Talks/Speakers

Patryk Czeczko

Technical director in the Purple Team in a global bank, managing cooperation between offensive and defensive teams, modelling and conducting TTP-based adversary simulations. Former lead of the Red Team in a Big4 company, managed and conducted tens of red team/purple team engagements for clients (mainly PL). Speaker at x33fcon, What The Hack and The Hack Summit. Areas of expertise and interest include adversary emulation, malware development and Windows/AD internals.

Paweł Kordos

On a daily basis, a [email protected] who enjoys solving security issues. Former Senior [email protected] company. Experienced Cyber Security Trainer. Involved in offensive testing (Red Teaming) for multiple industries. His interests concern all aspects of computer security, with particular emphasis on Web security, malware creation and AD Exploitation. Previously delivered presentations on x33fcon, What The Hack and The Hack Summit.

Applied Purple Teaming

Purple teaming is all about working together to make a scenario-based testing a structured, ordered and repeatable exercise. This happens by engaging all relevant cyber offence and defence stakeholders, establishing a clear path from an initiative (an emerging threat) to a desired outcome (prevention and detection capabilities) and implementing this approach as an element of cyber security strategy.

During the talk we will touch purple teaming approach focusing on technical aspects of it – from an intelligence report and malware analysis, through developing and conducting TTP-based emulation to remediating gaps by hardening configuration and fine-tuning monitoring alerts.

Wolfgang Goerlich

Advisory CISO at Duo

J. Wolfgang Goerlich is an Advisory CISO for Duo Security. He has been responsible for IT and IT security in the healthcare and financial services verticals. Wolfgang has led advisory and assessment practices in cybersecurity consulting firms

Between the Chair and the Keyboard: Creating Security Culture

People performing contentiously and consistently is a lofty goal. Risk management gives us the process to follow. Controls frameworks gives us the standards to set and meet. Yet it is people who ultimately decide our security posture. In this presentation, we look at the psychology and behavior science of individuals making risk decisions and leaders affecting culture change. Attendees will leave with insights and pragmatic tactics for improving the human element in risk and compliance.

David Henthorn

Associate Professor at Rose-Hulman Inst. of Technol.

David Henthorn is an Associate Professor of Chemical Engineering at Rose-Hulman Institute of Technology in Terre Haute, IN where he teaches courses in control systems, process analytics, and chemical plant design. Details on the Critical Infrastructure Laboratory at Rose-Hulman and Dr. Henthorn’s research in control systems can be found at https://henthornlab.org

Bridging the Gap: Getting the Dam Engineers and the Flippin’ Cybersecurity People Talking

Cyberattacks on critical infrastructure, like those on the Oldsmar water facility or the TRISIS/TRITON petrochem plant, are increasing in frequency. Attackers are actively exploiting the cultural divide between the engineers who design these facilities and the cybersecurity people who protect them. I set out to learn more about this by bringing our engineering and cybersecurity students together in a new shared-use Critical Infrastructure Laboratory at Rose-Hulman.

Aleks Frelas

Aleks Frelas is the Director of a Penetration Testing program, focusing on web application penetration testing, social engineering, and anything aviation security related.

John Butler

John Butler is a solutions engineer and security specialist, focused on hardening mobile applications and preventing reverse engineering efforts.

COVID-19 Tracing Apps: The Proliferation of Rushed Development

The COVID-19 outbreak made 2020 an unprecedented year, bringing with it a slew of cybersecurity concerns. With the increase of COVID-19 cases crippling healthcare providers across the globe, tracking and containing the outbreak became a top priority. Countries scrambled to develop contact tracing applications and rushed their development, prioritizing application functionality over security. Driven by skepticism that rushed applications truly possess robust security controls, we were motivated to expose weaknesses present in contact tracing applications. Our talk will discuss the testing conducted on contact-tracing applications, including our discoveries. Then, we will run through the implications of rushed development, including its causes and effects. Finally, we will conclude with solutions that could mitigate and prevent security risks associated with accelerated application development.


