SecureWV

https://www.securewv.org/wp-content/uploads/2022/10/header.png

Thank you, for another awesome con,
see you next year!

Thank you, for another awesome con,
see you next year!
https://www.securewv.org/wp-content/uploads/2022/08/jm_033-1-320x320.jpg
Friday Keynote:

James McQuiggan

Ransomware, Ransom-war
& Ran-some-where
https://www.securewv.org/wp-content/uploads/2022/09/1578611441410-320x320.jpg
Saturday Keynote:

Mick Douglas

Defending Against
Advanced Adversaries
https://www.securewv.org/wp-content/uploads/2022/08/jm_033-1-320x320.jpg
Friday Keynote:

James McQuiggan

Ransomware, Ransom-war
& Ran-some-where
https://www.securewv.org/wp-content/uploads/2022/09/1578611441410-320x320.jpg
Saturday Keynote:

Mick Douglas

Defending Against
Advanced Adversaries

2022 Sponsors

2022 Villages

IT / Tech Book Swap
ALL BOOKS MUST BE IT RELATED.
Bring a book, take a book.
If you are anything like us you have a full bookshelf of IT books that you no longer are going to pick up, since you have already passed the cert. Rehome it at SecureWV.
LockPick Lair
THERE WILL BE LOCKS!
The Lockpick Village is a physical security demonstration and participation area. Learn about the vulnerabilities of various locking devices and practice on locks of various levels of difficulty to try it yourself.
Resume Workshop
HEY YOU! YOUR RESUME SUCKS!
Is your resume not getting noticed? Let our resident expert give you real world tips and advice on your resume. Stop by the Resume Workshop and signup early, spots will fill up quick.

Friday – Oct 21

{Track 1}

[Track 2]

Saturday – Oct 22

{Track 1}

[Track 2]

{Track 1}

[Track 2]

{Track 1}

[Track 2]

Ticket-Con image

08:00
Ticket-Con

KEYNOTE Ransomware, Ransom-war & Ran-some-where image

10:00
KEYNOTE Ransomware, Ransom-war & Ran-some-where

We’ve all heard about ransomware and its impact on organizations as they suffer an attack almost every 11 seconds. What if we could learn how one of these cybercriminal organizations operated, their business models, and the level of experience needed to work for them?

Last year, the Conti ransomware group was a victim of their own style of operations when their playbook and other sensitive information ended up online.

KEYNOTE Ransomware, Ransom-war & Ran-some-where image
James McQuiggan
Security Awareness Advocate, KnowBe4

From Black Cat to Blue Hat – The State of Ransomware 2022 image

11:00
From Black Cat to Blue Hat – The State of Ransomware 2022

Join me as I dive into Sophos’ most recent independent third party study on the State of Ransomware 2022. Included this year is the role Cyberinsurance plays in setting the bar for risk management.

Stay for a story ripped straight from a recent incident response engagement, where the threat actor did something rather unexpected after being paid the ransom: they actually left behind some notes on how to shore up defenses!

From Black Cat to Blue Hat – The State of Ransomware 2022 image
Daniel Faltisco
Channel Sales Engineer, Sophos

Women in Tech Round Table image

11:00
Women in Tech Round Table

Women in Tech Round Table image
Emily Wall
VP, Global Ethics & Compliance

Francine Hammond
Compliance Training Specialist

Amateur Radio 101 image

13:00
Amateur Radio 101

An introduction to Amateur radio and why it’s fun and useful! We will discuss what amateur radio is (and what it’s not!), why it exists, who can be licensed and how they can do it.

Amateur Radio 101 image
Brandon Curnutte
Cyber Security Operations Analyst

Introduction to PowerShell image

13:00
Introduction to PowerShell

You have Windows – now what? The older command processor did have a limited batch language which left much for utility vendors to provide. Now PowerShell offers access to the OS from the command line.

In this talk we will cover some PowerShell history but will mostly focus on the tool itself – both the IDE and basic command-line version.

We will see what you get “out of the box”, how we can add more function by downloading modules, and how we can create aliases and if we have to broach the subject of PowerShell programming.

All are encouraged to follow along and try the examples.

Introduction to PowerShell image
Eric Schultz
Cyber Security Professional

Cybersecurity and Privacy: How Mature are You? image

14:00
Cybersecurity and Privacy: How Mature are You?

Cybersecurity and Privacy: How Mature are You? image
Jody W. Ogle, CISSP, CISM
Cybersecurity Advisor (CISA)

Capture the Flag with PowerShell image

14:00
Capture the Flag with PowerShell

Continuing on from the first class, we will use PowerShell to work our way through the web-based CtF challenges.

Student participation is encouraged – all are welcome to follow along on their own computers.

If there is space and time, I may be willing to be available for students who continue on their own and have questions or problems.

Capture the Flag with PowerShell image
Eric Schultz
Cyber Security Professional

Boning Vulnerabilities with Greenbone Security Assistant image

15:00
Boning Vulnerabilities with Greenbone Security Assistant

This presentation provides a illustration of the Linux-based, free and open-source Greenbone Security Assistant (formerly OpenVAS) and its uses. A detailed dive into installation, operation, maintenance, reporting and interpreting, tips, and tricks will be covered.

