| Home | |
2018 CornCon Speakers |
|
 |
 |
 |
 |
 |
|
| Matthew Mather
Bestselling Author Saturday Opening Keynote: Cyberstorm
|
Aaron Blythe
Enterprise Architect, NAIC Saturday: Introduction to Shodan ABSTRACT: I imagine it goes without saying that the internet is an insecure place. With tens of billions of connected devices projected in the next 5 years, this will only become more insecure. Shodan is a powerful search engine tool that can be used to aid you in making sure that you are not exposing any of your IoT devises (or even web servers or services for that matter) to the open internet. Aaron will walk through what Shodan is, how to use Shodan, ethics of using Shodan, and many other related topics. BIO |
John Bumgarner
Founder, Cytenna Friday: Through the Looking Glass: Threat Intelligence beyond just ones and zeros ABSTRACT: Most people usually talk about threat intelligence in terms of questionable IP addresses, domains used for drive-by downloads, interesting twitter keywords, spear phishing emails and malware signatures. Threat intelligence is all these things and much more. This talk will explore the concept of threat intelligence from multiple angles, including automation and analysis. Saturday: Leveraging Cyberattacks for Economic Warfare ABSTRACT: The use of economic warfare by nation states dates back millennia, but adversaries today can use a multitude of asymmetric cyberattacks to strike at a country’s economic base, which is the foundation of national stability. This talk will deconstruct past economic warfare events and outline future economic warfare attacks. BIO
|
Tony Cole
Chief Technology Officer, Attivo Networks Saturday: Deception in the World -Past, Present, and Future ABSTRACT: This session will explore some of the more successful uses of deception throughout history, it’s present impact on the world, and where deception will likely have more impact in our interconnected future world. BIO |
|
 |
 |
 |
 |
|
| Michael J. Daugherty
CEO LabMD Saturday: It’s the CyberSecurity Cops! What the Feds Do When They Investigate You and How LabMD Flipped Over Their Game Board
|
Angela Dogan
Director, Vendor Risk Management and Compliance, Lynx Technology Partners Friday: Careers in Cybersecurity: Can there be more than IT? ABSTRACT: Cybersecurity is the latest buzz word in our world today and everyone is talking about how they are struggling to find talent in the field of Cyber. However, what does that talent look like? What are the fields within Cybersecurity? When we hear the word what do we think of? Well, the reality is Cybersecurity and the employment opportunities under that field are broad and plentiful. It’s best to think of it as having two sides a technical side and a non-technical side. During this discussion we will explore the non-technical side and the growth opportunities within that realm. We will also discuss what an ideal candidate looks like and why soft skills are important in all roles. BIO |
Steven Fox
Sr. Manager, Security Compliance & Audit, Workforce Software Friday: Getting Data Protection Right: Using Risk Assessments for Effective Contracts ABSTRACT: This session explores the impact of context on personal data, the role of focused risk assessments for visibility into the data supply chain, and how this informs cogent contracts. The insights in this presentation are borne from the up-stream and down-stream GDPR compliance pressures faced by a SaaS provider. Attendees will leave this session with the tools to transform GDPR compliance into a risk-based conversation. BIO |
Adam Gates
Engineer, Malwarebytes Saturday: Threat Landscape 2018 |
|
 |
 |
 |
 |
|
| Travis Hartman
Architect, CACI Saturday: Drone on the Farm ABSTRSCT: The continued expansion of drone capabilities gives them tremendous flexibility. The basic premise for utility support is the ability to reach places or perform tasks that would be difficult or cost ineffective for humans. In this session we examine emerging capabilities that are useful in the field and in the factories. From 1,000 lbs of lift for utility work, wielding flamethrowers, or delivering network attack tools we will look at ways they will impact activities across the Midwest. We will cover current legal restrictions on drone uses and countermeasures for malicious systems. BIO |
Bobby Kuzma
