Information Warfare Summit 15

Mattew Watson | I’m From the Government and I’m Here to Help: Cyber Regulations Present and Future

Track: Walking Dead

In the wake of increasingly bleak cybercrime statistics, federal agencies have ramped up efforts to regulate cybersecurity. But what are the effects of these requirements? More importantly – do they work? This talk surveys the regulatory landscape and outlines the future of cyber regulation.

I’m a cybersecurity consultant and former Marine Corps Officer – I now help businesses navigate cybersecurity regulations.

Kevin Turner | DCOE Netwars Recap

Track: Walking Dead

The Defensive Cyber Operations Element (DCOE) comprises the OK Army and Air National Guard as well as local law enforcement. For the third year running they’ve won the annual Cyber Shield Netwars event. Come join us as we review a play by play of the event with the members of the team.

The last two IWSs you’ve been introduced to the DCOE and had an opportunity to ask them what they do day to day. This year we will be running a post mortem play by play of everything that happened: the setup of the playing field, the attacks that were launched, how the team responded, and the tools they used.

Kevin Turner is a 20+ year IT/InfoSec veteran and currently is the CIO/CISO of a healthcare management company in OKC. He got his first computer in 1981 and has been fascinated with them ever since. Kevin has been involved with IWS from its inception.

Chad Kliewer | How to Hire or Get Hired in Cybersecurity

Track: Walking Dead

Who wants to offer 3-5 years of experience for an entry-level cybersecurity position? Hiring managers – Learn how to find the best cybersecurity staff. Career seekers – Learn what managers are looking for. Spoiler alert: Certifications don’t get jobs, people do.

Cybersecurity is a high-demand, high-profile profession with acute staffing shortages. Hiring managers must become more creative and flexible, looking to entry-and junior-level candidates. Research by (ISC)2 finds that hiring managers are looking to entry-and junior-level candidates to fill vacancies, take on everyday duties and add value and fresh new perspectives that help strengthen security operations.

Chad Kliewer is a recovering CISO based in Kingfisher, OK and is currently the Education CPE Evaluator Lead at (ISC)2, the world’s leading cybersecurity professional organization. He has over 25 years experience in Information Security and Information Technology with responsibilities ranging from PC Tech to CIO, including PCI, HIPAA and SOX compliance. While mostly in the healthcare field, Chad has also worked in banking, transportation, and currently in telecommunications. During his career, Chad has been outsourced, insourced, and resourced working with companies from 50 employees to more than 50,000 employees giving him insight to how things work in companies large and small and everywhere in between.
Chad has served on the Communications Sector Coordinating Council, CISA’s ICT Supply Chain Risk Management Task Force, is a member of the FBI Citizens Academy Alumni Association and serves as a past-president and advisor to the Board for the FBI InfraGard Oklahoma Members Alliance. He maintains the Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) and several other certifications. Chad holds an MS degree in Cybersecurity and Information Assurance from Western Governors University.

Tony Loehr | Emerging Best Practices in Software Supply Chain Security: What We Can Learn from Google, the White House, OWASP, and Gartner

Track: Walking Dead

# Shift Left

A comparison of the latest cybersecurity frameworks with key takeaways of each:

The Biden Administration has unveiled a National Security Memorandum on improving cybersecurity for critical infrastructure control systems, which outlines a framework for cybersecurity to protect against modern threats. This initiative emphasizes preventative measures within cybersecurity, making it so that security is built into the process and designed into applications in earlier stages.
– The National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) are collaboratively building cybersecurity goals for critical infrastructure to adhere to.
– Objective 1: Protect EO-critical software and platforms from unauthorized access and use
– Objective 2: Protect the confidentiality, integrity, and availability of data used by EO-critical software and software platforms
– Objective 3: Identify and maintain EO-critical software platforms and software deployed to these platforms to protect EO-critical software from exploitation
– Objective 4: Quickly detect, respond to, and recover from threats and incidents involving EO-critical software and EO-critical software platforms
– Objective 5: Strengthen the understanding and performance of humans actions that foster the security of EO-critical software and EO-critical software platforms
– The Transportation Security Administration (TSA) has announced several security directives in line with this plan:
– In light of the cyberattack on Colonial Pipeline, TSA issued a security directive requiring critical pipeline operators to improve cybersecurity protocols by implementing a robust reporting system, reviewing existing cybersecurity practices, and designating a cybersecurity coordinator to improve accountability.
– The second security directive requires hazardous liquid and gas pipelines to implement certain cybersecurity practices, including performing annual architecture reviews, developing cyberattack protocols, and implementing specific protective measures to decrease the attack surface area.
– The plan is characterized as a whole-of-nation approach to cybersecurity, but also includes international pushes.
– Private companies including Apple, Google, Amazon, Microsoft, IBM have each announced their own pushes to improve cybersecurity within their domains.
– Biden urged G7 countries to begin holding ransomware criminals and their countries of residence accountable, and for updated NATO cybersecurity policies.

