security at the South Texas Nuclear Operating Company. I manage both Cyber Security (Plant side) and Information Security... Read More →

Saturday October 13, 2018 2:00pm - 3:00pm CDT
Floor 3 San Antonio Ballroom

CRITICAL INFRASTRUCTURE, SCADA

2:00pm CDT

Anatomy of Cyber Attacks

Limited Capacity seats available

As more companies and government agencies are becoming cyber dependent, the outbreak of malware attacks and their sophistication are growing exponentially. This presentation will showcase live demonstrations of multiple malware threat vectors and provide sobering examples of the ease at which attackers can compromise your data.

Speakers

Tom Ervin

Computer Scientist, FBI

Tom Ervin has been supporting the FBI with cyber forensics analysis for the past eighteen years. He specializes in computer intrusions and the dissection of computer viruses and worms. In 2000, Tom helped establish the FBI's first malicious code laboratory at FBI Headquarters in Washington... Read More →

Saturday October 13, 2018 2:00pm - 3:00pm CDT
Floor 3 Executive Salon 3

CYBER 101

2:00pm CDT

Finding the Right Tools and Codes for Your Career Search

Limited Capacity seats available

Finding the Right Tools and Codes for Your Career Search
A common saying is that is a full-time job finding a job, but who really has the time? According to the Department of Labor, most professionals will have at least 15 jobs in their lifetime, and in our community, that number is almost double. What are the tools and strategies to always have on hand so that you can navigate your career search. A frank discussion with a panel of recruiters about career strategies and fails.
Panelists:
Outline:

Introductions Panelists introduce themselves, their background, what they typically recruit for and one thing that they don’t think many folks know about them.
Background on recruiters: What is a typical day like, who do you interact with, what sucks up most of your time?
What part of the job negotiation process – inquiry, tech interview, face to face interview, follow up, job offer, negotiation – do job seekers frequently mess up, what is your recommendation on not doing this.
What is something that a job seeker has done in their interaction with you that has really impressed you?
If a job seeker could do only three things to get a job, what would those be?
Most job seekers think that the recruiter is the sole decision maker. Is that that true in your case or are there other people that you have to propose the candidate to? What is this process and how can the job seeker help you with this?
What happens after you have to reject a job seeker? What should they do next?
What drives you nuts on a resume?
What are the kinds of things that job seekers tend to “bury” in their resume?
There are many studies out that say a recruiter only looks at your resume for 7 seconds. Is this true? How does a job seeker capture your attention in 7 seconds?
Can a job seeker submit more than one kind of resume to a company? If they are applying for different positions?
What should I do if I am a student with my resume that has no experience?
If I am a transitioning military person, what should I be putting on my resume?
Should I bring my resume to my interview?
Should I do a video resume?
Open to questions

Saturday October 13, 2018 2:00pm - 3:00pm CDT
Texas Ball Room, Floor 2

RECRUITING

2:00pm CDT

METASPLOIT MODULE AND EXPLOIT DEVELOPMENT

Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Looking to climb the ranks from script kiddie to exploit developer? Got a big idea to improve Meterpreter? Join us for a three-hour walkthrough of Metasploit modules -- scanners, exploits, and post-exploit modules, culminating in an exercise of writing your own module from scratch. Ruby experience is helpful, but definitely not required!

Requirements:
Our course will be hands-on, so you'll need a laptop with the ability to run two virtual machines: a Kali Linux attacker and a Windows target. You'll need to test out the two VMs in advance, using your choice of VMware or VirtualBox. Both VMs will need to be downloaded before the class:

https://s3.amazonaws.com/metasploit-training/TCS-Metasploit-Kali.zip
https://s3.amazonaws.com/metasploit-training/TCS-Metasploit-Win10-x64-1803.zip

Unzip the files and double-click on the OVA to import it. If you have any questions, please don't hesitate to reach out to me directly at Aaron.Soto@rapid7.com

Speakers

Jacob Robles

Senior Security Researcher, RAPID7

Aaron Soto

Senior Security Researcher, RAPID7

Saturday October 13, 2018 2:00pm - 5:00pm CDT
Floor 3 Executive Salon 2

RED TEAM, TOOLS & TACTICS

2:00pm CDT

Sabotage IV

Limited Capacity seats available

Speakers

Michael Kowal

Architect, Cisco Systems

Saturday October 13, 2018 2:00pm - 6:00pm CDT
Floor 1 Lone Star 1

Sabotage, Hands-On

3:00pm CDT

Hunting in Memory: Live Memory Analysis at Scale

Limited Capacity seats available

Memory-resident & file-less malware has been involved in a majority of hacks for years now. It is the number one technique used by penetration testers and hackers to evade detection by antivirus, bypass whitelisting, and limit evidence available for investigators. While many endpoint protection tools have advanced their ability to detect the act of memory injection or execution of a file-less attack in real time, the post-compromise discovery and follow on analysis of memory injected malware continues to rely on one-host-at-a-time offline analysis of a physical memory dump.
In this talk, Chris Gerritz and Russ Morris will go over the various techniques malware uses to hide within memory as well as the latest advances in live, scalable volatile memory analysis which can be used to find and analyze these threats. We will use some open source tools and scripts to demonstrate some of the technical content. Ultimately, we are seeking to arm threat hunters with the knowledge to hunt effectively and efficiently within memory: live and at scale.