Director Community Engagement, Core Security Saturday: How to Build an InfoSec Career with more than a dash of Impostor Syndrome ABSTRACT: Once upon a time, there was an IT guy who woke up working in security. He had no clue how he got there. People praised his work, and sought his counsel. Despite this, he never really believed any of them. Every job, every project, he sat in constant fear that *this* would be the project where he'd fail, and everyone would discover that he'd been faking it all along. An Imposter. Bobby Kuzma is one of those people. In this talk, he'll share his story of how he got here, and how he deals with his Imposter Syndrome on a weekly basis to still do cool things. BIO |
Carlos Lerma
Sr.. Information Security Architect, Beam Suntory, Inc. Saturday: Benvenuto Cellini, Nirvana and The Special Forces: Becoming an Artist, Warrior and Philosopher in Information Security ABSTRACT: This presentation is a collection of insights from 20 years in the IT Industry, 6 of them in Information Security, across 4 countries and 3 languages. The reflection is a first of its kind at CornCon as no one has spoken about career development or the most common challenges that InfoSec practitioners face in their career path. The presentation uses the pillars or the teachings of Benvenuto Cellini, an Italian polymath whose theory that "a man must be an artist, a warrior and a philosopher" shaped the life and career of Jason Everman, a talented musician and co-founder of the legendary band Nirvana, who decided to leave rock and roll stardom to enlist in the Special Forces. These teachings are directly related to career development in Information Security in an engaging way. The presentation engages the most common career challenges in the industry and aims to provide people with solutions and tools to recognize valuable skills, avoid burnout and build professional momentum in order to make Information Security a career path with a bright and solid future. A presentation of this kind has only been given at CornCon III, but focused only on Women in Security. This is a gender-inclusive talk. BIO |
Anthony E. Lauderdale
Head of Threat Intelligence, Motorola Solutions Saturday: Threat Panel Saturday: Russian Information Warfare ABSTRACT: Russian information warfare garnered widespread media attention during the US election, notably the DNC hack, the subsequent leaking of emails and Cambridge Analytica. Regardless of the level of influence Russian had on the election, information warfare has been a strategy of Kremlin for decades. While the western world makes a distinction between cyber and information warfare, this concept is foreign to Russians. Therefore, compromising a company’s server to leak information is synonymous with utilizing a state media apparatus to spread propaganda. Information warfare can cover a vast range of overt and covert activities seeking to compromise, falsify, plant, interdict or destroy information. This is accomplished through state sponsored news, Psychological operations (PSYOP), hacking, shell companies, media outlets, statements from political leaders, open source tradecraft, trolling, YouTube, social media campaigns or counterintelligence. The first half of this talk will cover the evolution of Russian information warfare while the second half will delve into the more technical methods (Cyber Warfare) Russia uses to achieve its geopolitical objectives. BIO
|
|
 |
 |
 |
 |
|
| Jeffrey Man
Infosec Evangelist Saturday: Tales from the Crypt...analyst ABSTRACT: As a certified Cryptanalyst for the National Security Agency, the speaker was classically trained in manual cryptography, but also pioneered some of the first computer-based cryptographic systems produced by the agency. Topics discussed will include applications of classic cryptography including one-time pads and various cipher methods to machine-based systems (such as the Enigma) and ultimately to modern computer-based algorithms such as public key cryptography. The talk will also explore the speaker’s experiences in the private sector and how the understanding of cryptography helped numerous times in penetration testing, vulnerability assessment, security architecture, and technical advising. Ultimately, this talk will guide you through a history and evolution of cryptography over the past thirty years using the speaker’s own experiences as a backdrop for a discussion of the migration of cryptography from manual to machine and ultimately to digital. Understanding the history and evolution of cryptography is essential for applying modern cryptographic solutions to solve today’s information security problems, particularly in understanding the residual risks, the shifting attack strategies, and the inherent weaknesses in the implementation or fielding of even the best cryptosystems and solutions. BIO |
Richard H. L. Marshall, Esq.