Early last year, The Open Web Security Project (OWASP) released a new version of their Software Assurance Maturity Model (SAMM) that reflects some of the same ideas as Biden’s cybersecurity plan. Changes occurring within this model include several key categories.
– The biggest change is an introduction of implementation as a business function.
– Emphasizes secure builds, secure deployment, and defect management in a way that lines up with Biden’s plan.
– This represents a shift left with regards to how software shall be built: with security in mind throughout the development process, and with a reporting system for vulnerabilities.
– Governance has also been updated to include guidance such as security requirements and updated metrics.
– Updates to construction have lead to a renaming of this to design, and as may be expected there is more of a focus on utilizing mature methodologies to architect software that takes potential threats into account.
– Verification of compliance, code review activities, and penetration testing are another pillar of changes introduced.
– Overall operations practices are now standardized to include an expanded detection of security incidents, as well as management of development environments.
– Each change introduces processes that focus on preventing vulnerabilities in the first place.

Gartner recently released guidance on how software engineering leaders can mitigate software supply chain security risks
– Enforce access policy controls
– Granular role-based permission levels
– Enforce multi-factor authentication
– Zero-trust access based on user and device context
– Enforce branch protection rules
– Require signed commits
– Prevent force pushes
– Require status checks before commits
– Prevent secrets from being committed
– Pre-commit hooks to block sensitive data
– Scan for secrets
– Mandate automated and manual code reviews

As previously touched on, Google has stepped up to improve the cybersecurity supply chain within their own domain. They recently unveiled Supply chain Levels for Software Artifacts (SLSA), which is an end-to-end framework to help bolster software supply chain integrity.
– SLSA includes requirements to ensure both source integrity and build integrity.
– Each point from the developer to the source control to the build platform to the distribution and every point in between is accounted for with this framework.
– SLSA requirements include 4 levels of security–SLSA 4 is the most secure and represents the end-goal for software, with SLSA 1, SLSA 2, and SLSA3 representing milestones to hit to ensure integrity.
– SLSA emphasizes preventative measures and does not provide significant guidance with regards to contingency plans–likely because enterprises want to focus more on preventing attacks that hurt public trust.

The key takeaway is that cyber attacks, trending earlier and earlier in the supply chain, must be countered by protections of this software supply chain. There have been significant pushes for more guidelines to be developed, and it is reasonable to expect this trend to continue.
– Employ critical code monitoring to protect the files controlling the supply chain
– Execute file integrity checks to help address breaches with contingency strategies and identify malicious activity
– Utilize defense in depth to slow down attackers with multiple layers of protection
– Perform anomaly detection to identify suspicious activity
– Secure Infrastructure as Code at every point to reduce the likelihood of a successful supply-chain attack

Tony Loehr is the Developer Advocate for Cycode. Their prerogative is to make it easy for developers to use the Cycode platform, and to help protect data through knowledge sharing. They have professional experience with engineering, marketing, and sales and bring a unique perspective on how to implement comprehensive cybersecurity solutions. They value being a lifelong learner, and aim to help teach cybersecurity solutions to people with varying degrees of technical knowledge. In their free time, Tony enjoys tending houseplants, freestyle rapping, and working on various side projects.

Anthony Hendricks | Stay Scheming: DOJ’s Cyber Fraud Initiative and What Means for Businesses and Cyber Professionals

Track: Walking Dead

Last year the Department of Justice announced its new Civil Cyber-Fraud Initiative. The program aims to ensure that cybersecurity representations made by government contractors and grant recipients are accurate. The initiative uses a law created during the Civil War, the False Claims Act (“FCA”), to root out cyber fraud. And the program is working. The initiative has already led to several high-profile multimillion-dollar settlements. The FCA is different from other statutes because it allows people to file lawsuits on behalf of the government. The DOJ’s program runs on the use of whistleblowers to report fraud. This presentation will outline the DOJ’s program and describe the FCA. Next, the talk will examine the recent cyber fraud cases and what it means for businesses and then offer tips for companies and cyber professionals to protect themselves.

Anthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy in its Oklahoma City office. At Crowe & Dunlevy, Hendricks chairs the firm’s Cybersecurity and Data Privacy Practice Group. He guides clients facing sensitive criminal, cybersecurity, banking, and environmental compliance issues. He also advises clients on privacy and data protection laws, coaches clients on developing data breach response plans, and represents clients facing enforcement actions related to cyber laws. Hendricks teaches a cybersecurity law class and an information privacy class at Oklahoma City University School of Law. He also hosts “Nothing About You Says Computer Technology”, a weekly podcast on cybersecurity and data privacy viewed through the lens of diverse voices. Hendricks is a graduate of Howard University. He holds two Masters from the London School of Economics, where he was a British Marshall Scholar, and a Juris Doctorate from Harvard Law School.

Teresa Rule | Artic Security — A Global Challenge

Track: Walking Dead

Many global citizens rarely think of the Arctic as a center of global security concerns. Come learn about the many events, alliances, and influences propelling the activities in the Arctic to the forefront of security professionals globally. There is more to the Arctic than Polar Bears & Ice!

Come learn why the security situation of the Arctic affects Oklahomans (and other denizens of the Lower 48)! The Circumpolar North has remained mostly stable for the past 50 years, but rapid changes in climate and technology have created new conditions requiring increased attention and management. Learn about the complex landscape of international norms and processes governing security in the Circumpolar North, as well as the balance of diplomacy and defense that nations employ to manage priority interests. Explore how the three realms of international relations “cooperation, competition, and conflict” interact in this unique environment.

This presentation is ideal for security specialists interested in learning more about the Circumpolar North; Members of organizations who want to know more about international security and/or the Arctic; Professionals in industries that rely upon Arctic resources and knowledge

Supply Chain professionals seeing insight into the changes in global supply chain logistics; anthropologists and scientists interested in the unique communication and survival histories in the Arctic.
”

Teresa Rule is the President and founding member of RNT Professional Services, LLC, a Cybersecurity and Data Privacy firm. A nationally recognized leader in her industry, she holds multiple industry certifications, including the Project Management Professional (PMP) certification, the Certified Information Systems Auditor (CISA); Certified Data Privacy Solutions Engineer (CDPSE) and CMMC Provisional Assessor certifications. Teresa is a renown subject matter expert on cybersecurity project management, cyber ethics, critical infrastructure protection and small business cyber hygiene.
RNT Professional Services has offices in Anchorage, AK, and Norman, OK. It is a certified Service-Disabled Veteran Owned Small Business (SDVOB), a Woman Owned Small Business (WOSB) and a Disadvantaged Business Enterprise (DBE). RNT is a member of the American Indian Chamber of Commerce, the Veterans in Business Network, the American Water Works Association and supporting member of the Alaska Native Village Corporation Association, and the Association of General Contractors.
RNT is pioneering a new era in the training of a new generation of cybersecurity professionals through the RNT Cyber Academy and the Cyberspace Train, its organizational cyber-awareness tool. RNT also is pioneering the field of Cyber Ethics with its annual RNT Cyber Ethics Conference, featuring global thought leaders, and is entering its fifth year.
A native of Cleveland County, Oklahoma, Teresa Rule graduated from the University of Oklahoma with a Bachelor of Arts in Letters. She holds a Master’s degree in Education for Adult and Community Education from Eastern Carolina University. As a US Marine, she served as a Transportation Officer before transitioning into Joint Special Projects. She served tours in the United States and Okinawa. Teresa currently is on the National Small Business Association executive advisory board. She and her husband Randy, another retired Marine, recently celebrated 40 years of marriage and are the proud parents of six adult children.

John Robertson | Rescue the Penguin – Malware & Forensics on Linux

Track: 28 Days Later

John will discuss industry trends and cybersecurity professionals’ feeling of being burned out, overworked, & overwhelmed. Having left the public sector & industry for a technology company, he will share his insights from both sides of the cybersecurity coin, and how we can do things better.