Speakers

Chris Gerritz

Co-Founder and CPO, Infocyte

Chris Gerritz co-founder and CPO of Infocyte, is a pioneer in defensive cyberspace operations having established and led the U.S. Air Force’s first Enterprise-scoped Hunt Team. In this roll, he led a team of 28 operators and analysts tasked with finding, tracking, and neutralizing... Read More →

Ryan "Russ" Morris

Co-Founder and CTO, Infocyte

Russ co-founder and CTO of Infocyte, is an alum of the Air Force's 57th Information Aggressor Squadron (Air Force Red Team). He brings a unique offensive mindset to the world of defense having served as a military strategist, planning two of the largest defensive cyber operations... Read More →

Saturday October 13, 2018 3:00pm - 4:00pm CDT
Floor 3 Executive Salon 4

BLUE TEAM, DEFENSE

3:00pm CDT

Practical Attacks on the Modern Web

Limited Capacity seats available

Have you ever been on a Web Assessment, Bug Bounty, Pen Test, or Red Team and encountered a component using the latest frameworks, languages, libraries, or on the infrastructure? This presentation will provide a practical guide to approach these types of scenarios. Many of these technologies are strikingly new, probably visually stunning, but are they entirely secure? This talk will explore concepts like Modernized languages, Exposed In-Memory Databases, Proxies, Breaking Microservices, and more. We will show demos of how to abuse the latest architectures and frameworks. Follow me as we break the stuff that everyone else is just riding by, or discovering on accident. Notes: This talk draws upon several classic presentations such as Stefen Essler’s ‘Shocking News in PHP Exploitation’, but modernized for PHP7. It also includes previous work drawn upon such as the latest exploits in Web Caches. We also go through common misconfigurations in simple, yet popular tools that can be found in many modern applications such as:

CI/CD Tools
Microservice architectures and their underlying new Sidecars
New areas where keys are important

Speakers

Moses Frost

TSA, Cisco Systems

Saturday October 13, 2018 3:00pm - 4:00pm CDT
Floor 3 Executive Salon 5

BREAKING CYBER

3:00pm CDT

Securing and mitigating OT Maritime cyber environments

Limited Capacity seats available

Securing a digitally connected environment is tough enough onshore, but when you are offshore the impacts are higher. The lack of safety can result in loss of life, and billions of dollars in non-productive time lost, and vessels, rigs and mobile offshore units varied in function, size, depth, capacity, age, suppliers, OEMs and expertise. We will explore the technical differences of functions, processes, digitally connected environments, and framework methodology for identifying cyber risks and best practices to mitigate the most common ones.

Speakers

Cherise Esparza-Gutierrez

Co-Founder & CTO, SecurityGate

Ms. Cherise Esparza-Gutierrez Co-Founder & CTO, SecurityGateCherise is Co-founder and is CTO of SecurityGateTM a SAAS platform that automates the risk assessment process at scale for vast eco-systems. In 2015 she led a comprehensive cyber security program that resulted in the world’s... Read More →

Saturday October 13, 2018 3:00pm - 4:00pm CDT
Floor 3 San Antonio Ballroom

CRITICAL INFRASTRUCTURE, SCADA

3:00pm CDT

Cyber Threat Analysis & Attribution – A Complicated Team Sport

Limited Capacity seats available

Speakers

Paula Lewdandoski

Saturday October 13, 2018 3:00pm - 4:00pm CDT
Floor 3 Executive Salon 3

CYBER 101

4:00pm CDT

G'Suite Email Compromise & Recovery

Limited Capacity seats available

It’s the norm now to hear companies discussing “moving to the cloud”. Before long your data center servers are going to be antiquated technology. Though the transition to the cloud marks an exciting time in Information Technology, digital forensic investigators and incident responders are facing new, unknown territory. Rather than tackling such a large topic and issue in 30 minutes, this talk aims to provide a real-life case study of what it is like to respond to an incident in GSuite, Google’s cloud business suite. With a few million businesses subscribed to GSuite and that number climbing it is likely that DFIR professionals will eventually need to handle an incident for a company that is using GSuite for business operations. Speaking from experience, the presenter of this talk hopes to use a real-life example of how incident responders would handle an account compromise that occured to a business using GSuite. Furthermore, the speaker will apply the SANS Incident Response process to the situation and briefly discuss the forensics surrounding GSuite incidents. The goal is that by reviewing this case study the audience will not only learn about GSuite DFIR but also begin to think about how this extends to all cloud environments.

Speakers

Megan Roddie

Cyber Threat Researcher, IBM

Megan Roddie is a security analyst with Recon InfoSec. With previous experience in the public sector and a current position in the private sector, she has a variety of experience in different types of environments. With a love for public speaking, she has spoken at DEFCON, BSides... Read More →

Saturday October 13, 2018 4:00pm - 5:00pm CDT
Floor 3 Executive Salon 4

BLUE TEAM, DEFENSE

4:00pm CDT

Turning Cyber Toddlers into Warriors

Limited Capacity seats available

Speakers

Shira Shamban

Dome9

Saturday October 13, 2018 4:00pm - 5:00pm CDT
Floor 3 Executive Salon 5

BREAKING CYBER

4:00pm CDT

Consequence Driven Threat Hunting

Limited Capacity seats available

Threat hunting provides an excellent opportunity for proactive discovery of advanced threats within industrial control system (ICS) environments. One of the unique aspects specific to ICS networks involves the physical consequence aspect because computers control sensitive parts of the operatio
We first will explore an approach for threat hunting within an industrial control system environment. We will then pivot into how to use process consequence to shape the goals of the threat hunt. Finally, we will walk through a threat hunt to show how to apply the learned information.
Those new to threat hunting in ICS will leave with an understanding of the challenges and unique nature of ICS threat hunting. Experienced ICS threat hunters will go with new tactics and techniques to improve threat hunting efforts.

