https://www.securewv.org/wp-content/uploads/2021/05/SWV-Lock-320x320.png

SecureWV
Lucky 13

October 21-22, 2022

https://www.securewv.org/wp-content/uploads/2022/08/jm_033-1-320x320.jpg
Friday Keynote:

James McQuiggan

Ransomware, Ransom-war
& Ran-some-where
https://www.securewv.org/wp-content/uploads/2022/09/1578611441410-320x320.jpg
Saturday Keynote:

Mick Douglas

Defending Against
Advanced Adversaries
https://www.securewv.org/wp-content/uploads/2022/08/jm_033-1-320x320.jpg
Friday Keynote:

James McQuiggan

Ransomware, Ransom-war
& Ran-some-where
https://www.securewv.org/wp-content/uploads/2022/09/1578611441410-320x320.jpg
Saturday Keynote:

Mick Douglas

Defending Against
Advanced Adversaries

2022 Sponsors

2022 Villages

IT / Tech Book Swap
ALL BOOKS MUST BE IT RELATED.
Bring a book, take a book.
If you are anything like us you have a full bookshelf of IT books that you no longer are going to pick up, since you have already passed the cert. Rehome it at SecureWV.
LockPick Lair
THERE WILL BE LOCKS!
The Lockpick Village is a physical security demonstration and participation area. Learn about the vulnerabilities of various locking devices and practice on locks of various levels of difficulty to try it yourself.
Resume Workshop
HEY YOU! YOUR RESUME SUCKS!
Is your resume not getting noticed? Let our resident expert give you real world tips and advice on your resume. Stop by the Resume Workshop and signup early, spots will fill up quick.

Friday – Oct 21

{Track 1}

[Track 2]

Saturday – Oct 22

{Track 1}

[Track 2]

{Track 1}

[Track 2]

{Track 1}

[Track 2]

Ticket-Con image

09:00
Ticket-Con

KEYNOTE Ransomware, Ransom-war & Ran-some-where image

10:00
KEYNOTE Ransomware, Ransom-war & Ran-some-where

We’ve all heard about ransomware and its impact on organizations as they suffer an attack almost every 11 seconds. What if we could learn how one of these cybercriminal organizations operated, their business models, and the level of experience needed to work for them?

Last year, the Conti ransomware group was a victim of their own style of operations when their playbook and other sensitive information ended up online.

KEYNOTE Ransomware, Ransom-war & Ran-some-where image
James McQuiggan
Security Awareness Advocate, KnowBe4

Women in Tech Round Table image

11:00
Women in Tech Round Table

Women in Tech Round Table image
Emily Wall
VP, Global Ethics & Compliance

Francine Hammond
Compliance Training Specialist

To Be Announced image

11:00
To Be Announced

Amateur Radio 101 image

13:00
Amateur Radio 101

An introduction to Amateur radio and why it’s fun and useful! We will discuss what amateur radio is (and what it’s not!), why it exists, who can be licensed and how they can do it.

Amateur Radio 101 image
Brandon Curnutte
Cyber Security Operations Analyst

Introduction to PowerShell image

13:00
Introduction to PowerShell

You have Windows – now what? The older command processor did have a limited batch language which left much for utility vendors to provide. Now PowerShell offers access to the OS from the command line.

In this talk we will cover some PowerShell history but will mostly focus on the tool itself – both the IDE and basic command-line version.

We will see what you get “out of the box”, how we can add more function by downloading modules, and how we can create aliases and if we have to broach the subject of PowerShell programming.

All are encouraged to follow along and try the examples.

Introduction to PowerShell image
Eric Schultz
Cyber Security Professional

Capture the Flag with PowerShell image

14:00
Capture the Flag with PowerShell

Continuing on from the first class, we will use PowerShell to work our way through the web-based CtF challenges.

Student participation is encouraged – all are welcome to follow along on their own computers.

