09:00 - 17:30
Friday - 25th April 2025
Keynote 09:00 - 10:00
Ryan English
Keynote Speaker
MAIN STAGE //OPENING KEYNOTE
Come watch Ryan and Danny talk about the evolution of Cyber Threat Intelligence and trends in the current Threat Landscape.
Danny Adamitis
Keynote Speaker
Closing Keynote 16:00 - 17:00
Tim Otis
Keynote Speaker
MAIN STAGE //CLOSING KEYNOTE
Tim Otis has spent the last 28 years at the forefront of the cyber security industry.
He has held numerous roles from help-desk, system administrator, field engineer, software development, and incident response roles that have provided a wealth of knowledge, expertise, and a seat at the table in cleaning up some of largest cyber security attacks in the world.
As Head of IR/MDR at Check Point, Tim leads a global team of IR Analysts, SOC Analysts, Coordination Experts,
Customer Success/Support and Software Developers to deliver Incident Response and MDR services to customers all over the world.
Can you see that?... See What?: Operationalizing ATT&CK a Segway to Developing a Detection Engineering Program
Juan Giarrizzo
TRACK 1 - 10:00 - 11:00
Operationalizing MITRE ATT&CK requires a structured approach to mapping cyber threat intelligence to adversary tactics, techniques, and procedures. This session will focus on translating threat intelligence
reports, indicators of compromise, and behavioral data into actionable MITRE ATT&CK mappings, and different implementation planning to proactively defend against real-world threats. Additionally, we will explore how to enrich detection engineering based on ATT&CK mapping, in the context of developing a detection engineering program at enterprise level.
Attendees will do hands-on exercises for CRI reports mapping and detection development, learning to extract key insights from cyber threat intelligence, correlate them with ATT&CK techniques, and use this mapping to develop detections that align with adversary behaviors, discussing how to develop, manage and validate detections.
Based on first hand experience Juan will share his path to convince executives and peers to implement an proactive defence in depth in an organization.
Juan Giarrizzo is a Sr. Information Security Engineer and deputy CISO, with over 10 years of experience in data analytic and cloud architecture pivoted to Cybersecurity after connecting over cocktails with amazing hackers over six years ago. He loves to deliver creative and innovative solutions for the protection of digital assets and data. He focuses mainly on incident response application security, threat intelligence, and
threat hunting.
Starting a SOC From Scratch - What I Learned My First 4 Years
Annas Mirza
TRACK 2 - 10:00 - 11:00
From SOC Analyst to SOC Manager, I joined Boscov's to start their first in-house Security Operations Team.
The things I learned, the types of people I hired, and what I would have done better if I could do it again.
Results-oriented Cybersecurity Leader with extensive experience in managing Security Operations Centers (SOCs), leading incident response efforts, and implementing comprehensive security strategies. Proven ability to mitigate cyber threats through proactive vulnerability management, security control implementation, and threat intelligence analysis.
​Securing Citizen Developers: A New Opportunity to Build Safe Applications
Kayla Underkoffler
TRACK 1 - 11:00 - 12:00
Backed by real numbers and success stories, this presentation dives into the exciting potential of citizen development while addressing its inherent security challenges. In a world where citizen development platforms empower everyone—from power users to business professionals—to build everything from simple automations to full-blown applications and AI agents, the rise of these citizen developers offers a ground breaking opportunity for the security community to get it right.
For years, the security community has struggled to embed secure development practices into traditional software development, often facing resistance, competing priorities, and gaps in education. These challenges leave vulnerabilities unchecked and risks unresolved. With citizen development, we have a chance to learn from these shortcomings and establish a proactive, security-first foundation and practice from the outset.
We’ll explore who these new builders are, what they’re creating, and how they’re doing it, highlighting the unique risks inherent in citizen development platforms. With practical insights, we’ll contrast remediation
strategies for citizen developers versus traditional coders and share how to instill a secure mindset in these new creators while keeping the process lighthearted and engaging.
Join us as we unlock the immense potential of citizen development while ensuring it doesn’t unlock new
vulnerabilities—and seize this opportunity to build a more secure future from the ground up.
Kayla is a senior security engineer in the CTO office with Zenity. Her professional career started in the
United States Marine Corps, where she then left active duty to pursue a career in Cybersecurity. Throughout her years in security, she has served as a practitioner in vulnerability management, security operations, crowdsourced security, and most recently, Agentic AI security and governance.
