4 CornCon X October 4-5, 2024
RiverCenter - Davenport, IA CornCon Registration Opens in April
Coming Soon! REGISTRATION

2019 CornCon Agenda

Quad Cities Cybersecurity Conference – CornCon
Click for Schedule w/Time & Details
Click for Kids’ Camp Schedule

Thursday, September 5, 2019

CornCon and Security Advisor Alliance Converge Tour
SAU Rogalski Center Ballroom
Introducing cybersecurity as a career w/CTF competition
125 High School Students (by invitation only)
Converge Tour Agenda

Friday, September 6, 2019

Executive Summit
Enterprise Track – SAU Rogalski Center Ballroom

8-8:30am Registration
Morning and afternoon breaks
Lunch and beverages provided

  • Brian Howell, Risk Advisor/vCISO, CyberSecurityGuide.net
    Five Questions Every Organization Should Consider Regarding Cyber Security

    Focused at the Board and/or C-Suite, this presentation explores leadership concepts to navigate in the form of “Five Questions Every Organization Should Consider Regarding Cyber Security”. This presentation will encourage and yet challenge leaders to address the threat of a breach in the larger context of culture, business process and the control environment.


  • Angela Dogan, Director of Vendor Risk & Compliance Services, Lynx Technology Partners
    Risk Management: The Good, The Bad, The Ugly

    The 2018 Verizon Data Breach Investigation Report stated that we suffered over 53K incidents and 2200+ confirmed data breaches. With this reality, what role has Enterprise Risk Management played or not played in it? This talk will be an interactive conversation about what organizations can do to mature their ERM programs to assist in combatting and tackling the possible impacts of an incident and/or breach. It will also talk about the interjection of Artificial Intelligence (AI) into ERM and what if any is the good in that.


  • Todd Chamberlain, Founder/CEO, Medblox
    What the fork?! Let’s start with ‘Y’
    Topic: Blockchain applications in healthcare

    MedBlox provides validation of patient identity across organizations by indexing existing medical record numbers and creating patient specific behavioral models. Learn how we use these models in identity and access management, allowing unprecedented patient-owned control of their personal electronic medical records.
  • Cary Wise – Risk Consultant, RiskLens

    Quantifying Risk with FAIR

    Risk managers are drowning in a sea of audit findings, penetration testing results, “critical” or “high risk” vulnerabilities, and compliance requirements. Despite our best efforts, cybersecurity incidents and operational loss events continue, as do calls for more stringent regulatory requirements and increased non-compliance penalties. The organizations who will successfully navigate these waters are those who know how to consistently define, accurately measure, and effectively communicate about risk in the language of the business — dollars. FAIR analysis allows you to do just that. After this seminar you’ll never want to use a heat map again, and with good reason! There is now a logical, useful, simple quantitative risk analysis method being implemented in industry-leading organizations across the globe. FAIR is changing the risk management industry – don’t get left behind.

  • Ira Winkler, Nyotron
    Mitigating Cyber Boom

    Perhaps one of the underlying failings of cybersecurity is that it lacks a high level strategy. To that end, Ira adopts counterterrorism strategies to frame the most common form of attacks, specifically those targeting humans, or initiated by users. Adopting the concept to boom being the point where a user makes an action that can potentially initiate a loss, Ira shows how Boom can first be avoided. In the inevitable case of failure of prevention of Boom, Ira then shows how the potential losses can be mitigated.

  • Kate Kuehn, CEO USA, Senseon
    Company Culture needs to include Cyber Awareness – why Today’s top threats make it imperative everyone understands the role they play

    With the lines between threat actors blurring, over 40% of incidents coming from internal sources, and innovation & velocity of attacks on the rise, companies need every employee to help in the war against cyber threats.  In this talk, Kate will examine the current threat landscape and address why cyber awareness needs to be better embedded in corporate culture.  She will discuss various trends in incidents and their direct ties to the lack of awareness most companies face.  Also, we will examine how to measure the risk awareness of an organization, and give ideas on how to start building an inclusive cyber culture.

  • Steven Telisak, Special Agent, FBI
    Remote Desktop Protocol – An Open Door for Exploitation

    SA Telisak will briefly explain RDP, and describe vulnerabilities and threats that arise from the misuse of the protocol in network environments. SA Telisak will use recent, real case scenarios encountered by the FBI to fully display the consequences of a poorly configured network using RDP. Finally, SA Telisak will describe some basic steps that can be taken to protect networks that rely on RDP.

  • Etay Nir, Sr. Principal Researcher, Palo Alto Networks
    Building Playbooks, not the football kind

    SOC and IR professionals are required to use a plethora of different tools and services to handle alerts and investigate cases, including EDR, Sandboxes, SIEM, pDNS, TIPs, and more. Working through all of these GUIs is time-consuming and has a learning curve due to the hundreds of different tools and vendors out there. Every environment consists of different tools. False positives must often be identified manually due to the lack of direct communication between the siloed tools.