President, X-SES Consultants LLC Saturday: Cyber Myths, Secure Network Challenges, & Solutions ABSTRACT: Myths
|
Juliet Okafor
SVP, Global Security Solutions, Fortress Information Security Friday: The Blind Leading the Blind: Why InfoSec Teams Fail at OT Security ABSTRACT: Organizations with mature and effective IT security programs struggle with extending their capabilities to cover OT assets. In fact, one of the easiest ways to fail at OT security is to blindly apply IT security controls as-is to OT. Organizations must be mindful of technical, operational and cultural considerations. Enterprise assets consist of a mixture of IT assets and purpose-built technologies provided by specialized OT vendors. Many organizations have a separate operational technology or engineering group responsible for OT, complicating questions about accountability, ownership, roles and responsibilities with respect to OT security. Industrial control systems are built with a goal of running reliably for as long as possible – in some cases up to 30 years. An expectation of always-on availability, combined with low staffing levels and limited operations and maintenance budget, often drives an “if it ain’t broke, don’t fix it” philosophy. While this operational philosophy is understandable, it contributes to a considerable amount of technical debt and security risk. Some of the security features commonly found in the IT space, such as authentication and encryption, are not available on ICS communication protocols. Through basic inspection and assessment we have discovered that OT networks are much more connected to IT networks and the internet than plant engineers, ship engineers, asset owners or information security officers realize. Technology and business trends that connect IT and OT only expands the attack surface and accelerates a threat actor’s ability to pivot from one network to another. When building a security program , we recommend taking into account the needs of both IT and OT assets by building an overarching enterprise program that provides comprehensive visibility into risks while addressing the specific needs of each specific environment. BIO |
Dr. Phil Polstra
Professor, Bloomsburg University Saturday: An In-depth Look at Stack Buffer Overflows ABSTRACT: Stack Buffer overflows are some of the most common flaws in software that can lead to exploitable vulnerabilities. This workshop will guide you through the process of discovering these vulnerabilities and how to successfully exploit them. A brief introduction to 32 bit Intel Assembly will be included in this workshop. A basic understanding of C is helpful, but not strictly required. We will do some hands on exploitation. Rquirements: Laptop with VirtualBox or other virtualization software and at least 20GB of free space. BIO
|
|
 |
 |
 |
|
|
| Richard Rushing
CISO, Motorola Mobility Friday: Security Leaders Panel |
Winn Schwartau
Founder, InfowarCon Saturday: Ain’t I Been Tellin’ Ya For 30 Damn Years? ABSTRACT: A Winn Schwartau AMA (Ask Me Anything) Session In the olden days, like 1988, I had an idea: What would happen if we Weaponized computers, networks and the internet (such as they were at the time)? Right after I wrote Terminal Comprise (subsequently renamed Pearl Harbor Dot Com, the basis for Die Hard IV) to flush out the ideas in a fictional format, I testified before Congress and told them unless we took drastic pre-emptive defensive steps, the likelihood of an Electronic Pearl Harbor increased. I was labeled Chicken Little. In my follow-up non-fiction book, Information Warfare, I formalized my taxonomy model. Class I Information Warfare: privacy, massive identity theft and surveillance. Class II Information Warfare: unrestricted corporate and national espionage. Class III Information Warfare, out-and-out cyber-conflicts between nation states and the emergence of powerful cyberterrorism capabilities. Unfortunately, I was right. In 1995, after various intelligence agencies stopped coming by the house, and the UK un-banned my book, a series of napkin sketches in Warsaw became the genesis for my next published work, Time-Based Security. But I was not satisfied. I wanted a more comprehensive solution. On the beaches Perth on the Indian Ocean I asked myself some questions: What if…
Hmmm…. My latest book, Analogue Network Security, attempts to answer those questions. BIO |
Carlos Solari