Starting with an evaluation of the history and evolution of the security industry, John will set the stage for the realization that the situation is not getting any better; in fact, it is much worse than when security became a hot topic and shows no sign of improving. This is leading the industry to an unhealthy state where not only are security efforts ineffective, but people working in security teams are suffering professionally and personally.

Shifting focus, John will talk about how organizations can support their security teams and change the way they think about security to become more effective across the entire organization. He will tie this into Microsoft’s mission to “to empower every person and every organization on the planet to achieve more.” He will reflect on the optimism of that mission, and how it translates into the way we work on security teams.

Finally, John will end with a call for individuals interested in security or working in the industry to change the way they work and think about their careers. Taking positive steps to better their own lives, improve customer and stakeholder security, and “achieve more” are not mutually exclusive requirements.

John Robertson has been working in the technology field forever. Starting his career as a apple iie technician (in high school), he’s expanded to support other Science Technology Engineering Arts & Mathematics (STEAM) areas. He’s a 1995 graduate of the University of Tulsa Electrical Engineering program who been supporting “Big things in Oklahoma” since graduating. One of the major accomplishments is the creation and continued support of Oklahoma City Boosting Engineering Science and Technology (OKBEST). This STEAM outreach organization has been in business (off and on) since 1998.

Rhett Greenhagen | Building a security intelligence program for Oklahoma-based companies

Track: 28 Days Later

How to create a cyber threat intelligence program that is tailored to Oklahoma based companies, agencies, schools, and even tribal governments.

There are dozens of programs that can be incorporated into daily usage, but none that are specific enough to understand the current economy and trends facing companies in Oklahoma. Either it be attacking Oklahoma higher education to get access to research programs from foreign intelligence agencies, or Oil & Gas being attacked from another corporation seeking its industrials drilling secrets. This talk is about taking geopolitical and socioeconomic trends and making them actionable in an cyber threat intelligence program.

Rhett Greenhagen is a leading cyber researcher focused on threat research, machine learning, and causing various things to combust. Rhett has a background as a hacker in both exploit development and penetration testing. His career has always been in service to his country, from serving as lead forensic investigator at the Department of Defense’s largest data center and cyber counterintelligence operator for the United States intelligence community, to profiling foreign computer actors based on their malicious code for the U.S. Department of Justice.

An accomplished speaker, Rhett has spoken at numerous conferences, such as Black Hat USA, DEF CON, Multiple Bsides, and 67 other both national and international conferences. Additionally, Rhett is an active member of the Hack the Box team, a leading online platform for aspiring penetration testers. He is also one of many contributors to the MITRE ATT&CK framework and the Vertex Project.

Chris Mallow | The 3:00am Call: Handling The Worst In the Emerging Tech Paradigm

Track: 28 Days Later

With many organizations moving to cloud, and also possibly adopting a DevOps approach, the approach to reactive security becomes even more critical, since neither of those mesh well with the traditional model of Security Operations. (And no, “DevSecOps” doesn’t cut it.)

Prevention is ideal but detection is a must.” This quote has been credited to Dr. Eric Cole of SANS, but whoever coined it, it is more true today than it ever has been. With that in mind, ask yourself: is the focus of your program still based on the idea that you can prevent any serious breach? That maybe a little more code testing or user awareness training or automated tasks or patch management will keep you in the clear? The approach your organization takes to properly managing the reactive side of security has never been more critical, especially with cloud transformation coupled with the push for “continuous delivery” in the DevOps model. Who is responsible for the “ops”? And more specifically, how do you have your “Ops” structured when it comes to security? Who’s minding your logs? Who’s tracking the security ramifications of your constant cloud changes and code pushes required for continuous delivery? Who’s tying that to what the bad guys are doing….then watching out for them to do it against your environment? And if they see it, then what? In this talk, I’ll discuss all of those aspects of managing security operations amidst the rapid changes of the new tech paradigm.

Chris Mallow is a senior-level information security leader and professional specializing in security operations, incident response and analysis, computer investigations and forensics, threat intelligence, and e-discovery. He has specialized in information security and data networks since 1999, with a broad engineering and operational skill-set across information security, security operations, network engineering and administration, and system administration. Chris has worked for companies large and small, including banks and financial services companies, large-scale retail, large universities, Internet startups and dot-coms, and technical hardware manufacturers, and he has consulted for local, state, and Federal government agencies.