Mary Waddick

Senior Cyber Engineer II at Raytheon

Mary Anne has the SEI Cert Secure Coding in C and C++ Professional Certificate as well as the White Hat Secure Developer Certificate. She is also studying for the Certified Secure Software Lifecycle Professional Certification. She is interested in helping others to understand how to make their code more Secure.

Do Your Developers Write SUPER Secure Code?

Do your projects discuss secure coding through all phases of the SDLC? Are your developers SUPER Secure? Do they have all the tools that they need to be SUPER? This talk will go over the Secure Coding Standards, Best Practices, and Checklists that your projects could use to help make your code and Team more secure. We will be discussing the use of Secure Coding in Agile team processes. Training and certifications that are available for secure coding will also be discussed.

Kaitlyn Handelman

Cybersecurity Engineer at NTT Data

Kaitlyn Handelman is a cybersecurity engineer and researcher for NTT Data where she often finds herself working on space-related cybersecurity projects. In addition, she also enjoys red / blue teaming, programming, and hardware development. In other words, she’s like really good at computers.

In Space, No One Can Hear You Hack

Hands-on introduction to cybersecurity in space. Why stop at hacking the planet when there’s so much more out there!? Come join us in this hands-on lecture and CTF as you begin to take your skills beyond the confines of Earth. Learn the basics of securing / hacking into orbiting satellites and more! Topics include radio communications, cybersecurity concerns, and technology in SPAAAAAAAAAACE!

Douglas Brush

Global Security Advisor at Splunk

Douglas is an information security executive with over 26 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cyber security, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, Douglas has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues. He also serves as a federally court-appointed Special Master and neutral expert in high profile litigation matters involving privacy, security, and eDiscovery.

Currently, he is at Splunk where he works with Fortune 500 organizations to improve their security operations and reduce business risk from cyber attacks.

He is also the founder and host of Cyber Security Interviews, a popular information security podcast.

Interviewee Field Manual: Hack the Interview

This is a no BS guide to get the most out of our interview efforts. These are tips, hacks, and mindsets to help you move through the interview process to ensure you are making the right move in your career.

We will use the Attack Chain (Recon, Weaponization, Delivery, Intrusion, Command and Control, Action on Objectives) as a framework for efficiently and effectively getting the job you want. Additionally, we will cover tips on compensation negotiation and what to do when you don’t get the job.

Rebecca Deck

Staff Application Security Engineer at Avalara

Rebecca Deck is a Staff Application Security Engineer at Avalara. She determines application security tools and strategy and (hopefully) gets to perform application security testing. She has more than 20 years of experience in IT that includes QA, software development, engineering, incident response, and consulting. She’s currently quarantined with her wife and kids living the dream of working and home schooling.

My AWS WAF Deployment Odyssey

As teams race to shore up application security issues in their enterprise, a web application firewall (WAF) can be an indispensable tool in the hands of a good engineer. A WAF can perform virtual patching, prevent vulnerabilities in your internally developed applications, slow down attackers, and prevent basic reconnaissance. Unfortunately, someone has to install them. Even more unfortunately, that someone was me. I will share how I built the system using the AWS WAF in Terraform along with some basics of what a WAF does, what some of the pitfalls are, how to troubleshoot your WAF during the rollout, and how to figure out if you’ve made a horrible mistake. This presentation is appropriate for attendees who have no experience with web application security or WAFs, attendees wishing to gain a better understanding of web application vulnerabilities, and those interested in the AWS WAF and WAF management.

Alyssa Miller

BISO – Business Information Security Officer at S&P Global Ratings

Alyssa Miller, Business Information Security Officer (BISO) for S&P Global Ratings, directs the Ratings security strategy, connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust.

