Abstract

Bio

Michael Brown, CISSP, HCISPP, CISA, CISM, CRISC, has been involved with IT for 20 years, the last ten in IT Security. Moving from a security admin to a global security architect, he has been working for the last few of years as an IT security consultant preforming security risk assessments, gap analysis, and developing policies and procedures for clients to help them implement an information security management system.

Abstract

Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some fundamental triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This course, based on grecs’ popular Malware Analysis 101 – N00b to Ninja talks, covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a “ninja” per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.

Prior to workshop students should complete the following in order to get the most out of the class.

* Have a VM solution loaded onto their laptop (e.g., VMware [free, trial, or paid] or VirtualBox [free]).
* Download and load the ModernIE Windows XP with IE8 VM into the VM solution. https://dev.windows.com/en-us/microsoft-edge/tools/vms/windows/

Saturday March 12th 01:30PM – 04:30PM

Bio

grecs has two decades of industry experience and undergraduate/graduate engineering degrees. After doing the IT grind, he discovered his love of infosec and has been pursuing it since. Currently, he spends his days as a senior cyber analyst enhancing customer defenses through advanced analysis, customized training, and engineering improvements. In his free time grecs is an international speaker and blogger covering a range of defensive topics.

Abstract

10 seconds is all the time a Recruiter or Hiring manager is going to give your resume in deciding to keep it or pass on it. A resume tells a great deal about you, creates a first lasting impression and gets you the interview.

Join our resume writing and social media profile editing workshop to learn how to best tailor your information to pursue the job that you want. Experienced recruiters review 40-50 resumes and LinkedIn profiles a day. Our tips will help you stand out above candidates competing for the best jobs out there.

At the end we can have a Q&A session to answer any questions about the workshop or the IT market and relevant trends in the US in general.

Please bring a hard copy of your resume to the workshop, send a soft copy dfuentes@teksystems.com or a connection request to https://www.linkedin.com/in/diego-fuentes-59ab0b12.

10:00AM – 10:30AM

Bio

As Technical Recruiters for TEKsystems, we are responsible for building consultant relationships, understanding the local employment market in Central Florida and consulting with Technical Candidates to help them advance their long-term careers.

Abstract

When your job is to act as a malicious attacker on a daily basis for the good of helping organizations, you can’t help but wonder “What if I decided to embrace the evil within?” What if one day I woke up evil? Every day as a pentester, I compromise organizations through a variety of ways. If I were to wake up one day and decide to completely throw my ethics out the window, how profitable could I be, and could I avoid getting caught?

In this talk I will walk through a detailed methodology about how I personally would go about exploiting organizations for fun and profit, this time not under the “white hat.” Non-attribution, target acquisition, exploitation, and profitization will be the focal points. Blue teamers will get a peek into the mindset of a dedicated attacker. Red teamers will learn a few new techniques for their attack methodologies.

Bio

Beau Bullock is a Senior Security Analyst at Black Hills Information Security. Prior to joining BHIS, Beau‘s primary role has been implementing security controls to protect information and network assets. He has held information security positions in the financial and health industries. Beau has experience with all aspects of enterprise network security including penetration testing, vulnerability analysis, data loss prevention, wireless security, firewall management, and employee security training. In his spare time, he hosts the Hack Naked TV information security webcast and presents at conferences.

Beau holds a B.S. in Information Technology and has also obtained multiple industry certifications including OSCP, OSWP, GCIH, GCFA, GSEC, GPEN, GXPN. Beau is @dafthack on Twitter.

Abstract

CFAA, CAN-SPAM, HIPPA, and CADRA are just a few of the many alphabet-soup acronyms that make up the legal rubric in the United States that govern information security, privacy, and technological issues- information security professionals need to understand the patchwork of laws in the United States (and Florida in particular) to be truly effective in their endeavors.  New state laws appear every day with different standards for what data is considered sensitive and how an organization is dealt with if they disclose protected information. What laws should you be aware of when engaging your organization about risk and data disclosure? This talk will focus on the CFAA, the Computer Fraud and Abuse Act, as well as CADRA, Florida’s Computer Abuse and Data Recovery Act. Adam Losey, an internationally recognized attorney working in Central Florida will discuss information security and privacy law, what it means to information security professionals, and how to approach data privacy laws. The talk will include 20-30 minutes of round table style discussion allowing the audience to ask questions regarding matters of law and data privacy.

