Archives

Discord

Announcements

CornCon X: Speaker Slides

You will find links to the speaker slides and a short description of each presentation. We have uploaded all videos of the presentations to our YouTube Channel at corncon.tv.

  1. Scott Algeier, Executive Director, Food and Ag-ISAC – “Fielding the Costs: The Economic Challenges of Staying Secure in the Food and Agriculture Sector” – Cybersecurity has long been seen as a technology problem. However, the core challenge of cybersecurity is actually an economic challenge. It is more expensive to defend than it is to attack. The economics of cybersecurity favors the attackers. This session will discuss the latest cybersecurity trends specific to the food and agriculture sector, detail how companies are maximizing resources by collaborating for threat defense, and explore cybersecurity public policy considerations.

  2. John Aron, Founder/CEO, Aronetics – “Juxtaposing cybersecurity, an alternate ending to the Star Wars trilogy and how you mitigate risk” – In parallel to Luke Skywalker and the Rebel Alliance fighters, who adeptly exploited a flaw in the Death Star’s security system using their tactical skills and the Force, resulting in the destruction of the space station and a major setback for the Galactic Empire. Don’t let the attack occur on your network or to you.

  3. Michael Atkinson, SE Manager, Armis – “Out of Sight, Out of Control: Asset Intelligence” – I’ll explain the history of asset intelligence, explaining how we got to where we are, the problems that come with it, and the solution to it. There is exactly one slide on Armis.

  4. Cherie Burgett, Director, MM-ISAC “What the heck is Hermeneutics, and how can it be used to level up your threat intel game?” – Are you a former liberal arts major? Interested in learning how to create and use finished cyber threat intelligence? Or, maybe you just want to learn how to casually drop words like hermeneutics in conversations. Learn how scholars have used hermeneutics for centuries to interpret ancient texts and what lessons can be applied today to cyber threat intelligence.

  5. Brandon Colley, Sr. Service Lead, Trimarc Security – “Winning the Game of Active Directory” – The Game of Active Directory (commonly referenced as GOAD) is a prebuilt vulnerable Active Directory (AD) lab environment. Created and maintained by Orange Cyberdefense, this lab was created for pen testers to practice attacks against AD. Touting over 30 methods of attack, GOAD offers multiple paths to full AD takeover. But is that really how you win the game? Whether you’re on the blue or the red side, as security professions our goal is to better secure environments. This talk walks through several AD attack strategies using the GOAD lab. Watch as we perform reconnaissance, enumerate the environment, exploit misconfigurations, and ultimately pwn AD. Mitigations for these attacks will also be discussed and implemented, showcasing how they stop the attack. Implementing these mitigations in your environment is truly how you win the Game of Active Directory.

  6. Joshua Copeland, Dir. Managed Security Services, Quadrant – “What’s wrong with cybersecurity and how to fix it!” – My top 7 items that are wrong with how we do cybersecurity and how we collectively can fix it.

  7. Keegan Curran, Security Researcher – “Alarmed and Dangerous: Exploiting Vulnerabilities in Fire, EMS, and Security Systems” – In this presentation, we will delve into a critical risk assessment of the vulnerabilities uncovered in fire, EMS, and security alarm systems. Based on an in-depth security assessment report, we will explore the potential consequences if these weaknesses are exploited by malicious actors. Diving deep into this topic with real world statistics and information on how a town like Davenport could have been impacted.

  8. Alexis Diediker, QCO Consultant, ProCircular – “You Want Me to What? My First Year as a PenTester” – What to expect your first year as a penetration tester and how awesome our jobs are!

  9. Javier Gonzalez, vCISO, Verily Tech Advisors – “Building and Maintaining Digital Trust with AI” – Javier Gonzalez, vCISO, Verily Technology Advisors: In an increasingly digital world, trust in technology is paramount for its widespread adoption and effective use. Artificial Intelligence (AI) offers powerful tools and methodologies to build and maintain this trust by enhancing transparency, ensuring security, and improving user experience. This presentation explores how AI can be leveraged to address key concerns such as data privacy, cybersecurity, and ethical decision-making, ultimately fostering a trustworthy digital environment. We will examine AI’s role in creating reliable systems through automated monitoring, anomaly detection, and predictive analytics, as well as how it can enhance user trust by personalizing and humanizing interactions with technology. Furthermore, the presentation will delve into the importance of AI ethics and governance frameworks that ensure responsible AI deployment. Benefits of Attending the Presentation By attending this presentation, participants will not only gain a thorough understanding of how AI can be leveraged to build and maintain trust in digital technologies, but they will also acquire practical skills and strategies that can be implemented immediately within their organizations. This knowledge will empower them to lead in the development of trustworthy, AI-driven digital ecosystems.