If there is space and time, I may be willing to be available for students who continue on their own and have questions or problems.

Capture the Flag with PowerShell image
Eric Schultz
Cyber Security Professional

Boning Vulnerabilities with Greenbone Security Assistant image

15:00
Boning Vulnerabilities with Greenbone Security Assistant

This presentation provides a illustration of the Linux-based, free and open-source Greenbone Security Assistant (formerly OpenVAS) and its uses. A detailed dive into installation, operation, maintenance, reporting and interpreting, tips, and tricks will be covered.

Boning Vulnerabilities with Greenbone Security Assistant image
Jason Shirley
Tier I Engineer, Cardinal Technology Solutions, Inc.

I Got 99 Problems but a WAF ain’t one image

15:00
I Got 99 Problems but a WAF ain’t one

Deploying a WAF is the hardest IT Security projects I ever completed. It requires implicit trust and support between IT Security and App Dev. A WAF project demands networking, traditional IT Architecture, Cloud Architecture, and App Development skills. Join us to learn how be successful.

I Got 99 Problems but a WAF ain’t one image
Micah Brown

AI Assurance for system operators image

16:00
AI Assurance for system operators

Whether we like it or not (and personally I’m skeptical), the adoption and deployment of AI/ML systems is transforming the computing landscape. The mating of complex statistical models to cloud computing infrastructure fed by data from ever more instrumented environments has led to a veritable arms race/gold rush (arms rush?) to deploy these systems. But the Data Scientists that develop these systems aren’t experts on deploying code or building infrastructure which means, that just like in any good gold rush, someone has to ride shotgun. If it’s your job to maintain and validate systems long term then you need a framework for how to think about AI/ML in a way that allows you to prioritize and act. This talk will use examples from our team’s work testing ML systems to give you the beginnings of that framework as well as equip you with some tools and techniques to help you customize it to your unique needs.

AI Assurance for system operators image
Ryan Ashley
Senior Engineer

KEYNOTE – Defending Against Advanced Adversaries image

09:00
KEYNOTE – Defending Against Advanced Adversaries

Attendees of this talk will learn how organized crime and nation state level adversaries approach and attack your network. Most importantly, this talk is filled to bursting with actionable items you can implement at your home and work networks to bring attackers of all skill levels to tears. You can make resilient and tamper evident networks. In this talk, you’ll learn how, and walk away with some scripts and tools to use to make this all happen!

KEYNOTE – Defending Against Advanced Adversaries image
Mick Douglas
Managing Partner: Infosec innovations

Demystifying Zero Trust image

10:00
Demystifying Zero Trust

Zero Trust isn’t just another cyber buzzword. This presentation aims to break down Zero Trust or ZT into its various parts and to explain how each of the smaller parts works together to implement a Zero Trust Framework.

Demystifying Zero Trust image
Bill Gardner

Hillbilly Storytime (2022 Edition) – Pentest Fails image

11:00
Hillbilly Storytime (2022 Edition) – Pentest Fails

Whether or not you are just starting in InfoSec, it is always important to remember that mistakes happen, even to the best and most seasoned of analysts. The key is to learn from your mistakes and keep going. So, if you have a few minutes and want to take a load off for a bit, come and join in as this hillbilly spins a yarn about his, and sometimes other peoples’, misadventures in pentesting. All stores and events are true (but the names have been changed to prevent embarrassment).

Hillbilly Storytime (2022 Edition) – Pentest Fails image
Adam Compton
Principal Security Consultant, TrustedSec

Open Source and Data Intelligence image

13:00
Open Source and Data Intelligence

Investigations don’t have to be one boring page after another. Using tools like Maltego, Traffic analysis and other open source tools, we can create a compelling and informative analysis which gets us where we need to be.