Speakers

Marc Seitz

Threat Analyst,, Dragos, Inc.

Marc Seitz is a Threat Analyst, Threat Operations Center, at the industrial cyber security company Dragos, Inc. where he coordinates industrial control system cyber test lab functions as well as performing threat hunting services in ICS networks. Marc is a specialist in designing... Read More →

Saturday October 13, 2018 4:00pm - 5:00pm CDT
Floor 3 San Antonio Ballroom

CRITICAL INFRASTRUCTURE, SCADA

4:00pm CDT

Cyber Hunting Through the Attacker Lifecyle

Limited Capacity seats available

Cyber Hunting Through the Attacker LifecyleRecorded: TrueCyber Hunting is the move away from reactive detection and response through operationalization of intelligence and the understanding of how attackers move through targeted environments and progress through the Attack Lifecycle. This session will explain hunting methodologies, skills / expertise, and what makes Cyber Hunting effectiv

Mr. Joshua Zganjar Managed Security-Team Lead,Rackspace

SIEM Engineer at AT&T
Cyber incident analyst at TASC, Inc
Served as Digital Network Exploitation Analyst in the US Marine Corps

Mr. Tyler Baker Managed Security-Team Lead, Rackspace
Tyler Baker is a Team Lead for Rackspace Managed Security. He leads a team of threat intelligence analysts enriching events, hunts, and provides support to incident response.

Saturday October 13, 2018 4:00pm - 5:00pm CDT
Floor 3 Executive Salon 3

CYBER 101

5:00pm CDT

Common Vulnerabilities in Medical Devices

Limited Capacity seats available

Medical devices are high-risk, high-value targets as they are increasingly connected to hospital networks, the Internet and other healthcare technology components. These devices serve as entry points for threat actors to compromise protected health information (PHI) and can be leveraged to cause direct patient harm. As a result of performing vulnerability assessments, Mayo Clinic has identified common weakness patterns and attack scenarios on medical devices. This presentation will provide an overview of the weakness patterns and attack scenarios, the ease of exploitation, and prevention tactics. In addition, we will be discussing some of the problems encountered when applying good security practices to a complex healthcare network environment while not impacting patient care and workflow and how some mitigating or compensating controls can work better than others.

Speakers

Fotios Chantzis

Principal Information Security Engineer, Mayo Clinic

Fotios Chantzis is a principal information security engineer at Mayo Clinic, where he manages and conducts technical vulnerability assessments on medical devices and clinical support systems as well as penetretation tests and red team engagements on the network. Fotis has over 10... Read More →

Saturday October 13, 2018 5:00pm - 6:00pm CDT
Floor 3 San Antonio Ballroom

BLUE TEAM, DEFENSE

5:00pm CDT

Cyber Threat Response (CTR) Clinic

Limited Capacity seats available

Cyber Threat Response (CTR) Clinic
Hands on labs - perform attack and defend scenarios - Choose your adventure. CTR was created to teach you WHY certain defense capabilities are critical for preventing a future compromise of your network. Help Mr. Black be attacker using Kali Linux and other tools to exploit systems, infect endpoints with Ransomware and exfiltrate data to be sold on the Darknet. Defend the fictitious hospital using Firewall, IPS, Breach Detection, NetFlow Analytics, SIEM, Access Control and Vulnerability Management. Join the cyber cat and mouse game however, you must bring your own laptop to play! Note: No harm will be done to your system as the entire environment is in an isolated container.

Speakers

Ron Taylor

Sr Security Lab Test Monkey, Cisco

Ron Taylor has been in the Information Security field for almost 20 years. Ten of those years were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in Information Assurance. In 2012, he moved into a position with the Security Research & Operations... Read More →

Saturday October 13, 2018 5:00pm - 6:00pm CDT
Texas Ball Room, Floor 2

BLUE TEAM

5:00pm CDT

Cuckoo Possibilities

Limited Capacity seats available

Cuckoo PossibilitiesRecorded: TrueCuckoo Sandbox is used for malware identification. By implementing easy changes to the Cuckoo software. Static file analysis can be accomplished in under 6 seconds.

Mr. Karl Rasmusen GKRSOFT

Saturday October 13, 2018 5:00pm - 6:00pm CDT
Floor 3 Executive Salon 5

BREAKING CYBER

5:00pm CDT

Common Vulnerabilities in Medical Devices

Limited Capacity seats available

Speakers

Fotios Chantzis

Principal Information Security Engineer, Mayo Clinic

Saturday October 13, 2018 5:00pm - 6:00pm CDT
Floor 3 San Antonio Ballroom

CRITICAL INFRASTRUCTURE, SCADA

5:00pm CDT

Getting started in InfoSec – Advice and Tips

Limited Capacity seats available

Getting started in InfoSec – Advice and Tips Recorded: TrueWhile infosec continues to grow in popularity, it is becoming a common issue of actually getting a job in the field can be difficult for new people to land their first infosec job that is fun and exciting. Therefore, this talk will focus on activities that all new (and even existing) people to infosec should concentrate on to help improve them at an individual level to improve their skillsets. Based on the speaker’s own experience and through observation, helping, and guidance of others who also have joined infosec, the goal is to consolidate this information into how to best improve one’s chance of getting a good job and becoming well respected in their local community.This talk will concentrate on common different levels of when people realize they want to join infosec: straight out of high school, freshman year, sophomore year, junior year, senior year of college, or as a career change. Each of these may have common tasks but will concentrate on how to maximize their time till an estimated first job in infosec that is not an internship. We will go through tips on how to balance a work life, minimizing the feeling of imposter syndrome, minimizing burn out, and how to network (in the people way) without it being a chore. Additionally, there is emphasis on how to get the most out of one’s local resources with a concentration in Texas, specifically San Antonio (but easily expanded to the other major cities).