  10. Rich Greenberg, CISO, Security Advisors LLC – “Stretching your envelope and embracing risk taking for growth” – Corporate culture in America is fraught with the stifling of creativity. The fear of failure is preventing many from reaching their full potential. It is time for all of us to embrace stretching the envelope and getting uncomfortable. We all have so much to offer that will lead to innovation and better ways to solve problems, if only our culture would stop judging and beating down good ideas that just happen to fail. We will learn more from failure than success, and until we can get past that fear of failure, we will never realize our full potential.

  11. Rich Greenberg, CISO, Security Advisors LLC – “Overview of Software Security Best Practices” – Is your company integrating Information Security into the Software Development Life Cycle? Does your security team have a good working relationship with Application Development, the Project Management Office, and Operations? Are you following a basic framework and good standards for coding and at the various steps throughout the development process? Join me as I share my 15 years as a CISO working with all of the above teams to help you understand the best practices to follow to ensure your software projects are done professionally and securely.

  12. Sebastiaan Gybels, CISO & CIO, CoinFlip – “Zero Trust – A Journey”

  13. Paige Hanson, Co-Founder, SecureLabs – “The Cyber Threat Landscape. What’s Next?” – The cybersecurity threat landscape is constantly evolving, with new risks emerging as technology advances. This presentation will provide an overview of the current threat landscape, highlighting the most significant challenges facing organizations today and offering predictions for what’s on the horizon in the world of cyber threats. But don’t worry—this isn’t some boring presentation with a talking head. I’ll bring the topic to life with real-world examples, engaging videos, and practical, actionable steps to protect your organization and yourself.

  14. Chris Johnson, Sr. Director of Cybersecurity Compliance Programs, CompTIA – “AI is Killing my Company Culture”

  15. Sean Juroviesky, Sr. Security Engineer, SoundCloud – “Hacking other teams using social skills, to strengthen your IAM program!” – We know how much of a necessity IAM is to a security program, however we often have difficulty convincing other departmental leaders and their teams of this. If we shift perspective, we both want to simplify, automate, and understand access; this simplicity and fluidity is a win for them as well.

  16. Zach Kromkowski, Co-Founder, Senteon – “Strategic Endpoint Hardening with CIS” – This presentation focuses on applying CIS hardening techniques to Windows OS and browser security. Attendees will be guided through practical steps for creating and implementing a robust hardening plan, with a focus on actionable strategies, continuous monitoring, and addressing common security gaps. Whether you’re new to hardening or refining existing processes, this session provides a clear path to improving your organization’s security posture with immediate, practical steps.

  17. Rob Labbe, CISO-in-residence, MM-ISAC – “We should all be feeling a bit blue – Lessons for us all from the CrowdStrike outatge” – The CrowdStrike outage has lessons for us all – in this talk, we’ll discuss what happened, but more importantly, what lessons we can all learn in resilience and what we can all do to minimise the impact of a major impact like this the next time a vendor messes it up.

  18. Rob Labbe, CISO-in-residence, MM-ISAC – “Why can’t we be friends? – Bringing together cyber and the business” – In order to improve resilience, security and the business need to start working together. Working together starts with speaking the same language and marching to the same goals and objectives. This requires a new generation of CISOs who build solid business skills on top of strong technical skills. In this talk, we’ll discuss best practices for achieving business and security team alignment to improve resilience – the real objective of any security team.

  19. Tina Lampe, Director, IT Software Engineering, DirecTV – “Securing the Enterprise in the Age of AI: An Interesting Conundrum” – The explosion of AI usage within enterprises has introduced both threats and opportunities to the organization’s security posture. In this discussion we will cover managing enterprise AI risks, enhancing cyber defenses using AI, enhancement of the security team impact through AI, and a future focused view of challenging issues in which AI may provide some relief.

  20. Dr. Edward Marchewka, Chief Administrative Officer, PryorHealth – “Total Security Management – A 20 year old Concept Revived” – This presentation is designed to introduce and explore the concept of Total Security Management (TSM), an approach that integrates security into all aspects of an organization, much like Total Quality Management (TQM) did for quality. Attendees will gain a comprehensive understanding of TSM’s history, principles, and the steps needed to implement it within their own organizations. The session will highlight the growing need for a proactive, holistic, and integrated approach to security in today’s increasingly complex threat landscape.

  21. Richard Marshall, Esq., Chairman of the Board, CinturionGroup – “Under The Sea: The New Era of Telecommunications and What It Means to Us Today” – One of the most underreported topics in modern global business is the vast network of undersea fiber optic cables that connect us all. In fact, over 99 per cent of Internet is transmitted – not through geostationary telecommunications satellites orbiting the Earth at a height of 22,236 miles above the equator, matching the Earth’s rotation – but through a vast increasingly complex, sophisticated fiber optic cable network on the oceans floor and terrestrially through challenging geographical regions of the world!

