(Panelist) Authentic Allyship in Tech: Putting Words Into Action, 11:05 AM (ET)
Lauren Zabierek, former Executive Director of the Cyber Project at Harvard Kennedy School’s Belfer Center for Science and International Affairs, has been appointed Senior Policy Advisor with the Cybersecurity & Infrastructure Security Agency (CISA). Zabierek was tapped for the agency position directly from the Belfer Center where she was Acting Executive Director following several years as head of the Center’s Cyber Project.
She was also the first woman participant in the Elbe Group discussions on cybersecurity, having been a part of the cyber-focused dialogue in 2019 in Stockholm, Sweden and again in 2021 virtually. In January 2023, she was named a Senior Policy Advisor to the Cybersecurity and Infrastructure Security Agency.
Lauren is the co-founder of the online social media movement called #ShareTheMicInCyber, which aims to dismantle racism in cybersecurity and privacy. #ShareTheMicInCyber started as an online conversation on Twitter and LinkedIn but has become so much more--it is breaking down barriers in the cyber industry through individual and collective action. Since its inception, the movement has garnered over 100 million Twitter impressions and featured participation by the nation's cyber leaders.
(Panelist) Authentic Allyship in Tech: Putting Words Into Action, 11:05 AM (ET)
Tashya Denose is more than a cybersecurity professional; she is an enthusiast. Her passion projects are focused on empowering women in the field. She is a board member of Black Girls in Cyber, where the mission is to change the socioeconomic status of black women by providing them with resources to pivot into cyber and privacy roles. Her monthly podcast, "Do We Belong Here?" hones in on the human side of cyberspace with a lens on diversity. It is produced by Cyber Florida.
As far as her professional background goes, she has worked in the public sector, supporting DoD networks and the Intel community, and in the private sector, working for Capital One and Google.
She has thrived in technical and governance roles ranging from control testing, assessments, vulnerability management (where she led the vulnerability management program for the Pentagon), and incident response.
(Moderator) Authentic Allyship in Tech: Putting Words Into Action, 11:05 AM (ET)
Jennifer is the CEO at GRIMM, a cyber research firm headquartered in Reston, Virginia, with a holistic approach to the cybersecurity of cyber-physical (CyPhy™) systems. She is a cyber-economics strategist recognized for building cybersecurity strategies and programs for industry, government, and academia. Her expertise has been concentrated on the security of connected Cyber-Physical Systems and technologies. Her portfolio includes expertise in Industrial Internet of Things (IIOT), Smart Cities development and planning, Critical Infrastructure and Advanced Transportation Mobility, including Connected & Automated Vehicles, Aerospace, and the securing of unmanned military platforms.
Previously, Jennifer was recognized for holding the first “mobility” job in the United States, serving as the Cyber-Mobility program strategist for the State of Michigan. Jennifer’s work created the foundation for Michigan’s economic strategy to band together automotive, defense and aerospace industries with embedded systems cybersecurity, charting a new economic development path for the state. In 2018, Jennifer was voted one of SC Magazine’s “Women to Watch” in Cybersecurity and advocates for increased diversity, equity, and inclusion in the industry. She values partnerships and the need to build trust in a zero-trust world.
OSINT and the Metadata of Madness, NOONish (ET)
Harish Kumar currently works as a Helpdesk Technician at DXC Technology and has four years of experience in IT Support. He's looking to leverage his skills to break into cybersecurity. During his learning journey, Kumar uncovered that his favorite subject in cyber is OSINT. He is excited to explore the sensitivities of Metadata and how careful we need to be when sending anything to anyone.
Deconstructing Supply Chain Risk, 12:45 PM (ET)
Steven Fox leads Governance, Risk, and Compliance for the State of Washington. His background includes learning how to break systems as a penetration tester, using that knowledge to protect organizations as a security architect, and managing GRC and audit practices in the private and public sectors.
Anmol Singh Yadav
API Hacking Demystified: A Technical Overview for Security Professionals, 1:30 PM (ET)
Anmol Singh Yadav is a highly skilled and motivated cybersecurity professional with a strong passion for keeping systems and networks secure. He holds a Bachelor's degree in Technology in Computer Science with a specialization in Cyber Security & Digital Forensics from the Vellore Institute of Technology.
He has gained extensive experience and knowledge in cybersecurity through his academic coursework, internships, and practical hands-on experience. He is an active member of the cybersecurity community and volunteers with the Defcon Delhi Group to share his expertise and knowledge with others.
Anmol's interests include bug hunting, security automation, and cybersecurity research. He also knows about vulnerability assessment, web application pentesting, OSINT, and Linux security. He solves CTF challenges in his free time. He is based in India and actively seeks opportunities to contribute his skills and expertise to make a positive impact in his field.
Refining Your Offensive Pentest Methodology, 2:15 PM (ET)
As a Security Consultant, Chantel specializes in pentesting a number of technologies and has experience pentesting across different industries and sectors. In her free time, she enjoys learning new hacking techniques, researching the cosmos, and reading philosophical texts. Bringing integrity, a growth-mindset, and an open mind to all things new drives her passion for hacking.
