With two IPOs & eight acquisitions, Brian has helped build some of the most successful security companies in the world. He has over 25 years in the security industry as a security company entrepreneur, board advisor, investor, and author. After getting his start with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions, including Riptech, ArcSight, Imperva, McAfee, Solera Networks, Cylance, JASK, Verodin, and Mandiant.
Brian has worked in over 50 countries across six continents. He authored the book Enemy at the Water Cooler and co-authored Physical & Logical Security Convergence with former NSA Deputy Director William Crowell. He was featured in the cyberwar documentary 5 Eyes alongside General Michael Hayden, former NSA, and CIA Director. Brian writes for Forbes and regularly presents at conferences like Black Hat, RSA, OWASP, and BSides.
Dmitry
Dmitry Bestuzhev is BlackBerry's Senior Director, leading the Cyberthreat Intelligence team responsible for tracking large-scale cyber incidents, espionage, and cyber-crime-motivated campaigns.
In addition to producing contextual cyberthreat intelligence reports, he prepares analytical articles and forecasts. He is a trainer in various topics: threat hunting, malware analysis, threat intelligence, and OpSec. Dmitry frequently presents in educational initiatives, webinars, and international security events.
Before joining BlackBerry, Dmitry oversaw the Global Research and Analysis Team in Latin America in anti-malware and threat intelligence research of financially motivated attacks. He has more than 20 years of experience in different fields of cybersecurity.
Beck (blither)
Beck (blither) has spent over a decade in cyber security, with a consistent blue-team theme of protecting internal assets, platforms, technologies and people throughout the duration of her career. She's passionate in making the world a more risk-averse place through effectively implementing cyber security practices, in both the literal and figurative sense. In her non-cyber life, she enjoys playing with machinery of various sorts and to varying degrees, fixing broken things, creating things, and spending time with her favorite people and four-legged friends.
Alex Holden
Alex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Mr. Holden researches minds and techniques of cyber criminals and helps our society to build better defenses against cyber-attacks.
François Proulx
François is a Senior Product Security Engineer for BoostSecurity, where he leads the Supply Chain research team. With over 10 years of experience in building AppSec programs for large corporations (such as Intel) and small startups he has been in the heat of the action as the DevSecOps movement took shape. François is one of founders of the NorthSec conference in Montreal, Canada and a challenge designer for their CTF.
Mike McCabe
Michael McCabe is the founder and President of Cloud Security Partners. He founded Cloud Security Partners in 2017 where he uses his 15 years of experience to help create and implement security solutions for clients. Michael’s focus on Cloud Native software security coupled with his experience in Cloud Infrastructure and Security enables Mike to help companies navigate their security challenges by creating unique and client-tailored solutions.
Michael has led teams within startups and large financial institutions, guiding them through their security journeys. Michael’s experience in secure code review and dynamic security testing allows him to help clients identify their risk across applications and infrastructure alike.
Michael is a chapter leader of the OWASP Northern Virginia chapter, where he coordinates speakers and meetups which hosted industry-leading experts. In a addition to that, he has spoken at numerous conferences about subjects across Application Security, Cloud Security and more. He is also the co-host of the Relating to DevSecOps podcast focusing on how to create security solutions that work for real world problems.
When not chasing his two young sons around, he enjoys biking and being an amateur mechanic.
Matteo Rosi
Matteo Rosi, Security Researcher at Contrast Security, is a passionate cyber-security professional with 20 years of experience in the field. Prior to Contrast, he worked as Cyber Security Expert and SOC Manager at Telepass, helping organisations to design and implement all security capabilities and particularly the incident response process. Matteo holds a PhD in Computer Engineering from The University of Florence, the city where he lives with Corinna and their two sons. When Matteo isn't working hard at Contrast Security, you'll find him enjoying dying again and again in Elden Ring.
