Keynote: Hacker Rights
Chloé Messdaghi (@chloemessdaghi ) is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine's The Uncommon Journey, and runs the Hacker Book Club.
Track 1: But Wait, I Still Want a Job
Kirsten Renner (@krenner) is the Director of Recruiting at an advanced analytics and full spectrum cyber security firm. She has twenty years of recruiting experience, the last ten in infosec/govsec. She is a community volunteer, speaker and co-organizer of Car Hacking Village.
10:30 - 11:30
Track 2: Resource Smart Detection with YARA and osquery
Julian Wayte is a Security Solutions Engineer for Uptycs. In this role, he helps organizations architect security solutions - based on endpoint telemetry and automated workflows – in order to solve a variety of security use cases. Julian loves working with and teaching osquery. He has worked for 20 years in various customer facing, technical, IT roles helping organizations manage & secure their data.
10:30 - 11:30
Track 3: Static Analysis of Infrastructure Code
Matt Johnson (@metahertz) is a Developer Advocate for Bridgecrew.io, based in not-so-sunny Manchester, UK, he helps DevOps teams simplify, automate and improve their infrastructure security.
Coming from a security and platform automation background, formerly at Cisco, he is excited by the disruptive power of Infrastructure as Code, container and serverless orchestration in bringing scalable, cost-effective IT to companies of all sizes, while also building awareness of the security challenges these new capabilities bring.
Outside of work, he is learning to fly, and enjoys travel, aviation, rugby, steak and a growing whisky collection!
11:00 - 11:30
Track 1: Cultivating the Investigative Mindset: Improving critical thinking skills needed for starting or furthering a career in cyber security
Ursula Cowan ( (@ush1c ) is a Senior Threat Research Analyst at Mandiant Security Validation (a FireEye Company), focusing on researching adversaries’ tactics, techniques, and procedures (TTPs), breaking them down to the smallest behaviors, for the purpose of replicating them within the Mandiant Security Validation Platform. Ursula's career started as a police detective investigating cyber-crime, death, and online exploitation. She later added computer forensics examiner to her list of job duties. Her training in computer forensics was at the U.S. Secret Service’s National Computer Forensic Institute (NCFI), she also holds a Bachelor of Science in Applied Psychology from the Florida Institute of Technology, and a Master of Science in Digital Forensics from the University of Central Florida.
11:00 - 11:30
Village Track: Patient Zero Day
Andrea Downing (@bravebosom) is a BRCA Community Data Organizer and an ePatient security researcher. In 2018, Andrea discovered a security vulnerability which affected the privacy and safety of all closed groups on Facebook and launched a congressional inquiry.
11:30 - 12:30
Track 1: Looks (and dogs) can be deceiving: student on student manipulation
Rachel Bleiman is a first-year PhD student studying Criminal Justice at Temple University in Philadelphia, PA, where she also earned her bachelor’s degree in Criminal Justice with minors in Information Science & Technology and in Psychology. She has worked as a research assistant for over a year, during which she has researched cybersecurity issues, such as adversarial behavior in cyberattacks, social engineering, and ransomware. Rachel has also published in on a wide range of topics, such as ransomware incidents against critical infrastructure, social engineering pretexts used to disclose sensitive information, and developing experiential learning cybersecurity workshops. Her overall interests are in the online privacy and security domain, which she plans to study more throughout her graduate program.
11:30 - 12:30
Track 2: The Pentester Blueprint: A Guide to Becoming a Pentester
Phillip Wylie (@PhillipWylie) is the Senior Red Team Lead for a global consumer products company, Adjunct Instructor at Richland College, and The Pwn School Project founder. Phillip has over 22 years of experience with the last 8 years spent as a pentester. Phillip has a passion for mentoring and education. His passion motivated him to start teaching and founding The Pwn School Project a monthly educational meetup focusing on cybersecurity and ethical hacking. Phillip teaches Ethical Hacking and Web Application Pentesting at Richland College in Dallas, TX. Phillip is a co-host for The Uncommon Journey podcast. Phillip holds the following certifications; CISSP, NSA-IAM, OSCP, GWAPT.