    No telecommunications network is more universally important to the global economy than the cables beneath the waves and terrestrial soil. Without these sophisticated connections, global trade would be severely adversely impacted.

    I will also touch on the physical and cyber threats, supply chain risk management issues, security solutions, redundancy capabilities, new advances as evidenced in the newest system in an incredibly challenging geopolitical region, and other related fascinating issues.

  22. Dwayne McDaniel, Sr. Developer Advocate, GitGuardian – “Hidden Dangers Of AI In Developer Workflows: Navigating Security Risks with Human Insight” – AI tools like ChatGPT and Copilot have become indispensable in developers’ daily workflows. Whether it is for code samples and scaffolding, prototyping, or documentation, AI can help eliminate a lot of toil from the developer’s day-to-day. However, there are hidden dangers that AI have introduced that are worth exploring. The good news is that for most of these concerns the answer is not more tech or tools, but something we have been getting right for generations – humans in the loop! This presentation will explore the critical security challenges associated with AI-enhanced development workflows and the essential role of human oversight in mitigating these risks. We’ll look into three major areas of concern: 1. The AI told me to do it that way… 2. Hallucinations everywhere 3. Where did my data go? Join this talk to see some real examples of AI getting it wrong, but stay for a discussion on how you can leverage already existing tools to make the best use of the most valuable resource in the company…your team’s time. Expect to leave with a fresh perspective on how bright a future we can build as people fostering more secure and efficient development practices.

  23. Dmitry Moiseev, Sr. Director of Engineering, Cambium Networks – “Hacking the Supply Chain: An SBOM Survival Guide” – Knowledge is power—and nothing reveals more than an SBOM. CycloneDX and SPDX are the keys to unlocking the intricate web of software components, dependencies, and potential vulnerabilities. These tools provide the ultimate blueprint, offering a detailed map of software supply chains ripe for exploitation or defense. Learn how understanding these SBOM standards can give you an edge in securing your code and finding the cracks in others.

  24. Heather Noggle, Exec.Director, Missouri Cybersecurity COE – “I Think We’re Swimming (They Told Me It’d Be Crawl/Walk/Run)” – Listen to the journey of building the Missouri Cybersecurity Center of Excellence from concept into SOC.

  25. Michael Odell, Cybersecurity Consultant, ProCircular – “Let’s do that time warp again. Messages to myself for better learning and resources.”

    Education resources for offensive security have changed dramatically since when I first got started. I want to take a look at the current landscape and create a open source degree, and map out topics and the resources to get to an effective pentester. (If you have heard of the Open Source Society University, this might sound familiar)

    I will go over tools and resources that aid in learning itself, and look at current offerings for education without going into college debt. Depending on time and how much I ramble, I will also discuss turning this education into something to present to prospective jobs.

  26. Mark Overholser, Technical Marketing Engineer, Corelight – “Tales from Hunting in the Black Hat NOC” – Mark has been around the world, as a threat hunter in the Black Hat conference Network Operation Center, helping protect the Black Hat conference. He’ll share stories about interesting items and behaviors that they have caught in the NOC, ideas and methodologies used for threat hunting, and discuss the open source tools and technologies that power the network detection stack.

  27. Safi Raza, Head of Cybersecurity, Fusion Risk Management – “Maximizing Cybersecurity with Limited Resources: Strategic Approaches for Leaders” – The session will cover leveraging human capital and optimizing existing tools and processes to build a resilient security posture, ensuring comprehensive protection even with constrained resources.

  28. Paul Rice, Legal Director, ZwillGen PLLC – Information Security Legal Update from the Trenches” – I will be presenting on my observations as a information security and privacy lawyer.

  29. Matt Scheurer, Show Host, ThreatReel Podcast – “These Artifacts aren’t Fiction” – They are using what for Digital Forensics and eDiscovery? The presenters firmly believe in using tried-and-true tools along with generally accepted procedures for evidence collection. Technology itself, attack surfaces, and attack vectors often change over time. This presentation highlights the benefits of adding new approaches for collecting evidence in modern digital forensics and analysis. Topics covered in this presentation include extracting and working with native Windows System Resource Usage Monitor (SRUM) data, Internet web browser artifacts, and beneficial PowerShell commands and cmdlets.

  30. Winn Schwartau, CEO, SchwartauHaus R&D – “Metawar – Cognitive Defense in the age of the Metaverse” – The Metawar Thesis: How To Adapt to and Coexist with the Technologies We Have Created

  31. Steve Shelton, CEO, Green Shoe Consulting – “From Burnout to Balance” – Attendees will learn the science behind stress, how it manifests into burnout, how to identify burnout in themselves and others, and simple skills they can use immediately to more effectively manage their own stress and mental states.