Mao Sui
Mao Sui and Oxana are Senior Analysts at LookingGlass Cyber Solutions. With their multi-lingual skills and deep understanding of cultural nuances, they conduct research into Chinese and Cantonese – speaking cyberspace, and Russian-speaking cybercrime world, respectively. Their other focus areas include tracking threat actor behaviors, TTPs, ransomware groups, and cybercrime toolkits to develop actionable analyses that provide valuable insights for decision-makers.
Jackie Burns Koven
Jackie Burns Koven is the Head of Cyber Threat Intelligence at Chainalysis, leading the team that tracks cybercriminals and nation state actors stealing, scamming, and extorting cryptocurrency. She spends most of her time combing the blockchain for financial signatures of threat actors and mapping out the underground economy. She is a member of the Ransomware Task Force, which unites key stakeholders across industry, government, and civil society to innovate new solutions countering the ransomware threat. Prior to Chainalysis, she served in the U.S. Intelligence Community.
Eric Olson
Eric helped pioneer the Cyber Intelligence space beginning in 1999, when he worked to develop some of the world's first technologies and methods for mass-scale collection and exploitation of online content for threat identification. Since then, Eric has led technology, development, and product management teams delivering hardware, software and services at a variety of cybersecurity and defense firms. He currently oversees the Threat Intelligence, Threat Hunting, SOC and CSIRT for JetBlue Airways in New York.
Aditya Patel
Aditya is a Security Leader at Amazon, with over 15 years of experience in software and cybersecurity. He is an expert in cloud security, vulnerability and risk management, and threat modeling for enterprises. As a member of the Security Technical Field Community within AWS, Aditya has led numerous enterprise customers in building their cloud security programs. He is also an Amazon Certified Senior Speaker and speaks at local security and global AWS events on various technical topics related to security, privacy, and compliance. He also writes a popular security blog at https://secwale.com.
Ian Davila
Ian Davila is a Lead Adversary Emulation Engineer for Tidal Cyber who is passionate about helping organizations adopt a Threat-Informed Defense. Before joining Tidal Cyber, Ian was a Cyber Security Engineer for The MITRE Corporation.
Ian advanced MITRE ATT&CK® where he researched, developed, and reviewed techniques for the Enterprise domain as a Technique Research Lead. He also supported the software development team of ATT&CK. Ian was part of ATT&CK Evaluations for two Enterprise offerings where he led evaluations and emulated malware used by adversaries.
Ian began his career in Cyber Security in 2015 by competing in CTFs while completing his Bachelor of Science in Computer Science from the University of Puerto Rico, Rio Piedras. He was a Research Assistant for the University of Puerto Rico and interned at the National Institute of Standards and Technology and Carnegie Melon University. After completing his Bachelor of Science, he obtained a Master of Science in Information Security from Carnegie Melon University in 2020 while being an intern for The MITRE Corporation.
Oxana
Mao Sui and Oxana are Senior Analysts at LookingGlass Cyber Solutions. With their multi-lingual skills and deep understanding of cultural nuances, they conduct research into Chinese and Cantonese – speaking cyberspace, and Russian-speaking cybercrime world, respectively. Their other focus areas include tracking threat actor behaviors, TTPs, ransomware groups, and cybercrime toolkits to develop actionable analyses that provide valuable insights for decision-makers.
Anita D'Amico
Dr. Anita D’Amico is Vice President of Cross-Portfolio Solutions and Strategy at Synopsys Software Integrity Group, where she is responsible for software supply chain risk management. Prior to that, she was CEO of Code Dx, Inc., an application security startup. Her roots are in experimental psychology and human factors. She has conducted extensive research and published work on the intersection of technology and human decision making, including how to visualize complex cybersecurity data. She got her start in cybersecurity at Northrop Grumman, where she launched its first Information Warfare team. Anita was named as one of "100 Fascinating Females Fighting Cybercrime” in the book “Women Know Cyber.”
