The Secure Legends GameDay experience provides an interactive learning exercise for security professionals to develop practical skills for protecting cloud environments. We will explore real-world security scenarios that might include compromised credentials, data leaks, instance breaches, infrastructure attacks, and vulnerable CI/CD pipelines.
During this session, we’ll solve one of the challenges together in realtime and I’ll explain the mitigation tactics as you work in your own environments. No cloud environments needed, no cloud bill to pay at the end, and no sign up necessary! You’ll get temporary access to a real environment where you can actually build.
As an added bonus, you’ll also get to walk away with limited-time access to that cloud account and to additional challenges you can solve after the session!
I've spent the past 10+ years working on or helping people work on software. I was also a professional educator previously in my career, so I have a particular passion for helping people more easily understand difficult concepts. I currently work at AWS, and I'm focused on helping... Read More →
Physical security is crucial to any organization; however, physical security sometimes takes a back seat. Many companies still maintain a physical office presence, and protecting employees working from the office, along with other critical assets is vitally important as protecting networks. An attacker gaining access into a building through social engineering or other means of physical entry could jeopardize those critical assets and employee’s safety. Attackers may access unattended workstations, open file cabinets, server rooms, or other information inside the organization. Skilled attackers may only need a few moments to slip into a building and plant a remote access device on the network without anyone noticing they were in the building.
Ariyan Bakhti-Suroosh is a senior security consultant on the Attack and Penetration team under Optiv’s Threat Management divison. Ariyan has a diverse background in information technology caused by an exigent curiosity for how things work. Ariyan has over 5 years of experience in... Read More →
You know that little box in the corner of your house doing all the heavy lifting required to connect you (and, now that everyone is working from home, your company) with the rest of the world? Yeah, that one. It’s no secret that these things are oftentimes security nightmares for consumers, but have ISPs or the various networking vendors improved things over the years, or are they still just as terrible as we all think they are?
Over the last few years, we’ve done a deep dive into many of these devices to see what makes them tick and evaluate the risks posed to consumers. In this talk, we’ll provide a rapid fire assessment of a handful of these devices, showcase the commonalities between flaws discovered, shed some light on behind-the-scenes supply chain issues plaguing this industry, and discuss where we see things going from here.
Evan is based out of Halifax, Nova Scotia and works as a Security Researcher at Tenable. He got his start in infosec working with the Canadian Forces Reserves, and has been hooked ever since. Outside of work, he occasionally tries to climb rocks, at which he is definitely worse than... Read More →
Jimi Sebree is security researcher on Tenable’s Research team. With a strong background in software engineering and security, he bounces between research disciplines in an effort to appear knowledgeable about a variety of topics. Occasionally he succeeds in tricking someone into... Read More →
Gain insight into the evolving landscape of cybersecurity in the age of AI Generated Content. From defending against multi-vector cyber attacks to empowering your workforce through AI-powered cybersecurity awareness, Defending Against the Deep delves into the intricacies of Generative AI. Together, we will look at case studies, a technical demonstration of current capabilities, keys for leveling up your workforce, and an opportunity to test your ability to recognize AI Generated Content. In this talk, explore how the same technology used for malicious intent can be harnessed for good, offering innovative solutions to safeguard enterprise environments.
Tucker currently leads emerging technology initiatives at MAXX Potential, expanding capabilities and coaching others to build careers in technology.He is a lifelong learner with a passion for all things Technology, and loves to share his ever-evolving knowledge on the subject. When... Read More →
This workshop that introduces the techniques used in Improv Comedy and applies them to skills used in the OFFSEC field to enable the participants to better communicate, think on their feet, and gain confidence when operating in the unknown.
Ross Merritt is a U.S. Marine Corps Veteran, Former Private Investigator, Performing Comedian, and a Cyber Security Consultant at Blue Bastion specializing in Social Engineering and OSINT.
There is a huge gap in security and that gap is understanding the process for acquiring security tools. After buying security tools as an architect and selling as a sales engineer I know the process, pitfalls and gaps in the process. We will dive into the process for both sides. You will learn how you should be architecting your program and winning budget for those tools. We will also explore what happens on the sales side of deal. I will explain what to look out for and what you can take advantage of and the common mistakes we make.
Sales people are top tier social engineers we will explore how to hack them.
Hacker, BJJ enthusiast, world traveler and surfer. I am a giant weirdo who somehow found my niche in offensive security. I have been blessed getting to build AppSec programs for companies like 1Password and Red Canary. I have an extremely diverse background and hope I can relate and... Read More →
Get ready for a wild ride as Jennifer Shannon, a Senior Security Consultant at Secure Ideas, takes the stage to present "API-ocalypse" In this thrilling and entertaining session, Jennifer will showcase the vulnerabilities lurking within APIs and the havoc they can wreak if left unaddressed. Through live pentesting demos, she will demonstrate jaw-dropping exploits, mind-bending injection attacks, and authentication bypass techniques that will leave you on the edge of your seat. Join Jennifer as she navigates the dark side of API’s to help you understand and fortify your attack surface in order to prevent the impending API-ocalypse.
Jennifer Shannon is a Senior Security Consultant at Secure Ideas with a background in malware analysis, penetration testing, and training. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst where she showed an aptitude for both penetration... Read More →
