>

Schedule & Speakers

8:00am

Registration Opens

8:45am

#misecCON Opening Remarks

9:00am - 9:55am

Keynote - Andrew Rathbun

Help Me Help You: Lessons from the Incident Response Frontlines

Incident response is a collaborative effort. Learn how proactive preparation for the inevitable can help provide the best outcomes for the IR team and, more importantly, YOUR team. Also, learn what practices other proactive sysadmins have implemented in their networks that have made IR professionals sigh in relief! The key goal of this talk is to gain a mutual understanding of the low-risk, high-reward quick wins that will help answer questions more effectively when the pressure is on.

BIO

Andrew is currently a Senior Consultant with Unit 42, where he partakes in larger-scale incident response investigations. Before that, he was a Senior Vice President with Kroll, where he worked on many ransomware and insider threat investigations, as well as serving as a KAPE Instructor. Before Kroll, he served as Forensic Computer Examiner with the US Department of Health and Human Services – Office of Inspector General. Before that, he was a patrol officer for four years and Detective for three years with the Michigan State University Police Department. He served in the Investigative Division’s Digital Forensics and Cyber Crime Unit (DFCCU), conducting digital forensic examinations of computers and mobile devices and general criminal investigations.

As a passion project, Andrew co-founded and currently serves as an administrator for the award-winning Digital Forensics Discord Server, which continues to grow and serve as a real-time resource for digital forensic examiners worldwide. He also enjoys sharing and collaborating on various open-source projects on GitHub, including but not limited to EZ Tools, books, and guides. He also authored/co-authored 3 open-source books: EZ Tools Manuals, The Hitchhiker’s Guide to DFIR: Experiences From Beginners and Experts, and Eric Zimmerman’s Binary Foray. He also has proudly served on the SANS DFIR Summit Advisory Board since 2021.

Andrew also served as a Rifleman (0311) in the United States Marine Corps Reserve. He served one combat tour to Fallujah, Iraq, in 2006-2007 with his infantry unit based out of Lansing, Michigan. Lastly, he earned a Bachelor’s degree in Criminal Justice/Sociology from Western Michigan University in Kalamazoo, Michigan, and a Master’s in Human Resources Administration from Central Michigan University in Mount Pleasant, Michigan.

Andrew Rathbun
Senior Consultant - Unit 42
9:30am

CTF313 - Capture the Flag Opens!

10:0am - 10:55am

Jackson (Previously Jackson National Life) Coming Soon!

11:05am - 12:00pm

Consumers Energy Coming Soon!

12:00pm - 1:00pm

Lunch

Provided at Venue

1:00pm - 1:55pm

Warflying in a Cessna (because We Can)

Wardriving is cool, and airplanes are cool. What happens if we combine the two? Is it safe? Is it legal? How much WiFi is it possible to see from an airplane? How far does WiFi leak into the atmosphere? How far away can we see an access point? Can we catch a specific network at 1500 feet above the ground? How about 2500? We loaded up a small plane and flew around in circles to find out. This talk will share both our preparation and our results, including figuring out the best places to warfly, what equipment to use, and how to do it safely. We will present the flights we made, the data we gathered, how we analyzed it, and what we discovered. (Spoiler alert: flying a Cessna is a really, really non-stealthy way to collect information about wireless access points.)

BIO

Matthew Thomassen

My day job has been in Security for a while Metro Detroit, automotive background Commercial / Multiengine / Instrument pilot, Airframe & Powerplant mechanic

Sean McKeever

Sr Security researcher for automotive/embedded systems Metro Detroit native born with a keyboard in one had and a wrench in the other Race car driver

Sean McKeever

Matthew Thomassen
2:00pm - 2:55pm

The Morality of Cybersecurity: What Do We Owe Each Other As Security Pros?