Nathan Sweaney | A Modern Approach to Pentesting Zero Trust Environments

Track: 28 Days Later

Too many pentesters are used to plugging into a network, with credentials or not, running some scans to identify hosts, and then pivoting around. The traditional SANS methodology doesn’t work on Zero Trust networks. They get minimal results, and don’t really provide significant value to the organization. At best, they reinforce strong controls that make it difficult for an attacker to pivot or escalate privileges. At worst, they miss significant flaws that present risk.

I’ll have a rough outline of primary components of zero trust architecture, including the following:

* Default Deny
* Strong IAM
* App-level and data-level access control
* Attribute-based, least-privilege trust models
* Source-specific adaptive access scenarios
* Robust log monitoring from a wide variety of sources
* Advanced EDR
* Assumption that all traffic is malicious

Then we’ll discuss what each means, and methods to test those controls. We’ll use with real-world examples to explore what kinds of testing best identifies flaws and analyzes risk. Ultimately, the main point is to drive past the view of a pentest as focused on “”getting shells””, and explore how we can help organizations accurately identify threats and assess the potential business risk.

Nathan is a Principal Security Consultant for Secure Ideas working with a wide range of clients in every industry performing penetration testing and general security consulting. He conducts training sessions, briefings, and presentations both publicly and for clients on a variety of security topics. He excels at finding practical and operationally feasible approaches for businesses to mitigate threats and minimize compliance obligations. He’s regularly told that he takes all of the fun out of things and is eager to debate politics and religion. Hailing from the great state of Oklahoma, he understands the difference between Bison and Buffalo and plays a mean game of cornhole.

Craig Buchanan | Rules for Surviving Cyberland

Track: 28 Days Later

In this talk, we will give you some rules for surviving the challenging world of Cyberland by looking at the rules for surviving a zombie apocalypse presented in some popular movies. While I hope to make it fun, it should also give you some good actionable items you can take back home.

Craig Buchanan has worked in government at the city, state, and federal levels. He also worked in the private sector for over a decade at computer multimedia innovator Creative Labs, Inc. He currently works as the security administrator for the city of Stillwater Oklahoma, where his duties include installing and maintaining the city’s ever-growing fleet of security cameras, servers, and monitoring devices. In his spare time, he volunteers for the American Red Cross and is a graduate student at Oklahoma State University where he studies information assurance.

Joshua Williams | A Threat Model for Us All

Track: Shawn of the Dead

Though threat modeling has been around for over a decade, its adoption into organizations and processes is still relatively nascent. Threat modeling is most useful in any system’s design phase. The outcomes of a well-modeled threat model are significant for use in other parts of the cybersecurity organization.

This talk will review the basics of building a threat model and what becomes necessary when expressing the system for analysis. The output of any system is only as good as the input. Therefore, understanding the basics of threat modeling becomes paramount in ensuring the valuable output of any threat modeling process.

Next, we will analyze the output of the threat model to show its usefulness for blue and red teams in the cyber security organization. We’ll also briefly discuss the ways the GRC (governance, risk, and compliance)

Finally, I’ll review some free versions of threat modeling tools that can help with the threat modeling process and produce a quick overview of how to begin to use threat modeling as a cumulative cyber security strategy.

Brief Outline:
– Introduction/Concept Explanation
– The basics of threat modeling
– How to use the threat model in cybersecurity architecture and engineering
– How to use the threat model in penetration testing
– Why GRC should be interested in the threat model
– Free threat modeling tools/Conclusion

Joshua Williams has been working with technology for roughly 20 years. During his 12 years in the United States Marine Corps, he taught marksmanship and martial arts, and lead cyber teams around the world. After the Marine Corps, he worked with and for other government organizations as an engineer. He has worked with various startups from stock exchanges to cloud security vendors. His interests include reading classics, playing music, playing board games with his family, home automation, losing money with crypto assets, and the outdoors. Josh also teaches as an adjunct professor of computer science at a local college.

Kevin Sesock | Your Cybersecurity Training Sucks

Track: Shawn of the Dead

As security trainers, it’s time to stop using the stick and go for the carrot. We have consistently failed to reach our users after the same old tired cybersecurity awareness training. Even the “”don’t click”” quizzes, don’t stick.