    Security automation playbooks present a solution to this problem. They combine the mature ideas of orchestration IR workflows into a single focal point to improve capabilities for each type of alert the team needs to handle.

    In this talk, we review the basics of playbook design, describe several simple playbooks, and share lessons learned from building playbooks with blue teams protecting Fortune50 companies.

Saturday, September 7, 2019

8-9:00am Registration
Conference runs from 9 to 5pm
Lunch and beverages are provided
Presentation times will be determined and added soon!

Keynote TrackBallroom

  • Eugene Spafford, Professor, Purdue University and Director Emeritus, CERIAS
    Rethinking Cyber Security

    Despite over 50 years of intensive research and experimentation, we still are plagued with systems that are fragile, compromised, and impossible to fully trust.  There is near-daily news of compromises and losses, from criminals, nation-state actors, and vandals. The cyber ecosystem we have developed and upon which society is increasingly reliant appears to develop (or have exposed) a new vulnerability as soon as a current one is patched, and old problems keep being introduced. 
     
    Why do we have such problems?  I contend it is traceable to one root cause: we don’t understand what cyber security really is.  Without good definitions we cannot formulate good metrics.  With the absence of good metrics we can’t really tell whether we are spending our money and time on useful approaches.  Furthermore, the only metrics available to most decision-makers are based simply on cost and speed — neither of which reflects security or safety.
     
    This talk explores this idea in more depth, and should be understandable to non-specialists.  I include discussion of some open research problems that — if successfully addressed — would lead to improvement of our cyber ecosystem.

  • Carlos Lerma, Security Architect, MARS
    Security Architecture – The Best Existential Crisis of Your Life

    Security Architecture is the best existential crisis you can hit in your InfoSec Career! Why? This is the place where you are located at the true crossroads between operations and management – You still spend time honing your skills and mastering your chops as you can’t put down Metasploit and Kali, you still pick locks and think about malware, but now you also get to put value on threats, you relate them to business problems and you finally have to put on a suit to talk to people who cringe, or scream at the very sound of the words “Information Security”. This is the time when you start putting your years of hard-earned Security skills to good use by designing a solid set of Security controls that help solve business problems. We’ll talk about how this transition happens, what are its ramifications, which modern problems require this skillset and how to shape a career to get there. An analysis of modern Security problems along with the skills needed in Security Architecture will be presented in order to understand the true value of these professionals.

  • Kate Kuehn, CEO USA, Senseon
    Rise of the Machine AI

  • Cherie Burgett, Director of Operations, Global Mining and Metals ISAC
    Finding Your Place in Cyber Security

    I will discuss my personal journey into cybersecurity, how
    to identify needs, and creating your own educational path to support your goals. Fill in the gaps in cybersecurity by creating your own path and finding your sense of purpose. Cybersecurity is a new field and in a way, we are the pioneers of this field. There is no “right way” to get into cybersecurity, and the opportunities are endless. 

  • J.D. Henry, Region VII Cybersecurity Advisor for the Regional Operations Branch of the Integrated Operations Directorate, DHS/CISA
    CISA Cybersecurity resources available to the Nation’s Critical Infrastructure

    This presentation will cover who CISA is, what is critical infrastructure and their role in protecting it, and the no cost services that CISA offers to help build resiliency through awareness, preparedness, response, and recovery to adverse cyber activity.

  • Michael Daugherty, CEO LabMD
    The Penny Took A Decade To Drop: How LabMD Beat The FTC And What They Learned Only After The Case

    The early years of his entering and fighting Washington, DC, are recorded in his book, “The Devil Inside the Beltway”. In so doing, he has become the only litigant to challenge the basic authority that underlies more than 200 enforcement actions relating to cybersecurity and online privacy that the FTC has brought over the past 15 years. Every one of the 200+ litigants before him – including some of the largest companies in the world – have settled with the FTC, creating an unquestioned and untested belief that the FTC has broad authority to regulate in these areas. On June 6, 2018, he prevailed. In so doing, he toppled key pillars of the FTC’s cybersecurity and online privacy edifice, successfully exposing and challenging The Administrative State. Now that the case is closed, Mike has unearthed not so shocking, massive corruption. Will the FBI whistle passed the graveyard? 

  • Janis Mitchell, Founder/CEO, Ohio Cyber Women/Precise Resource
    Introducing Young Women in Security to the entire Ecosystem of Career Choices (A Fireside Chat w/Kate Kuehn)

  • Ira Winkler, Nyotron
    Creating a Human Security Officer

    While everyone acknowledges that users are the top security vulnerability, they rely upon awareness to solve the problem, despite the fact that awareness is far from perfect. To solve this problem in a coordinated way, what is required is not an awareness manager, but a Human Security Officer who is responsible for looking at human vulnerabilities and determining the optimal way to mitigate the vulnerability through a combination of process and technology. As opposed to trying to tell people what not to do, the HSO implements technology that reduces the likelihood of attacks reaching users, and creates business processes that tells users how to do their jobs correctly. Awareness programs are then implemented to inform people how to do their jobs correctly. This presentation will cover the implementation of a Human Security Officer.

