>
Schedule & Speakers
7:00am
Registration Opens
8:30am - 9:30am
Keynote - Andrew Rathbun
Andrew is currently a Senior Consultant with Unit 42, where he partakes in larger-scale incident response investigations. Before that, he was a Senior Vice President with Kroll, where he worked on many ransomware and insider threat investigations, as well as serving as a KAPE Instructor. Before Kroll, he served as Forensic Computer Examiner with the US Department of Health and Human Services – Office of Inspector General. Before that, he was a patrol officer for four years and Detective for three years with the Michigan State University Police Department. He served in the Investigative Division’s Digital Forensics and Cyber Crime Unit (DFCCU), conducting digital forensic examinations of computers and mobile devices and general criminal investigations.
As a passion project, Andrew co-founded and currently serves as an administrator for the award-winning Digital Forensics Discord Server, which continues to grow and serve as a real-time resource for digital forensic examiners worldwide. He also enjoys sharing and collaborating on various open-source projects on GitHub, including but not limited to EZ Tools, books, and guides. He also authored/co-authored 3 open-source books: EZ Tools Manuals, The Hitchhiker’s Guide to DFIR: Experiences From Beginners and Experts, and Eric Zimmerman’s Binary Foray. He also has proudly served on the SANS DFIR Summit Advisory Board since 2021.
Andrew also served as a Rifleman (0311) in the United States Marine Corps Reserve. He served one combat tour to Fallujah, Iraq, in 2006-2007 with his infantry unit based out of Lansing, Michigan. Lastly, he earned a Bachelor’s degree in Criminal Justice/Sociology from Western Michigan University in Kalamazoo, Michigan, and a Master’s in Human Resources Administration from Central Michigan University in Mount Pleasant, Michigan.
![](https://miseccon.misec.us/wp-content/uploads/2024/07/rathbun-1.png)
Andrew Rathbun
Senior Consultant - Unit 42
9:30am
CTF313 - Capture the Flag Opens!
9:05am - 10:00am
Securing the Enterprise Against AI Threats: Practical Insights and Recommendations
In recent years, the landscape of our industry has been significantly transformed by the revolutionary impact of artificial intelligence (AI). This powerful technology has elevated productivity and efficiency to unprecedented levels, reshaping the way we conduct business.
However, amidst the benefits, it’s imperative to acknowledge the new security challenges that accompany this digital shift. Threat actors are now leveraging AI technology to orchestrate sophisticated attacks, presenting a complex and ever-evolving risk landscape. Additionally, the adoption of AI systems within our enterprise may inadvertently introduce novel vulnerabilities, demanding our heightened vigilance and proactive measures.
Drawing from his wealth of experience, Paul Rodriguez will offer practical insights and invaluable suggestions to bolster your security measures and navigate the intricacies of an AI.
![](https://miseccon.misec.us/wp-content/uploads/2023/11/Paul-Rodriguez-300x300.jpeg)
Paul Rodriguez
Field CTO
Ontinue
10:05am - 11:00am
Analysis Without Paralysis
There is one thing that everyone in our industry will have to do at some point, analysis. However, analysis is seldom taught in the industry and analysts often need to fumble their way into figuring out what to do. I have taken the time to organize my years of fumbling into a methodical approach that anyone can use. I put words to the everyday tasks we go through, so that I can teach “how to do analysis”. I do this by covering topics like planning, finding evil, recording findings, correlation and creating your own timelines. If you ever felt like you never knew where to begin with analysis or want some tips to improve your current skills, this is the presentation for you.
![](https://miseccon.misec.us/wp-content/uploads/2023/07/PXL_20230308_084329071.PORTRAIT-298x300.jpg)
Terryn Valikodath
DFIR Consultant
Cisco Talos Incident Response
11:05am - 12:00pm
Tales from the Crypt: A Security Engineer Tells All
Are you ready to descend into the depths of security operations? Venture forth with BitLyft Cybersecurity’s Security Operations Center Director, Noah Hoag. Drawing from the good, the bad, and the downright eerie, Noah offers lessons learned directly from the ‘crypt’. Step inside the operational underworld of cybersecurity and uncover key defense strategies for your organization.
