Home

>

Schedule & Speakers

7:00am

Registration Opens

8:15am - 9:00am

Keynote - Dug Song

Dug is the co-founder of Duo Security, a cybersecurity company that protects digital access by verifying the identity of users and the safety of their devices. After the acquisition of Duo Security by Cisco in 2018, Dug served as the chief strategy officer for Cisco’s global security business.

He is currently the co-founder and president of the Song Foundation, which invests in the innovative people and organizations advancing justice and equity in Southeast Michigan. Dug also serves on the executive board of the Wallace House for Journalists, and on the advisory board of Venture for America in Detroit. Dug is heavily involved in the startup community in Michigan as an active investor, advisor and board member. He is co-founder of the Michigan Founders Fund, helping entrepreneurs turn business success into community wealth, and also serves on the boards of the Detroit Regional Chamber, and the National Advisory Council for Innovation & Entrepreneurship at the US Department of Commerce, with a focus on racial justice and economic equity.

Dug Song

Co-Founder and President

The Song Foundation

9:00am

CTF313 - Capture the Flag Opens!

9:05am - 10:00am

Securing the Enterprise Against AI Threats: Practical Insights and Recommendations

In recent years, the landscape of our industry has been significantly transformed by the revolutionary impact of artificial intelligence (AI). This powerful technology has elevated productivity and efficiency to unprecedented levels, reshaping the way we conduct business.

However, amidst the benefits, it’s imperative to acknowledge the new security challenges that accompany this digital shift. Threat actors are now leveraging AI technology to orchestrate sophisticated attacks, presenting a complex and ever-evolving risk landscape. Additionally, the adoption of AI systems within our enterprise may inadvertently introduce novel vulnerabilities, demanding our heightened vigilance and proactive measures.

Drawing from his wealth of experience, Paul Rodriguez will offer practical insights and invaluable suggestions to bolster your security measures and navigate the intricacies of an AI.

Paul Rodriguez

Field CTO

Ontinue

10:05am - 11:00am

Analysis Without Paralysis

There is one thing that everyone in our industry will have to do at some point, analysis. However, analysis is seldom taught in the industry and analysts often need to fumble their way into figuring out what to do. I have taken the time to organize my years of fumbling into a methodical approach that anyone can use. I put words to the everyday tasks we go through, so that I can teach “how to do analysis”. I do this by covering topics like planning, finding evil, recording findings, correlation and creating your own timelines. If you ever felt like you never knew where to begin with analysis or want some tips to improve your current skills, this is the presentation for you.

Terryn Valikodath

DFIR Consultant

Cisco Talos Incident Response

11:05am - 12:00pm

Tales from the Crypt: A Security Engineer Tells All

Are you ready to descend into the depths of security operations? Venture forth with BitLyft Cybersecurity’s Security Operations Center Director, Noah Hoag. Drawing from the good, the bad, and the downright eerie, Noah offers lessons learned directly from the ‘crypt’. Step inside the operational underworld of cybersecurity and uncover key defense strategies for your organization.

Noah Hoag

Security Operations Center Director

BitLyft

12:00pm - 1:00pm

Lunch

Provided at Venue

1:05pm - 2:00pm

The Security Hitchhikers Guide to API Security

API security is so hot right now! Organizations don’t fully understand APIs, how to find them, and secure them. This can feel scary. Don’t Panic. Grab your towel and join me on a meme adventure to explore the API galaxy. We’ll cover the history of APIs. Why people now suddenly care about them and why they’re such a hot topic. We’ll go over some ways to identify APIs within an environment. We’ll cover how API security is different and how to start securing them. We’ll review the API security tooling landscape. Finally, we’ll review resources to get your towel wrapped around API security and answer the ultimate API questions.

Timothy De Block

Director - Advisory Services

Antigen SEcurity

2:05pm - 3:00pm

Strategies for Limiting the Threat of Business Email Compromise (BEC)

As thieves and scammer have moved their tactics online, protecting businesses from the ever-evolving menace of Business Email Compromise (BEC) is paramount. This presentation will explore the strategies and countermeasures necessary to safeguard organization’s sensitive information, finances, and reputation. Discover the crucial steps to thwarting BEC attacks and fortifying defenses against this pervasive and costly threat.

Anthony Kraudelt

Special Agent

Federal Bureau of Investigation (FBI)

3:05pm - 4:00 pm

Defending Beyond Defense

Assumptions burn defenders every day. Perhaps the most pernicious one is that systems and their controls will always work as designed. Best practices in security may be good guidelines, but unfortunately also suffer from these same blind spots. For example, best practice recommends the use of LAPS for local administrator account passwords of domain-joined computers, yet misconfiguration of active directory can turn it from a protective control into a vulnerability. What if there was a way to challenge these assumptions up front? The best way to dismantle these types of assumptions is to experience how deeply flawed they are through immersion in the offensive security space. In this talk we’ll explore how to immerse yourself in the offensive security world to obtain this knowledge without needing to change careers or obtain additional certifications. By being more informed about offensive security, defenders are better able to recognize relevant intel, understand existing threats, and more readily discover attacker behavior. Join me as I discuss how there’s more to defending than just defense, and how to find and engage with the amazing resources that are waiting to be explored.

Catherine Ullman

Sr. Information Security Forensic Analyst

University of Buffalo

4:05pm - 5:00pm

Don't Keep Your Own Gate - Starting Fresh in Cybersecurity

5 years ago I decided I wanted to change career fields from Human Resources to Cybersecurity. This process took nearly that entire five years. Along the way I started a podcast, become the director of a non-profit and got to compete in the DEF CON SECTF. The intent of this talk is to shorten my timeline for others. I’ll be discussing the decisions, moves, mentors and luck that made my transition possible as well things you can do differently, faster and better to make the move to cybersecurity. Highlights of this talk will be:

Finding a place to start – What even is a cybersecurity career?
Hacking your strengths – Finding ways to contribute to a new community (even if you think you don’t belong)
Don’t be the keeper of your own gate and don’t tolerate it from others
Finding a mentor and being a good mentee
Knowing when you are “ready” to make the move