Cybersecurity is an area where the lines of ethics and morality become blurry. Research can shed light on vulnerabilities and risks, but publicizing the findings often leads to attacker exploitation and public relations backlash. Discussing cyber incidents is crucial for learning from past mistakes, but discussing it in the wrong way can be exploitative, akin to ambulance chasing. The crux of this discussion is to explore the question: How can we maintain morality and ethics while navigating our lives and careers as cybersecurity professionals?  This will be a high-level discussion on the intersection of morality, empathy and innovation in the cybersecurity world. We will begin with a discussion on why collaboration and community is important, and the impact of cybersecurity professionals coming together to face real-world incidents in the past, such as the SolarWinds attack and Log4j. We’ll discuss successes and failures during these high-stress incidents from a community perspective.  Leadership must invest in cybersecurity to protect their organization, but IT and security professionals have an obligation to put in their best efforts, too. Next, we will discuss what those obligations are and to whom, and how empathy and compassion play a role in the lives of cybersecurity professionals. Attendees will leave with tangible ways that they can give back to the community at large and talking points to use with their peers that will spark further conversation and awareness about how morality and cybersecurity collide.

BIO

Matt is Chief Technology Officer (CTO) and co-founder of Blumira. Matt brings nearly two decades of IT and cybersecurity experience to his leadership position, and a genuine passion for cybersecurity education. He is passionate about helping SMBs who are often most vulnerable to cyberattacks, helping them improve their security maturity with thoughtful and intentional changes. In 2022, the Globee Cybersecurity Global Excellence Awards program recognized Matthew as CTO of the Year for his leadership and innovative problem-solving, as well as his credible research on Log4j vulnerabilities and notable contributions to Blumira’s 2022 State of Threat Detection and Response Report. Matthew’s dedication to Blumira is as long-lasting as the hedgehog tattoo etched on his leg.

Matt Warner
Co-Founder, CTO

Blumira
3:00pm - 3:55pm​

Demystifying the Digital Detective: Life of a DFIR Consultant

Have you ever wondered what it’s like to be on the frontlines of the digital battlefield, combating adversaries and unraveling mysteries contained in our devices? This talk explores the life of a DFIR consultant.

• What is DFIR?: We’ll explore the core of DFIR, where digital forensics becomes detective work and incident response turns into firefighting.

• Beyond the Job Title: Get real-life insights into the diverse landscape of DFIR jobs. We’ll dissect examples of actual job postings, debunk common misconceptions, and share personal experiences.

• DFIR is a team sport: Discover the diverse skill sets that make up a high-functioning DFIR team. Meet the various team members and understand how their unique talents come together to tackle complex incidents. From startups to enterprise giants, we’ll also delve into the varied worlds of DFIR clientele. • Building your Arsenal: Understand the technical skill set of a DFIR consultant. Explore what we use to keep up with the IT landscape and stay ahead of the curve as the bad guys innovate. However, being technical is not enough. In addition, discover the “soft skills” that make a truly exceptional consultant.

• Your Path to the Frontlines: Ready to join? Well let’s get you into gear and learn how to develop your skills, leverage your experience, and navigate the job market with confidence. Join me for a deep dive into the world of DFIR where every day is a new adventure in the fight against cyber threats. Whether you’re a seasoned professional or an aspiring recruit, this presentation will leave you informed and inspired.

BIO

Terryn Valikodath is a DFIR consultant at Cisco Talos Incident Response. Terryn got his start jailbreaking iPhones and hacking ROMs before taking those skills into the world IT, cybersecurity and finally DFIR. Terryn previously worked in various industries including manufacturing, biotechnology and finance. This experience allows him to understand cyber-attacks from multiple perspectives and deliver thoughtful and effective solutions.

Terryn Valikodath
DFIR Consultant

Cisco Talos Incident Response
4:00pm - 4:55pm

Detecting for the Masses: Detection Engineering for Multi-Client MSSPs

As the threat landscape continues to evolve, Managed Security Service Providers (MSSPs) face unique challenges in detecting and responding to security incidents across multiple clients. In this talk, we’ll explore practical strategies and best practices for effective detection engineering within the context of MSSPs. From data strategy to client-specific customization, attendees will gain insights into optimizing detection capabilities while managing diverse client environments.

BIO

Ryan works for Accenture Federal Services helping to build a managed XDR offering to support the security of our clients. When he’s not working, he enjoys spending time with his wife and three boys and playing disc golf or ultimate when the weather cooperates.

Ryan Plas
Detection Engineer

Accenture Federal Services
4:45 pm

CTF313 - Capture the Flag Closes!

5:00pm - 5:30pm

Closing Ceremonies