Jacob Faires
Jacob Faires is a Senior Threat Researcher with BlackBerry’s Threat Research & Intelligence team. Jacob collaborates with data scientists, engineers, and intelligence analysts to actively monitor threats and develop cutting edge research focused internally and externally on the evolving threat landscape. Jacob has nearly two decades of experience in the information and technology security sector. Prior to joining BlackBerry, Jacob was a Senior Threat Researcher with NTT’s Global Threat Intelligence Center (GTIC) where he tracked threat actors and advanced persistent threats (APTs), incident response, extended detection and response (XDR) data, and data net flow analysis to effectively identify threat actors and provide detection to NTT clients.
Patrick Matthews
A chaotic good lead security consultant with Nettitude. Who tends to get distracted with hardware, malware and trying to do well to those around me. Over my career I have held positions in most areas of IT, such as a programmer, SOC operator, network, and system administrator. I currently hold a number of industry certificates that allows me to bypass HR role qualification filters. When I'm not on my computer, I pretend to be a farmer and beekeeper.
D Niu
D is a software engineer at Datadog, working mostly on dependency security, kubernetes runtime integrity, and threat intel research. She graduated from Duke University with a degree in Computer Science in 2021 and spends most of her free time doing yoga.
Tom Goodheart
Tom Goodheart started in security after studying economics at Wagner College on Staten Island. A life longer tinkerer Tom spends a majority of his time working on his home lab, hiking, scuba diving, and cooking. Currently, Tom works on JP Morgan and Chase's Attack Analysis Team triaging the variety of alerts an organization of that size offers.
Harry Halikias
As a seasoned professional with over 15 years of experience in cybersecurity and privacy, I am a frequent public speaker and thought leader on the importance of protecting sensitive information. I hold a Master’s Degree in Cybersecurity and numerous certifications, including the CISSP, which have enabled me to comprehensively understand the latest technologies and best practices in the industry.
I am passionate about privacy and believe it is a fundamental right for everyone. I am committed to protecting personal and sensitive data and ensuring that people's information is secure and kept confidential.
As a senior leader in the field, I am dedicated to staying at the forefront of emerging trends and technologies to provide the best possible defense against cyber threats. I am constantly seeking new opportunities to learn, grow, and share my expertise with others, so let's connect.
Abi Waddell
Abi is the founder of Inquirix which provides tailored OSINT services having more than two decades of experience in open source data gathering, attack surface testing, threat assessment and investigations. Abi's recent research has focused on improving OSINT techniques in forensic investigations and vulnerability assessments, attack recon behaviour detection and credential analysis and testing. She has made a number of vulnerability findings which have facilitated data exposure assessments, blue teaming and created tools to help in this work.
Susan Peediyakkal
With nearly 20 years of IT and cybersecurity experience, focused primarily on Cyber Threat Intelligence (CTI), V. Susan Peediyakkal draws on her significant knowledge from working with various intelligence operations in the federal government, commercial, and international domains. Susan's career began in the US Air Force where she has served 20 years, both active and reserve, before retiring in 2021. She joined NASA in October 2020 as the InfoSec Operations Manager for Ames Research Center and recently transitioned to her new role as Service Management Practice Lead for the Cybersecurity Services (CyS) Service Line. An active member of the cybersecurity community; Susan is the founder and director of BSides Sacramento, was named a 2020-2022 technologist fellow for the National Security Institute (NSI) at George Mason University, and appointed to the advisory board for CSU Chico's Executive Program. In March 2018, Susan was named one of “10 Women in Security You May Not Know But Should” by one of the most widely-read cyber security news sites on the Web, Dark Reading.