Open Source and Data Intelligence image
Daniel Efaw

Career Arcs image

13:00
Career Arcs

Information security and forensics are fundamentally technical disciplines and we rely on education and certification to identify people to fill roles, along with personal capabilities. As we get better, we get promoted. These promotions affect our responsibilities and dictate what new capabilities we need to add to maintain proficiency and utility.

This discussion covers how to get into the fields from a zero starting point and how to pursue initial employment. It then delves into promotion paths and escalating responsibilities to identify career paths and help viewers identify goal setting opportunities.

In this global, competitive marketplace,  understanding where you are going and how you need to get there is essential to knowing what your career path is and how it relates to your personal preferences and objectives.

Career Arcs image
Brian Martin
Liticode

Threat Hunting For Dummies image

14:00
Threat Hunting For Dummies

You do not need to be skilled to track, hunt and exterminate bad actors from a network. This talk will provide you the guideposts and know how to start your own threat hunting program while avoiding the common pitfalls and mistakes new threat hunters come across.

Threat Hunting For Dummies image
Nate Hicks
Hacker, Husband, and Internet Introvert.

An Overview of Quality Framework Assessments image

14:00
An Overview of Quality Framework Assessments

Whether you are delivering one or buying one, understanding what goes into a framework assessment for any compliance area is essential to cost-effective, high-quality outcomes. Whether it is privacy, security, SDLC, or regulatory, all framework assessments should be conducted using the same methodology to provide consistency and assure consumers they are worth more than the paper they are printed on.

Using the NIST CSF and CMMI frameworks, we will walk through all the steps in an assessment process including determination, purchasing, execution, reporting, and certification. We will examine what goes into the maturity ratings, and how to conduct the assessment in a diplomatic manner to provide value and be efficient.

Attendees will obtain an solid understanding of what constitutes a quality framework assessment and what garbage looks like using examples drawn from 30 years of work at some of the largest, most exacting companies in the world.

An Overview of Quality Framework Assessments image
Brian Martin
Liticode

Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire image

15:00
Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire

The Galactic Empire in Star Wars Episode 4 was destroyed not by a farmboy from Tatooine, but by an ineffective Data Governance Program. This talk will be 100% vendor agnostic and will focus on tools, techniques, and strategies that attendees may take back and implement effective Data Governance.

Star Wars: How an ineffective Data Governance Program destroyed the Galactic Empire image
Micah Brown

Bashing into Forensics image

15:00
Bashing into Forensics

This talk will show attendees how to use bash shell scripting to perform some forensics tasks, such as file carving.  Comparisons will be made to using Python and compiled tools to perform similar tasks.  Only a basic understanding of Linux is required to get something from this talk.

Bashing into Forensics image
Philip Polstra

An open sourced approach to network segmentation image

16:00
An open sourced approach to network segmentation

How we have approached network segmentation testing utilizing common tools for both an on premise and AWS environments. This talk will go in-depth on our “Quadrant 42” project, to include a release of the github project for others to take a look, a review of the methods, and a proposed release chart that is current at the time of the conference. Also, we would like to have a open forum for TTPs and development ideas.

An open sourced approach to network segmentation image
Josephus Malone
Panda

An open sourced approach to network segmentation image
Jaia Williams
BAMFF

Becoming an IR Superstar image

16:00
Becoming an IR Superstar

Are you an aspiring Incident Responder? Perhaps looking to advance from a career as a Security Operation Center (SOC) analyst? Or simply intrigued by the technical aspects around being an Incident Response (IR) professional? IR analysts and engineers conduct investigations to answer the classic “Who, What, When, Where, Why, and How” questions in responding to security alerts and incidents. Incident Responders utilize a working knowledge of Defensive Security, Offensive Security, and Digital Forensics to conduct their investigations. During this presentation, we cover the technical skills and baseline knowledge required on the roadmap to becoming an IR Superstar!

Becoming an IR Superstar image
Matt Scheurer

Select date to see events.

*this is a work in progress and will be update, without notice.

Copyright SecureWV. All rights reserved.