![](https://miseccon.misec.us/wp-content/uploads/2023/11/Noah-Hoag-Square-300x300.jpeg)
Noah Hoag
Security Operations Center Director
BitLyft
12:00pm - 1:00pm
Lunch
Provided at Venue
1:05pm - 2:00pm
The Security Hitchhikers Guide to API Security
![](https://miseccon.misec.us/wp-content/uploads/2023/07/TimD-2-300x268.jpg)
Timothy De Block
Director - Advisory Services
Antigen SEcurity
2:05pm - 3:00pm
Strategies for Limiting the Threat of Business Email Compromise (BEC)
As thieves and scammer have moved their tactics online, protecting businesses from the ever-evolving menace of Business Email Compromise (BEC) is paramount. This presentation will explore the strategies and countermeasures necessary to safeguard organization’s sensitive information, finances, and reputation. Discover the crucial steps to thwarting BEC attacks and fortifying defenses against this pervasive and costly threat.
![](https://miseccon.misec.us/wp-content/uploads/2023/07/FBI-Seal.jpg)
Anthony Kraudelt
Special Agent
Federal Bureau of Investigation (FBI)
3:05pm - 4:00 pm
Defending Beyond Defense
Assumptions burn defenders every day. Perhaps the most pernicious one is that systems and their controls will always work as designed. Best practices in security may be good guidelines, but unfortunately also suffer from these same blind spots. For example, best practice recommends the use of LAPS for local administrator account passwords of domain-joined computers, yet misconfiguration of active directory can turn it from a protective control into a vulnerability. What if there was a way to challenge these assumptions up front? The best way to dismantle these types of assumptions is to experience how deeply flawed they are through immersion in the offensive security space. In this talk we’ll explore how to immerse yourself in the offensive security world to obtain this knowledge without needing to change careers or obtain additional certifications. By being more informed about offensive security, defenders are better able to recognize relevant intel, understand existing threats, and more readily discover attacker behavior. Join me as I discuss how there’s more to defending than just defense, and how to find and engage with the amazing resources that are waiting to be explored.
![](https://miseccon.misec.us/wp-content/uploads/2023/07/Cullman-300dpi-219x300.jpg)
Catherine Ullman
Sr. Information Security Forensic Analyst
University of Buffalo
4:05pm - 5:00pm
Don't Keep Your Own Gate - Starting Fresh in Cybersecurity
5 years ago I decided I wanted to change career fields from Human Resources to Cybersecurity. This process took nearly that entire five years. Along the way I started a podcast, become the director of a non-profit and got to compete in the DEF CON SECTF. The intent of this talk is to shorten my timeline for others. I’ll be discussing the decisions, moves, mentors and luck that made my transition possible as well things you can do differently, faster and better to make the move to cybersecurity. Highlights of this talk will be:
- Finding a place to start – What even is a cybersecurity career?
- Hacking your strengths – Finding ways to contribute to a new community (even if you think you don’t belong)
- Don’t be the keeper of your own gate and don’t tolerate it from others
- Finding a mentor and being a good mentee
- Knowing when you are “ready” to make the move
![](https://miseccon.misec.us/wp-content/uploads/2023/07/headshot-300x300.jpg)
Tom Hocker
Senior Security Engineer
Kroger
4:45 pm
CTF313 - Capture the Flag Closes!
5:05pm - 5:30pm
Closing Ceremonies
6:00pm - 10:00pm
Social Event - Lansing Shuffle
Come join us at Lansing Shuffle for dinner, drinks and socializing!
Lansing Shuffle
325 Riverfront Dr, Lansing, MI 48912