With a passion for bridging the gap between business and technology, Kayla will continue to evangelize the importance of security for everyone.
Who’s Asking? Identity Verification & Access Control in the Age of Hybrid Work
Danny Ocasio
TRACK 2 - 11:00 - 11:30
With hybrid work now the norm, Identity and Access Management (IAM) has become the backbone of enterprise security. But managing access across distributed systems, VPNs, and cloud environments
comes with complex challenges. Employees are working from home, coffee shops, airports, hotels, everywhere. This talk will explore the challenges of managing remote access in modern enterprises, addressing critical topics such as VPN security, role-based access control (RBAC), and just-in-time (JIT) access provisioning. We will discuss the importance of enforcing least privilege access through ticketing systems, multi-factor authentication (MFA), and automated verification mechanisms for cloud and on- premise environments.
People who attend will gain insights into:
* No Ticket, No Access - Implementing IAM policies that balance security with employee productivity.
* Cloud’s Greatest Weakness – How IAM misconfigurations in distributed systems become hacker
playgrounds.
* The Role of Ticketing Systems: Why structured access request workflows are critical for security and compliance.
* Zero Trust or Zero Chance – Why traditional VPNs aren’t enough and how to enforce strict identity verification.
* Enforcing Zero Trust principles for cloud-based and distributed infrastructure.
* The Future of Hybrid IAM: Mitigating risks associated with user provisioning and deprovisioning in remote work environments.
* Battling the AI request overload for your IT/Security departments
Danny Ocasio is an Information Security Officer with experience in Security Operations, Incident Response, and GRC. Danny's career started as an Intelligence Specialist in the US Marine Corps. This early exposure to network security influenced his decision to pursue a bachelor's degree in Security & Risk Analysis (SRA) from Penn State University. Danny has worked at various unicorn startups, SOCs, and consulting.
Pentest Pains
Chris Traynor
TRACK 2 - 11:30 - 12:00
Pentesting is meant to uncover security weaknesses, but sometimes the process itself becomes an exercise in frustration. From unclear scopes and unresponsive clients to network misconfigurations and unexpected legal roadblocks, every pentester has war stories of engagements gone wrong. This talk dives into real-world pentesting pain points, sharing firsthand experiences of what makes assessments more difficult than they need to be—and how to avoid these pitfalls.
Whether you’re a seasoned pentester, a blue teamer trying to prepare for a test, or a purple teamer bridging the gap, understanding these challenges can help ensure your next engagement is smoother and more
effective. We’ll cover the most common mistakes from all sides of the table, such as poor scoping, lack of communication, ineffective remediation, and unrealistic expectations.
Beyond just the horror stories, this session provides actionable lessons to help security teams and consultants work together more efficiently. Learn how to avoid common traps, improve collaboration, and turn painful experiences into opportunities for a more productive outcome.
Chris is a Pentester at Black Hills Information Security (BHIS), where he is responsible for Pen Testing web apps, mobile app, APIs, and networks. He is also the owner of Ridgeback InfoSec (ridgebackinfosec.com) and has authored two cybersecurity classes (Offensive Tooling Foundations and Offensive Tooling for Operators) which he teaches via Antisyphon Training. Chris has nearly two decades of experience in Web/Mobile development, QA automation, and Penetration Testing.
12:00 - 13:00
LUNCH
Provided by BSidesHBG
Synthetic vs Real-World Data: A Study in Data Poisoning and its Effects
Carolina Hatch
TRACK 1 - 13:00 - 13:30
As new Artificial Intelligence (AI) models are released seemingly every day, cybersecurity experts are growing increasingly concerned with the data used to train these models. As the pace to develop new models quickens, many are turning to AI-generated, synthetic data to increase efficiency. The use of synthetic data significantly reduces the time spent on data collection and cleaning, allowing for faster creation of new models. However, emerging research suggests that these techniques may be creating insecure, unstable models. To address this growing concern, we created two separate AI models, one trained on synthetic data, the other trained using real-world data and conducted data poising campaigns against each model. Our real-world data collection process focused on movie reviews published in newspapers from 1970-1999. The use of movie reviews allowed us to establish a baseline of truth from which to develop our poisoning campaign, and the period helped ensure each article was human- generated. The synthetic data was generated using GPT-3.5. By training two models trained on the same topic, we were able to directly compare the results of data poisoning in synthetic and real-world data. Our findings revealed the synthetic model was more susceptible to data poisoning than the real-world model, demonstrating a need for further research in this area.