Technical Track • Gottlieb, North Classroom, Expo

Presentation times and rooms will be determined and added soon!

  • Phil Polstra, Professor, Bloomsburg University
    Big Plane, Little Plane (how attacks affect them both) 

    There has been much talk of airplane hacking in recent years.  In this talk Dr. Phil will present some of the commonly discussed attack and how they affect small general aviation aircraft and airliners differently, if at all.  Several attacks will be discussed.  Attendees will leave with a better understanding of risks associated with aviation and of how certain aircraft systems work.

  • Jeff Struik, CEO/Principal Cybersecurity Engineer, Cyber Strike Solutions, LLC
    Vulnerability hunting with CHIPSEC and LuvOS

    Security at the board-level is often taken for granted. With CHIPSEC and Linux UEFI Validation OS a detailed vulnerability assessment is possible of the BIOS/UEFI and other low level flash memory areas. This presentation will explain the function and output of each of these tools and will also include a demonstration of the tools.

  • Jonathan Dreasler, Security Manager, RSM
    The Cybersecurity Underground

    This interactive in-person seminar is designed to provide education on evolving cybersecurity threats and what you should do to prevent, detect, and respond to these threats. We will identify components of a comprehensive information security program that passes regulatory scrutiny and minimizes your risk of a security incident. This seminar will walk you through
    • Current Landscape & Challenges
    • Cyber Insurance Tends
    • Security Frameworks
    • Shedding Light on the Dark Web
    • Case Studies
    • Cyber Threat Intelligence


  • Barry Suskind, Director Enterprise Architecture, FINRA

    AV isn’t dead (yet). How to better protect your enterprise with tools you already have

    I’m protecting my enterprise with my standard antivirus suite and a tools that locks out all but approved applications. Take away admin rights, use the firewall/IPS product that comes with your AV suite and learn that your host based IPS product has a lot of tricks up it’s sleeve, if you’d just learn how to use them.

  • Leigh Weber, Specialist Leader, Deloitte

    IoT Cybersecurity – What do I need to pay attention to?

    A brief discussion of how OT (ICS, DCS, SCADA) cybersecurity is being changed by the advance of IoT and IIoT device adoption.
  • Xe1phix
    Intro to Linux file systems workshop

  • Charles Parker II, Adjunct Professor, University of Michigan & Thomas Edison State University
    Risks with CAV (Connected and Autonomous Vehicles): GPS & LiDAR Attacks & Mitigations

    Vehicles presently use GPS and LiDAR to a certain extent. This will increase substantially as the vehicle increases its connectivity and autonomous drive is placed into service. These vehicles require data to perform as hoped. Any attack on these would prove to create a rather significant issue for the vehicle, and any vehicle and pedestrian proximate to the bad actor. Fear not, there are mitigations available for this. 

  • William Rickert, ISU Student
    Design and Assembly of Electronics at a budget even a student can justify

    Designing and building electronics have typically been thought of as an expensive hobby. This may have once been the case but it no longer is. I have been involved with the BadgeLife community for over a year now. In that year I have designed three badges and assisted in the design in two others. I have built over 600 Printed Circuit Boards(PCB). This has been accomplished using inexpensive materials and has proven these concepts. In this talk, I will present concepts that will allow anyone to create and build their own circuit boards. Topics covered will include; PCB CAD tools, artistic PCB design, circuit creation, part and PCB procurement, assembly techniques, and creation of solder reflow tools. All this with an eye toward the cost of assembly and output quality.

  • Tony Virelli (Byte Stealer), Owner, Emagine LLC
    Key Duplication, It’s not just for the movies
    Tony will teach you how to duplicate keys from an impression

    I will go over how to duplicate keys using a 3-D printing and molding and casting keys. I cover how to get the depth and measurements from a photo of a key and convert that into an actual working key. 

  • Parady Boatwright, CEO, Wheatfield Partners
    Resume Workshop
    How to structure your resume to get the interview: Insights from an executive recruiter

    How to structure your resume to get the interview: Insights from an executive recruiter 

Expo & Hacker Village

  • TOOOL – Locksport Village
  • Malwarebytes (Platinum Sponsor)
  • RK Dixon (Silver Sponsor)
  • Ben Wolf, sci-fi/horor/dark fantasy author
    book sales and signing
  • US Army Hackers
  • EICC, activities and college info
  • SAU college info
  • Oculus VR
  • 3D Printing
  • Car Hacking
  • Spijk Selby, Rocky Hill Forge
    Knife Sharpening Workshop and Display

CornCon Five-0 After Party

6PM-midnight @ Analog II, Moline, IL
This is a family-friendly party. Open bar for > 21.
Open to all. Non-badge holders pay $30 cash. Kids free.

This is a close but not 100% draft agenda. Times, rooms and specifics may change leading up to the conference.