Dennis Murphy
Dennis Murphy started his career in 1993 as a Control System Engineer, specializing in designing, installing, and maintaining process automation networks in dozens of industry segments, including the Electric Utility sector. In 2005, Mr. Murphy shifted his focus to from designing to securing control system networks, working on R&D projects to secure US critical infrastructure as a member of BAE Systems. In 2015, Mr. Murphy joined SecurityMatters as the first US employee, responsible for the design, installation and support of Intrusion Detection Systems built specifically for OT networks. Mr. Murphy has installed OT specific IDS systems at multiple US electric utility and oil & gas companies, specializing in the integration of OT specific alerts into existing Security Operation Centers and creation of bespoke workflows and playbooks. In 2021, Mr. Murphy joined National Grid as the Lead OT Security Engineer for the Digital Substation group in the US, responsible for securing OT networks with IDS systems and adapting IT-based security solutions to install an edge compute element to field sites. Mr. Murphy, a father of three who currently resides in New Hampshire with his wife, is an active member of the Appalachian Mountain Club, seeking to hike all forty-eight 4000-ft. peaks in NH. Mr. Murphy also enjoys sailing the New England coastline in his free time.
Kevin Apolinario
I worked for an MSP environment, apple store, department of education, and multiple hedge funds. I also have about 12 years of restaurant experience and did 4 years for the NYPD volunteer. Train students, military veterans and provide hands-on training. Tech Trainer for Jobskillshare and Boots to books. My passion is helping others break into IT/Cybersecurity. I recently created a Udemy course which has helped over 12,000 students learn the on demand skills needed to work IT Support.
Ariel Robinson
After a multi-year hiatus of zoom birthdays and remote happy hours, nationally-recognized security speaker Ariel Robinson is back on the circuit with a host of new talks, trainings, and pandemic puppy pics. (He was planned before the pandemic, okay?) With an academic background in cognitive science and linguistics, Ariel has built a career out of using pictures and small words to translate highly technical concepts between vastly different stakeholders (most of whom have little in common besides appearing vaguely humanoid). Ariel's work has brought her face-to-face with some of society's most dangerous members, from Marines, to lawyers, to seven year old's at a birthday party after cake. Outside of her current role as a senior security product manager, Ariel draws, paints, and climbs really big rocks.
Adrianna Iadarola
Adrianna Iadarola is a seasoned cybersecurity professional and business leader with over 15 years of experience in the industry. As the Managing Director at CyberSN, a leading cybersecurity staffing and recruitment firm, Adrianna is responsible for overseeing the company's day-to-day operations, strategic planning, and business development initiatives.
Throughout her career, Adrianna has established herself as a respected thought leader and expert in the field of cybersecurity. She is widely recognized for her ability to navigate the complex and ever-evolving cybersecurity landscape, and her deep knowledge of industry trends, best practices, and emerging technologies.
Prior to joining CyberSN, Adrianna held a variety of senior leadership roles in the IT and Cybersecurity industry,
Adrianna is also a passionate advocate for diversity and inclusion in the cybersecurity industry. She is an ambassador for Secure Diversity, a non-profit organization dedicated to empowering and supporting women in cybersecurity.
Jacob Colacion
Meet Jacob, CyberSN's Lead Recruiter and job-matching platform champion. Jacob stumbled into the cybersecurity field via referral after college, and since then, he's been captivated. He appreciates being part of the community and has had some of the most enlightening conversations with cybersecurity professionals. As the lead of a team of four recruiters, Jacob thrives on placing candidates into their next career move. From kick-off calls with hiring managers to crafting job descriptions and offering resume advice, he and his team strive to provide value wherever applicable.
One of Jacob's proudest accomplishments is the opportunity to train and educate junior recruiters. He's watched them transform and develop, serving the community with a positive and genuine attitude. Jacob's passion for matching professionals to their dream job led him to champion CyberSN's Job Matching Platform. By creating a shared taxonomy between hiring managers and professionals, the platform fosters transparency and stronger matching.
In his free time, Jacob loves attending Bay Area events, especially OWASP, and tinkering around with TryHackMe. He's also an avid reader and enjoys exploring new topics in psychology, science fiction, and buddhism. You'll often find him strolling through San Francisco, enjoying some dim sum and stumbling upon live music.
Adam Mayer
Adam Mayer is a longtime NYCR member and former 3D printer manufacturer. They currently teach classes in electronic salvage and SMT soldering techniques. They spend way too much time thinking about manufacturing, repurposing e-waste, and building robots out of trash.