2023 Top Hack: How to Manage Change as a Leader, 3 PM (ET) | co-presenter
Caroline Wong is the Chief Strategy Officer at Cobalt. She has 15+ years of cybersecurity leadership, including practitioner, product, and consulting roles. Caroline authored the popular textbook, Security Metrics: A Beginner's Guide. She teachers cybersecurity courses on LinkedIn Learning and hosts the Humans of InfoSec podcast.
2023 Top Hack: How to Manage Change as a Leader, 3 PM (ET) | co-presenter
Andrew Obadiaru is a Vice President and Chief Information Security Officer at Cobalt. Andrew is responsible for maintaining the confidentiality, integrity, and availability of Cobalt's systems and data. Prior to joining Cobalt, Andrew was the Head of Information Security for BBVA USA Corporate Investment banking, where he oversaw the creation and execution of Cyber Security Strategy. Andrew has 20+ years in the security and technology space, with a history of managing and mitigating risk across changing technologies, software, and diverse platforms.
Automotive Security Standards Are Special: Just Like Every Other Industry, 3:45 PM (ET)
Heather Vermillion has 15 years' experience securing systems, assessing the security of systems, and teaching others about security. She has worked in defense and intelligence, e-commerce, insurance, and most recently embedded systems. Heather holds a BS in computer science and an MS in cyberspace operations, along with a CISSP, GCIH, and Security+. Outside of her day job, she is small business owner and can be found spending time with family, training martial arts, or making stuff.
Taking The Plunge: Be a Cyber Startup Founder Too, 4:15 PM (ET)
Ian Y. Garrett is the CEO and co-founder of Phalanx, which is a central hub where leaders can view and control document access across their organization so they always know who has eyes on their data leveraging existing platforms with Zero Trust Data Access. Previously he was a US Army Cyber officer focused on offensive cyber operations as well as a data scientist in the defense sector. He combines his operational knowledge with his PhD research to bring unique insights to the intersection of artificial intelligence & cybersecurity.
Finding Windows Privilege Escalation Vulnerabilities with Crassus, 5:00 PM (ET)
Will Dormann is a senior vulnerability analyst at Vul Labs. He officially entered the infosec field in 2004 at the CERT/CC. From ActiveX to Android applications, Will has discovered thousands of vulnerabilities in many types of products, using a range of tools and techniques. A recurring theme in Will's work has been to simplify tooling and apply automation to make vulnerability discovery easier.
Securing the Loop: The Importance of the Decision Cycle in Control System Cyber Security, 5:45 PM (ET)
Steve Griffing is an OT/ICS Senior Security Architect with Booz Allen Hamilton. Prior to joining BAH last year, he spent time conducting unmanned systems cybersecurity as part of NAVCENT’s Task Force 59 as a mobilized Navy reservist. Prior to his recall to active duty, he served as a DoD contractor for the US Army Corps of Engineers, conducting risk assessments for FRICS and unmanned vehicles. He also taught at the US Army Cyber School, writing their ICS curriculum, after other DoD contracting roles. Steve served in the US Navy from 2006 – 2016 as an NFO and as an Information Professional in various roles across the Pacific and Southwest Asia. Steve Griffing earned a BS in Systems Engineering from the United States Naval Academy in 2006 and a MS in Cyber and Information Security from Capitol Technology University in 2017. He is a Registered Professional Engineer in the State of Georgia, and holds many cyber and physical security certifications, including CISSP-ISSEP, CPP, PSP, and CEH.
Closing Keynote, Building and Enabling our Cyber Workforce, 6:15 PM (ET)
Barbara Cosgriff began her Information Technology career serving six years as a Signal soldier in the U.S. Army over 37 years ago. After an honorable discharge, she expanded into software. Barbara has spent the last 25+ years filling various Secure Software Development Lifecycle positions, including Software Developer, Software Security Architect, Director of Application Security, and Intelligent Systems Security Technologist. She now works as an Independent Consultant, conducting cybersecurity training, research, strategy development, and other application security-related services for her clients. She holds a Bachelor's degree in Computer Science from Fayetteville State University and is a Certified Software Security Lifecycle Professional (CSSLP).
Syed Ubaid Ali Jafri
Workshop: Reducing Threat Landscape by Demonizing Adversaries, 2 PM (ET)
Ubaid is a global Cybersecurity speaker, a motivational speaker who weaves real-life experiences into a presentation that is both entertaining and rewarding. Ubaid provides practical insights into real work situations relevant to many industries. He brings a practical, proactive approach to the digital era, inspiring audiences to be present now to be prepared for the future.
He is a professional cyber crime investigator; he has received global acknowledgment as a Cyber Crime Examiner. Mr. Jafri is one of the leading experts who has hands-on experience in the leading technology relevant to Cyber Defense, Offensive Security, Red Teaming, Cyber Analytics, Emerging technologies, Cyber readiness, Internet of things, Digital forensics, Incident Handling & Response, Data leakage prevention, Security Transformation & Integration, Threat Intelligence, Security operations center, and security strategy & Governance.