11:30 - 12:30
Track 3: Bug hunting in firmware and hardware at scale: Tools, tips, and some real vulnerabilities
Jeff Spielberg (@jspielberg) is a co-founder and managing partner at River Loop Security. He has over a decade of embedded security experience and has performed security penetration testing on a wide array of enterprise systems and devices. Using his experience gained from penetration testing, he advises firms in the telecom, IoT, and medical device spaces in secure design and architecture for new products. Most recently, he has helped lead the development and implementation of industry-wide security standards and testing processes to start more proactively securing hundreds of millions of embedded devices. He has also led technical product management and development of security, healthcare, and other enterprise systems to maintain SOC, HITRUST, HIPAA, and other compliance and security requirements for critical applications. Jeff’s current cybersecurity research is focused on hardware supply chain security and malicious implants against enterprise systems. Jeff holds an electrical engineering degree from Dartmouth College and an MBA from the NYU Stern School of Business with a specialization in Management of Technology and Operations.
11:30 - 12:00
A Perspective To Understand Malware
Turtlesnap (@TheTurtleSnap) is a seasoned Intelligence and private malware analyst and consultant. I play with viruses for fun and don't wear a mask doing it
12:00 - 12:30
Village Track: ICS Village Range Demonstration
Tom Van Norman (@Tom_VanNorman) is the Director of Engineering Services at Dragos, where he is responsible for ensuring the Dragos Platform is successfully deployed. Tom has an extensive background in industrial controls and enjoys getting into the field and making things work. Prior to joining Dragos Tom held various roles all focused on the operation, engineering and security of industrial control systems.
Tom started his career in the U.S. Air Force, eventually retiring with a total of 24 years between Active Duty, Reserves and Air Guard. He spent the last half of his service serving on a National Mission Team in a Cyber Operations Squadron. In addition to Dragos, Tom is the co-founder of the ICS Village and consults with SANS on the construction and operation of Cyber Ranges. The ICS Village is a non-profit educational organization that equips industry and policymakers to better defend industrial equipment through experiential awareness, education, and training.
1:00 - 2:00
Track 1: The Role of Social Science in Cybersecurity Research and Education
Aunshul Rege (@Prof_Rege) is an Associate Professor with the Department of Criminal Justice at Temple University. Her National Science Foundation sponsored research and education projects examine the human element of cybercrimes, focusing on behavior, decision-making, adaptation, and group dynamics. She intersects theoretical frameworks and methodologies from criminology with hard science approaches to foster innovative and multidisciplinary proactive cybersecurity research. She loves educating the next generation workforce across the social and hard sciences about the relevance of the human factor in cybersecurity. She has a BSc in Computer Science, a BA and MA in Criminology, and an MA and PhD in Criminal Justice.
1:00 - 2:00
Track 2: Digital Separation: Reclaiming your data, post-relationship and implementing risk-based OPSEC
April Wright (@aprilwright) is a hacker, author, teacher, and community leader who has been breaking, making, fixing, and defending the security of global critical communications and connections for over 25 years. She is an international speaker and trainer, educating and advising on matters of privacy and information security with the goal of safeguarding the digital components we rely on every day. April has held roles on defensive, operational, adversarial, and development teams throughout her career and is currently a Senior Application Security Architect. Her book, “Fixing An Insecure Software Life Cycle” was published through O’Reilly, and she is currently writing a new book to be published by No Starch Press. She is a co-host for the SecurityWeekly family of webcasts. April has spoken and contributed to numerous worldwide conferences and entities. April currently handles communications for the Official DEF CON Groups global community outreach, and in 2017 she co-founded the local Boston meetup “DC617”. April has collected dozens of certifications to add capital letters at the end of her name, almost died in Dracula’s secret staircase, and once read on The Onion that researchers at the University of North Carolina released a comprehensive report in 2014 confirming her status as the “most significant and interesting person currently inhabiting the earth”, and it was on ‘teh internet’ so it must be true.
