09:00 - 17:00
Friday - 12th April 2024
Keynote 09:00 - 10:00
Jeff Man
Keynote Speaker
MAIN STAGE //OPENING KEYNOTE
Jeff is a respected Information Security advocate, advisor, evangelist, international speaker, keynoter, former host of Security & Compliance Weekly, co-host on Paul's Security Weekly and Tribe of Hackers (TOH) contributor.
Part of the first penetration testing "red team" at the NSA and certified NSA Cryptanalyst. or the past twenty-seven years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best known companies.
Closing Keynote 15:40 - 16:30
Dr. Catherine Ullman
Keynote Speaker
MAIN STAGE //CLOSING KEYNOTE
Dr. Catherine J. Ullman is a security researcher, speaker, author, and Principal Technology Architect, Security, at the University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and Blue Team Con. Cathy is a contributor to the O’Reilly title 97 Things Every Information Professional Should Know and the author of the Wiley title The Active Defender. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.
Practical Password Cracking: Hardware, Tools, Methods... and AI
Sean Smith
TRACK 1 - 10:00 - 10:50
Sean is a smart factory manufacturing consultant full-time, a cybersecurity professional part-time, and a hacker ALL THE TIME. This allowed him to travel across the US and abroad learning from countless clients in many industries. Over the past 15 years, he has specialized in technology strategy and transformation, focusing on implementing industrial Internet of Things (IIoT) solutions. In his free time, Sean is a father, husband, educator, and hacker. He enjoys 3D printing, wood and metal working, tinkering with hardware/software, crypto mining, Raspberry Pis / Arduino SBCs, RFID / Wireless technologies, and any / all cool technology.
Incident response: How to fight fires without burning
Juan Giarrizzo
TRACK 2 - 10:00 - 10:50
Juan is a Sr. Security Engineer with over 10 years of experience in the technology space with 5 years focussed on cyber security. Initially a CTF player and OSINT investigator he now specializes in incident response, threat hunting, threat intelligence, and cloud security.
Vehicle Cybersecurity
Kevin Walter
TRACK 1 - 11:00 - 11:25
I was born, raised, and live in Pittsburgh, PA. I graduated with a Master's degree in Cybersecurity from PennWest University - California Campus in August of 2023.
I possess a CompTIA Security+ certification, and I hold PA state Vehicle Inspector and Emissions licenses. Vehicle Cybersecurity has always been one of my top interests in the field of Cybersecurity because of my prior experience operating a transportation contracting business and my hobby of working on cars.
While in graduate school, I researched vehicle cybersecurity related issues, and I have an intense interest in securing these vehicles from nefarious hackers.
After graduate school, I completed a 4 month contract apprenticeship position with Dagostino Electronic Services Inc from September 2023 to December of 2023.
In January of 2024 I founded and launched Cyber Services LLC, an emerging technology start up currently in the development phases of growth.
Discord OSINT: Using the power of Empathy Banana
Zach Malinich
TRACK 1 - 11:30 - 11:55
I am a Penn State alumni and graduated in 2022 with a Bachelor's of Cybersecurity and a minor in Security Risk Analysis. During my time there I participated in multiple cybersecurity-related competitions such as CCDC, CPTC, and a few more. I currently hold eJPT, PNPT, CBBH, and completed the Evilginx Mastery course.
Resiliency and Adaptation in Incident Response
Art Ocain
TRACK 2 - 11:00 - 11:50
Art Ocain, a seasoned leader in cybersecurity at Airiam, has excelled as COO, CTO, CISO, and CIO. Specializing in ransomware recovery and resilience, Art shapes strategies for robust business continuity and cyber resilience.
12:00 - 13:00
LUNCH
(ON YOUR OWN)
EtherJack – A Plug-and-pray Leave Behind Device
Raymond Nutting
TRACK 1 - 13:00 - 13:25
Raymond Nutting, (CISSP-ISSEP), is a published author, mentor and security practitioner supporting both the public and private sectors with over 22 year's experience in the field of information security. Raymond holds numerous certifications and has presented at various conferences in his career.
Is your OPSEC making you a target
Joel Prentice
TRACK 1 - 13:30 - 13:55
I am cyber security engineer and penetration tester. I attend college at Utica University where I got a B.S. in cyber operations. I have a M.S. from the University of Maryland for Cloud Computing Engineering.
Infrastructure as Remote Code Execution: How to abuse Terraform to elevate access
Michael McCabe
TRACK 2 - 13:00 - 13:50
Michael McCabe is the president of Cloud Security Partners, where he specializes in helping clients securely migrate their workloads to the cloud. He has been a featured speaker at numerous security conferences, including LASCON, Defcon, DevSecOps Days, and BSides.
Critical Infrastructure Protection: How Good/Bad Can It Get?
Joseph Price
TRACK 1 - 14:00 - 14:50
Joseph Price has professionally worked in cybersecurity for 30 years, serving in various roles in both defensive and offensive cyber disciplines. At Deloitte, Joseph leads our OT cybersecurity capability and service offering investments, serving both government and commercial clients.
Penetration Testing with AI!
Brandon Keath
TRACK 1 - 15:00 - 15:30
Brandon Keath is a seasoned cybersecurity executive, engineer, and professor with 15+ years of experience in the field. Known for expertise in merging business objectives with cybersecurity strategies, Brandon has a track record of developing comprehensive cybersecurity solutions.
Building bridges: mastering cross functional partnerships for vulnerability management success!
Kayla Underkoffler
TRACK 2 - 14:00 - 14:50
Kayla Underkoffler is a lead security technologist with HackerOne and is currently the team lead for the Internet Bug Bounty program. Kayla spent four years as a United States Marine in the Quantico Marine Corps Band, before leaving active duty to pursue a career in Cybersecurity. She landed the magical opportunity to work on the security team for the Walt Disney company in the Disney Parks, Experiences and Products segment as a vulnerability management lead. With a passion for bridging the gap between business and technology, Kayla continues to evangelize the importance of security for everyone.
DARVO: The Psychological Manipulation of Ransomware Victims
Matt Dotts
TRACK 2 - 15:00 - 15:30
Matt Dotts is the Information Security Awareness Officer for Mid Penn Bank and MPB Financial where his responsibilities include facilitating cybersecurity training and education programs for both internal
and external stakeholders of the organizations.
Matt came to Mid Penn Bank after serving twenty-four years in law enforcement where he specialized in investigating cyber and financial crimes and spent time assigned to an FBI cybercrime task force. He
holds industry-recognized certifications including the Certified Financial Crime Investigator (CFCI) and GIAC Certified Incident Handler (GCIH). Additionally, he has a master's degree in criminal justice with a
degree concentration in Digital Forensics.
Outside of his duties for Mid Penn Bank, Matt is an adjunct instructor of Criminal Justice at the Harrisburg Area Community College (HACC). He frequently lectures to law enforcement, civic, and business groups about cyber-financial crimes, Internet security, and the criminal use of technology.