Dr. Chelsea Hicks Computer Scientist (GG-12), United States Air Force
Cybersecurity lover. Python Enthusiast. Let's learn to hunt smarter, faster, and better!
Research Focus: Information Systems Risk; Network Intrusion Detection Systems; Cyber Attack and Defense
BSidesSATX Social Media and Outreach Coordinator / DC 726 Founding Member / CyberDEF Dojo Secretary. Want to get involved in Cybersecurity? Send me a message and I'll give my advice!
Nationally ranked Penetration Tester (2nd in CIAS Cyber Panoply Fall 2016, 6th in CIAS Cyber Panoply Fall 2017, finalist for the Collegiate Penetration Testing Competition (CPTC)) and nationally ranked Collegiate Cyber Defense Competition (NCCDC) Competitor (Top 8 Spring 2015, ranked 2nd at regionals for 2016-2017)

Saturday October 13, 2018 5:00pm - 6:00pm CDT
Floor 3 Executive Salon 3

CYBER 101

5:00pm CDT

Who Controls the Controllers - Hacking Crestron IoT Automation Systems

Limited Capacity seats available

Who Controls the Controllers - Hacking Crestron IoT Automation SystemsRecorded: TrueCrestron devices are everywhere. This talk is what I found when I audited their products. I found various hidden commands, secret vendor backdoor accounts, and nearly 2 dozen RCE vulns that lead to full root control on their Linux-based platforms. There are 3 live demos to show my various exploits.
While you may not always be aware of them or even have heard of them, Crestron devices are everywhere. They can be found in universities, modern office buildings, sports arenas, and even high-end hotel rooms. If an environment has a lot of audio/video infrastructure, needs to interconnect or automate different IoT and building systems, or just wants the shades to close when the TV is turned on, chances are high that a Crestron device is controlling things from behind the scenes. And as these types of environments become the norm and grow ever more complex, the number of systems that Crestron devices are connected to grows as well. But it is in large part because of this complexity that installing and programming these devices is difficult enough without considering adding security. Instead of being a necessity, it's an extra headache that almost always gets entirely passed over. In this talk, we will take a look at different Crestron devices from a security perspective and discuss the many vulnerabilities and opportunities for fun to be found within. I will demonstrate both documented and undocumented features that can be used to achieve full system compromise and show the need to make securing these systems a priority, instead of an afterthought, in every deployment.

Speakers

Ricky Lawshae

Offensive Security Researcher, Advanced Security Research team at Trend Micro

Mr. Ricky Lawshae Offensive Security Researcher, Advanced Security Research team at Trend MicroRicky "HeadlessZeke" Lawshae is an offensive security researcher for the Advanced Security Research team at Trend Micro. He spends his days breaking interesting things in interesting ways... Read More →

Saturday October 13, 2018 5:00pm - 6:00pm CDT
Floor 3 Executive Salon 2

RED TEAM, TOOLS & TACTICS

6:00pm CDT

Social Cy'Beer Mixer

Limited Capacity seats available

Saturday October 13, 2018 6:00pm - 8:00pm CDT
Texas Ball Room, Floor 2

9:00am CDT

Sunday Keynote

Limited Capacity seats available

Bernie will be talking about the importance of attracting K-12 students to STEM education. He will also cover the component of CyberPatriot.CyberPatriot is the Air Force Association’s National Youth Cyber Education Program, created to motivate students toward careers in cybersecurity and other science, technology, engineering, and mathematics (STEM) disciplines. The program features the National Youth Cyber Defense Competition for high school and middle school students, AFA CyberCamps, an Elementary School Cyber Education Initiative, and a Cyber Education Literature Series

Brig. Gen. Bernie Skoch National Commissioner, CyberPatriot
Brigadier General Bernie Skoch (USAF, Ret.) was named National Commissioner of CyberPatriot, the Air Force Association’s National Youth Cyber Education Program, in 2010. Skoch graduated from the University of Arkansas in 1974 with a bachelor’s degree in industrial engineering. Upon graduation he was commissioned as a second lieutenant in the Air Force. His 29-year Air Force career took him throughout the United States, Europe, Asia, the Pacific, and the Middle East on permanent and temporary duty until retiring at the rank of brigadier general.
Mr. Skoch has more than 20 years of experience in leadership positions developing, managing and implementing communications and information systems for the United States Air Force as well as the Defense Information Systems Agency (DISA). During his time at DISA he served as the Principal Director for Customer Advocacy and also as the Principal Director for Network Services. Within the USAF he served as Director of Mission Systems, Director of Communications Operations, and Director of Chief Information Officer Support where he was responsible for aligning information technology systems with business process improvements. He has developed policies for global telephone, video, radio, voice, data and satellite systems. Before joining CyberPatriot, Skoch was a consultant in the cyber and IT industry.

Speakers

Brigadier General Bernie Skoch

National Commissioner of CyberPatriot, USAF, Ret.