Boning Vulnerabilities with Greenbone Security Assistant image
Jason Shirley
Tier I Engineer, Cardinal Technology Solutions, Inc.

I Got 99 Problems but a WAF ain’t one image

15:00
I Got 99 Problems but a WAF ain’t one

Deploying a WAF is the hardest IT Security projects I ever completed. It requires implicit trust and support between IT Security and App Dev. A WAF project demands networking, traditional IT Architecture, Cloud Architecture, and App Development skills. Join us to learn how be successful.

I Got 99 Problems but a WAF ain’t one image
Micah Brown

Risky Business: Counterintelligence Trends & Protecting Your Intellectual Property image

16:00
Risky Business: Counterintelligence Trends & Protecting Your Intellectual Property

It is well established that foreign adversaries target U.S. critical infrastructure to disrupt operations and steal intellectual property. This presentation will highlight the targeting efforts by such adversaries and the types of personnel, information and trade secrets they aim to access to advance their economic and military postures. Actionable considerations will be offered to increase an organization’s security posture to protect intellectual property.

Risky Business: Counterintelligence Trends & Protecting Your Intellectual Property image
Mackenzie Monarko
Private Sector Coordinator, FBI Pittsburgh Division

AI Assurance for system operators image

16:00
AI Assurance for system operators

Whether we like it or not (and personally I’m skeptical), the adoption and deployment of AI/ML systems is transforming the computing landscape. The mating of complex statistical models to cloud computing infrastructure fed by data from ever more instrumented environments has led to a veritable arms race/gold rush (arms rush?) to deploy these systems. But the Data Scientists that develop these systems aren’t experts on deploying code or building infrastructure which means, that just like in any good gold rush, someone has to ride shotgun. If it’s your job to maintain and validate systems long term then you need a framework for how to think about AI/ML in a way that allows you to prioritize and act. This talk will use examples from our team’s work testing ML systems to give you the beginnings of that framework as well as equip you with some tools and techniques to help you customize it to your unique needs.

AI Assurance for system operators image
Ryan Ashley
Senior Engineer

KEYNOTE – Defending Against Advanced Adversaries image

09:00
KEYNOTE – Defending Against Advanced Adversaries

Attendees of this talk will learn how organized crime and nation state level adversaries approach and attack your network. Most importantly, this talk is filled to bursting with actionable items you can implement at your home and work networks to bring attackers of all skill levels to tears. You can make resilient and tamper evident networks. In this talk, you’ll learn how, and walk away with some scripts and tools to use to make this all happen!

KEYNOTE – Defending Against Advanced Adversaries image
Mick Douglas
Managing Partner: Infosec innovations

Demystifying Zero Trust image

10:00
Demystifying Zero Trust

Zero Trust isn’t just another cyber buzzword. This presentation aims to break down Zero Trust or ZT into its various parts and to explain how each of the smaller parts works together to implement a Zero Trust Framework.

Demystifying Zero Trust image
Bill Gardner

Perceptions of Sharing Cyber Threat Intelligence image

10:30
Perceptions of Sharing Cyber Threat Intelligence

What are the perceptions of sharing cyber threat intelligence? What are the actual and perceived limitations associated with sharing cyber threat intelligence? How can sharing Cyber Threat Intelligence strengthen the Cybersecurity community as a whole. This presentation will be in the form of an open forum of professionals discussing issues for and against sharing cyber threat intelligence.

Perceptions of Sharing Cyber Threat Intelligence image
Arthur Sions
Information Systems Security Manager, Senior Cybersecurity Government Representative

App Security Does Not Need To Be Fun: Ignoring OWASP To Have A Terrible Time image

11:00
App Security Does Not Need To Be Fun: Ignoring OWASP To Have A Terrible Time

Everyone loves getting security exactly right, every time for their applications. Identifying issues and possible gaps early in the design phase makes implementing security best practices a breeze. No doubt you have been working safely, employing checklists and testing throughout the code delivery process.

As hard as it might be to imagine, some teams are actively struggling with security throughout the SDLC. For folks who might not have security completely honed in, it can be overwhelming to even know how to start thinking about security for your web applications.

Fortunately, there is an awesome nonprofit community of security-focused professionals who have done a lot of work making it straightforward to correctly design and implement secure apps: Open Web Application Security Project, aka OWASP!

This talk will guide you through various tools OWASP makes freely available to test your application and make sure your apps stay secure.

App Security Does Not Need To Be Fun: Ignoring OWASP To Have A Terrible Time image
Dwayne McDaniel
Developer Advocate

Hillbilly Storytime (2022 Edition) – Pentest Fails image

11:00
Hillbilly Storytime (2022 Edition) – Pentest Fails

Whether or not you are just starting in InfoSec, it is always important to remember that mistakes happen, even to the best and most seasoned of analysts. The key is to learn from your mistakes and keep going. So, if you have a few minutes and want to take a load off for a bit, come and join in as this hillbilly spins a yarn about his, and sometimes other peoples’, misadventures in pentesting. All stores and events are true (but the names have been changed to prevent embarrassment).