  32. Ken Smith, Director of Learning & Development, Praetorian – Physical Penetration Testing in 2024″ – The physical penetration testing landscape has shifted significantly over the last five years. COVID and other industry-specific events have changed expectations and delivery, in most cases, for the worse. In this talk, we will discuss the current state of physical penetration testing, and how we can do better both as potential clients and as consultants delivering this work while avoiding the chaos and mistakes of the past.

  33. Dr. Gene Spafford, Professor, Purdue University – “Myths and Misconceptions in Cybersecurity”

  34. Barry Suskind, Director, Docent Institute – “Building Tabletop Exercises for Your Company”

  35. Hendrik Van Pelt“The Plains have Eyes: Mass Surveillance in the Hawkeye State” – With more advanced capabilities than ever, high-tech surveillance networks are expanding at alarming rates. Increasing numbers of image recognizing cameras, ALPR, CCTV, and sound detection systems collect, share, and store your data without any oversight or transparency. These systems are quietly rolled out by cities, counties, and private-public partnerships across Iowa. We will explore the current state of surveillance, and its regulation, or lack thereof, in the state of Iowa.

  36. Ira Winkler, CISO, CYE Security – “Why your cybersecurity budget is a horse’s ass”

  37. Ira Winkler, CISO, CYE Security – “The Worst Career Advice I Ever Heard”

  38. Ryan Wisniewski, IR Lead, Obsidian Security – “The SasS and The Furious: A deep dive into SaaS compromises” – Hold onto your keyboards, folks, because this ain’t your grandma’s security talk. We’re strapping in for a wild ride through the lawless landscape of SaaS attacks, where bad actors are tearing up the digital tarmac and your data’s the prize money. For the past year, your friendly neighborhood threat intel nerd has been knee-deep in breach reports and incident logs, sifting through the wreckage like a cyber-mechanic after a data derby. What I found ain’t pretty: social engineering slicker than a used car salesman, malware masquerading as innocent applications, and attack paths so twisted they’d make a hacker’s hair curl. But buckle up, buttercup, because it ain’t all doom and gloom. We’re gonna peel back the hood on these cyber crooks, exposing their favorite attack patterns and pit stops. You’ll learn to spot a phishing email quicker than a stock car driver sees a checkered flag, and we’ll build some detection tools so tight, even the most cunning hacker will need a crowbar to get through. This ain’t just about fear-mongering, folks. This is about taking back the wheel of your cloud security. We’ll leave you with actionable tips and tricks to turn your SaaS platform from a vulnerable jalopy into a cyber-fortress on wheels. So, whether you’re a seasoned security pro or a cloud newbie still figuring out where the gas cap is, get ready to hit the ground running in this high-octane exploration of SaaS attacks. Just remember, in the wild west of the Internet, knowledge is your nitro boost, and vigilance is your V8. Let’s show these cyber bandits the dust they deserve!

  39. Johnny Xmas, Global Head of Offensive Security, F500 Manufacturer – “SIEM and the Art of Motorcycle Maintenence” – Join me, an infamous local SIEM and motorcycle destroyer, as I walk you through the do’s and don’ts of SIEM and motorcycle ownership!

    NOTE: This talk will contain zero information that you have not heard many, many times before. For some reason, however, I see all of it being violated in the most egregious ways at company after company after company. This has led me to believe that the industry has either: * Never received all of the information all at once, or: * Not been given the information in a manner that didn’t immediately induce a deep and lengthy coma (probably the latter).

    As such, I will be attempting to convey the thousand-foot view of how to (or not to) choose, stand up, and manage a SIEM by wrapping it in thinly veiled metaphors derived from my hobby: propelling myself over (and sometimes at) asphalt at extremely high velocities. Get ready for an enlightening journey through the world of SIEMs and motorcycles!

  40. Shafia Zubair, Director, Supply Chain Cybersecurity, Johnson Controls Inc. – “Navigating the New Frontier: Securing Software Supply Chains in an AI World” – Artificial Intelligence (AI) introduces novel risks that demand new approaches to securing software from developers and risk managers. The challenge is compounded when third-party suppliers utilizing AI are integrated into the organization. Product teams must stay informed about evolving cybersecurity risks and liability concerns associated with AI products from these external sources. To address these challenges, software security risk management must adapt in two key areas: 1. Assessing how AI products impact the organization’s cybersecurity risk profile. 2. Utilizing AI-based tools to enhance risk assessment and management capabilities. This presentation will delve into both explicit and implicit risks associated with AI-driven third-party products and provide strategies for evaluating AI suppliers and their offerings. Attendees will gain actionable insights for adopting AI in a manner that ensures secure, by-design software solutions.