Presenters & Speakers
Tracy Z. Maleeff
aka @InfoSecSherpa, is a Security Researcher with the Krebs Stamos Group. She previously held the roles of Information Security Analyst at The New York Times Company and a Cyber Analyst for GlaxoSmithKline. Prior to joining the Information Security field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a Master of Library and Information Science degree from the University of Pittsburgh in addition to undergraduate degrees from both Temple University (magna cum laude) and the Pennsylvania State University. While a member of the Special Libraries Association, Tracy received the Dow Jones Innovate Award, the Wolters Kluwer Law & Business Innovations in Law Librarianship award, and was named a Fellow. Tracy has been featured in the Tribe of Hackers: Cybersecurity Advice and Tribe of Hackers: Leadership books. She also received the Women in Security Leadership Award from the Information Systems Security Association. Tracy publishes a daily Information Security & Privacy newsletter and maintains an Open Source Intelligence research blog at infosecsherpa.medium.com. She is a native of the Philadelphia area.
Eric J. Belardo
A US ARMY Military Intelligence Veteran of Bosnia and Kosovo with NATO; Eric Brings over 30 years of Cyber Security & Online Safety Experience across many industry domains including Civilian Government, Department of Defense, International, Financial, and Civilian markets. Where he has supported organizations in strategic direction, program assessments, remediation and monitoring, intelligence services (VIP & High Value individuals), and Security Risk Mitigation and Security Education. Eric's experience in the cyber security field encompasses the areas of Security Operations, Incident Response, Business Continuity & Disaster Recovery, Digital Forensics, Certification and Accreditation, Enterprise Security Architecture, and Security in Mergers & Acquisitions in over 20 Countries. Eric is a sought after speaker on TV and in person, having performed keynote speeches/ webinars and many YouTube Videos and Livestreams
Justin Leapline
Presentation: Building an Awesome Governance Program
Abstract: Let's face it - running a security governance program is challenging. With the continuing pressure of keeping our information secure and breach-free while management doesn't see the need to increase the budget if there isn't an incident occurring or compliance need. So how does someone in the trenches measure, monitor, and communicate this to ensure that you get the buy-in needed - or at least get the acceptance from management on the risk? It's something that everyone in a security leadership position struggles to address appropriately. Through this talk, we will discuss some critical points in implementing, managing, and creating oversight to communicate internally to the security team and externally with the company. And don't worry, the topics we discuss will apply across the board - from small businesses to Fortune 100.
Sean T Smith
Sean is a seasoned consultant with over 15 years of experience in technology strategy and business transformation, specializing in the smart factory manufacturing space evaluating and implementing industrial internet of things (IIoT) based solutions across a broad set of platforms and technologies. Throughout his career he has worked in the traditional and additive manufacturing, high-tech, aerospace & defense, retail, 3PL, power & utilities, food service, healthcare, and financial services industries. In these industries, he has led initiatives involving IT strategy development, business process transformation, software and hardware implementations, high-velocity SDLC transformation, program management, testing & QA, and release management. Sean is also a Cyber Officer in the military. He has led over 20 vulnerability, penetration, and red team security assessments of mid-sized organizations. The recommendations from these assessments led to dramatic measurable improvements in organizational cybersecurity posture. He has planned civil and military operations domestically and led soldiers to install, operate and defend battlefield and critical infrastructure technology systems. He received an MBA from The Tepper School of Business at Carnegie Mellon University with a focus in Technology Leadership. He received a BS in Information Sciences & Technology from Penn State University with a focus in Systems Integration. In his free time, Sean is a father, husband, educator, and hacker. He enjoys 3D printing, wood and metal working, tinkering with software, crypto mining, Raspberry Pis and Arduino SBCs, RFID / Wireless technologies, and basically any and all cool tech.
Presentation: How to Build the Perfect Red Team Hardware Implant
Abstract: This presentation will narrowly focus on the key considerations, materials, and instructions to craft a purpose-built network hardware implant to effectively breach a network during Red Team Engagements.
Sam Ferguson
Sam is a talented and passionate IT professional who is currently in an IT Leadership and Development program on the Enterprise Information Security Track. Sam has experience in purple teaming, detection engineering, red team simulation and incident response. He is currently focused on incident response and digital forensics, and is working on innovative solutions to enhance the security posture of his organization. Sam is eager to share his insights and best practices with the audience, and to learn from other experts in the field.
Presentation: The Power of Purple - An Introduction to Purple Teaming
Abstract: Purple Teaming is a concept that reworks the traditional Red Team/Blue Team model to be more efficient and collaborative. But how did we get here? How does Purple Teaming work? And how does it apply to me as an individual? Join me as we answer these questions and discover the Power Of Purple!
Art Ocain
Art Ocain, Airiam's CISO and Field CISO/CIO, is a cybersecurity, IT, and business leader and strategist. He has technical strengths in zero trust, resilience engineering, cloud architecture, incident response, security strategy, and business continuity planning. His business strengths include leadership, Lean, developing culture, and extreme ownership.
Presentation: Applying the MITRE Cyber Resiliency Engineering Framework
Abstract: The MITRE CREF is an approach to designing, building, and maintaining cyber resilient systems that are able to bend and bounce back during a cyber attack. It focuses on four key goals: anticipate, withstand, recover, and adapt. We will explore how to apply the framework to real-world situations.