1:00 - 2:00
Track 3: Offensive Embedded Exploitation : Getting hands dirty with IOT/Embedded Device Security Testing
Kaust (@s3curityb3ast) is a Device security Assurance Manager at Reliance Jio Infocomm limited, his main work include Securing JIO’s Cutting Edge Enterprise, Consumer, and SMB (Small, Medium, Big) business products. His main area of interest is Device security, Reverse engineering, discovering RCE, Priv-esc bugs in proprietary or close source devices. He was Null champion. He had deliver more than dozens of talk in null meet and he was champion for 3 years in null community. Also he is a speaker at Owasp SeaSide 2020. Some of his works are published in SecurityWeek, ExploitDB, 0day.today and has more than dozens of CVEs. He was the winner of SCADA CTF @ Nullcon 2019.
1:00 - 2:00
Village Track : Intro to Mental Health Hackers + Chill zone
Tom Williams (@ginger_hax) is a husband, father of 4, veteran of the US Marine Corps and US Army, and works in incident response for a Fortune 500. Tom is also a founding member of the now defunct TOOOL Southern Maine chapter. He can be bribed with fancy cigars, bourbon, and barrel aged beers.
2:00 - 3:00
Track 1: Cyber Deterrence and Adversary Management: A Decade of Lessons Learned
Dr. Stanley Barr is a three time graduate of University of Massachusetts Lowell. He has a BS in Information Sciences, an MS in Mathematics, and a PhD in Computer Science. He has coauthored published papers in malware analysis, barrier coverage problems, expert systems for network security, and robotic manufacturing. He has spoken at MILCOM and coauthored papers that have been presented at NASA research conferences. He has been a panelist for conferences. Panels topics have included fighting through real world computer network attacks from both external and internal threats. Currently, he is a Senior Principal Scientist at The MITRE Corporation, a not-for-profit corporation that manages seven federally funded research and development centers (FFRDCs).
2:00 - 3:00
Track 2: Pushing the SOC left to Achieve Nash Equilibrium
O'Shea Bowens (@SirMuDbl00d) is a cybersecurity enthusiast with a decade of information security experience. He is the founder of "Null Hat Security LLC", which focuses on incident response, SOC training and blue team engagements. O'Shea has worked and consulted for companies and clients in the space of federal government, Fortune 500, and international firms. He specializes in areas of incident response, network and systems security, security architecture and threat hunting. O'Shea founded Null Hat Security as he believes a greater focus should be placed on personal engagements with defenders to fine tune skill sets and knowledge of threats for best response efforts. O'Shea is also the co-founder of "Intrusion Diversity System", a bi-monthly hosted cyber security podcast.
2:00 - 3:00
Track 3: Hash-Tag, You're It! Exploiting Domain Name Collision
Jill Kamperides (@kampji) is an IT Security Analyst for the Braintree-based consulting firm, OCD Tech. She has been in the information security field for one year, and has undertaken a number of responsibilities in that time, from implementing privileged access management, to conducting vulnerability assessments and penetration tests, to managing social engineering campaigns for clients and colleagues alike. She serves a wide variety of clients, ranging from those local to the Boston area, to international organizations across the globe. Her Bachelor of Arts in English from the University of Massachusetts Boston is supplemented by years of python programming, which she utilizes to build custom tools for internal projects and client engagements. She registered her first CVE in early 2020, is pursuing her GPEN certification, and has delved into a security research project surrounding an age-old problem known as domain name collision, which she is excited to share with the InfoSec community.
2:00 - 3:00
Village Track: Hash-Tag, Bobby Pins, More Effective Than Lockpicks?
John has been working in security related fields since the early 90's from detentions, private security, private investigations, to repo'n cars. During that time he apprenticed as a locksmith while serving as an military police, logistics, engineer, Intel, and finally communications Warrant Officer in the Army National Guard where he retired after 23 years of service, 10 of them full-time. Much of his professional career has centered on securing something, the last two decades in cyber security related efforts for the Army National Guard, Department of Commerce, and the White House Military Office. Currently he is a contractor with the Missile Defense Agency. He has his Bachelors from the University of Wyoming- Go Pokes! and his Masters in Information Technology from The University of Maryland.
3:00 - 4:00
Track 1: Everyone Can Play! Building CTFs To Teach Non-Security Folks
Joe Kuemerle (@jkuemerle) is an application security engineer, developer and speaker in the greater New York City area specializing in application security, development, database and application lifecycle topics. Joe is active in the technical community as well as a speaker at local, regional and national events. Joe blogs at www.kuemerle.com.