Carolina Hatch is a senior cybersecurity major at Messiah University. She frequently serves on panels for the honors program, speaking to potential students and addressing their concerns. Carolina is also an ambassador for the Computing, Math, and Physics Department, promoting the department. Most recently, she was accepted to give a poster session at the National Center for Undergraduate Research earlier this month.
In addition to her research, she is a member of the school’s Collegiate Cyber Defense Competition (CCDC) team, where she serves as the head of communication and throws discus for the Track and Field team. After graduation, Carolina plans to study the overlap of Artificial Intelligence and cybersecurity at Colorado State University.
TARGETED
Raymond Nutting
TRACK 1 - 13:30 - 14:00
Cyber threats are evolving and understanding the difference between ethical and unethical hacking is more important than ever. TARGETED explores the modern cyber threat landscape through real-world accounts.
From the exploitation of high-profile targets to personal experiences navigating cybersecurity risks, this talk sheds light on how attacks happen and what we can learn from them. Most importantly, it offers practical ways to protect yourself in an increasingly digital world. Whether you're a security professional or simply interested in staying safe online, this session provides valuable insights into the realities of cybersecurity today.
Raymond Nutting, (CISSP-ISSEP) is a published author, mentor and security practitioner supporting both the public and private sectors with over 23 years’ experience in the field of information security. Raymond is the co-owner and founder of nDepth Security, a Cybersecurity company that specializes in vulnerability assessment and penetration testing. Raymond graduated magna cum laude with a degree in computer information systems and a concentration in information systems security. He holds numerous industry- recognized certifications and has presented at various conferences and events throughout his career.
​Where AI/ML Technologies Meet GRC: A Roadmap for Secure Implementation
.jpg)
Nathalie Baker
TRACK 2 - 13:00 - 14:00
As our industry has embraced the transition from an "Artificial Intelligence and Machine Learning are buzzwords," mentality to a "leverage the resources available to you," mentality, a critical gap has emerged in understanding how to properly secure and govern the systems.. This talk is designed to address those who are leveraging emerging AI tools and capabilities and are asking the right questions pertaining to securing AI/ML technologies, but have yet to find the answers.
Drawing from extensive experience implementing major compliance frameworks including FedRAMP, CMMC, and SOC 2, and building upon previous BSIDES presentations, this session will provide attendees with a structured approach to evaluating and securing their AI/ML technologies. Nathalie will share real-world examples and provide practical precautions that security professionals should pay attention to.
Attendees will leave with concrete methodologies for ensuring their organizations stay ahead of the curve as compliance standards continue to adapt to the increasing prevalence of AI/ML technologies in enterprise
environments.
​Nathalie Baker started her technical career in the U.S. Army as a Paralegal. During a military mobilization, she was assigned to provide desktop support for the JAG component on the base. She continued to build her career in the civilian sector via System Administration, System Automation, System and SOC Engineering, and SOC Management roles. Nathalie then pivoted into GRC, where she was able to further distinguish herself as a well-rounded cybersecurity professional, with knowledge in both technical and administrative domains. Nathalie’s passion for mentoring others has made her prominent for training cyber professionals in a manner that balances providing guidance and allowing for self-discovery.
Exploiting CRLF Vulnerabilities for Account Takeovers: Lessons from Bug Bounty Programs.
Robert Vulpe
TRACK 1 - 14:00 - 15:00
In the realm of web security, CRLF injection is frequently dismissed as a low-impact vulnerability. However, when paired with innovative exploitation techniques, it can unlock devastating outcomes such as complete account takeovers. This presentation uncovers the mechanics of CRLF vulnerabilities and demonstrates how their impact can be amplified through different methods. Drawing from real-world bug bounty experiences, we will explore compelling case studies: a CRLF flaw on an isolated subdomain leads XSS on the main domain, an ESI tag exploit stealing cookies, and a Unicode normalization trick leveraging browser quirks to trigger XSS—all culminating in account takeovers. We will also dissect how HTML encoding can be bypassed in the right scenario. Join us to discover how to transform a seemingly minor vulnerability into a critical exploit and learn the importance of rigorous quality assurance in securing systems.
