IWS Logo

Information Warfare Summit

October 7, 2020

Virtual Event

Oklahoma’s longest running information security conference is back for our 13th year! Due to Covid-19, we’ve gone virtual! Join us October 7 as we stream our event live to you!

Sign Up to Attend the Conference

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

Join the Stream

Coming soon.

Get Your Tickets

Want an awesome shirt? We’ve got you covered. Need that CPE? We’ve got your certificates ready. Have a look at the ticket options below. $10 off for those that register before September 20th.

About Event

We may be virtual this year, but we’re not slowing down. We’ve got an exciting line up of security experts and community leaders. Not to mention, we’ll have several villages, demos, and workshops for your to join!

Multiple Tracks

Our event will features multiple speakers with something for everyone in information security.

Live Chat

Interact with your favorite speakers live during the event.

Career Networking

We’re partnering with Robert Half to offer resume assistance and networking for your next career jump.

Live Vendor Demos

Want to see the latest and greatest? Join us as we demo some of the latest in tools to protect your network.

Multiple Tracks

Leadership strategies, tactical techniques, and security trends. You name it, we’ve got it.

Sponsors

A huge thank you to our sponsors. We wouldn’t be able to do this without their support.

Find Your Favorite Talks

We’ve got an amazing line up of talks and speakers ready to keep your skills sharp and mind informed.

TRACK 1

09:00

Keynote: Focused

We live in a world of distractions. Through this program, Dr. Mellor explores how breakthroughs in the world of neuroscience are providing meaningful insights into how to train the brain for focus. The program is a breakthrough event that is extremely engaging and practical. Applicable to all, the content can be applied instantly and is a crowd favorite. (Leadership, Motivation/Inspiration)

Dr. Nathan Mellor

10:00

Weaponized AI

Initially dismissed as a buzzword by many security practitioners, our adversaries have now been utilizing AI for years. Today, the product of even crude AI can be indistinguishable to human perception and unlike other techniques used to deceive or destroy, AI doesn’t have to wait on a human being to improve its efficacy. AI makes itself more elegant and more efficient with every additional data point it interacts with. Our adversaries understand that AI is an indispensable addition to their arsenal. From malware that learns how to deceive its target to misinformation campaigns designed to deplete a target of resources, AI allows a maximum return on investment by decimating the amount of time and effort spent on a desired result.

Drawn on Lucas’s own experience defending systems against attacks - both human and machine powered - this talk will explore how artificial intelligence is being weaponized against the organizations we defend and how security practitioners can harness AI in unique ways to protect against such attacks.

Lucas Chumley

With a decade’s experience in digital forensics and incident response, Lucas has assisted both large and small organizations in various industries with implementing security solutions and incident response procedures. At SentinelOne, Lucas supports a broad range of clients across the southeast United States focusing on detection and automation.

Lucas Chumley - Sentinel One

11:00

The Cuckoo Effect

Attackers are here! They are ready to attack your applications, web sites, IoT devices, smart devices, and anything connected to the Internet. Learn how cybercriminals create malware, ransomware, and phishing campaigns. We will look at conventional evasion techniques used by attackers to bypass security products. In this talk, FortiGuard Labs researcher will discuss how researchers find, track, and protect against attacks from the most dangerous cyber attackers. 

 

Aamir Lakhani

Aamir Lakhani is a leading senior security strategist. He is responsible for providing IT security solutions to major enterprises and government organizations.

Mr. Lakhani creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions and government organizations. Aamir has designed offensive counter-defense measures for the Department of Defense and national intelligence agencies.

Aamir Lakhani

12:00

TLS 1.3 Deep Dive and Protecting SSL/TLS Sessions

TLS is arguably the most important protocol on the Internet, providing the foundation for secure communication online. Major websites like Netflix and Cloudflare are already migrating toward TLS 1.3 which was finalized a little over 2 years ago. This talk will be a deep dive into the TLS 1.3 protocol, the changes from TLS 1.2, and how TLS 1.3 provides for enhanced security and performance. Special focus will be given to how the shift to TLS 1.3 impacts cybersecurity programs and network monitoring.

