This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Technical [clear filter]
Thursday, June 8


Maintainability + Security = <3
The security and devops culture craze is all around us, even with all this talk though there are differences between security features and the maintainability of a system. This talk will focus on some real world examples of what can go wrong when a system isn't built with maintainability in mind in a security minded culture. We will cover the political positioning battles that emerge, how security leaders can manage risk in these situations, and of course the technical challenges that creep into the picture over time.

avatar for Robert Wood

Robert Wood

Head of Trust and Security, Nuna
Robert Wood runs the trust and security team at Nuna, whose core directive is to protect one of the nation's largest collective healthcare data sets. Previously, Robert was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with... Read More →

Thursday June 8, 2017 11:00am - 11:50am
Richmond Salons


Best Practices for Securing the Hybrid Cloud
Cloud has enabled applications and infrastructure to move at a pace not seen before. Organizations are faces with options to invest in and enhance their physical data centers to deploy SDN and build private clouds. Alternatively, many companies are choosing to migrate these applications in to the Cloud. Public Cloud options for Infrastructure as a Service and or Platform as service exist, but there exists a shared responsibility for security in either of those scenarios. Come learn strategies, design templates and best practices on how to secure applications through automation & orchestrations, making security as a integral part of the cloud and SDN deployments.

avatar for Greg Pepper

Greg Pepper

Head of Data Center & Cloud Architects, Check Point Software Technology
Greg Pepper has been an IT professional for 15+ years with expertise in Security, Networking & Cloud Computing. Initially working for Sony Online Entertainment, PriceWaterhouse Coopers & Organic, Greg has spent the last 15 years working for Cisco & Check Point helping customers... Read More →

Thursday June 8, 2017 1:00pm - 1:50pm
Richmond Salons


Invoke-CradleCrafter: Moar PowerShell obFUsk8tion & Detection (@('Tech','niques') -Join '')
PowerShell is increasingly being used by advanced attackers and script kiddies alike in targeted attacks, commodity malware, and even ransomware. The most common usage involves PowerShell remotely downloading and running payloads entirely in memory, rendering many traditional detection mechanisms useless.

Detection has increasingly shifted to monitoring for this malicious activity via process command line arguments and parent-child process relationships. While this is a significant improvement there are numerous evasion techniques of which the Red Team and Blue Team should be aware.

For the past 1.5 years I have researched PowerShell obfuscation, evasion and advanced detection techniques. Picking up from where I left off in my recent presentations on Invoke-Obfuscation, in this presentation I will highlight my new tool Invoke-CradleCrafter. Additionally, I will introduce a new family of PowerShell obfuscation techniques and show how they can be applied to several new and obscure families of remote download cradles.

avatar for Daniel Bohannon

Daniel Bohannon

Senior Incident Response Consultant, MANDIANT, A FireEye Company
Daniel Bohannon is a Senior Incident Response Consultant at MANDIANT with over six years of operations and information security experience. His particular areas of expertise include enterprise-wide incident response investigations, host-based security monitoring, data aggregation... Read More →

Thursday June 8, 2017 2:00pm - 2:50pm
Richmond Salons


AWS Survival Guide 2.0
In this talk, we discuss harnessing existing AWS functionality to strengthen your organization's AWS infrastructure against practical attacks. Ken will show you what attackers are looking for, how they are finding you, and how to secure your environment. Additionally, attendees will be given code that assists those using AWS in better understanding how their environment's IAM policies are configured and automate tasks like S3 bucket policy review, volume encryption statuses, and security group configurations.

avatar for Ken Johnson

Ken Johnson

CTO, nVisium
Ken Johnson, CTO of nVisium, has been hacking web applications professionally for 8 years. Ken is both a breaker and builder and currently leads the nVisium product team. Previously, Ken has spoken at DerbyCon, AppSec USA, RSA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events. Ken is currently investing his time between... Read More →

Thursday June 8, 2017 3:00pm - 3:50pm
Richmond Salons


TIP of the Spear: A Threat Intelligence Platform Acquisition
Military organizations have long known of the value of intelligence, but commercial entities only realized its importance in the last five years. Cyber Threat Intelligence (CTI) recently became a priority for the average commercial company who now requires a threat intelligence analysis capability. Are you a security-geek like Jason Wonn who was recently hired to provide that world-class CTI program for your company with very little time and an even smaller budget? …Good luck with that! Jason can’t present that solution in an hour, but he will guide you through the process to evaluate a Threat Intelligence Platform (TIP) and discuss how he made the metrics meaningful to the executives. In this talk, discover the benefits of employing a TIP and the technical evaluation of a TIP through requirements development to ensure it is measurable and meaningful to your leadership.

