Information Warfare Summit

Amid all that has been said about the potential impacts of AI in the field of Cybersecurity, what do we have to show for it? The truth is, there are considerable obstacles to widespread adoption of AI and ML. In this talk, we will examine both broad community research, and ongoing AI research at Rapid7, to illustrate the technical, policy, and procedural challenges facing the adoption of AI in operational environments.

The examples will include malware analysis, host-based process modeling, network anomaly detection, and user behavior analytics. Challenges range from technical implementation, to organizational buy-in, security concerns, customer communications, and analyst interaction. The talk is designed to be accessible without a formal background in Data Science or Machine Learning, and the concepts presented should be familiar to anyone working in cybersecurity.

Matt Berninger began his cybersecurity career in the SOC, working his way to incident responder, and has most recently moved to the realm of Data Science. In the last few years, he has tried many times to build and implement machine learning into operational processes - failing often, but occasionally succeeding. The names, characters, and algorithms depicted in this presentation have been obfuscated, but the stories are real. This talk should be helpful to anyone looking to build, buy, or integrate AI and ML solutions into their operations.

CMMC is the new DoD framework for cyber defense, the Cybersecurity Maturity Model Certification, and it will shortly be mandated across the DoD supply chain. Not only mandated but it will require an independent third-party audit to confirm that compliance, a massive change from the current world of self-attestation, and corrective plans. By design, this is going to drive a much higher level of cyber compliance across the Defense Industrial Base (DIB), and that means not just some, but a vast majority of companies will have to make significant changes and investments to meet these requirements. It also appears this will not be limited to DoD. There is already discussion and some action to mandate CMMC compliance and audits in other areas of Federal government contracting. This talk will discuss the compliance and security journey of one company.

Discussing the trials and tribulations women face in tech while positioning a community aspect that helps to empower them and reposition your culture to be more diverse and inclusive.

Minimizing hurdles, eliminating harassment, and fostering a safe, inclusive workplace for everyone.

Are you seeking to implement or update an IT app risk assessment process at your small or medium-sized organization? Devon Energy recently retooled our risk assessment process for new IT applications. We propose to present on why we did this, give desired objectives for the new process, and discuss how we went about it. We will give an overview of the new process along with examples of its use. We believe the methodology for retooling our risk assessment process, as well as the new process itself, will be especially helpful for small and medium-sized organizations.

Do you know what really happens behind the scenes when a user creates a new Team in Office 365? (More than you think!) Where do files go when you share them with a Teams channel? (Hint: check SharePoint.) How can an O365 admin see which sensitive files have been shared outside a Team via links?

This presentation discusses the use of Python and various libraries: Requests, Selenium WebDriver, Re (Regular Expressions), and BeautifulSoup4 to acquire open-source intelligence data at a large scale. It’ll be focused not only on those libraries, but around asynchronous technology and the exponential speed advantages provided.

There are many important elections this year. As you read this, Russia is already disrupting them.

When we talk about election security, most people think of hacking voting machines. But what about other cyber methods and means of disrupting an election? What can nation state threat actors do today, tomorrow, the day of the election, and after to sow chaos and erode our faith in democracy?

In this session, we’ll discuss how Russia has influenced worldwide elections using cyberwarfare and how we have fought back. We’ll understand the natural asymmetry between how Russia and other countries are able to respond, and how we have changed our approach since 2016.

By the end, we will be brainstorming all of the ways to disrupt an election that countries aren’t prepared for.

Get ready to put your nation state threat actor hat on and disrupt some elections - and maybe even earn some ириски-тянучки.

As security professionals we have seen the landscape change. Cyber security is now more vital and relevant to the growth of your organization than ever before. As a result, information security teams have more visibility, more budget, and more opportunity. This talk covers the tools to become a security business leader who can build and execute strategic plans that resonate with other business executives, and develop management and leadership skills to better lead, inspire, and motivate your teams.

Looking to land your CISSP certification soon? If so, this is the panel for you! Come prepared with questions how how to land the certification and what you can expect after the certification. 

If you're looking to make the jump into a new information security career, then we've got the panel for just that. Join us as our panel of professors and industry experts share their experiences in getting into the field.

Hardening Linux has always been a challenge. Come and see how things have improved and what new challenges are on the horizon.

Pick all the locks! Shim all the shackles! You know the drill!