In the second half of this talk will dive into modern protections for SSL/TLS sessions. We will discuss toolsets that can be used to assess your SSL/TLS posture and what you need to know to address TLS weaknesses.

Geoff Wilson

12:30

Let the Machines Do Your Hunting For You - Why Big Data and Analytics Have Changed the Security Landscape

This talk will describe the journey to machine learning based analytics that have revolutionized the endpoint protection market, and draw parallels to how similar techniques and architectures can be used to solve problems in other technology domains in addition to cross-domain problems. This talk will propose the utilization of machine learning and big data analytics to reduce the level of effort to provide automated protections in the technology stack, with the end goal in mind of using SOC personnel to only work on things requiring human intervention, thus reducing the need for additional personnel, while improving security outcomes.

Chris Yates

1:00

Using a 30-60-90 Day Plan to Become A Rockstar CISO

Are you managing your career? Are you getting the attention your background and experience should command? If not, why not? In this session you will lean how to read a job description and filter out the jobs you don’t want and shouldn’t waste time on. You will also learn hoe to be the perfect candidate, on paper, and get the interview. You will also learn how to develop a solid 30-60-90 Day Plan to use in your interview. Then you will learn how to approach the interview in a manner that will showcase your talent in the right light, overcome any objections the interviewers may have, and walk out with a job offer using your 30-60-90 Day Plan.

Gordon Rudd

2:00

Advanced Hybrid Identity with Azure AD

A hybrid Identity & Access Management system is essential for today’s on-prem and multi-cloud workloads. It’s easy to connect your Active Directory to Azure AD, but it’s harder to know how to do it to meet advanced requirements like multiple domains and forests, trusts, regulatory boundaries, and disconnected environments. This session will dive deep into each of these scenarios, and you will leave with the understanding of which approach is right for your needs.

John Spaid

3:00

Army Cyber Security Panel

The United States Army has its own cyber security team. Ever wonder what they do? Well today we’ll present leaders and members of the team, give a “day in the life of” chat, and provide a Q&A session.

Kevin Turner, Captain Dan Slusarchuk

4:00

Closing Ceremonies & Door Prizes

TBD

4:00

Afterparty!

Optiv

TRACK 2

12:00

Build Minotaurs, not Machines: Lessons Learned from Integrating AI into Cybersecurity Operations

Amid all that has been said about the potential impacts of AI in the field of Cybersecurity, what do we have to show for it? The truth is, there are considerable obstacles to widespread adoption of AI and ML. In this talk, we will examine both broad community research, and ongoing AI research at Rapid7, to illustrate the technical, policy, and procedural challenges facing the adoption of AI in operational environments.

The examples will include malware analysis, host-based process modeling, network anomaly detection, and user behavior analytics. Challenges range from technical implementation, to organizational buy-in, security concerns, customer communications, and analyst interaction. The talk is designed to be accessible without a formal background in Data Science or Machine Learning, and the concepts presented should be familiar to anyone working in cybersecurity.

Matt Berninger began his cybersecurity career in the SOC, working his way to incident responder, and has most recently moved to the realm of Data Science. In the last few years, he has tried many times to build and implement machine learning into operational processes - failing often, but occasionally succeeding. The names, characters, and algorithms depicted in this presentation have been obfuscated, but the stories are real. This talk should be helpful to anyone looking to build, buy, or integrate AI and ML solutions into their operations.

Matt Beringer - Rapid 7

12:30

Optiv

Optiv

1:00

CMMC: A Compliance Journey

CMMC is the new DoD framework for cyber defense, the Cybersecurity Maturity Model Certification, and it will shortly be mandated across the DoD supply chain. Not only mandated but it will require an independent third-party audit to confirm that compliance, a massive change from the current world of self-attestation, and corrective plans. By design, this is going to drive a much higher level of cyber compliance across the Defense Industrial Base (DIB), and that means not just some, but a vast majority of companies will have to make significant changes and investments to meet these requirements. It also appears this will not be limited to DoD. There is already discussion and some action to mandate CMMC compliance and audits in other areas of Federal government contracting. This talk will discuss the compliance and security journey of one company.

Vincent Scott

2:00

How to Hire More Women in 3 Easy Steps!

Discussing the trials and tribulations women face in tech while positioning a community aspect that helps to empower them and reposition your culture to be more diverse and inclusive.