A life-long hacker, Alyssa has a passion for technology and security. She bought her first computer herself at age 12 and quickly learned techniques for hacking modem communications and software. Her serendipitous career journey began as a software developer which enabled her to pivot into security roles. Beginning as a penetration tester, her last 15 years have seen her grow as a security leader with experience across a variety of organizations. She regularly advocates for improved security practices and shares her research with business leaders and industry audiences through her international public speaking engagements, online content, and as co-host of The Uncommon Journey podcast on ITSP Magazine.

PASTA and OCTIVE and STRIDE, Oh My! Bringing Threat Modeling Out of the Woods

Threat modeling is an extremely valuable tool in the secure software development pipeline. Some studies suggest it has greater impact on security posture than other more widely practiced security activities. There are many different frameworks, models, and methodologies that have been developed in an attempt to make threat modeling easier. Yet, despite these efforts, popular approaches to threat modeling are often still considered too cumbersome, structured, or time consuming to fit into modern development cycles.
In 2020, a group of 15 security professional released the Threat Modeling Manifesto to formalize decades of combined experience into a declared vision of what threat modeling truly is and what makes it important. Learn from one of these authors about how to break with the complex models and return to the values and principles of what threat modeling should be. Discover how this often-over-looked activity can actually make development pipelines more efficient while improving overall security of software. Get real practical examples of how you can use the manifesto as a guide to define or tailor a methodology that fits your needs and avoid common pitfalls that often derail this critical activity.

Wolfgang Goerlich

Advisory CISO at Duo

J. Wolfgang Goerlich is an Advisory CISO for Duo Security. He has been responsible for IT and IT security in the healthcare and financial services verticals. Wolfgang has led advisory and assessment practices in cybersecurity consulting firms.

The Resilience Business Case

Security strategy is marshaling people and resources toward a single goal. This session will cover three security programs built on resiliency: the financial services firm that made the case for business continuity and risk management, the software company where DevOps and SecOps made the case for resiliency, and the manufacturing firm that built a case for data resiliency. Learn to make the business case.

Megan Kaczanowski

Threat Intelligence Lead at S&P Global

Megan Kaczanowski is a Threat Intelligence Lead at S&P Global who works closely with the threat hunting and incident response teams to protect organizations from emerging cyber threats. Megan understands that delivering effective threat intelligence isn’t about utilizing the latest industry buzzwords – it’s about delivering curated, actionable intelligence to the relevant stakeholders.

Megan holds a BA in Economics and Political Science from the University of Michigan. In her free time, she enjoys rock climbing and is a PADI certified scuba diver.

The Secret to Increasing Your Budget, Getting Promoted, and Expanding Your Team : Concise and Clear Reporting

In order to effect change, increase their budget, and hire more folks, a security team needs to increase their perceived value to an organization. That means explaining to executives what you do (in terms they’ll understand), end users why you’re here to help them (not out to get them) and developers how you can partner to deliver better products. Reports of vulnerabilities, risks, and threats are only useful if they are widely read, understood, and acted upon. Whether that happens is largely a reflection of how well their message is delivered. I’ll cover how to craft a story, develop a style, and understand your audience, in order to deliver effective reports. Attendees will leave with a process to write (and evaluate) clear, concise, and actionable reports for a wide range of stakeholders.

Josh Rickard

Security Research Engineer at Swimlane

Josh is focused on automating everyday processes used in business and security. He is an expert in PowerShell & Python, a GIAC Certified Windows Security Administrator (GCWN), a GIAC Certified Forensic Analyst (GCFA), and has a diverse background ranging from system administration to digital forensics, incident response and managing teams and products. Josh has presented at multiple conferences including DerbyCon (2x), ShowMeCon (2x), BlackHat Arsenal, CircleCityCon, Hacker Halted, and numerous BSides. In 2019, Josh was awarded a SC Media Reboot Leadership Award in the Influencer category and is featured in the Tribe of Hackers: Blue Team book. Josh shares his experience about automation, code, and security on Swimlane’s (https://swimlane.com/blog) and his personal blog (https://letsautomate.it). You can find information about open-source projects that Josh creates and maintains on GitHub at https://github.com/MSAdministrator.