Bio

Adam Losey is an internationally recognized attorney, author, and educator in the field of technology law. He represents a number of Fortune 100 companies in high-stakes complex litigations across the country involving challenging issues at the intersection of law and technology. In addition to his litigation practice, Mr. Losey routinely advises clients large and small on a variety of sophisticated information security, incident response, privacy, electronic discovery, and data management matters. Inside and out of the courtroom, he efficiently and creatively solves problems for clients in a variety of situations.

Abstract

A recent study titled, “Battling the Big Hack” by IT professional network Spiceworks found that that 80% of organizations experienced an IT security incident in 2015, with 53% of respondents having a concern for ransomware in 2016. But how did we get here? And how can we avoid these growing attacks in the coming year and beyond? In general, all ransomware pretty much works the same in that it tries to extort money from a user, but each variation of it does something slightly different. This presentation will discuss the history of ransomware – from the first known ransomware, which hit the scene back in 1989 (the “AIDS” or “PC Cyborg” Trojan), to Gpcode (RSA encryption schemes), CryptoLocker (Bitcoin transactions), and Cryptowall (targeting Windows), with many others in between. We’ll close out the discussion with 2016 ransomware predictions, as well as how users can mitigate these attacks in the future.

Bio

Dodi is VP of CyberSecurity for PC Pitstop with 10+ years’ experience in the cyber security industry, specializing in security risk assessment, programming, firewalls, malware/targeted attacks, antivirus, & more. Previously, he led several initiatives in malware research, software development, software testing, and product management for ThreatTrack Security, Sunbelt Software, & GFI Software.

Abstract

Knowing how to perform basic network forensics can go a long way in helping infosec analysts do some fundamental analysis to either crush the mundane or recognize when its time to pass the more serious attacks on to the the big boys. This presentation covers environment options for making your network monitor-able, three quick steps to triage and analyze alerts, and integrated distros that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a “ninja” per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of network forensics.

Bio

grecs has two decades of industry experience and undergraduate/graduate engineering degrees. After doing the IT grind, he discovered his love of infosec and has been pursuing it since. Currently, he spends his days as a senior cyber analyst enhancing customer defenses through advanced analysis, customized training, and engineering improvements. In his free time grecs is an international speaker and blogger covering a range of defensive topics.

Abstract

Bio

Abstract

Do you ever feel like your resume is holding you back? I can help you translate your work experience to paper and help you land that dream InfoSec job. From the basics of resume no no’s to highlighting your security skills. Please bring a copy of your resume!

Bio

Emori Medeiros has been on both sides of the recruiting world. She was an internal recruiter for a tech company in San Francisco and now she is a technical recruiter at BlueWave. Her experience has taught her the ins and outs of perfecting resumes so that YOUR resume is the one that stands out. BlueWave is a Technology Boutique Firm that specializes in Information Security and Software Development Recruiting.

Abstract

Over the past few years exploit kits have been widely adopted by criminals looking to infect users with malware.The exploit kit then proceeds to exploit security holes, known as vulnerabilities, in order to infect the user with malware. The entire process can occur completely invisibly, requiring no user action. In my research I try to deconstruct cyber kill chain involving one of the most notorious exploit kits used by cybercriminals – a kit known as Angler exploit kit. This talk will cover the evolution of AEK, it’s role in raising of ransomware threat, tricks used to send user web traffic to Angler landing pages, and methods to deliver payloads. It will also cover procedures that allowed us at OpenDNS to proactively discover and block landing pages and mitigate the risk of infections delivered by AEK, as well as the preventative measures that end-users and systems administrators can take to mitigate their risks.

Bio

I am current security analyst and penetration tester in the past.