Gene Radin
Gene Radin is the Head of Product for a startup that collects and processes sensitive data. He’s spent the last 15 years working in Product Management roles where he’s been responsible for the design and delivery of web-based services that depend on and generate sensitive data. He’s been involved in many aspects of new and mature product development, ranging from strategy to content, design and a lot of testing! He is a proponent of digital privacy rights and volunteers his time to support related initiatives through education, advocacy on public policy, and art.
Glenn P. Edwards Jr. is an Incident Response Engineer at Block where he specializes in Incident Response and Digital Forensics. Glenn holds a M.S degree in Digital Forensics from the University of Central Florida as well as a B.S. degree in Information Security and Privacy from High Point University.
Dave Giancaspro
Jamie Levy is the Director of R&D at Huntress. Jamie is also a senior researcher, developer and board member of the Volatility Foundation. She has worked over 15 years in the digital forensics industry, conducting investigations as well as building out software solutions. Jamie is also a co-author of The Art of Memory Forensics, the first book of its kind covering various facets of how to investigate RAM artifacts.
I design security solutions and shepherd them to a sustainable state. I used to be hands-on in many areas of cybersecurity and IT. Now I focus on strategy and leadership, treating security as an enabler that helps people and companies achieve their goals. As the CISO of Axonius, I lead the security program to earn customers’ trust and fuel the company’s growth. Earlier, I built security products and services. I’m also a Faculty Fellow at SANS Institute, where I help professionals develop malware analysis skills.
To learn more about me, explore my blog at zeltser.com. You can connect with me on Twitter at https://twitter.com/lennyzeltser or Mastodon at https://infosec.exchange/@lennyzeltser.
Shweta Jain
Shweta Jain is Professor and Graduate Faculty at John Jay College, a Doctoral faculty at The Graduate Center of CUNY, and Graduate Director of the Digital Forensics and Cyber Security Master’s program. She has served as PI and Co-PI of NSF CISE and IIP grants. Her most recent work is in creating a blockchain backed technology to support media authentication with applications in digital forensics. She has 15+ years of experience in R&D and has mentored several undergraduate and graduate students during her career as an educator. She has 20+ publications in the area of network architectures, wireless network protocols, and blockchain applications.
Janine Medina
Coordinator extraordinaire who makes things go at BSidesNYC. If you want to know more, you’ll have to ask her yourself
Coffee, beverages and fresh baked goods will be provided.
Come through the 59th Street entrance
Come through the 59th Street entrance
Opening Remarks and Intros to D4CS
Shweta Jain Professor, Director of D4CS, John Jay College of Criminal Justice
Shweta Jain is Professor and Graduate Faculty at John Jay College, a Doctoral faculty at The Graduate Center of CUNY, and Graduate Director of the Digital Forensics and Cyber Security Master’s program. She has served as PI and Co-PI of NSF CISE and IIP grants. Her most recent work is in creating a blockchain backed technology to support media authentication with applications in digital forensics. She has 15+ years of experience in R&D and has mentored several undergraduate and graduate students during her career as an educator. She has 20+ publications in the area of network architectures, wireless network protocols, and blockchain applications.
Lance James CEO, Unit 2221b
Lance James is a highly experienced information security specialist with over 25 years in the field. He has a programming, network security, digital forensics, malware research, cryptography, counterintelligence, and executive leadership background. He provides advisory services to government agencies and Fortune 500 companies and is known for his contributions to the evolution of security practices and counterintelligence tactics. James has written for several industry publications and is a sought-after keynote speaker globally. He has been featured on MSNBC and an episode of "Mr. Robot" and delivered a Ted Talk on "How Attackers Can Use Your Brain Against You in Psy-Ops."
My talk focuses on how we can access and analyze volatile memory in the kernel on a Google Kubernetes Engine (GKE) node using AVML. The purpose of this is to collect a memory snapshot to get granular information about running processes and activities on the GKE node as well as pods and containers running on that node. By using the memory snapshot we can troubleshoot current node activities or use it to collect additional information as part of a security investigation. I will also cover how this method is applicable to other cloud instances running Linux distributions that are supported by AVML.
