Remote Workforce: Attack and Defense
Alberto J. Rodriguezm, M.S. Digital Forensics | OSCP | CISSP
Compuquip CyberSecurity, SOC and Offensive Security Lead
COVID19 has pushed most of our workforce to work from home. This has sped up cloud initiatives in many organizations. This speedy deployment of work from friend infrastructure, particularly cloud, did not go through much planning. The untouched security considerations to support these rapid deployments has led to an increase in risk to organizations. This talk will focus on Microsoft cloud exploitation and adversaries are leveraging to gain a foothold into your sensitive data with some defensive considerations.
Alberto is an infosec professional with over five years of experience in securing critical infrastructure, penetration testing, threat hunting, and incident response. Alberto specializes in Adversary detection and simulation. He served as an Active Duty Cyber Operations Officer in the Army is currently the SOC and Offensive Security Services Lead at Compuquip Cybersecurity and he also continues to serve in the Army as a Reservist.
He holds numerous industry recognized certifications to include the OSCP, CISSP, GPEN, GWAPT, and GCWN. He is passionate about securing consumer data and teaching the next generation of information security professionals. You can connect with him at www.linked.com/in/albertojoser
Founded in 1980, Compuquip is a family-owned and operated advanced technology solutions partner for businesses throughout Florida and beyond. Over the years, we have earned a reputation as a trusted provider of cybersecurity products and services that helps our enterprise partners meet their network infrastructure and security needs. Our mission is to help the companies we partner with mitigate their risks and meet their business objectives with dedicated service and support combined with best-in-class technology solutions.
DLP and how to use an EDR to
augment your current DLP Programs
Scott Rich, Sales Engineer, SentinelOne
I got my start in Security nearly 20 years ago when NCIS in Japan approached me to help them with an investigation due to my MS Windows expertise and have been hooked ever since. During that time my career has taken me all over the planet solving security problems for government agencies and very big names such as Johnson Controls and Microsoft. Working with some of the smartest professionals in the industry is by far one of the most rewarding aspects of my job at SentinelOne.
During the rare opportunities that I have some free time to spend with my wife and two awesome kids, we love to take the dirt bikes out on the trails in the gorgeous Cascade Mountains. Other times we like to eat out and enjoy fishing for salmon on our boat.
SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects and responds to attacks across all major vectors. Designed for extreme ease of use, the S1 platform saves customers time by applying AI to automatically eliminate threats in real time for both on premise and cloud environments and is the only solution to provide full visibility across networks directly from the endpoint. You can connect with him at https://www.linkedin.com/in/scott-rich-70355a27/
To learn more visit http://sentinelone.com/ or follow us at @SentinelOne, or on LinkedIn and Facebook
David O’Berry, DigitalEra
David O’Berry is a “reformed CxO/CIO/CISO who has worked for ‘The Dark Side’ (as he jokingly refers to the vendor side of the industry) since 2011 first as the WorldWide Technical Strategist for McAfee & Intel Security Group (the artist formerly known as McAfee now known as McAfee again) before taking the Sr. Global Strategic Security Architect role (endpoint, data-center, cloud, and autonomic security focused) with VMware in November of 2016. Currently David continues to passionately pursue a Jobsian “Dent The Universe” life-path via a number of endeavors including “Patch the Pony” and “Digital Arts”, FaradayWear, co-Founder and Executive Producer for the “World Beyond Words” of Quaestor, co-Founder, Advisor, and Board Member for Pre-Cog Cyber-Security, Advisory Board Member for Fractional Networks etc. while also working with other stealth-mode & early-stage start-ups with the amazing potential to “Dent The Universe”.
Previous to embarking on this phase of his career, David spent 19 plus years on the enterprise side first as a Network Manager before rapidly progressing over two decades from an Edge to Core Architect (full-stack Endpoint, NetOps, SecOps, AppDev) to State Security Domain Chairman, to CISO before completing his public sector career as the CIO/Director of Strategic Development & IT.
During his whole career David has passionately & relentlessly researched, advocated for, architected, & deployed a number of true standards-based, high-visibility, end to end real-time security constructs across both edge & core as a means of building out & iterating vendor-agnostic security models (in pursuit of true “Autonomic Computing”) while working alongside a myriad of Federal, State, Local, & Tribal agencies, peers, colleagues, his incredible team, a full-spectrum of very small SMGB to very large Enterprise-Class customers, & groups like Trusted Computing Group, The Open Group (TOG), NIST, ISACs, etc.
Active within the industry, he currently holds CISSP-ISSAP, ISSMP, CSSLP, CRISC, and CRMP in addition to a significant number of other certifications including “old school” certs like Enterprise Certified Novell Engineer (Master CNE) (a fact he tries not to mention very often). He has also been published several years in a row in the Information Security Management Handbook (ISMH) on standards-based distributed network visibility & autonomic security constructs, Secure Digital Life & the “Techno-Industrial Revolution 2.x & Beyond”. In addition to the above he has continuously stayed involved where he can make the most difference, writing for various publications, public speaking hundreds of times, doing broadcast interviews etc. on a wide-range of “Digital Meets Analog Constructs aka DigiLog”, “Secure Digital Life”, “The Digital Divide”, in addition to more standard NetOps, SecOps, DevOps & tech topics.
Just prior to his leaving government, David had the distinct honor of being named a ComputerWorld Top 100 IT Leader for 2011. He attributes that award & the success it represents (as well as all of the others he & those he led were blessed with) to God, his family & friends, & the amazing team around him during his service in the public sector.