avatar for Jay Wonn

Jay Wonn

Mr, The Walt Disney Company
Jason Wonn is a tactical and results-focused information security leader with 25+ years of combined national intelligence, information assurance, and cyber threat intelligence expertise throughout the civilian and military sectors. Jason was a “Richmonder” prior to his cross-country move to Los Angeles where he is now a... Read More →

Thursday June 8, 2017 4:00pm - 4:50pm
Richmond Salons
Friday, June 9


Recent Developments in Linkography Based Cyber Security
Cyber attacks on critical cyber systems are not decreasing in frequency or complexity. Aggressors choose the time and place of these engagements; protectors must identify, research and develop defensive techniques that provide an asymmetric advantage. A static, data-driven, preventative, automated defense is a losing strategy; an effective defense must be dynamic, behavioral, responsive and capitalize on a human in the loop. We propose human and machine performed linkography to detect, correlate, attribute and predict attacker behavior and present a moving, deceptive target. Recently, our team generated a technology transfer strategy for linkography based cyber security, proposed algorithms to extract and refine linkograph ontologies and subsessionize our input stream and completed our previous related machine learning work. Linkography has been in the literature for decades, and our investigation indicates it is an open, fertile topic for basic and applied cyber security research.

avatar for Robert Mitchell

Robert Mitchell

Member of Technical Staff, Sandia National Laboratories
Robert Mitchell is currently a member of technical staff at Sandia National Laboratories. He received his Ph.D, M.S. and B.S. from Virginia Tech. Robert served as a military officer for six years and has over 10 years of industry experience, having worked previously at Boeing, BA... Read More →

Friday June 9, 2017 10:10am - 11:00am
Richmond Salons


Retailing Another Threat Landscape Story
Over the last several years, retail breaches have become some of the highest profile stories, but just like any other vertical target, the day-to-day offense and defense continues to evolve. The ebbs and flows of attackers and defenders don't always make the news, which is a good thing, but what does the daily routine look like on the retail front? And, why should you care? You should care because at some level or another, we are the potential defenders, or consumers of these organizations, and retail has now become part of the modern attacker infrastructure. 

avatar for Dan Holden

Dan Holden

CTO & Intelligence Director, R-CISC
Dan Holden is the CTO and Intelligence Director at R-CISC, the retail ISAC, where he focuses on new technology and service development as well as threat intelligence production and exchange. Previously he was the Chief Technology Strategist and Director of ASERT, Arbor's Security... Read More →

Friday June 9, 2017 11:10am - 12:00pm
Richmond Salons


RoboCop- Bringing law and order to CICD
In the movie, RoboCop is given three primary directives: "Serve the public trust, Protect the innocent, and Uphold the law". We built our own RoboCop in order to bring law and order to our CICD pipeline. DevOps practices are all about enabling fast and frequent delivery of new software. In order to keep pace in a DevOps culture, application security must be reliably integrated into the CICD pipeline.

In this talk, I will show how our small AppSec team combined automated tools along with human oversight in order to achieve our directives at scale, while winning the hearts and minds of our development teams.

avatar for Troy Marshall

Troy Marshall

Director, Application Security and Reliability, Ellucian
How do you answer when someone asks what you do for a living? Troy Marshall’s answer—“I don't make software, I make software better”—explains his career helping organizations build and scale programs to improve the quality, security, and performance of their software an... Read More →

Friday June 9, 2017 2:00pm - 2:50pm
Richmond Salons


Poor Man’s Spy vs. Spy - Analysis of Red Team Attack Techniques by Blue Team Forensicators
How advanced are the cyber attack techniques that are all over the news these days? Could you detect a determined attacker that gains a foothold in your network with open source host and network based monitoring tools? This talk will walk through an attack modeled after real world attacker techniques and show how you can detect and respond using custom and open source resources.

avatar for Derek Banks

Derek Banks

Security Analyst, Black Hills Information Security
Derek Banks is a Security Analyst for Black Hills Information Security and has over 20 years of experience in the IT industry as a systems administrator for multiple operating system platforms, monitoring and defending enterprise systems from potential intruders, vulnerability an... Read More →
avatar for Troy Wojewoda

Troy Wojewoda

Troy Wojewoda has been in the information security industry for over 10 years working in a wide array of roles such as application and system administration, network intrusion detection, wireless security, host and network digital forensics and incident response. Today, he leads... Read More →

Friday June 9, 2017 3:00pm - 4:00pm