VP, Comodo Friday: Securing Legacy Industrial Control Systems ABSTRACT: We are still surprised to learn that autonomous systems can be hacked and be made to do unsafe, even dangerous things. It sounds futuristic, these autonomous things. To be sure, there is a concern with the future autonomous systems, but there is also a present problem with the legacy automated systems. These legacy systems are what operates critical infrastructure. It is automated, and it is insecure in the extreme. The potential impact can also be in the extreme, as in catastrophic. Here’s a proposition. Let’s stop being surprised. Let’s understand the seriousness of the problem and let’s start doing the securing in an organized way. Carlos proposes three actions that can be done today to get organized and to get started. He will also propose three actions to drive a more secure future of automated systems. BIO |
Steven V. Telisak
Special Agent, FBI Saturday: Threat Panel |
|
 |
 |
 |
 |
|
| Andy Thompson
National Manager, CyberArk Saturday: Hacker Carpet Bomb - Live Demos! ABSTRACT: This talk is series of live demonstrations of real-world attacks that organizations see on a daily basis. The goal is to present as many possible live demos of exploits and attacks as possible in the time alloted. Attacks will include stealing hashes off the wire with Responder & Inveigh, Poison Tap, Bash Bunny, MouseJack and more! Outline: * Introduction |
Aaron Turner
CEO, Hotshot Friday: Mobile Ecosystem Vulnerabilities and Data Regulation Madness - Unintended Consequences of GDPR, HIPAA and Privacy Regulations (DEMO) Join Aaron Turner for an in-depth look at some of the negative consequences of data protection regulations with specific case studies focusing on healthcare, hospitality and other service industries. With the increase in number and severity of cellular network vulnerabilities, this is becoming an even bigger issue for enterprises around the world. All of this uncertainty results in lost business opportunities and decreased customer service. When employees are forbidden from communicating effectively for fear of data regulation, there are negative outcomes, doctors giving vague instructions to nurses, employers fearing how to communicate with employees off hours. Aaron will walk through lessons learned from several research projects that have successfully protected data on hostile mobile networks while still helping employees be productive and efficient. BIO |
Stefan Wahe
Deputy CIO, UW-Madison Friday: Security Leaders Panel |
Bob West
Managing Director, Deloitte Friday: Identity and Cloud ABSTRACT: The last 10 years have been a period of technology transformation. The adoption of cloud and mobility have changed how people access and store information and enterprises need to adapt to these changes. This has significant implications about how identities are managed throughout their lifecycle. This presentation covers this technology transformation and the approach enterprises need to take to identity can be properly managed given the changes in technology. BIO |
|
 |
 |
 |
|
|
| Jon Williams
The Architect Saturday: Roll them bones! The design and implementation of electronic dice ABSTRACT: In this presentation, I will walk through the design and implementation of an electronic substitute for the polyhedral dice commonly used in role-playing games. I will discuss the trade-offs of the various means of generating random numbers on a small, embedded platform, the process of designing the custom electronics, and lessons learned about prototyping a device for potential retail sales. BIO |
Keith Wilson
Global CISO, W. R. Berkley Friday: Security Leaders Panel |
Ira Winkler
Infosec Evangelist Friday: Incorporating Security Practices into Business Processes ABSTRACT: TBD |
Xe1phix
Building A Restricted & Trustworthy Linux Environment ABSTRACT: ParrotSec-Building A Restricted & Trustworthy Environment (A laptop is required) I will be giving a live demo of several Parrot Linux use cases. Parrot is a GNU/Linux OS specializing in:
This talk is a live, and interactive workshop. I will be using the linux CLI for the entire talk. I will Give away preinstalled ParrotSec live DVDs To anyone with a laptop so they may follow along. All of the syntax I execute will be thoroughly documented and explained. Also, the code will be publicly accessible in my gitlab repository. The topics covered in my talk will also have step by step instructional videos posted on my YouTube channel. This way, the audience can replicate the steps I performed in the presentation. BIO
|
|
 |
||||
| Dr. John D. Johnson
Co-Founder/Chair, CornCon All ur kernel r belong to me! • Opening Remarks |