Workshop details: TOP 10 Threats predicted in 2023 may reduce the threat landscape and allow adversaries to map the risk profile. The session helps an organization minimize the threat landscape from overall risk exposure.
I am an Information Security professional with an eclectic background which includes computer forensic investigations, information technology systems administration in the public and private sectors and end user technical support. This background together with external pursuits has given me a wide perspective that allows me to draw on and integrate the many technologies, methods, and concepts in and around my core discipline. I am a motivated life-long learner with broad interests and studies within multiple concentrations.
Micah K. Brown is a member of the IT Security Technical Architecture team at a large financial organization. He is focused on building out the next generation of IT Security services and IT Security controls to protect the organization, the employees, the partners, and the customers. Afterhours, Micah volunteers with the Greater Cincinnati ISSA Chapter, is a board member of a 501c3 with the intent to bring a Hacker Conference to his city of Cincinnati, and has had the honor to present at many prestigious IT Security Conferences.
Mentor & Emcee
Erin Cornelius is a Senior Staff Security Researcher in the Cyber Physical Security group at GRIMM and has given talks at ESCAR, DEF CON Car Hacking Village and DEF CON Aerospace Village. Erin helped develop GRIMM's Automotive Security training and has taught Automotive Security and Software Reverse Engineering trainings. Prior to joining GRIMM, Erin spent years designing, integrating and testing safety-critical embedded systems in telecom, aerospace, medical, and industrial applications.
Mr. Stoner, a CISSP holder, has over 22 years of experience in the US Intelligence Community (USIC), DOD, and national security industry with 13+ focused in cybersecurity. He has experience with Cyber Threat Intelligence (CTI), instructional design, cyber counterintelligence (CI), Defense Industrial Base (DIB) engagements, Advanced Persistent Threat (APT) analysis, Risk Management Framework (RMF) and Governance, Risk and Compliance (GRC). He is passionate about helping others in INFOSEC and volunteers in the cybersecurity community regularly and is a volunteer with The Diana Initiative (TDI) and VetSec.
Sean, a Senior Security Researcher at GRIMM, specializes in automotive, connected vehicle cybersecurity, risk assessment, and vulnerability management for the automotive industry. Previously, Sean worked as a Cybersecurity Architect at a global automotive OEM, securing advanced transportation mobility platforms and serving as the company’s Bug Bounty Program Manager for the first public bug bounty program for an automotive OEM.
Mentor & Emcee
JoYo is a Senior Software Engineer for Computer Network Exploitation at GRIMM. He has 16 years of practice in software engineering and reverse engineering for traditional and non-traditional computer network exploitation.
Morgan Whitlow is a Senior Security Researcher with Grimm's Cyber-Physical team doing tooling and research on assessing, defending, and exploiting embedded and mobile devices. A former lockpicking instructor and nanotechnology researcher, they eventually decided to pursue a Master of Science in Applied Computer Science. Initially breaking into the field by hunting, monitoring, and responding to threats within client systems as a SOC analyst, a natural sense of curiosity quickly led them into the world of security research. Though intellectually omnivorous, they have a particular affinity for hardware and rapid prototyping.
Matt has been reversing and exploiting embedded systems (firmware, hardware, radio) for 13 years, writing emulators and disassemblers for 15 years, and crafting tools to make it easy for just as long.
Matt's expertise includes reverse-engineering, vulnerability research, software/firmware/hardware / ICS / AMI / Radio, hacker techniques, and teaching others. He led the Vulnerabilities team for NIST Cyber Security Coordination Task Force developing NISTIR-7628 and Cyber-Physical Systems (CPS). Matt was a founding member of the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG) and was the Red-team lead for Advanced Security Acceleration Project (AMI-SEC/ASAP). Matt also was captain of three winning Defcon CTF teams.
Ashley Van Hoesen
GRIMMer Ashley Van Hoesen is a seasoned cybersecurity professional with over ten years of experience in various aspects of security testing and penetration testing. She is well-versed in IT and ICS network architectures, operating systems, and cybersecurity tools. As a Cyber Physical Red Team Operator and Security Analyst, Ashley has developed lesson plans, instructional materials, and practice labs for Industrial Control System Security training courses. Her hands-on experience and strong knowledge of Unix and Windows make her a valuable instructor in the ICS training field. Ashley's dedication to helping businesses and organizations identify and resolve IT and ICS security vulnerabilities and weaknesses has made her an essential team player in the cybersecurity industry.
As the Director of CyPhy Products & Industrial at GRIMM, Jeff is passionate about securing our nation’s critical infrastructures. He has spent over 20 years in information and cybersecurity risk management with particular expertise in industrial control and SCADA system cybersecurity. In addition, Jeff spent 13 years at one of the nation’s largest electricity providers, holding several positions in their industry-leading cybersecurity organization.
He joined NERC’s E-ISAC in 2017. As Manager of Cyber Threat Intelligence, he helped expand their capabilities by building relationships, strategizing, and creating threat intelligence specific to the electricity industry to help reduce cybersecurity risk to critical infrastructures.