Marcus Hallberg
My name is Marcus, a security engineer at heart, and I work for Spotify in Stockholm, Sweden. My childhood hero was Sherlock Holmes and as an adult I've tried to fill those shoes by working with cybersecurity detection and response. When I have time off I enjoy rock climbing, folk dancing and cross-country skiing. Looking to meet all the awesome minds at BSidesNYC!
Why focus on heavily guarded crown jewels when you can dominate an organization through its shadow IT? Low-Code applications have become a reality in the enterprise, with surveys showing that most enterprise apps are now built outside of IT, with lacking security practices. Unsurprisingly, attackers have figured out ways to leverage these platforms for their gain.
In this talk, we demonstrate a host of attack techniques found in the wild, where enterprise No-Code platforms are leveraged and abused for every step in the cyber killchain. You will learn how attackers perform an account takeover by making the user simply click a link, move laterally and escalate privileges with zero network traffic, leave behind an untraceable backdoor, and automate data exfiltration, to name a few capabilities. All capabilities will be demonstrated with POCs, and their source code will be shared.
Next, we will drop two isolation-breaking vulnerabilities that allow for privilege escalation and cross-tenant access. We will explain how these vulnerabilities were discovered and assess their pre-discovery impact.
Finally, we will introduce an open-source recon tool that identifies opportunities for lateral movement and privilege escalation through low-code platforms.
Michael Bargury
Michael Bargury is a security researcher passionate about all things related to cloud, SaaS and low-code security, and spends his time finding ways they could go wrong. He is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure focused on IoT, APIs and IaC. He also leads the OWASP low-code security project and writes about it on DarkReading. Michael is a regular speaker at RSAC, OWASP, BSides and DEFCON.
We’ll demonstrate several hacks against xIoT, or Extended Internet of Things, devices. For those who would say, “But they’re just security cameras monitoring the parking garage, wireless access points in the cafeteria, or PLCs controlling robotic welding arms; what harm can they cause?” - this will illuminate that harm. We’ll share stories from the trenches involving cybercriminals, nation-state actors, and defenders. Our presentation will detail findings from over six years of xIoT threat research spanning millions of production devices in enterprises and government agencies around the world. We’ll identify various steps organizations can take to mitigate risk while embracing a Things-connected world.
Brian Contos
Brian Contos, Chief Strategy Officer, Sevco Security
With two IPOs & eight acquisitions, Brian has helped build some of the most successful security companies in the world. He has over 25 years in the security industry as a security company entrepreneur, board advisor, investor, and author. After getting his start with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions, including Riptech, ArcSight, Imperva, McAfee, Solera Networks, Cylance, JASK, Verodin, and Mandiant.
Brian has worked in over 50 countries across six continents. He authored the book Enemy at the Water Cooler and co-authored Physical & Logical Security Convergence with former NSA Deputy Director William Crowell. He was featured in the cyberwar documentary 5 Eyes alongside General Michael Hayden, former NSA, and CIA Director. Brian writes for Forbes and regularly presents at conferences like Black Hat, RSA, OWASP, and BSides.
Penetration testing is vital to cybersecurity defenses, but safeguarding your systems isn’t easy. Methodologies include automated, continuous, and manual pen tests. How do you ensure that you pick the right solution to meet your needs? I will draw on my 2+ decades of experience and discuss the complexities, techniques, and limitations of pen testing, and how to understand what and how to test.
Alex Holden
Alex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Mr. Holden researches minds and techniques of cyber criminals and helps our society to build better defenses against cyber-attacks.
Serverless technology eliminates the need for development teams to provision servers, passing the responsibility for some security threats to the cloud provider and freeing-up developers to concentrate on building logic and producing value quickly. But even without servers, serverless functions still execute code, which can lead to a cloud disaster, if not done right.
