>
Schedule & Speakers
8:00am
Registration Opens
8:45am
#misecCON Opening Remarks
9:00am - 9:55am
Keynote - Andrew Rathbun
Help Me Help You: Lessons from the Incident Response Frontlines
Incident response is a collaborative effort. Learn how proactive preparation for the inevitable can help provide the best outcomes for the IR team and, more importantly, YOUR team. Also, learn what practices other proactive sysadmins have implemented in their networks that have made IR professionals sigh in relief! The key goal of this talk is to gain a mutual understanding of the low-risk, high-reward quick wins that will help answer questions more effectively when the pressure is on.
BIO
Andrew is currently a Senior Consultant with Unit 42, where he partakes in larger-scale incident response investigations. Before that, he was a Senior Vice President with Kroll, where he worked on many ransomware and insider threat investigations, as well as serving as a KAPE Instructor. Before Kroll, he served as Forensic Computer Examiner with the US Department of Health and Human Services – Office of Inspector General. Before that, he was a patrol officer for four years and Detective for three years with the Michigan State University Police Department. He served in the Investigative Division’s Digital Forensics and Cyber Crime Unit (DFCCU), conducting digital forensic examinations of computers and mobile devices and general criminal investigations.
As a passion project, Andrew co-founded and currently serves as an administrator for the award-winning Digital Forensics Discord Server, which continues to grow and serve as a real-time resource for digital forensic examiners worldwide. He also enjoys sharing and collaborating on various open-source projects on GitHub, including but not limited to EZ Tools, books, and guides. He also authored/co-authored 3 open-source books: EZ Tools Manuals, The Hitchhiker’s Guide to DFIR: Experiences From Beginners and Experts, and Eric Zimmerman’s Binary Foray. He also has proudly served on the SANS DFIR Summit Advisory Board since 2021.
Andrew also served as a Rifleman (0311) in the United States Marine Corps Reserve. He served one combat tour to Fallujah, Iraq, in 2006-2007 with his infantry unit based out of Lansing, Michigan. Lastly, he earned a Bachelor’s degree in Criminal Justice/Sociology from Western Michigan University in Kalamazoo, Michigan, and a Master’s in Human Resources Administration from Central Michigan University in Mount Pleasant, Michigan.
Andrew Rathbun
Senior Consultant - Unit 42
9:30am
CTF313 - Capture the Flag Opens!
10:00am - 10:55am
Intelligence fueled vulnerability prioritization: Bridging the gap between cyber threats and IT operation
In a shifting threat landscape, organizations grapple with an avalanche of vulnerabilities. The challenge lies not only in identifying these weaknesses across complex enterprise environments but also in prioritizing them effectively. How can we ensure that our limited resources are directed toward the most critical vulnerabilities? This presentation proposes an intelligence-driven approach to vulnerability prioritization—one that prioritizes integration with existing operational IT processes to increase effectiveness.
BIO
Rebecca Keenan is Director, Cyber Posture Management at Jackson Financial Inc. Prior to joining Jackson she began her career managing operational risk at a private hospitality real estate investment trust. In her 9 years at Jackson Rebecca created the BE SAFE customer cybersecurity awareness program, led the Business Information Security Office, and launched automated patching. She is currently developing the new Cyber Posture Management team focusing on Jackson’s structured approach to prioritization and modernization of cybersecurity threat management.
Rebecca earned a master’s degree in cybersecurity from Brown University. She holds multiple certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP/US), and Certified Cloud Security Professional (CSSP). She is the co-chair for the Retirement Industry Council at FS-ISAC and sits on the board of the MI FFA Foundation.
Rebecca Keenan
Director, Cyber Posture Management at Jackson
11:00am - 12:00pm
Crisis to Control: Using Frameworks to Shape the Defender’s Mindset
In this talk, Jim breaks down the frameworks that help transform the way defenders think and behave in the face of cyber threats. The focus of this talk is on what’s actionable versus referential, and what frameworks can make the biggest difference from both strategic and tactical standpoints in the world of cyber defense and incident response.
BIO
Jim Beckmeyer has worked in IT and Information Security for over 24 years, with half of his career dedicated to cyber incident response and investigations. Jim is the former head of Information Security Incident Response at Michigan State Univeristy and is current the Manager of Security Monitoring in Consumers Energy’s Security Fusion Center.
Jim Beckmeyer
Manager of Security Monitoring at Consumers Energy
12:00pm - 1:00pm
Lunch
Provided at Venue
1:00pm - 1:55pm
Warflying in a Cessna (because We Can)
Wardriving is cool, and airplanes are cool. What happens if we combine the two? Is it safe? Is it legal? How much WiFi is it possible to see from an airplane? How far does WiFi leak into the atmosphere? How far away can we see an access point? Can we catch a specific network at 1500 feet above the ground? How about 2500? We loaded up a small plane and flew around in circles to find out. This talk will share both our preparation and our results, including figuring out the best places to warfly, what equipment to use, and how to do it safely. We will present the flights we made, the data we gathered, how we analyzed it, and what we discovered. (Spoiler alert: flying a Cessna is a really, really non-stealthy way to collect information about wireless access points.)