SafeGen: Accelerating Secure Generative AI Implementation
Vineeth Sai Narajala
TRACK 2 - 14:00 - 15:00
The rapid adoption of Generative AI (GenAI) presents unique security challenges that organizations must address while maintaining development velocity. This presentation provides practical strategies for building secure GenAI applications, with a focus on AWS services like Bedrock and Amazon Q. We introduce a comprehensive security framework that addresses three critical areas: threat modeling for GenAI systems, secure integration patterns, and robust output validation mechanisms.
Through real-world case studies, we'll demonstrate how to identify and mitigate GenAI-specific vulnerabilities, including prompt injection attacks and data leakage risks. Attendees will learn concrete techniques for securing their entire GenAI pipeline, from input validation to output verification, with an emphasis on protecting sensitive information and preventing model hallucinations with an emphasis on speed and efficiency of the SDLC.
The presentation includes hands-on examples of implementing security controls in GenAI applications, featuring code samples and architecture patterns that can be immediately applied. Security professionals and developers will gain practical knowledge about automated security testing for GenAI systems, session isolation techniques, and effective output validation strategies.
By the end of this session, attendees will have actionable insights for accelerating their GenAI initiatives while maintaining enterprise-grade security standards.
Vineeth is an GenAI Application Security Engineer at Amazon Web Services (AWS), specializing in core Data Analytics services such as EMR, Athena, and LakeFormation. He has also been instrumental in developing GenAI Security guidelines for service-to-service integration and development within AWS. Prior to his current role, he held positions as a penetration tester and in threat intelligence. Additionally, he gained valuable experience in Business Recovery and Disaster Recovery, particularly in mitigating ransomware attacks during his tenure at Nordstrom.
Beyond his professional roles, Vineeth actively participates in the bug bounty scene and is passionate about contributing to the community. He has shared his expertise as an Adjunct Instructor at the University of Nevada, Las Vegas, and has delivered guest lectures at his alma mater, the University of Washington, Seattle. Outside of work, he enjoys skiing and has recently started learning to surf. Vineeth also has a keen interest in classic rock and EDM music.
​The Cost of an Incident
Amanda Draeger
TRACK 1 - 15:00 - 16:00
For those incidents that are publicly reported, we see things like "this cost $X million dollars". Where do those costs come from? This talk will look at data from insurance claims to explain where the costs of an incident come from.
Amanda is a Principal Cyber Risk Engineer at Liberty Mutual Insurance. She is a GSE, retired Army, and
enjoys playing with yarn.
Shut the Front Door: Forming Attack Profiles from Risky Hiring Practices
Jessica Weiland
TRACK 2 - 15:00 - 15:30
This presentation is a novel way to look at the “open windows” that job listings provide to cyber criminals to profile a business from an attack perspective. From open windows to creaky back doors, a conversation
needs to be had about the do’s and don’ts of what our teams include as we search for new talent to join our teams.
I have spent enough time using companies job postings to do my own version of OSINT, to create a cyber blueprint that reveals where there might be gaps or vulnerabilities in a company’s tech stack, where there
are resource gaps, & how your program might be immature and primed for someone to slip past your defenses and take up residency in your systems.
In my presentation we will look at job postings across US businesses, examine the doors, windows, and disabled security systems (do they have a dog? is it a Chihuahua or a Doberman) that the data suggests,
and use it to profile the company and the level of risk that the posting reveals. We will also open the conversation to "how we do better" without loosing the technical hiring requirements.
Jessica has spent the last 8 years helping companies navigate the conversations around the prioritization of security based on business criticality and the need for resiliency. She serves as a liaison between IT leadership and boards to translate technical goals, and to turn the conversation of No into How.
Under Pressure: Why Can’t We Give Ourselves One More Chance?
Ashley Chackman
TRACK 2 - 15:30 - 16:00
Pushing down on you, pressing down on me! Cybersecurity is a high-stakes, high-pressure game where split-second decisions can mean the difference between disaster and defense. This session dives into how to stay cool when the heat is on, manage high-pressure incidents without cracking, and give yourself and your team the tools to rise above the noise. No terror of knowing what this world is about—just actionable
strategies to handle the chaos like a pro.
Ashley Chackman is a cybersecurity leader who specializes in security education, intelligence research, and cyber workforce development. With expertise in OSINT investigations, she also supports federal and state law enforcement agencies by collecting and analyzing intelligence on human trafficking and missing persons. She has led security training programs for global organizations, driving engagement through organizational design, behavioral science, change management, and data-driven strategies.