In this talk, we will discuss common risks and challenges in serverless environments. I will introduce techniques used by attackers to exploit Serverless apps in unconventional ways. I will also demonstrate exploits of recently discovered CVE, targeting cloud functions.
Matteo Rosi
Matteo Rosi, Security Researcher at Contrast Security, is a passionate cyber-security professional with 20 years of experience in the field. Prior to Contrast, he worked as Cyber Security Expert and SOC Manager at Telepass, helping organisations to design and implement all security capabilities and particularly the incident response process. Matteo holds a PhD in Computer Engineering from The University of Florence, the city where he lives with Corinna and their two sons. When Matteo isn't working hard at Contrast Security, you'll find him enjoying dying again and again in Elden Ring.
This talk will focus on ways to abuse the use of Terraform to elevate privileges, expose data, and gain further footholds in environments from a developer's perspective. We'll cover the common uses of Terraform and how a malicious actor could abuse Terraform and even bypass security controls to execute unapproved code. This talk will include multiple demos of ways to exploit Terraform cloud.
Mike McCabe
Michael McCabe is the founder and President of Cloud Security Partners. He founded Cloud Security Partners in 2017 where he uses his 15 years of experience to help create and implement security solutions for clients. Michael’s focus on Cloud Native software security coupled with his experience in Cloud Infrastructure and Security enables Mike to help companies navigate their security challenges by creating unique and client-tailored solutions.
Michael has led teams within startups and large financial institutions, guiding them through their security journeys. Michael’s experience in secure code review and dynamic security testing allows him to help clients identify their risk across applications and infrastructure alike.
Michael is a chapter leader of the OWASP Northern Virginia chapter, where he coordinates speakers and meetups which hosted industry-leading experts. In a addition to that, he has spoken at numerous conferences about subjects across Application Security, Cloud Security and more. He is also the co-host of the Relating to DevSecOps podcast focusing on how to create security solutions that work for real world problems.
When not chasing his two young sons around, he enjoys biking and being an amateur mechanic.
DLL Hijacking, a well-known technique for executing malicious payloads via trusted executables, has been scrutinised extensively, to the point where defenses are in a much better position to detect malicious use. In this presentation, we take a closer look at how process-level Environment Variables can be abused for taking over legitimate applications.Taking a systemic approach, we demonstrate that 80+ Windows-native executables are vulnerable to this special type of DLL Hijacking. As this raises opportunities for UAC bypass and Privilege Escalation, we discuss the value and further implications of this technique. We also look at preventative/defensive measures, especially for this type of DLL Hijacking, but also for DLL Hijacking more broadly.
In a post-mortem analysis of Trickbot/Conti gangs, I'll detail our unique view into their operations, methods, and lives. Real time access to Conti Leaks was just one of many tools in our arsenal. Our work and unique vantage point has prevented a significant portion of the gang’s crimes. This story is about our journey, process, and insights into one of the most notorious cybergangs of our time.
Alex Holden
Alex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Mr. Holden researches minds and techniques of cyber criminals and helps our society to build better defenses against cyber-attacks.
Are you developing software? If so, there’s a good chance that generating a Software Bill of Materials (SBOM) is in your future. Fears of vulnerabilities in the software supply chain have accelerated demands for SBOMs by customers. This presentation will explain what an SBOM is, who is asking for them, what they are going to do with them, the standard formats in which they are issued, and how to generate them. It will also describe how SBOMs fit into vulnerability disclosure and remediation processes and add transparency to the software supply chain.
Anita D'Amico
Dr. Anita D’Amico is Vice President of Cross-Portfolio Solutions and Strategy at Synopsys Software Integrity Group, where she is responsible for software supply chain risk management. Prior to that, she was CEO of Code Dx, Inc., an application security startup. Her roots are in experimental psychology and human factors. She has conducted extensive research and published work on the intersection of technology and human decision making, including how to visualize complex cybersecurity data. She got her start in cybersecurity at Northrop Grumman, where she launched its first Information Warfare team. Anita was named as one of "100 Fascinating Females Fighting Cybercrime” in the book “Women Know Cyber.”