Minimizing hurdles, eliminating harassment, and fostering a safe, inclusive workplace for everyone.

Stacy Dunn

3:00

Risky Business: Updating Our IT Application Risk Assessment Process

Are you seeking to implement or update an IT app risk assessment process at your small or medium-sized organization? Devon Energy recently retooled our risk assessment process for new IT applications. We propose to present on why we did this, give desired objectives for the new process, and discuss how we went about it. We will give an overview of the new process along with examples of its use. We believe the methodology for retooling our risk assessment process, as well as the new process itself, will be especially helpful for small and medium-sized organizations.

Rich Lay

TRACK 3

12:00

Microsoft Teams Explosion: How to Prevent Data Leaks

Do you know what really happens behind the scenes when a user creates a new Team in Office 365? (More than you think!) Where do files go when you share them with a Teams channel? (Hint: check SharePoint.) How can an O365 admin see which sensitive files have been shared outside a Team via links?

Greg Bailey

12:30

Async Intelligence Gathering with Python

This presentation discusses the use of Python and various libraries: Requests, Selenium WebDriver, Re (Regular Expressions), and BeautifulSoup4 to acquire open-source intelligence data at a large scale. It’ll be focused not only on those libraries, but around asynchronous technology and the exponential speed advantages provided.

Jeff Bowie

1:00

Trust, but Verify: Maintaining Democracy In Spite of Информационные контрмеры

There are many important elections this year. As you read this, Russia is already disrupting them.

When we talk about election security, most people think of hacking voting machines. But what about other cyber methods and means of disrupting an election? What can nation state threat actors do today, tomorrow, the day of the election, and after to sow chaos and erode our faith in democracy?

In this session, we’ll discuss how Russia has influenced worldwide elections using cyberwarfare and how we have fought back. We’ll understand the natural asymmetry between how Russia and other countries are able to respond, and how we have changed our approach since 2016.

By the end, we will be brainstorming all of the ways to disrupt an election that countries aren’t prepared for.

Get ready to put your nation state threat actor hat on and disrupt some elections - and maybe even earn some ириски-тянучки.

Allie Mellen

2:00

Security Leadership and Management Competencies

As security professionals we have seen the landscape change. Cyber security is now more vital and relevant to the growth of your organization than ever before. As a result, information security teams have more visibility, more budget, and more opportunity. This talk covers the tools to become a security business leader who can build and execute strategic plans that resonate with other business executives, and develop management and leadership skills to better lead, inspire, and motivate your teams.

Joe Sullivan

3:00

The Gap Between Compliance and Security

Kristopher Wall

TECH VILLAGE

12:00

CISSP Prep - Panel

Looking to land your CISSP certification soon? If so, this is the panel for you! Come prepared with questions how how to land the certification and what you can expect after the certification. 

Jonathan Kimmitt, John Spaid, Nathan Sweaney, Rob Hines

1:00

Getting into InfoSec

If you're looking to make the jump into a new information security career, then we've got the panel for just that. Join us as our panel of professors and industry experts share their experiences in getting into the field.

Dr. Jon McHenry, Professor Haifeng Ji, Curtis Griffin

2:00

Linux Hardening in 2020

Hardening Linux has always been a challenge. Come and see how things have improved and what new challenges are on the horizon.

John Robertson

3:00

College of Lockpicking

Pick all the locks! Shim all the shackles! You know the drill!

College of Lockpicking

VENDOR ROOM

12:00

Sentinel One

Vendor Demo

12:30

Fortinet

Vendor Demo

1:00

Optiv

Vendor Demo

1:30

Stinnett & Associates

Vendor Demo

2:00

Go Security Pro

Vendor Demo

2:15

Varonis

Vendor Demo

2:30

Rapid 7

Vendor Demo

2:45

Critical Start

Vendor Demo

3:00

Rack59

Vendor Demo

3:15

Alias Forensics

Vendor Demo

Villages and More

We’ll be offering multiple villages and tracks for your to sharpen your skills and network with others.

Diamond Sponsors

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Bronze Sponsors

intsights
checkpoint

Contributing Sponsors

Stinnett & Associates

After Party Sponsor