Personally, I’ve tried everything to get users to care, and what I’ve found is this:

Apple and Google have spent millions of dollars and thousands of programmer-hours to hack human behavior and put a device in everybody’s pocket that can be used to properly secure and privatize their lives. Now we as security experts have to get them to turn these damned features on and start using one-time passwords, encrypted tap-to-pay, and soon, FIDO2 passwordless logins. I’ve started putting talks together that connect with individuals, demystifying the scary Big Brother spooky government stuff around fingerprint recognition and facial ID, and actually asking people to take out their phones during a talk. Show them screenshots, and walk them through turning the features on. Have them do it while you’re in the room. It’s real, tech tips and training, not just “”awareness”” they’ll forget in an hour.

We’ll cover everything. Quit threatening your users if they fail a phishing test, give them a candy bar when they report a phish! Turn security into game and build it into your culture. Stop letting your cybersecurity awareness training suck!

Kevin serves as the Director of Technology Services for the Oklahoma Municipal Assurance Group, a municipal interlocal cooperative agency with emphases on technology risk, cybersecurity, and cyber liability insurance for cities and towns in Oklahoma. With 23 years of technology experience, Kevin has spent 20 of those years in government technology leadership roles focusing on a wide range of citizen services, including adaptive technologies, K-12 and Postsecondary educational technology, and application development for State natural resources and transportation services. His peer-reviewed research paper, “Immaturity and Moral Hazard in the Cyber Insurance Market” was the featured cover article in the ISSA Journal for October 2019 and named as a “Best of” article for 2019. Kevin has a Masters of Science in Information Assurance from Oklahoma State University. He was the founding chair of the Oklahoma State advisory subcommittee on web accessibility requirements, and currently serves as a founding officer of the Oklahoma Cybersecurity Coalition, and a Board Member of the Infragard Oklahoma Members’ Alliance.

Zac Wilson | Cloud Security Threat Hunting Workshop

Track: Shawn of the Dead

In this interactive experience, participants can learn how to advance strong security outcomes in a new, frictionless way using a cloud-native application protection platform (CNAPP). We invite everyone that needs to work together to participate in this vendor neutral (except for the platform used) technical workshop.

The ‘IWS Cloud Security Threat Hunting Workshop’ will allow participants to fully immerse themselves in the experience by:

Researching and using forensic tools
Investigating malware and attack paths
Exploring robust capabilities embedded the platform to expose cloud-specific vulnerabilities
Understanding why context is important and see a real-world example of it being used to enhance alert prioritization
Enforcing cloud compliance with improved security workflows
Enhancing day-to-day security work using an agentless, cloud-native application protection platform (CNAPP) solution

At the end of the workshop, each participant receives a Cloud Camp Ambassador badge which they can share on their social media accounts. At the end of the day, we will also give away prizes for participants with the highest scores.

Zac Wilson, Sr. Field Engineer with Orca Security, has over 22 years of experience in information security. Prior to joining Orca, Zac held various engineering and management roles working for companies in the high-tech manufacturing, healthcare, DoD, finance and energy industries. Zac has achieved CISSP, CISSP-ISSAP, CISM and CISA certifications and holds a bachelor’s degree from the University of Central Oklahoma and MBA from Southern Nazarene University. Zac lives in Yukon, OK with his wife Jennifer and their three children. In his free time, Zac enjoys watching his kids participate in athletics, playing guitar, golfing, reading, and watching Oklahoma Sooner and Dallas Cowboy football.

Brett Wyer | Data Protection 101: DLP and CASB basics

Track: Shawn of the Dead

According to IBM, the average cost of a data breach in 2022 was $4.3MM with the number one cause being human error. Let us show you how you can manage this risk to your business by implementing a Data Protection Program using technologies like DLP and CASB to protect your data assets.

Brett Wyer is a Global Solutions Architect at Set Solutions.

Kallen Curtis | tl;dr – Threat Intel for beginners

Track: Shawn of the Dead

It’s nearly impossible for you to block a threat if you don’t know the what the threat is. So how can blue teams stay head and continue to protect your business?

Malicious actors will use a variety of methods to gain information about you and your business. Open-source intelligence, tools, and more. Itâ€™s time to start using these tools to determine what is available for bad actors.

In this presentation, you’ll learn practical tools and tips on how you can use defensive threat intelligence to stay ahead of malicious threats and better protect your business.

