BSidesChicago 2017 has ended
Track 2 [clear filter]
Saturday, July 15

10:10am CDT

Defending Cyberspace with "Inside-the-Box" Thinking
Innovation is a buzzword within the US military and is shaping the vision for our forces as being agile organizations able to adapt to a complex world. But does our military have the capabilities to protect vital national interests in cyber? The growth of the Internet in our globally connected world has meant that tools for cyber are constantly changing. Accordingly, do we have the capacity to gain the advantages needed to out-hack our adversaries in this domain? In this talk, we provide a simple framework for different types of innovation to promote inside-the-box thinking for finding better solutions to defend against cyberattacks.

avatar for Ernest

Ernest "Cozy Panda" Wong

Chief of Staff, Army Cyber Institute
Lieutenant Colonel Ernest Wong is the Chief of Staff at the ACI. He holds a Master of Military Science from Kuwait’s Mubarak al-Abdullah Staff College and earned a MS in management science & engineering and a MA in education from Stanford. He was a NASA Faculty Fellow and has served... Read More →

Saturday July 15, 2017 10:10am - 11:00am CDT
Williford B

11:10am CDT

An Employee, their Laptop and a Hacker walk into a Bar
If one of your company laptops were lost, what might an attacker be able to do with it? In this string of live hacking demos, we begin as an attacker who has no user account credentials and demonstrate how to hack a workstation, then a server and ultimately reach a domain controller, then STEAL ALL THE THINGS. Learn some easy parlor trick hacks that really work, and more than a dozen ways to protect your organization from them.

avatar for Shannon Fritz

Shannon Fritz

Solutions Architect, Concurrency
Shannon Fritz is a Microsoft MVP for Enterprise Security and is the Solutions Architect at Concurrency, Inc.; a Systems Integrator consulting firm focused largely on Microsoft solutions. Shannon has presented at several security conferences including other Bsides events and holds... Read More →

Saturday July 15, 2017 11:10am - 12:00pm CDT
Williford B

1:00pm CDT

Herding Purple Squirrels: An Experienced, Whistle-Blowing Insider's Look at The Dreadful World of Tech Recruiting
Ever feel frustrated, exploited - even objectified - by a technical recruiting experience? Understatement of the year: you’re not alone. The hiring process for technical professionals is often Machiavellian and dehumanizing at best. Technical recruiting expert and security recruiting specialist Eve Adams (@hackerhuntress) will give you the rundown on the most common technical recruiting models, how they profit off you, how you can better profit off them, and how best not to get screwed. This will be equally informative for job seekers and technical hiring managers who want to better understand how to hire the best talent quickly and cluefully. Much dirty laundry will be aired, many whistles blown, and many lulz had!

avatar for Eve Adams

Eve Adams

Eve Adams (@HackerHuntress) is an independent recruiter based in Chicago, doing business as HackerHuntress. She focuses on security, devops, backend software and big data engineers and open-source infrastructure roles. Eve has seven years of experience in technical recruiting, including... Read More →

Saturday July 15, 2017 1:00pm - 1:50pm CDT
Williford B

2:00pm CDT

Removing Haystacks to find needles - Playing to our Strengths
We all have been fighting the cyber war with SIEMs to detect all the known attacks. In reality, the attack landscape is changing everyday and we cannot predict all possible attacks ahead of time. As security experts we know our environment better than any attacker out there. We cannot ever possibly know all the bad things that have crawled into our environment, however, we certainly know about all known good things in our environment. 

Come learn about how we can put that knowledge into play and change the game from finding the ‘Needle in A HayStack’ to ‘Removing Haystacks to Find Needles’ with some real world customer case studies. 

avatar for Monica Jain

Monica Jain

Chief Product Officer, LogicHub
Monica is a veteran of the Security industry with over 15 years of experience in SIEM and Cloud Security. She worked at ArcSight for over 10 years, culminating in managing the flagship SIEM product portfolio. She saw the company grow from zero revenue to IPO, and ultimately acquired... Read More →

Saturday July 15, 2017 2:00pm - 2:50pm CDT
Williford B

3:30pm CDT

Murder Mystery – How Vulnerability Intelligence is Poisoning your Information Security Program
In order to solve many modern information security use-cases, organizations have evolved from making decisions based on information gleaned from silo-ed security solutions, towards making more intelligent decisions based upon shared security intelligence. However, integrating vulnerability scanning results into one’s security ecosystem involves a serious hidden challenge resulting in heinous consequences, thereby killing your InfoSec program. This session shares clues on this challenge, step by step, in the form of a Murder Mystery game, ultimately revealing the culprit and strategies to overcome it. Learn, participate, play, and interact! Try to guess “who-dunnit,” and how to avoid similar InfoSec crimes.

avatar for Gordon MacKay

Gordon MacKay

CTO, Digital Defense, Inc.
Gordon MacKay, Software/Systems Guru with a dash of security hacking, serves as CTO for Digital Defense, Inc.He has presented at many conferences including Bsides Denver 2017, BSides Boston 2017, ISSA International Conference 2016, ISC2 Security Summit 2016,BSides DC 2016, Cyber Texas... Read More →

Saturday July 15, 2017 3:30pm - 4:20pm CDT
Williford B

4:30pm CDT

War Stories on Embedded Security: Pentesting, IoT, Building Managers, and how to do Better
If security were easy, we’d have solved it 20 years ago.  Unfortunately for complex networks and systems, we need the basics and more: developer training, correct implementation, cross-training, proper deployment, event monitoring, secure updates, and response planning.  It’s a tall order.  But with the right partners, it’s possible.  Come be entertained and encouraged by Dr. DeMott as he shows some epic fails - that could have been wins.

avatar for Jared DeMott

Jared DeMott

Founder - Speaker, VDA Labs
Dr. DeMott is former NSA and Microsoft BlueHat Prize winner. He’s frequently quoted in media, and invited to speak. He’s the founder of Vulnerability Discovery & Analysis (VDA) Labs. You'll find fingerprints of VDA across the InfoSec community: fuzzing, code auditing, exploitation... Read More →

Saturday July 15, 2017 4:30pm - 5:20pm CDT
Williford B

5:30pm CDT

Passing audits for free with Splunk and RT
 Combined these free tools can provide a large portion of the process and documentation (artifacts) you need to pass SSAE, FISMA, and other audits.  Following our process will improve your IT operations as well, by using all that data you're gathering to monitor and improve your performance, uptime, and awareness of your environment.  This presentation will detail the process we use integrating these tools, the output it provides, and how you can turn all that log data into actionable information and audit artifacts.   

avatar for Russell Mosley

Russell Mosley

Director, Infrastructure & Security, DYNAXYS
Russell is the Director, Infrastructure & Security of a software and financial services company in the DC area and an organizer with BSides Charm (Baltimore is Charm City!) Russell has seventeen years' experience in IT operations and enterprise defense and is responsible for the... Read More →

Saturday July 15, 2017 5:30pm - 6:20pm CDT
Williford B
Filter sessions
Apply filters to sessions.