Brigadier General Bernie Skoch (USAF, Ret.) was named National Commissioner of CyberPatriot, the Air Force Association’s National Youth Cyber Education Program, in 2010. Skoch graduated from the University of Arkansas in 1974 with a bachelor’s degree in industrial engineering... Read More →

Sunday October 14, 2018 9:00am - 9:30am CDT
Texas Ball Room, Floor 2

KEYNOTE, SPECIAL GUEST

9:30am CDT

Hunting and gathering your credentials

Limited Capacity seats available

A look at common and not so common ways of gaining access to your passwords and other sensitive dataCredential theft is an important factor when determining the cause and effect of data breaches. While there are several defensive and offensive frameworks that discuss gathering credentials during different stages of an incident, there are still many methods of gathering credentials that very few people (if any) talk about. The better-known methods (phishing, password spraying, LLMNR/NTB-NS poisoning, Kerberoasting, Extracting from LSASS) are still very effective, but are often looked for, detected, or adequately mitigated. These well-known methods will be briefly discussed, but the majority talk will focus on other, lesser-known methods. These methods include:

Indirect password guessing – Determining passwords through error messages MFA half guessing – Determining the password part of MFA to reuse somewhere else Guessing answers to security questions for password resets Searching the file system for sensitive info – What to look for? Dealing with encrypted files Stealing passwords from password managers

Each of these methods will be discussed in depth, and will focus on work conducted on networks that were primarily Windows-centric (although the techniques can be applied to other areas). Each method will include plenty of screenshots, occasional pre-recorded demos, and functioning code to demonstrate the concepts discussed.

Speakers

Jake Miller

Penetration Tester, Jacobs

Mr. Jake Miller Jacobs Engineering GroupJake Miller is a penetration tester for Jacobs Engineering Group, primarily focusing on web application and network security. Prior to penetration testing, he was a Security Controls Assessor, a SOC analyst, and a Navy Submariner. He blogs about... Read More →

Sunday October 14, 2018 9:30am - 10:30am CDT
Floor 3 Executive Salon 4

BLUE TEAM, DEFENSE

9:30am CDT

Responding & Recovering from a Business Email Compromise

Limited Capacity seats available

Business email compromises have been all the rage for incident responders in 2018, but what is it really and why are they so successful. In this session, we will display the anatomy of a business email compromise, where they are most successful, and where organizations are beginning to turn with regards to hoping they don't happen again, and the answer is that its not a technical problem. We address the people aspect and what human behaviors can be identified and modified to understand who is the most likely target.

Speakers

William Dixon

Associate Managing Director, Kroll

Mr. William Dixon Associate Managing Director, Kroll’s Cyber SecurityWilliam Dixon is an Associate Managing Director in Kroll’s Cyber Security and Investigations practice in the Los Angeles office. He lead’s Kroll’s proactive and incident response services for clients in... Read More →

Sunday October 14, 2018 9:30am - 10:30am CDT
Floor 3 Executive Salon 5

BREAKING CYBER

9:30am CDT

IOT Home device under attack. Or how to scare a cat over udp.

Limited Capacity seats available

Smart devices that you can control with a smartphone from any part the world become more common. The speakers discovered vulnerabilities in a robotic vacuum cleaner,and cameras of same manufacturer, which surprisingly allowed arbitrary code execution. They also found flaws in IP cameras from a supplier of collateral equipment for this vacuum cleaner. Remote code execution allows hacker run at your vacuum cleaner reverse socks proxy,and software that could be used for sniffing traffic and much more. We will show, how deep the rabbit security hole.

Sunday October 14, 2018 9:30am - 10:30am CDT
Floor 3 San Antonio Ballroom

CRITICAL INFRASTRUCTURE, SCADA

9:30am CDT

Everything of Nothing: A True Cybercrime Story

Limited Capacity seats available

Learn how a digital forensics investigation turned into a race to uncover a cybercriminal organization that spanned across three continents responsible for the theft of over USD 150 million. We will examine in detail how digital forensics was used to piece together email evidence, Darknet marketplace identities, Bitcoin wallet addresses, and a crime racketeering plot that took advantage of innocent individuals, stealing from their money and dignitity. Lastly, the talk will explore offensive "hack back" techniques that were used to the track the indviduals by bypassing traditional security defenses and using social engineering skills to gain their trust and uncover their true identities.

Speakers

Aamir Lakhani

Senior Security Researcher, FortiGuard Labs

Sunday October 14, 2018 9:30am - 10:30am CDT
Floor 3 Executive Salon 3

CYBER 101

9:30am CDT

Pacu: Attack and Post-Exploitation in AWS?

Limited Capacity seats available

Cloud infrastructure security and configuration has been shown to be a difficult task to master. Sysadmins and developers with years of traditional IT experience are now being pushed to the cloud, where there is a whole new set of rules. This is what makes AWS environments particularly exciting to attack as a penetration tester. Best practices are often overlooked or ignored, which can leave gaps throughout an AWS environment that are ripe for exploitation
With an increasing number of breaches leaking AWS secret keys, companies are working to be proactive and are looking for red-team-like post exploitation penetration tests, so that they can be sure that their client data is as safe as possible post-breach.
Due to this need and the lack of AWS specific attack tools, I wrote Pacu, a modular, open source Amazon Web Services post exploitation attack tool created and used for Rhino Security Labs pentests.
In this talk I will cover how red teamers can use Pacu to simulate real-world attack scenarios against AWS environments, starting from information gathering, through exploitation, privilege escalation, data exfiltration and even providing reporting documentation. It will be released as an open source project to encourage collaboration and discussion of different AWS attack techniques and methodologies with both attackers and defenders. This way, both myself and the community can contribute new modules to expand the functionality and usefulness of Pacu continuously.