“Trusted Security Advisors”, DigitalEra removes the barriers to top notch IT and cybersecurity counsel, products and services. Our experts help organizations of all kinds protect their data, people and systems and meet compliance.
We analyze and solve complex security problems, rendering guidance on industry-specific technologies and solutions, while optimizing overall security through health checks, monitoring and maintenance.
https://www.digitaleragroup.com/
Kenny Hernandez, Netwrix
Kenny will be available to answer any questions and available for One on Ones in the Vendor Hall
Does Security Awareness Really Work?
James McQuiggan, Security Awareness Advocate at KnowBe4
Organizations are impacted by ransomware almost every 14 seconds. It is worth noting how the criminals get into an organization’s systems and infrastructure. It comes down to phishing attacks or misconfigured and unpatched systems. Organizations declare that they have a security awareness and training program. However, how many of the employees take it, retain it, or use it? If the program is useful, why do breaches continue to occur? Organizations might have a training program, but the employees complete it, move on, and do not remember it. Thus, the next evolution of security awareness needs to be an influential security culture. If a security culture and mindset are part of every employee in the organization, this can significantly reduce the risk of a data breach through employees. Learning Objectives – Understand why security culture is important and needed with security awareness and training – How to implement a strong security culture within your organization. – How to effectively measure your security culture.
James McQuiggan, CISSP, is a 20-year security veteran and Security Awareness Advocate for KnowBe4 [ www.knowbe4.com ]. James is also a part time faculty professor at Valencia College in the Engineering, Computer Programming & Technology Division. Within the Central Florida community, he is the President of the Central Florida (ISC)2 Chapter and a Trustee Board member with the Center for Cyber Safety and Education. James has worked as a Product & Solution Security Officer, Information Security analyst and a network security engineer. He consulted and supported various corporate divisions on cybersecurity standards, information security awareness and securing product networks. You can connect with him at www.linkedin.com/in/jmcquiggan/
Attacking using Containers
Penetration Testing machines have been around for close to a decade. There is a new portable strategy however for building applications in the form of containers. Containers are highly portable and highly dynamic but tooling around this platform can be limited. We will disclose a project that will leverage containers as not the target for attackers, but the launching point.
Moses Frost is a 20-year IT Veteran, having worked at Large Healthcare, Startups in Data and Data mining, FinTech, and Large Technology Companies like Cisco Systems. He currently works at McAfee. He has been an Incident Responder, a Penetration Tester, an IT Architect, and a Platform Engineer. In his tenure, he has presented at various conferences including DefCon and BSides. He is the Author of SEC588, Cloud Penetration Testing, and SEC642 Advanced Web Application Penetration Testing. You can connect with him at www.linkedin.com/in/mosesfrost/
Defending the Cyber Kill Chain
Christopher Peacock, Sr Cyber Threat Ops II at Raytheon Technologies
This talk goes over common kill chain techniques and defense in depth approach to defend them.
Defending the Cyber Kill Chain: This talk will seek to address the most observed steps and techniques leveraged by attackers to infiltrate organizations. The offensive steps will cover common penetration techniques, as well as modern human operated ransomware campaigns. The talk’s coverage will help educate on how attacks are being pre-formed, living off the land techniques, and what can be done to prevent them with a defense in depth approach at an operational and tactical level.
Christopher Peacock holds the role of Sr Cyber Threat Ops at one of the world’s top defense contractors, and specializes in threat hunting, customer consulting, and intelligence. Chris has experience in critical infrastructure, defense, energy, finance, healthcare, and technology. Chris holds the following industry certifications GCFA, GCED, CCCA, eJPT, CSIS, CIOS, Security+, Network+, and ITILv4. You can connect with him at www.linkedin.com/in/securepeacock/
Emulating EvilCorp Ransomware Hack on Garmin using WastedLocker
Jorge Orchilles, Chief Technology Officer of SCYTHE
A day hardly goes by without hearing about another ransomware attack. This talk will focus on how to emulate a ransomware attack without introducing risk. We will understand how ransomware works, learn how criminals are evolving to get paid, create an adversary emulation plan that is safe but valuable for enterprises, and discuss how to defend against ransomware attacks. The goal of these engagements is to train and improve people, process, and technology. This contrasts with a penetration test that focuses on testing technology and preventive controls. Adversary emulations are performed using a structured approach following industry methodologies and frameworks (such as MITRE ATT&CK) and leverage Cyber Threat Intelligence to emulate a malicious actor that has the opportunity, intent, and capability to attack the target organization. Adversary Emulations may be performed in a blind manner (Red Team Engagement) or non-blind (Purple Team) with the Blue Team having full knowledge of the engagement.
Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation. He was a founding member of MITRE Engenuity Center of Threat-Informed Defense. He is a Fellow at the Information Systems Security Association (ISSA) and National Security Institute. Prior, Jorge led the offensive security team at Citi for over 10 years. Jorge speaks English, Spanish, and Portuguese, in decreasing levels of fluency. When he’s not hacking, teaching, or writing, you’ll find him watching and playing soccer. You can connect with him at www.linkedin.com/in/jorgeorchilles/
https://www.scythe.io/
https://www.scythe.io/about/jorge-orchilles
CAPTURE THE FLAG 101
Chris Huffstetler, Cyber Security
Chris Huffstetler aka BLuəf0x is a Cyber Security professional specializing in wireless security, physical security, and incident response. Prior to InfoSec, BLuəf0x served in the U.S. Army for 9 years acquiring satellite and tactical radio communications specialties then going to DoD contracting specializing in secure telecommunications and network operations.
You can connect with him at @BLuef0x__