Home

>

Schedule & Speakers

7:00am

Registration Opens

8:30am - 9:30am

Keynote - Andrew Rathbun

Andrew is currently a Senior Consultant with Unit 42, where he partakes in larger-scale incident response investigations. Before that, he was a Senior Vice President with Kroll, where he worked on many ransomware and insider threat investigations, as well as serving as a KAPE Instructor. Before Kroll, he served as Forensic Computer Examiner with the US Department of Health and Human Services – Office of Inspector General. Before that, he was a patrol officer for four years and Detective for three years with the Michigan State University Police Department. He served in the Investigative Division’s Digital Forensics and Cyber Crime Unit (DFCCU), conducting digital forensic examinations of computers and mobile devices and general criminal investigations.

As a passion project, Andrew co-founded and currently serves as an administrator for the award-winning Digital Forensics Discord Server, which continues to grow and serve as a real-time resource for digital forensic examiners worldwide. He also enjoys sharing and collaborating on various open-source projects on GitHub, including but not limited to EZ Tools, books, and guides. He also authored/co-authored 3 open-source books: EZ Tools Manuals, The Hitchhiker’s Guide to DFIR: Experiences From Beginners and Experts, and Eric Zimmerman’s Binary Foray. He also has proudly served on the SANS DFIR Summit Advisory Board since 2021.

Andrew also served as a Rifleman (0311) in the United States Marine Corps Reserve. He served one combat tour to Fallujah, Iraq, in 2006-2007 with his infantry unit based out of Lansing, Michigan. Lastly, he earned a Bachelor’s degree in Criminal Justice/Sociology from Western Michigan University in Kalamazoo, Michigan, and a Master’s in Human Resources Administration from Central Michigan University in Mount Pleasant, Michigan.

Andrew Rathbun

Senior Consultant - Unit 42

9:30am

CTF313 - Capture the Flag Opens!

9:05am - 10:00am

Securing the Enterprise Against AI Threats: Practical Insights and Recommendations

In recent years, the landscape of our industry has been significantly transformed by the revolutionary impact of artificial intelligence (AI). This powerful technology has elevated productivity and efficiency to unprecedented levels, reshaping the way we conduct business.

However, amidst the benefits, it’s imperative to acknowledge the new security challenges that accompany this digital shift. Threat actors are now leveraging AI technology to orchestrate sophisticated attacks, presenting a complex and ever-evolving risk landscape. Additionally, the adoption of AI systems within our enterprise may inadvertently introduce novel vulnerabilities, demanding our heightened vigilance and proactive measures.

Drawing from his wealth of experience, Paul Rodriguez will offer practical insights and invaluable suggestions to bolster your security measures and navigate the intricacies of an AI.

Paul Rodriguez

Field CTO

Ontinue

10:05am - 11:00am

Analysis Without Paralysis

There is one thing that everyone in our industry will have to do at some point, analysis. However, analysis is seldom taught in the industry and analysts often need to fumble their way into figuring out what to do. I have taken the time to organize my years of fumbling into a methodical approach that anyone can use. I put words to the everyday tasks we go through, so that I can teach “how to do analysis”. I do this by covering topics like planning, finding evil, recording findings, correlation and creating your own timelines. If you ever felt like you never knew where to begin with analysis or want some tips to improve your current skills, this is the presentation for you.

Terryn Valikodath

DFIR Consultant

Cisco Talos Incident Response

11:05am - 12:00pm

Tales from the Crypt: A Security Engineer Tells All

Are you ready to descend into the depths of security operations? Venture forth with BitLyft Cybersecurity’s Security Operations Center Director, Noah Hoag. Drawing from the good, the bad, and the downright eerie, Noah offers lessons learned directly from the ‘crypt’. Step inside the operational underworld of cybersecurity and uncover key defense strategies for your organization.

Noah Hoag

Security Operations Center Director

BitLyft

12:00pm - 1:00pm

Lunch

Provided at Venue

1:05pm - 2:00pm

The Security Hitchhikers Guide to API Security

API security is so hot right now! Organizations don’t fully understand APIs, how to find them, and secure them. This can feel scary. Don’t Panic. Grab your towel and join me on a meme adventure to explore the API galaxy. We’ll cover the history of APIs. Why people now suddenly care about them and why they’re such a hot topic. We’ll go over some ways to identify APIs within an environment. We’ll cover how API security is different and how to start securing them. We’ll review the API security tooling landscape. Finally, we’ll review resources to get your towel wrapped around API security and answer the ultimate API questions.

Timothy De Block

Director - Advisory Services

Antigen SEcurity

2:05pm - 3:00pm

Strategies for Limiting the Threat of Business Email Compromise (BEC)

As thieves and scammer have moved their tactics online, protecting businesses from the ever-evolving menace of Business Email Compromise (BEC) is paramount. This presentation will explore the strategies and countermeasures necessary to safeguard organization’s sensitive information, finances, and reputation. Discover the crucial steps to thwarting BEC attacks and fortifying defenses against this pervasive and costly threat.

Anthony Kraudelt

Special Agent

Federal Bureau of Investigation (FBI)

3:05pm - 4:00 pm

Defending Beyond Defense

Assumptions burn defenders every day. Perhaps the most pernicious one is that systems and their controls will always work as designed. Best practices in security may be good guidelines, but unfortunately also suffer from these same blind spots. For example, best practice recommends the use of LAPS for local administrator account passwords of domain-joined computers, yet misconfiguration of active directory can turn it from a protective control into a vulnerability. What if there was a way to challenge these assumptions up front? The best way to dismantle these types of assumptions is to experience how deeply flawed they are through immersion in the offensive security space. In this talk we’ll explore how to immerse yourself in the offensive security world to obtain this knowledge without needing to change careers or obtain additional certifications. By being more informed about offensive security, defenders are better able to recognize relevant intel, understand existing threats, and more readily discover attacker behavior. Join me as I discuss how there’s more to defending than just defense, and how to find and engage with the amazing resources that are waiting to be explored.

Catherine Ullman

Sr. Information Security Forensic Analyst

University of Buffalo

4:05pm - 5:00pm

Don't Keep Your Own Gate - Starting Fresh in Cybersecurity

5 years ago I decided I wanted to change career fields from Human Resources to Cybersecurity. This process took nearly that entire five years. Along the way I started a podcast, become the director of a non-profit and got to compete in the DEF CON SECTF. The intent of this talk is to shorten my timeline for others. I’ll be discussing the decisions, moves, mentors and luck that made my transition possible as well things you can do differently, faster and better to make the move to cybersecurity. Highlights of this talk will be:

Finding a place to start – What even is a cybersecurity career?
Hacking your strengths – Finding ways to contribute to a new community (even if you think you don’t belong)
Don’t be the keeper of your own gate and don’t tolerate it from others
Finding a mentor and being a good mentee
Knowing when you are “ready” to make the move