Speakers

Spencer Gietzen

Software Developer, Star Lab

Mr. Spencer Gietzen Software Developer, Star Lab With a background in software development, Spencer Gietzen is a penetration tester with Rhino Security Labs. His primary focus as a penetration tester is security relating to Amazon Web Services post exploitation and configuration... Read More →

Sunday October 14, 2018 9:30am - 10:30am CDT
Floor 3 Executive Salon 2

RED TEAM, TOOLS & TACTICS

10:30am CDT

Enhancing SOC by using feedback loops

Limited Capacity seats available

Mr. Joseph Zadeh Director of Data Science, JASK
Joseph Zadeh studied mathematics in college and received a BS from University California, Riverside and an MS and PhD from Purdue University. While in college, he worked in a Network Operation Center focused on security and network performance baselines and during that time he spoke at DEFCON and Torcon security conferences. Most recently he joined JASK as Director of Data Science. Previously, Joseph was part of Splunk UBA and the data science consulting team at Greenplum/Pivotal helping focused on Cyber Security analytics and also part of Kaiser Permanentes first Cyber Security R&D team.

Mr. Rod Soto Director of Security Research, JASK
Rod Sotohas over 15 years of experience in information technology and security. Currently working as a Director of Security Research at JASK. He has spoken at ISSA, ISC2, OWASP, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las Vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll/NoQRTR competitive hacking Tournament series.

Speakers

Rod Soto

Director of Security Research,, JASK

Mr. Rod Soto Director of Security Research, JASKRod Sotohas over 15 years of experience in information technology and security. Currently working as a Director of Security Research at JASK. He has spoken at ISSA, ISC2, OWASP, DEFCON, Hackmiami, Bsides and also been featured in Rolling... Read More →

Joseph Zadeh

VP of Products, Siege Technologies LLC

Mr. Joseph Zadeh Director of Data Science, JASKJoseph Zadeh studied mathematics in college and received a BS from University California, Riverside and an MS and PhD from Purdue University. While in college, he worked in a Network Operation Center focused on security and network performance... Read More →

Sunday October 14, 2018 10:30am - 11:30am CDT
Floor 3 Executive Salon 4

BLUE TEAM, DEFENSE

10:30am CDT

Quality Root Cause Analysis for Security Breaches

Limited Capacity seats available

The purpose of this session is to explore the issues with RCA quality, to better learn from security breaches. A model is presented to show how Environment, Person, Process lead to RCA quality. In each of these three areas, issues are presented that inhibit RCA quality, especially with security breaches. How management security levels are applied to these three areas will be discussed. Also, an indication of unreliable/incorrect RCA results will be explained.

Speakers

Garry White

Associate Professor, Texas State Univeristy

Mr. Garry White Associate Professor, Texas State University, San MarcosGarry White is an Associate Professor in the Computer Information Systems department at Texas State University in San Marcos, Texas. He holds a MS in Computer Sciences from Texas A & M University – Corpus Christi... Read More →

Sunday October 14, 2018 10:30am - 11:30am CDT
Floor 3 Executive Salon 5

BREAKING CYBER

10:30am CDT

Evasions -Who needs Zero days ?

Limited Capacity seats available

Virtually every organizations have deployed network security devices on perimeter or out of band to protect against adversaries. These devices typically act as the first line of defense against attacks by adversaries.However, these network devices are extremely inadequate to protect against trivial attacks, let alone any advanced or zero day attack.In this talk we will demonstrate how it is possible to take a existing exploit attack that has been known to be protected against by these devices, apply different HTTP evasion techniques and make these device invisible to the attacks.These categories of the attacks will make any exploit delivered via HTTP protocol blind to the network appliances. We will be talking about different evasion techniques that can be developed against these appliance and also the best practice that can be utilized to remediate these attacks. Next time, you buy any expensive Next Generation Firewall or Intrusion Prevention system, make sure these devices can handle different evasion technique that we demonstrate.

Speakers

Jayendra Pathak

Chief Architect, NSS Labs

Jayendra Pathak Chief Architect and Head of offensive security research, NSS Labs With over 10 years of experience in security research and building scalable solutions, Jayendra brings a wealth of experience in properly testing Security solutions.Jayendra has Presented at various... Read More →

Ty Smith

Senior Director of Offensive security research, NSS Labs

Mr. Ty Smith Senior Director of Offensive security research, NSS LabsTy Smith is Senior Director of Offensive security research at NSS Labs.With over 15 years of experience working as Network Security Architect,Test engineer and most recently as Offensive security researcher, Ty... Read More →

Sunday October 14, 2018 10:30am - 11:30am CDT
Floor 3 Executive Salon 2

RED TEAM, TOOLS & TACTICS

10:30am CDT

Threat Hunting on ICS Networks

Limited Capacity seats available

Hands on Threat Hunting and Analysis of attacks on Industrial Control Networks.

Mr. Dan Gunter Principal Threat Analyst, Dragos, Inc.
Dan Gunter is a Principal Threat Analyst at the industrial cyber security company Dragos, Inc. where he discovers, analyzes and neutralizes threats inside of ICS/SCADA networks. In this capacity, he performs threat hunting, incident response, and malware analysis mission for the industrial community. Previous to his role at Dragos, Dan served in a variety of Information Security roles as a Cyber Warfare Officer in the United States Air Force with duties ranging from Incident Response at the Air Force Computer Emergency Response Team to developing innovative capabilities for multiple Department of Defense partners. Dan has over 12 years' experience and has obtained the CISSP, GIAC GSEC, EC Council CEH and CompTIA Security+ certifications. He also holds a Bachelor of Science in Computer Science from Baylor University and a Master of Science in Computer Science from the University of Louisville. Dan previously presented at Blackhat and Shmoocon.