BIO
Matthew Thomassen
My day job has been in Security for a while Metro Detroit, automotive background Commercial / Multiengine / Instrument pilot, Airframe & Powerplant mechanic
Sean McKeever
Sr Security researcher for automotive/embedded systems Metro Detroit native born with a keyboard in one had and a wrench in the other Race car driver
Sean McKeever
Matthew Thomassen
2:00pm - 2:55pm
The Morality of Cybersecurity: What Do We Owe Each Other As Security Pros?
Cybersecurity is an area where the lines of ethics and morality become blurry. Research can shed light on vulnerabilities and risks, but publicizing the findings often leads to attacker exploitation and public relations backlash. Discussing cyber incidents is crucial for learning from past mistakes, but discussing it in the wrong way can be exploitative, akin to ambulance chasing. The crux of this discussion is to explore the question: How can we maintain morality and ethics while navigating our lives and careers as cybersecurity professionals? This will be a high-level discussion on the intersection of morality, empathy and innovation in the cybersecurity world. We will begin with a discussion on why collaboration and community is important, and the impact of cybersecurity professionals coming together to face real-world incidents in the past, such as the SolarWinds attack and Log4j. We’ll discuss successes and failures during these high-stress incidents from a community perspective. Leadership must invest in cybersecurity to protect their organization, but IT and security professionals have an obligation to put in their best efforts, too. Next, we will discuss what those obligations are and to whom, and how empathy and compassion play a role in the lives of cybersecurity professionals. Attendees will leave with tangible ways that they can give back to the community at large and talking points to use with their peers that will spark further conversation and awareness about how morality and cybersecurity collide.
BIO
Matt is Chief Technology Officer (CTO) and co-founder of Blumira. Matt brings nearly two decades of IT and cybersecurity experience to his leadership position, and a genuine passion for cybersecurity education. He is passionate about helping SMBs who are often most vulnerable to cyberattacks, helping them improve their security maturity with thoughtful and intentional changes. In 2022, the Globee Cybersecurity Global Excellence Awards program recognized Matthew as CTO of the Year for his leadership and innovative problem-solving, as well as his credible research on Log4j vulnerabilities and notable contributions to Blumira’s 2022 State of Threat Detection and Response Report. Matthew’s dedication to Blumira is as long-lasting as the hedgehog tattoo etched on his leg.
Matt Warner
Co-Founder, CTO
Blumira
3:00pm - 3:55pm
Demystifying the Digital Detective: Life of a DFIR Consultant
Have you ever wondered what it’s like to be on the frontlines of the digital battlefield, combating adversaries and unraveling mysteries contained in our devices? This talk explores the life of a DFIR consultant.
• What is DFIR?: We’ll explore the core of DFIR, where digital forensics becomes detective work and incident response turns into firefighting.
• Beyond the Job Title: Get real-life insights into the diverse landscape of DFIR jobs. We’ll dissect examples of actual job postings, debunk common misconceptions, and share personal experiences.
• DFIR is a team sport: Discover the diverse skill sets that make up a high-functioning DFIR team. Meet the various team members and understand how their unique talents come together to tackle complex incidents. From startups to enterprise giants, we’ll also delve into the varied worlds of DFIR clientele. • Building your Arsenal: Understand the technical skill set of a DFIR consultant. Explore what we use to keep up with the IT landscape and stay ahead of the curve as the bad guys innovate. However, being technical is not enough. In addition, discover the “soft skills” that make a truly exceptional consultant.
• Your Path to the Frontlines: Ready to join? Well let’s get you into gear and learn how to develop your skills, leverage your experience, and navigate the job market with confidence. Join me for a deep dive into the world of DFIR where every day is a new adventure in the fight against cyber threats. Whether you’re a seasoned professional or an aspiring recruit, this presentation will leave you informed and inspired.
BIO
Terryn Valikodath is a DFIR consultant at Cisco Talos Incident Response. Terryn got his start jailbreaking iPhones and hacking ROMs before taking those skills into the world IT, cybersecurity and finally DFIR. Terryn previously worked in various industries including manufacturing, biotechnology and finance. This experience allows him to understand cyber-attacks from multiple perspectives and deliver thoughtful and effective solutions.
Terryn Valikodath
DFIR Consultant
Cisco Talos Incident Response
4:00pm - 4:55pm
Detecting for the Masses: Detection Engineering for Multi-Client MSSPs
As the threat landscape continues to evolve, Managed Security Service Providers (MSSPs) face unique challenges in detecting and responding to security incidents across multiple clients. In this talk, we’ll explore practical strategies and best practices for effective detection engineering within the context of MSSPs. From data strategy to client-specific customization, attendees will gain insights into optimizing detection capabilities while managing diverse client environments.
BIO
Ryan works for Accenture Federal Services helping to build a managed XDR offering to support the security of our clients. When he’s not working, he enjoys spending time with his wife and three boys and playing disc golf or ultimate when the weather cooperates.
Ryan Plas
Detection Engineer
Accenture Federal Services
4:45 pm
CTF313 - Capture the Flag Closes!
5:00pm - 5:30pm
Closing Ceremonies
