Schedule - October 14th 2023
NOTICE: All Talks and Events are at The University of North Florida, University Center, located at: 12000 Alumni Drive, Jacksonville, FL 32224
Please check the posted schedule for updates. The schedule is subject to change.
The schedule is also available via HackerTracker on your mobile device.
Keynote
| Guardians of Reality: Countering Hype in InfoSec |
|
In an era where attention-grabbing headlines and flashy marketing campaigns dominate the landscape, InfoSec finds itself at a crossroads. Kevin Johnson of Secure Ideas will dive deep into the prevailing trend that is steering the industry away from its core mission - to ensure cybersecurity and protect sensitive data. In an age where clicks and views reign supreme, the industry has been seduced by the allure of quick attention, leaving genuine security concerns languishing in the shadows. This keynote will shine a spotlight on the pressing issue of marketing-driven sensationalism that overshadows the pressing need for substantive solutions. From the smoke and mirrors surrounding "automated penetration testing" to the proliferation of AI-powered miracle solutions, we will dissect the myths and unveil the truths. Our journey will underscore the fact that genuine penetration testing requires the human touch, the artistry of experts who understand the intricacies of security challenges and the dynamic nature of cyber threats. As Guardians of Reality, we'll explore strategies to realign the industry's focus with its fundamental mission. We'll navigate through the storm of misinformation, tackling head-on the dangers of sacrificing genuine security solutions for mere attention. It's time to strip away the veneer of hype and rediscover the essence of InfoSec - protecting our digital world from real-world threats. Speaker: Kevin Johnson |
Talks
| A Revisit of How to Land Your First Infosec Job |
|
A working session/presentation on how to land your first job in infosec Speaker: Ed Spencer |
| CISO Panel |
| Moderator: Matthew Parks |
| Developers DEVELOPERS DEVELOPERS : Three WAYS TO TARGET DEVELOPERS |
|
Everybody is talking about supply chain security. But supply chains are more than parts, libraries, and APIs. They include people, and developers, to duct tape the parts into something that vaguely resembles functioning software. While developers often hide in their cubicles or home offices to seek safety in the shadows of large monitors, attackers have found them. They found them in IDA plugin stores, software package repositories, Stackoverflow, and in online gaming communities (even during work hours). Network defenders on the other hand have often ignored developers, not just because they are "weird", but because standard security solutions often interfere with their work and cause them to complain loudly. In this talk, you will learn about some of these attacks, and how to defend against them, and you will also learn some bad jokes about developers. Speaker: Johannes Ullrich |
| Infiltrating modern organizations using Supply Chain Attacks |
|
Within this session we will be deep diving into custom malware development for EDR evasion. We will be walking through modern detections capabilities, built techniques to bypass them, and finally compromise a fully monitored environment using a Supply Chain Compromise. This session will be technical. We will be designing and implementing techniques throughout the presentation until a final malware is ready for deployment. Brace yourself for a thrilling journey through the shadows of the digital realm, where adversaries roam undetected. Speaker: Mikkel Ole Romer |
| Intersection of Incident Response, Disaster Recovery and Crisis Management |
|
You may have a good Cybersecurity Incident Response Plan, a real-life tested Disaster Recovery Plan, and a Crisis Management Plan. But what happens when one of these events morphs into a bigger enterprise issue? Do your executive team and staff understand these plans’ synergies or when a cyber incident becomes a disaster? In this session, you will learn when these plans come together and how to coordinate efforts to navigate a catastrophic event and prioritize response and recovery efforts. Speaker: Carlos Rodriguez |
| Jacksonville Women in Technology Panel Discussion: Navigating the cyber security field |
| Moderator: Mary Cruz |
| Malware Analysis - Presentation w/Demos |
|
Static/Dynamic... IDA, Cuckoo... Speaker: Craig Galley |
| Cyber Security 101: Security Awareness |
|
- Speaker:Jalena Henderson |
| Mystified by the alphabet soup of cloud native security? |
|
Mystified by the alphabet soup of cloud native security? Perhaps your productivity has been disrupted by the number of new acronyms - CWPP, CSPM, KSPM, and the list goes on. We’ll also look at the people side of things, looking at the personas and teams that are involved in the cloud native application lifecycle. This talk is about education with few tools mentioned. Speaker: Dale Rodriguez |
| The CISO's Playbook - Crafting a Cybersecurity Strategy for AI |
|
The journey of artificial intelligence has unfolded over several decades, yet the latest developments in generative AI have been remarkably transformative, resulting in groundbreaking progress that has deeply influenced our end-users this year. As such, for those in mid-to-senior security leadership roles, understanding the unique AI challenges in cybersecurity is critical for protecting an organization's assets and data. This talk will help empower security leaders with the necessary knowledge to develop a strategic approach to AI cybersecurity. By recognizing AI's unique challenges, implementing proactive security measures, and promoting continuous improvement, organizations can bolster their systems' robustness and resilience against cyber threats. As AI systems increasingly integrate into daily operations, security leaders must comprehend the challenges and proactively implement strategies that respond to and anticipate cyber threats. This approach will protect the organization's assets and data while building trust with stakeholders and end-users who depend on the systems' robustness and resilience. Speaker: Gina Yacone |
| Ultra-Efficient MIFARE Classic Attacks and New Frontiers in Smartcard Security |
|
MIFARE Classic smartcards, with a staggering global footprint of over 1 billion cards and 100 million readers, have been a vital component of modern security infrastructure. Their widespread use has made them a subject of interest for security research. Historically, vulnerabilities within these cards have been exploited using attacks like the Mfkey32 and Nested attacks. Yet, the operational complexity and hardware requirements for these attacks have kept many potential exploiters at bay. This presentation details our significant advancements that reduce the resource requirements for MIFARE Classic attack methodologies. We demonstrate a remarkable memory reduction of over 99.75% and a 2000% increase in attack speed. These advancements allow us to conduct the attack on resource-constrained embedded devices, most notably the Flipper Zero pentesting device. We also touch upon upcoming research developments in other smartcard systems. Speaker: Nathan Nye |
| Unmasking the hackers, battling imposter syndrome |
|
Explore the impact of Imposter Syndrome in the cybersecurity field in this presentation. Discover strategies to recognize, combat, and overcome feelings of inadequacy, ultimately fostering a supportive cybersecurity culture and unleashing professionals' true potential. Speaker: Taryn Swietek |
| Using Deception to Improve Security |
|
Incorporating deception into your cybersecurity arsenal can provide a proactive and dynamic defense mechanism against today's relentless cyber threats. By understanding the principles, benefits, challenges, and ethical considerations of deception technology, organizations can make informed decisions to bolster their security posture and stay one step ahead of malicious actors. Speaker: Steve Wingate |