Audience takeaways:

1. What is threat intelligence
2. How blue teams can use it
3. Why blue teams should use it
4. Practical tools and tips

Kallen Curtis is currently a security engineer at Alias Infosec where he works to protect clients and their businesses through pen testing, incident response and digital forensics. Kallen has 15 years of IT and cybersecurity experience. Starting at Geek Squad, Curtis worked his way up from help desk to become a systems engineer at a large IT business. With his extensive IT and cybersecurity experience in both the Financial sector and with the DoD, heâ€™s able to bring a unique approach to protecting a businessâ€™ critical environment.

Now working with Alias, he continues his research and support through various Red and Blue Team efforts.

Eric Molinaro | Cyber Recovery – Are You Ready When Things Go Wrong?

Track: Shawn of the Dead

Most organizations have developed strategies to access their mission-critical assets during an outage caused by natural disasters or power disruptions. These strategies have proven to be ineffective during cyberattacks. Are you ready when things go wrong?

Eric spends his time munching on brains with the folks at Optiv!

Stephen Nelson | Supercharge Your Incident Response Tabletop Exercises

Track: Zombieland

Are you ready to supercharge your next incident response (IR) tabletop exercise? Are you even doing IR tabletops? Either way this talk is for you. As a security practitioner for 18 plus years I am huge advocate for utilizing tabletops to help improve your IR program. With this talk I hope to empower the attendees with tips and tricks to supercharge their next tabletop even if it is their first one.

Well traveled homebody. Technology enthusiast, security journeyman, ManUtd fan, and Energy FC supporter. Securing clouds everywhere.

Jonathan Kimmitt | Social Engineer your way to Success

Track: Zombieland

In this session, we will discuss tactics that penetration testers use daily, that can be helpful in many business situations.

By learning the jargon, understanding the mannerisms, copying the dress and a variety of other techniques, you can become comfortable speaking in front of people, be confident in tense situations, and otherwise adapt to situations as needed in the organization.

Jonathan currently serves as Chief Information Security Officer for the University of Tulsa. His primary responsibility is the development and execution of the University’s IT Security & Data Privacy Compliance Initiatives. Jonathan has 20 years of experience at TU in Information Services & Security Operations and has been involved with all aspects of information technology at the University. He is proud to be President of the ISSA Oklahoma Chapter, and an InfraGard Board Member.

Diana Hutcherson | Social Engineering for Introverts

Track: Zombieland

Many introverts fear Red Team or social engineering engagements because they tend to involve “interacting with other people”. In this talk, Diana Hutcherson shares some conversation formulas taken from the world of impulse sales that analytical thinkers can lean on to make these conversations easier. Humorous and practical, this talk is sure to have something for everyone, from engineers to consultants to salespeople themselves.

In this introductory talk, Diana will explain and demonstrate how social engineering is a form of sales in which you are selling yourself. She will cover the “5 Steps to a Conversation”, simple conversation starters that almost instantly lead people to trust you without you having to say much at all, the “4 Impulse Factors” that get people to act spontaneously, and when to, when not to, and how to ask questions that get you the results you want. Most importantly, Diana will emphasize that all of this can be done with your own personality, so there’s no need to pretend to be anyone you aren’t. You just have to follow the formulas.

Diana Hutcherson has worked as both a Network/Systems/Server Administrator/Engineer and as a Penetration Tester/Security Analyst at True Digital Security, now Cerberus Sentinel. She is also an IT Specialist, Master Resilience Trainer, and Noncommissioned Officer in the Oklahoma Army National Guard. In a previous life (prior to IT/cyber and the Army), she spent two years recruiting, training, and selling for a multi-level marketing firm where she learned the skills she will present in this talk and continues to use in her roles today.

Kris Wall | Deep Dive: How Ransomware Spreads and Strategies to Stop Attacks Cold

Track: Zombieland

Ever wonder how ransomware makes it onto the network? Which paths it takes first? What systems get prioritized first? How the malware actually spreads? How do we stop these attacks?

We’ll dive deep to answer exactly how ransomware works and how you can defend your organization from these attacks.

Kris Wall is the Chief Technology Officer and Senior Penetration Testing/Digital Forensics expert at Critical Fault. Kris worked for over a decade for an MSP before freelancing for a few years as a developer. After developing several terribly vulnerable web apps, Kris became obsessed with fixing vulnerabilities in his code and giving talks about this journey. It was then Kris got into offensive security.