Hillbilly Storytime (2022 Edition) – Pentest Fails image
Adam Compton
Principal Security Consultant, TrustedSec

Open Source and Data Intelligence image

13:00
Open Source and Data Intelligence

Investigations don’t have to be one boring page after another. Using tools like Maltego, Traffic analysis and other open source tools, we can create a compelling and informative analysis which gets us where we need to be.

Open Source and Data Intelligence image
Daniel Efaw

Career Arcs image

13:00
Career Arcs

Information security and forensics are fundamentally technical disciplines and we rely on education and certification to identify people to fill roles, along with personal capabilities. As we get better, we get promoted. These promotions affect our responsibilities and dictate what new capabilities we need to add to maintain proficiency and utility.

This discussion covers how to get into the fields from a zero starting point and how to pursue initial employment. It then delves into promotion paths and escalating responsibilities to identify career paths and help viewers identify goal setting opportunities.

In this global, competitive marketplace,  understanding where you are going and how you need to get there is essential to knowing what your career path is and how it relates to your personal preferences and objectives.

Career Arcs image
Brian Martin
Liticode

Threat Hunting For Dummies image

14:00
Threat Hunting For Dummies

You do not need to be skilled to track, hunt and exterminate bad actors from a network. This talk will provide you the guideposts and know how to start your own threat hunting program while avoiding the common pitfalls and mistakes new threat hunters come across.

Threat Hunting For Dummies image
Nate Hicks
Hacker, Husband, and Internet Introvert.

An Overview of Quality Framework Assessments image

14:00
An Overview of Quality Framework Assessments

Whether you are delivering one or buying one, understanding what goes into a framework assessment for any compliance area is essential to cost-effective, high-quality outcomes. Whether it is privacy, security, SDLC, or regulatory, all framework assessments should be conducted using the same methodology to provide consistency and assure consumers they are worth more than the paper they are printed on.

Using the NIST CSF and CMMI frameworks, we will walk through all the steps in an assessment process including determination, purchasing, execution, reporting, and certification. We will examine what goes into the maturity ratings, and how to conduct the assessment in a diplomatic manner to provide value and be efficient.

Attendees will obtain an solid understanding of what constitutes a quality framework assessment and what garbage looks like using examples drawn from 30 years of work at some of the largest, most exacting companies in the world.

An Overview of Quality Framework Assessments image
Brian Martin
Liticode

Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire image

15:00
Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire

The Galactic Empire in Star Wars Episode 4 was destroyed not by a farmboy from Tatooine, but by an ineffective Data Governance Program. This talk will be 100% vendor agnostic and will focus on tools, techniques, and strategies that attendees may take back and implement effective Data Governance.

Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire image
Micah Brown

Bashing into Forensics image

15:00
Bashing into Forensics

This talk will show attendees how to use bash shell scripting to perform some forensics tasks, such as file carving.  Comparisons will be made to using Python and compiled tools to perform similar tasks.  Only a basic understanding of Linux is required to get something from this talk.

Bashing into Forensics image
Philip Polstra

A Look at Developing Cybersecurity Policies to Support Your Organization image

16:00
A Look at Developing Cybersecurity Policies to Support Your Organization

IT and IS professionals tend to focus heavily on implementation of technical solutions to information security problems. It has become painfully clear though that today cybersecurity is not just a problem for the technology leaders in an organization. It is the responsibility of the entire organization. I want to discuss with the audience the development of policies for leadership approval based on solid business focused risk assessment.

As our organizations mature it is important for leaders in other parts of the organization to become invested in ensuring the safety of the organization’s data. This is what policies are for. Codifying the intent of leadership to require certain things be done for the good of the entire organization. As security professionals it is our job to help leadership understand the risks facing the organization and what can be done to help reduce that risk and obtain the buy in of leadership.

If we, as cybersecurity leaders and professionals in our organizations can help our peers in other parts of the organization understand risk and develop policies that help reduce those risks we will be making a huge step forward in improving and maturing the practice of cybersecurity.

Brian Hoskinson
Director of Information Technology

Becoming an IR Superstar image

16:00
Becoming an IR Superstar

Are you an aspiring Incident Responder? Perhaps looking to advance from a career as a Security Operation Center (SOC) analyst? Or simply intrigued by the technical aspects around being an Incident Response (IR) professional? IR analysts and engineers conduct investigations to answer the classic “Who, What, When, Where, Why, and How” questions in responding to security alerts and incidents. Incident Responders utilize a working knowledge of Defensive Security, Offensive Security, and Digital Forensics to conduct their investigations. During this presentation, we cover the technical skills and baseline knowledge required on the roadmap to becoming an IR Superstar!

Becoming an IR Superstar image
Matt Scheurer

Select date to see events.

*this is a work in progress and will be update, without notice.

Copyright SecureWV. All rights reserved.