Securing Windows with Group Policy


Group Policy exists in almost every modern business environment. Many organizations do not use Group Policy extensively, effectively or at all. We all face problems with securing our Windows environments, but most do not realize they already have the best tool for the job.

Do you understand how Group Policy is processed? Did you know you can manage both Active Directory groups and user rights? What about securely running Scheduled Tasks and do you even manage Services, bro? Why do all your Administrative accounts have extra permissions like Debug Programs? And why the hell are you afraid of AppLocker?

Remember, Group Policy is an ENTERPRISE scale Windows registry editor and more.

Alyssa Miller

BISO (Business Information Security Officer) at S&P Global Ratings

Alyssa Miller, Business Information Security Officer (BISO) for S&P Global Ratings, directs the Ratings security strategy, connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust.

A life-long hacker, Alyssa has a passion for technology and security. She bought her first computer herself at age 12 and quickly learned techniques for hacking modem communications and software. Her serendipitous career journey began as a software developer which enabled her to pivot into security roles. Beginning as a penetration tester, her last 15 years have seen her grow as a security leader with experience across a variety of organizations. She regularly advocates for improved security practices and shares her research with business leaders and industry audiences through her international public speaking engagements, online content, and as co-host of The Uncommon Journey podcast on ITSP Magazine.

So Happy Together: Making DevSECOps a Reality

It may be hard to believe, but it’s been over a decade since DevOps was introduced. It wasn’t long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent studies show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security.

To understand why we’re struggling, this session dives into the key issues that keep security shut out of the DevOps Pipeline. It will provide insights from recent research into the state of DevSecOps and Open Source Security and share evidence that indicates organizations are still failing to mature their processes and achieve the ideal shared responsibility culture.

From this analysis, tangible, practical actions will be identified that security practitioners can take to successfully engage security practices within the pipeline. We’ll move beyond traditional security gates and break-the-build approaches to show a process that motivates committed adoption. Steps that can be taken to create accountability between Development, Security, and Operations disciplines will be outlined. Ultimately, this session delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be extended to include the broader business.

Catherine Ullman

Sr. Information Security Forensic Analyst at University at Buffalo

Dr. Catherine J. Ullman is a security researcher, speaker, and Senior Information Security Forensic Analyst at University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff via a department-wide program which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and Hacker Halted. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.

Incident Communications 101 – Breaking the Bad News

Enabling better communications between geeks and management. As humans we have had 60,000 years to perfect communication, but those of us working in IT, regardless of which side (Blue or Red Team), still struggle with this challenge. We have done our best over the centuries to yell “FIRE!” in a manner befitting our surroundings, yet today we seem utterly incapable of providing that very basic communication capability inside organizations. This talk will endeavor to explain HOW we can yell “FIRE!” and other necessary things across the enterprise in a language both leadership, managers and end-users understand.

Christine Theobald

Mother, Daughter, Teacher, Learner, Hacker. Language helps us express ourselves, our personality, our culture. From teaching language as an ESL Teacher to now as I start my career in InfoSec, I empower my fellow practitioners with the power of their voice.

Micah Brown

Vice President at Greater Cincinnati ISSA

By day, Micah K Brown is a member of the IT Security Engineering team at the Munich RE Group focus on building out the next generation of IT Security services and IT Security controls. By night, Micah serves on the Greater Cincinnati ISSA Chapter as Vice President and has had the honor to present at many diverse and prestigious IT Security Conferences.

How the build a #TETHICAL company, the power found in good Data Privacy Policies

At the end of season 5 of Silicon Valley, Gavin Belson called for internet companies to embrace #TETHICS. While he demands other companies to pledge support seemed honorable on the surface, the underlying calls to action were revealed to be quite weak. Embracing a strong Data Privacy framework can: A) increase the reputation of your organization B) increase efficacy of day-to-day operations C) reduce legal / regulatory risk associated with storing, processing, transmitting sensitive data. Join us as we discuss how the NIST Data Privacy Framework can be implemented in your organization.