Since getting into offensive security, Kris was founded a security testing company, finished his MS and BS in Information Security, and landed several certifications, included his OSCP and CISSP.

Curtis Coleman | Butterflies, Black Swans, and Beautiful Metrics Update: How to Thwart Cyberattacks

Track: Zombieland

You cannot predict a Black Swan event, but you can estimate the probability that it will occur and its potential impact by building a security architecture that evolves as the threat landscape shifts. You must look beyond conventional modes of defense to achieve a security posture that is dynamic, not static. This requires cyber situational awareness, measurements, and information sharing. The audience take-away will include steps for preparing an incident response plan, cyber situational awareness program, and a pragmatic approach to implementing cybersecurity.

Curtis Coleman has had a distinguished, 25-year career in cybersecurity. Most recently, before joining Oklahoma Christian University as Assistant Professor of Computer Science and Director of Cybersecurity Program. Previously, he was Vice President, CISO at Seagate Technology, a large multi-national digital storage manufacturing company. In that role, he directed the efforts to implement cybersecurity policies, practices, and technology to ensure the protection of Seagateâ€™s data and systems. He has shared his cybersecurity knowledge by serving on advisory boards for major corporations including Intel, Oracle, and Salesforce. He holds multiple cybersecurity certifications including Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM). He has and continues to speak at cybersecurity conferences across the country. He is listed in ExecRankâ€™s â€œTop 150 Security Executives Rankingsâ€ and was awarded Information Security Executive of the Year Award. Curtis is a Doctor of Business Administration with emphasis in Cybersecurity candidate at Liberty University.

Carrie Randolph | Hacking Trust Establishment

Track: Zombieland

Trust is a component of Psychological Safety that typically takes a long time to establish with individuals and groups. We can hack trust establishment to make others feel safe & quickly reach a trusted state with our staff, teammates, end-users, clients, business partners, targets. If you’re on vacation and see someone wearing a t-shirt with your college alma mater, do you intrinsically trust that person more than another random stranger? We’re going to discuss the value of establishing trust, tactics for establishment, and where it can take you:
Does it get Social Operators past the Receptionist and into the Data Center?
Does it take a sales call from a demo to a long-term contract?
Can it help establish an effective Strategic Security Program or increase the morale of your team?

Carrie Randolph leads the Cybersecurity Risk Management Team for Go Security Pro as a Senior Security Consultant specializing in IT GRC. She brings twelve years of public and private sector cybersecurity experience where she started as end-user support and progressed through various roles refining her technical acumen and soft skills. Carrie is an active supporter of Oklahoma’s technology and cybersecurity community. Outside of IWS, you may find her moderating Techlahoma’s Slack, at an ISSA Oklahoma (Tulsa) event, or at BSides Oklahoma as a co-founder and board member. Personally, Carrie is pursuing her CISSP, values spending time with her family, and PC gaming as time allows.

Information Warfare Summit Returns

4 October 2022

2501 E Memorial Rd, Edmond, OK 73013

Get Tickets Now

Sponsors

Meet Our Keynote

Tammy Moskites

Tammy Moskites

Main Track: Dawn of the Dead

Keynote: Tammy Moskites

Main Track: Dawn of the Dead

Platinum Sponsor: Go Security Pro

Main Track: Dawn of the Dead

Diamond Sponsor: Microsoft

08:00AM

Registration

8:30AM

Opening and Welcome

09:00AM

Keynote | Living in A Resilient World

10:00AM

Zero to Domain Admin: Exploiting the Hidden Weaknesses in Your Network

10:30AM

Morning Break

10:45AM

Out of The Frying Pan...

11:45AM

Lunch Break

Afternoon Sessions

4 Full Tracks of Speakers

Afternoon Sessions

Community Room in Resident Evil

12:45PM – 30 Minute Sessions

1:15PM – 30 Minute Sessions

1:45PM – 30 Minute Sessions

2:15PM – 60 Minute Sessions

( Laptop Recommended)

3:15PM – 60 Minute Sessions

4:15PM – 30 Minute Sessions

Last Year Gallery

Diamond Sponsors

Platinum Sponsors

Gold Sponsors

After Party | Coin Sponsor

Silver Sponsors

Bronze Sponsors