3:00 - 4:00
Track 2: So, you want to be a CISO. But do you really?
Marc French (@AppSecDude) is the CISO and Managing Director of the Product Security Group. A product guy turned security leader, Marc has more than 25 years in software engineering, product management, and security. Prior to founding PSG, Marc has held a variety of CISO/senior security roles at EMC/RSA, Iron Mountain, Constant Contact, Mimecast, and Dun & Bradstreet.
3:00 - 4:00
Track 3: Forgot Password - Finding Missing People Using Login and Password Reset
Chris Kirsch (@chris_kirsch) is the winner of the Social Engineering CTF Black Badge competition at DEF CON 25. Chris uses OSINT for competitive intelligence and Trace Labs missing persons cases and is a volunteer advisor for social engineering and OSINT for the National Child Protection Task Force. Chris has 23 years of InfoSec industry experience, particularly in the areas of application security, penetration testing, incident response, and cryptography. He's worked in product marketing roles for Veracode, Rapid7 (Metasploit), Thales (nCipher) and PGP Corporation.
3:00 - 3:30
Village Track: Operational Intelligence in a Corporate Environment
Helen Negre (@helennegre) has spent 15 years working in various areas of Information Security and has taught on the subjects of Digital Forensics, Network Security, and Cyber Awareness. She has studied Psychology, Cybersecurity, and Digital Forensics. She is currently an Information Security Manager at a large Fortune 500 company.
Robert Dare (@bigbrotherdare) has worked in a security based role at a large Fortune 500 company for 13 years. He mostly focuses on Digital Forensics, e-Discovery, Crises Management, and other high priority concerns.
3:30 - 4:00
Village Track : Attack Vectors in Evolving Power Systems
Maggie Morganti (@magg_py) is a Technical Staff member for the Power and Energy Systems team at Oak Ridge National Laboratory focusing on electric grid cybersecurity and resilience research. Prior to joining Oak Ridge National Laboratory, Maggie was a graduate intern at FireEye and worked as a Threat Intelligence Analyst on their iSight Cyber-Physical team. She holds a M.S. in Intelligence Studies with a focus on cybersecurity from Mercyhurst University. As a graduate student, she worked as an intelligence analyst for the university’s CIRAT (Center for Information Research Analysis and Training) program and served as an active member of the university’s cyber threat research analysis, data science, and nuclear nonproliferation clubs. She is IEEE member and active in local chapter events.
4:00 - 5:00
Track 1: Red, Blue, EQ
Talent and technology veteran, Deidre Diamond (@DeidreDiamond), Founder and CEO of CyberSN and Secure Diversity, has created the largest cybersecurity talent acquisition service and technology firm in the U.S; while focusing on the cybersecurity talent shortage, specifically the shortage of women. Deidre's mission is to remove the pain from job searching and matching for everyone. Deidre cares tremendously about people loving where they work and has been working to create cultures that have high EQ (emotional intelligence) skills. These skills focus on words and behaviors. Deidre is known in the D/I community as someone who works hard at making sure words and behaviors are inclusive for all, so that inclusive environments can also be diverse environments.
4:00 - 5:00
Track 2: Outbreak! Virus vs. Virus: How We Can Apply Current Legislation and Handling of the COVID-19 Pandemic to the Spread of Malware
Gabrielle Hempel (@gabsmashh) is a graduate of the University of Cincinnati, where she studied Neuroscience and Psychology. She started her career in pharmaceutical development and regulatory compliance, and led specialized committees targeting Phase I, infectious diseases, and emergency research. She still serves on a board as a regulatory/genetic science consultant for NIH studies utilizing recombinant DNA, synthetic nucleic acid molecules and genetic engineering. She moved to cybersecurity in 2018 and currently works as a Cloud Security Engineer for Cigna. She continues to pursue education through a graduate program in Advanced Computer Security at Stanford, and has recently obtained her Certified Human Trafficking Investigator and Certified Expert in Cyber Investigation designations through the McAfee Institute. She collaborates with a variety of law enforcement entities and task forces in order to use digital forensics and offensive security to combat trafficking and exploitation.She has spoken at numerous national conferences on medical device security. Her continued areas of research include embedded/vehicle security, IoT vulnerabilities, and medical device security.
