The Secure Legends GameDay experience provides an interactive learning exercise for security professionals to develop practical skills for protecting cloud environments. We will explore real-world security scenarios that might include compromised credentials, data leaks, instance breaches, infrastructure attacks, and vulnerable CI/CD pipelines.
During this session, we’ll solve one of the challenges together in realtime and I’ll explain the mitigation tactics as you work in your own environments. No cloud environments needed, no cloud bill to pay at the end, and no sign up necessary! You’ll get temporary access to a real environment where you can actually build.
As an added bonus, you’ll also get to walk away with limited-time access to that cloud account and to additional challenges you can solve after the session!
I've spent the past 10+ years working on or helping people work on software. I was also a professional educator previously in my career, so I have a particular passion for helping people more easily understand difficult concepts. I currently work at AWS, and I'm focused on helping... Read More →
Physical security is crucial to any organization; however, physical security sometimes takes a back seat. Many companies still maintain a physical office presence, and protecting employees working from the office, along with other critical assets is vitally important as protecting networks. An attacker gaining access into a building through social engineering or other means of physical entry could jeopardize those critical assets and employee’s safety. Attackers may access unattended workstations, open file cabinets, server rooms, or other information inside the organization. Skilled attackers may only need a few moments to slip into a building and plant a remote access device on the network without anyone noticing they were in the building.
Ariyan Bakhti-Suroosh is a senior security consultant on the Attack and Penetration team under Optiv’s Threat Management divison. Ariyan has a diverse background in information technology caused by an exigent curiosity for how things work. Ariyan has over 5 years of experience in... Read More →
Application Security is the most oft-ignored, yet critically vulnerable attack vector in many businesses today. Development teams are encouraged to create new features first and foremost, at the expense of fixing vulnerabilities. It’s not until a breach or an audit finding when they pay attention to patching security holes.
So how does a thoughtful CISO get in front of this?
Application security has to exist across the application lifecycle. DevSecOps is the philosophy of imbuing proper security controls at every stage of the Software Development Lifecycle (SDLC). This session will introduce you to core DevSecOps concepts so you can bring them back to your company and make some proactive changes to “drive defects left” and reduce the risk of a catastrophic security breach in your applications
Steve is an experienced computer systems and security architect with a passion for standards-based security and compliance; cloud computing; and DevSecOps. He brings over a decade of experience in the defense industry, working for multiple federal defense contractors, and has directly... Read More →
Impostor syndrome is a psychological phenomenon that makes you feel like a fraud, despite your achievements and qualifications. It can affect your confidence, performance, and well-being. In this talk, We will discuss Impostor Syndrome and I will share my Infosec journey and how I’ve worked on minimizing the effects of Impostor Syndrome over the course of my career. I will go into detail about the concept of the Hacker Grimoire and how it and a focus on documentation in general helped me to challenge my Impostor Syndrome. Additionally, We’ll take a peek into my Hacker Grimoire and also give you tips on how to get started with your own.
Ever since he blew a capacitor installing a Cd drive and causing a small fire in his first self-built computer, Corey has been obsessed with computer systems and how they work. After 13 years in the Infosec industry wearing just about every hat, from being in a SOC to hunting threats... Read More →
This workshop that introduces the techniques used in Improv Comedy and applies them to skills used in the OFFSEC field to enable the participants to better communicate, think on their feet, and gain confidence when operating in the unknown.
Ross Merritt is a U.S. Marine Corps Veteran, Former Private Investigator, Performing Comedian, and a Cyber Security Consultant at Blue Bastion specializing in Social Engineering and OSINT.