Speakers

Dan Gunter

Principal Threat Analyst, Dragos, Inc.

Sunday October 14, 2018 10:30am - 12:30pm CDT
Floor 3 San Antonio Ballroom

CRITICAL INFRASTRUCTURE, SCADA

11:30am CDT

Feed Me SIEM More! Datasource of Horrors

Limited Capacity seats available

SIEMs are instrumental in most large organizations. Most cyber defenders are at the mercy of the vendor to create parsers or connectors to work with their centralized cyber management tools (SIEMs or other solutions). What if there was another way and you had the knowledge to at least try? This will cover creating your own solutions to get data needed. Traditional and non-traditional datasources will be explored.

Speakers

James Boyd

Principal Cyber Security Architect,, Pinnacle Technology Partners

Mr. James Boyd Principal Cyber Security Architect, Pinnacle Technology PartnersSince the age of 13, James Boyd has been hacking. He started with making his C-64 do things it wasn't supposed to do, replace little flipping guys with Mario in the game Kung-Fu Master using a hex editor... Read More →

Sunday October 14, 2018 11:30am - 12:30pm CDT
Floor 3 Executive Salon 4

BLUE TEAM, DEFENSE

11:30am CDT

Exploring API Usage for Credential Abuse and Automated Attacks

Limited Capacity seats available

Akamai research shows that 25% of all web transactions on the web today are API calls, and we expect this to continue to increase rapidly. Part of this growth can be attributed to the proliferation of mobile applications, the need to integrate applications and devices with remote systems, and the heavy abuse by threat actors using BOTs to automate their manual processes. From credential stuffing and ATO (Account Take Over) attacks to commerce sales fraud (Sniper Bots) the attackers know APIs are often overlooked, thus ripe for attack. In this sessions we’ll discuss API attack trends, deserialization vulnerabilities, and some of the main shortcomings of web security blue team techniques when it comes to inspecting and protecting web and mobile APIs.

Speakers

Tony Lauro

Director of Technology & Security Strategy,, Akamai Technologies

Mr. Tony Lauro Director of Technology & Security Strategy, Akamai TechnologiesTony Lauro is Director of Technology & Security Strategy for Akamai Technologies. With over 20 years of Information Security industry experience Tony has worked with Akamai’s top global clients to provide... Read More →

Sunday October 14, 2018 11:30am - 12:30pm CDT
Floor 3 Executive Salon 5

BREAKING CYBER

11:30am CDT

Containers: What you need to know - now

Limited Capacity seats available

The number one question that someone starting out with container technology always seems to have is "Where do I get started?" While this appears to be a simple question for some, as the quick responses are "Read the docs" or "What questions do you have?" What happens, though, when the docs look like they were written in Greek and you didn't manage to take that one Greek language elective in high school? Or you simply just don't know enough to know what you should be asking?
If you have found yourself in this situation, this is the perfect talk to attend. We will go over the basics of container technology by answering the basic questions: who, what, when, where and why.

Speakers

Ell Marquez

Community Architect, Linux Academy

In the last five years Ell has been a Linux Admin, OpenStack Trainer, and Container Technical Evangelist before tackling the role of Community architect at Linux Academy and Jupiter Broadcasting. This role requires wearing many hats but the most important is to spread the message... Read More →

Sunday October 14, 2018 11:30am - 12:30pm CDT
Floor 3 Executive Salon 3

CYBER 101

11:30am CDT

Musings of a Former TAO Developer

Limited Capacity seats available

Two years ago, I left a fulltime career at NSA, where I worked in TAO as a software developer to produce foreign intelligence, defend our infrastructure, and exploit nation states. When I entered the private sector, I noticed some glaring problems in the cyber security industry. In particular, the defense side is really struggling to keep their heads above water. The main points of the talk focus on the talent gap, the overwhelming number and complexity of defensive tools, and the lack of support for network defenders. Fundamentally, the industry is struggling because, at its core, the defensive techniques and focus have not changed; while adversary goals, expectations, and tactics adjust and pivot around the color-by-number defense approach to network security. All is not lost. The defenders own the battlefield and through proper instrumentation and preparedness, realistic and resilient detection and containment are attainable.

Speakers

Rob Noeth

CTO, Level Effect, LLC

Mr. Rob Noeth CTO, Level EffectNine years of experience within the U.S. Intelligence Community as a network security researcher and software engineer. Rob got to observe APTs (Advanced Persistent Threats) and nation state actors from the front row seats, making him a subject matter... Read More →

Sunday October 14, 2018 11:30am - 12:30pm CDT
Floor 3 Executive Salon 2

RED TEAM, TOOLS & TACTICS

12:30pm CDT

Perched Upon a ROCK

Limited Capacity seats available

Gaining visibility and insight into what's actually happening on your network is becoming more and more critical. I'm here to tell you this is all possible using a free and open source Network Security Monitoring platform that is secure, RockNSM. Live traffic analysis is a resource intensive operation and that's why ROCK contains only the tools you need, giving the ability to scale.
This presentation will be delivered in 2 parts: first an overview of history, problem to solve, architecture, and tools of the sensor platform RockNSM. I will *briefly* cover the open source IR collaboration suite CAPES and how real world missions shaped this workflow toolkit in partner with ROCK. Main ROCK points covered:

passive operations
secure platform
resource efficient
production ready
2.1 release updat

The second half will be a locally hosted live demonstration of a guided hunt exercise using replayed PCAP.