4:00 - 5:00
Track 3: Don’t end up with a pencil: Tips for shopping for pen tests
In 1992, Dmitry Zagadsky (@dzag_) broke his family’s first computer while tinkering with config files. His mother then instilled in him an important concept- “the only way to break a computer is with a hammer. Everything else is fixable.” He has been spending almost every day since then learning new ways to break and fix increasingly complex computer systems. In 1999, companies actually started paying him to do it. Currently, he is the AVP IT Security Operations at Pawtucket Credit Union in Rhode Island. There he runs security operations and architects the various IT and other systems that protect member data at the largest credit union in the state.
4:00 - 4:30
Village Track: What Stickers, Donuts, and Listening Can Do for Your ICS Security Program: There is no blinking box coming to save defenders of Industrial Control Systems
Ian Anderson (@ian_infosec) is an Enterprise Security Manager for OGE Energy Corporation, responsible for Security Operations for IT and OT environments. Ian has experience in government, energy, financial, and manufacturing industries. Ian received his bachelor’s degree in Management of Information Systems from the University of Oklahoma, and currently maintains a handful of certifications. Ian is into aviation, public policy, and hanging out with his family.
4:30 - 5:00
Village Track: Introduction to Lockpicking
Max Power (@dontlook) has been teaching lockpicking almost as long as he has known the skill. Former Boston chapter lead and current TOOL US board member. For a day job he does computer network things and has experience in IT across multiple industries. He also has spent a lot of time learning about RFID and hanging out in the Proxmark community.
5:00 - 6:00
Track 1: My Journey through Tech with ADHD
For her day job, Stephanie (@StephandSec) serves as a level 2 cloud security operations analyst for Duo. Outside of work, however, InfoSteph has filled her life with all kinds of cool activities. She served as a Lead for WISP DEFCON 2019. She is on the SANS Summit Steering Committee for 2020. She speaks at conferences and virtual events on both soft skills and hard skill related subjects. She co-hosts a "happy hour" inspired podcast called Coolest Nerds in the Room, where conversations surrounding the lives of tech people are nurtured. She attends school full time, hoping to obtain her Bachelor's by the end of the fall. She had the honor of being a delegate for Security Field Day 2 and Tech Field Day 20. She writes blog posts on her website, StephAndSec.com, which is also her side business. She released a course for LinkedIn Learning on Social Engineering and Security Awareness. Stephanie recognizes those that inspired her or helped her get to where she is today and hopes that everything she does moving forward does the same for others. Visit her online at StephAndSec.com. Her podcast is also available everywhere.
5:00 - 6:00
Track 2: AWS Security: Easy Wins and Enterprise Scale
Rami McCarthy (@ramimacisabird) is a Security Consultant with NCC Group, joining with the acquisition of VSR in 2016. He's spent the past three years performing security assessments of all kinds, from SaaS products to cloud IoT platforms. In addition to client work, Rami created `sadcloud` - a tool for standing up (and tearing down!) purposefully insecure cloud infrastructure, and has authored a variety of research. Rami has a BS in CS from Northeastern University, with a concentration in cyber operations and is currently pursuing an MS from Brandeis University.
5:00 - 6:00
Track 3: The Delicate Art of Tuning Security Tools for DevSecOps
Michael Rossoni (@bytefool) has a passion for Product Security, which he does for a large healthcare software company while carrying over a decade and a half of software engineering experience. He's an electronics hobbyist, hardware hacker, and certified application security professional (GWEB, CSSLP) who voids warranties and breaks things to figure out how to make them better. He's been in the software engineering business professionally in a variety of roles, including product security (secure SDLC, tooling, code reviews, etc.), network-enabled embedded systems development, QA, and full stack development for both on premise and SaaS based solutions. He also plays role of sysadmin when necessary.
Emmanuel Hernandez is a Senior Security Engineer at athenahealth, Inc. He has worked in a variety of infosec roles with focus areas in application security, penetration testing, risk analysis, and incident response. He and Mike currently work on the Software Security Group, helping teams implement security at all facets of the Software Development Lifecycle. He is a security advocate and firm believer that security is an enabler for an organization to produce high quality software.