Jessica Hoffman
Jessica Hoffman is a Certified Information System Security Professional (CISSP) with over 15 years of information technology and cybersecurity experience in the government and private sectors. The majority of those years have been in the Audit and Compliance cyberspace. Jessica has dedicated her career to the safety, privacy of millions of Americans' Personally Identifiable Information (PII), Protected Healthcare Information (PHI), and Federal Tax Information (FTI). She also is a Professor at Harrisburg University and The Pennsylvania State University. Jessica received her BS in Computer Information Systems (CIS) and MS in Instructional Technology from Bloomsburg University of Pennsylvania. She is a member of various organizations promoting mentorship, DEI, and Paying it Forward within cybersecurity and also is a national speaker. You can find Jessica at the Broad Street Market sampling beers or taking a long walk on the beach.
Presentation: The Importance of Mentorship and Sponsorship in the Evolution of Diversity, Equity, and Inclusion (DEI) for ALL Cybersecurity Professionals
Abstract: It's been said that mentorship is the key to DEI. It is no secret that gender and race play a major part in the pay differences and the lack of workforce diversity in most career fields; cybersecurity being no different. DEI is the responsibility of everyone! Let's level the playing field!
Mike Salvatore
Mike Salvatore is a cybersecurity professional and enthusiast from Pennsylvania. He currently works at Akamai, where he is the lead developer of Infection Monkey. Previously, he worked on the Ubuntu security team for Canonical and as a security software engineer at Lockheed Martin. Mike holds a master's degree in cybersecurity from Johns Hopkins University and a bachelor's degree in electrical engineering from Rutgers University. As an active open-source developer and security researcher, Mike loves giving back to the tech community. You can read about Mike's security research at salvatoresecurity.com.
Presentation: DIY Malware: All my base are belong to me!
Abstract: "If it's not tested, it's broken." How often do you test your network security? How much does it cost you? When pentesting is done right, it's fabulous. If you're not careful, however, the results can be high-cost and low-value. Furthermore, if pentests are performed infrequently, it's hard to know if your team and tools are really up to the challenge of defending your network. In this talk, we'll discuss adversary emulation and how it can augment your red and blue team activities.
Joel Prentice
Joel is a cybersecurity enthusiast. He has his bachelor's degree in cybersecurity operations from Utica University and is currently working as a Penetration tester with Appalachia Technologies for the past 3 years and counting. Prior to penetration testing, he was a systems administrator with Eurofins ensuring that laboratory equipment was interfaced with computers in accordance with FDA regulations.
Presentation: The 3 Ws of Pentesting
Abstract: The presentation focuses on what a penetration test is and the components that comprise a penetration test as well as what to expect from your pentest. When you should start thinking about having a pentest conducted, and how it will benefit your company. Why you should have a pentest and its benefits.
Evan Isaac
Evan is a recent graduate who majored in Cybersecurity and Networking. He is also the administrator of a popular Discord server focused on cybersecurity, where he engages with a community of like-minded enthusiasts and learners. He is currently working as an Offensive Security Consultant, where he applies his skills and knowledge to conduct penetration testing and vulnerability assessments for various clients. He has always been fascinated by the world of hacking, and wanted to learn not only how to break into systems, but also how to secure them. He has invested countless hours of hard work and studying to obtain numerous penetration testing certifications, which helped him land his dream job. He is passionate about helping others break into cybersecurity, and enjoys sharing his insights and tips. He believes that cybersecurity is a lifelong learning journey, and he is always eager to explore new challenges and opportunities in the field.
Presentation: College Student to Penetration Tester Using Discord
Abstract: A college student with no cybersecurity experience does not know where to start. With the help of a discord community, he learned and became passionate in cybersecurity. This is how a college student went from having no experience in penetration testing, to obtaining a penetration testing job.
TJ Null
Tj Null is a pentester and red teamer in the private sector. He's very passionate about red team development and supporting open source projects like Kali Linux and Powershell for Linux. Through his work and contributions to the community, TJ continues to advance the field of hacking and help organizations better defend against cyber threats by sharing his knowledge to the information security community. TJ earned a BS in Cybersecurity from the University of Maryland University College (UMUC) where he is a board member for the award-winning UMUC Cyber Padawans. Over the years, he has participated in many cybersecurity competitions across the globe and is a two-time SANS Netwars Champion, TraceLab Black Badge Winner, and Hack-A-Sat Finalist.
Presentation: Formulating Red Team Scenarios with the power of open-source Intelligence
Abstract: Ever wondered how red teamers craft some interesting techniques for there exercises? In this talk we will explore the techniques and tools used by red teamers in there OSINT process, and demonstrate how they can be applied to the scenarios they conduct.
Lisa Saurs
Lisa Saurs, who goes by “L” is the Founder of the Digital Marketing firm Monarcherie Marketing. Previously, she was the Director of Marketing with CyberSN for 7 years, where she ran the event and social media programs, and was the marketing leader of Secure Diversity. In 2020, she graduated as Valedictorian from Full Sail University with a Master of Science in Digital Marketing with National Honors. She is the current Social Media Officer for WiCys Chicago, and a Founding Core member of Day of Shecurity (which she worked with for 5 years taking them from in-person to online events). L. grew up in Trona, CA, a rural town in the Mojave Desert where she was a first-generation college student, and she remains passionate about working with rural education and career development for impoverished and rural learners. She now lives in Decatur, IL with her husband, English Setter dog, their three cats, and tons of indoor and outdoor plants. L has served as a volunteer for many cybersecurity groups and events including @WicysNE, @ISC2Charlotte, @ISC2EasternMA, #TiaraCon #HackingDiversityCon #ISSALosAngeles #ShellCon #ISC2Congress #SmartCities #BSidesLV #BSidesLA #BSidesAustin #BSidesBos #ISSAInternational #AppSecCali