Speakers

Jason "Red" Thomas

RedKnight

Sunday October 14, 2018 12:30pm - 1:00pm CDT
Floor 3 Executive Salon 4

BLUE TEAM, DEFENSE

12:30pm CDT

Investigation's Should Change Our Mind Set

Limited Capacity seats available

Does this alert warrant an investigation? What may seem like benign or normal traffic can be your worst nightmare. Maybe it's an APT doing some type of DNS C2 or maybe it's a malicious piece of JavaScript on a web page. What if the script/file/data is obfuscated? As an Analyst how would we approach this? Would we simply follow the same cut and dry analysis that we follow for every investigation? Join me on a journey through the ups and downs of dealing with this type of investigation, and how changing our thought processes and mind set can lead us to better identify nefarious actions.

Speakers

Samuel Kimmons

Adversary Emulation Lead

Adversary Emulation and training some of the best defenders in the world.

Sunday October 14, 2018 12:30pm - 1:30pm CDT
Floor 3 Executive Salon 5

BREAKING CYBER

12:30pm CDT

OT vs. IT: Why the differences matter

Limited Capacity seats available

Wm. Arthur Conklin, PhD Associate Professor and Director of the Center for Information Security Research and Education, College of Technology at the University of Houston
Wm. Arthur Conklin, PhD is an Associate Professor and Director of the Center for Information Security Research and Education in the College of Technology at the University of Houston. He holds numerous security certifications, including Security+, CISSP, CSSLP, CRISC, DFCP, GICSP, GRID, GCIP, GCIA, GCFA, CASP, and CSDP certifications. An ISSA Fellow, he is also a senior member of ASQ, IEEE and ACM. His research interests include the use of systems theory to explore information security, specifically in Cyber Physical Systems and critical infrastructures. He has co-authored six security books and numerous academic articles associated with information security. He is active in the NSA/DHS Centers of Academic Excellence in Cyber Defense Education program, creating the Center at UH. He is chair of the Steering Committee for the DHS sponsored Industrial Control Systems Joint Working Group (ICSJWG) , a group associated with cybersecurity aspects of industrial control systems. He has an extensive background in secure coding and is a former co-chair of the DHS/DoD Software Assurance Forum working group for workforce education, training and development.
Close

October 12, 2018October 13, 2018October 14, 2018Career Fair

Speakers

Arthur Conklin

Associate Professor and Director of the Center for Information Security Research and Education, College of Technology at the University of Houston

Wm. Arthur Conklin, PhD Associate Professor and Director of the Center for Information Security Research and Education, College of Technology at the University of HoustonWm. Arthur Conklin, PhD is an Associate Professor and Director of the Center for Information Security Research... Read More →

Sunday October 14, 2018 12:30pm - 1:30pm CDT
Floor 3 Executive Salon 2

CRITICAL INFRASTRUCTURE, SCADA

12:30pm CDT

Rise of the Red Team Machines

Limited Capacity seats available

It is important to identify vulnerabilities to cybersecurity attacks, especially with the rise of machine learning — a vicious form of automated hacking that can prove catastrophic. Red Teaming imitates hacking & tests defenses to identify vulnerabilities. You must use machine learning to keep up! This presentation will help attendees understand how artificial intelligence (AI) and machine learning are being used maliciously. It will emphasize the increasing need for AI and machine learning to be used in defensive cybersecurity activities in order to counter the growing threats to businesses and individuals. Specifically, Red Teaming is a new form of defense that puts safety mechanisms to the test by simulating real hackers and other threats. By using AI and machine learning in Red Teaming, defensive AI will be able to more quickly learn the best responses to malicious AI and keep up with its ever-evolving evil tactics.

Speakers

Bret Piatt

President, Chief Executive Officer and Chairman of the Board, Jungle Disk

Mr. Bret Piatt President, Chief Executive Officer and Chairman of the Board, Jungle Disk Bret Piatt leads Jungle Disk as the President, Chief Executive Officer, and Chairman of the Board. Prior to Jungle Disk, he led a SaaS business unit for Rackspace serving over 75,000 small businesses... Read More →

Sunday October 14, 2018 12:30pm - 1:30pm CDT
Floor 3 Executive Salon 3

CYBER 101

12:30pm CDT

Hacking the Middle East

Limited Capacity seats available

This talk is focused on real world hacking in the Middle East from 2015-2018. We will discuss the data, my research methods, analysis, trends, reporting, prioritization, and go over several examples from the field.

Speakers

Daniel Wolfford

General Manager, Advanced Analysis LLC

Mr. Daniel Wolfford Founder and General Manager, Advanced Analysis DWC-LLCCurrent AdvancedAnalysis Founder and General ManagerFormer AFCERT Intel NCOICFormer CyberPoint SMEFormer DarkMatter Intel Director

Sunday October 14, 2018 12:30pm - 1:30pm CDT
Floor 3 San Antonio Ballroom

RED TEAM, TOOLS & TACTICS

1:30pm CDT

Closing Ceremony - Awards

Limited Capacity seats available

Closing Ceremony and awards

Speakers

Joseph Mlodzianowski

Founder, Texas Cyber Summit

Sunday October 14, 2018 1:30pm - 2:30pm CDT
Texas Ball Room, Floor 2

KEYNOTE