Supply Chain attacks are all over the news as several high profile breaches highlight CI/CD pipelines as a prime target. The supply chain links the developer’s laptop, via the SCM, through CI/CD and finally the running application in production.
We’ve all heard about the SolarWinds breach, but what can be done to prevent such an attack? In this talk, we dive behind the scenes of similar attacks through the lens of SLSA (Supply chain Levels for Software Artifacts), a threat model designed to tackle these emergent threats.
François Proulx
François is a Senior Product Security Engineer for BoostSecurity, where he leads the Supply Chain research team. With over 10 years of experience in building AppSec programs for large corporations (such as Intel) and small startups he has been in the heat of the action as the DevSecOps movement took shape. François is one of founders of the NorthSec conference in Montreal, Canada and a challenge designer for their CTF.
My talk focuses on how we can access and analyze volatile memory in the kernel on a Google Kubernetes Engine (GKE) node using AVML. The purpose of this is to collect a memory snapshot to get granular information about running processes and activities on the GKE node as well as pods and containers running on that node. By using the memory snapshot we can troubleshoot current node activities or use it to collect additional information as part of a security investigation. I will also cover how this method is applicable to other cloud instances running Linux distributions that are supported by AVML.
Marcus Hallberg
My name is Marcus, a security engineer at heart, and I work for Spotify in Stockholm, Sweden. My childhood hero was Sherlock Holmes and as an adult I've tried to fill those shoes by working with cybersecurity detection and response. When I have time off I enjoy rock climbing, folk dancing and cross-country skiing. Looking to meet all the awesome minds at BSidesNYC!
In a world where complex JavaScript clientside code is the norm, defending against DOM XSS remains a top priority for developers and organizations. Trusted Types, a browser-level runtime defense against dangerous DOM sink API usages, is currently the best defense we have against large classes of DOM XSS, but has a reputation for being difficult to deploy (even more difficult than Content Security Policy). We will talk about the philosophy and the journey behind how we scaled Trusted Types rollouts across hundreds of webapps and billions of users at Google and the current challenges for wider adoption of defenses against DOM XSS in the ecosystem.
Critical SOC KPIs? MTTD. MTTR. Right? Except… “Detect” starts from compromise? Or Alert? One “expert” says “Respond” means “time to resolve an incident” but defines neither “resolve” nor “incident.” Time-To- Qualify? Identify? Triage? Contain? Resolve? Recover? I run SOC/CIRT for a F500. My vendors all use different words. Metrics don’t align. It’s ridiculous. I’ve tabulated 30+ sources and… no one has a frickin’ clue. We need a common language, like ATT&CK gives TTPs. If “a problem well-defined is half-solved” we’re doing a crap job solving this. EVERYONE’S Security suffers as a result. I’ve diagramed one possible solution as a conversation-starter.
Eric Olson
Eric helped pioneer the Cyber Intelligence space beginning in 1999, when he worked to develop some of the world's first technologies and methods for mass-scale collection and exploitation of online content for threat identification. Since then, Eric has led technology, development, and product management teams delivering hardware, software and services at a variety of cybersecurity and defense firms. He currently oversees the Threat Intelligence, Threat Hunting, SOC and CSIRT for JetBlue Airways in New York.
Many cyber environments have different capabilities, but they can be siloed and specific. Having an intelligence focused program isn’t always a feasible solution. In this talk we will be taking two important functional areas, Threat Intelligence and Vulnerability Management, and exploring how both programs can benefit and build each other’s defenses.
By using threat intelligence to provide vital context to vulnerabilities, you will not only better understand the likelihood of being exploited, but you will also have a stronger understanding of your environment to enable timely decisions. This talk benefits everyone from analyst to C-level decision maker.
Identifying adversary behaviors that matter to your organization has always been a difficult task. The purpose of this talk is to help close that gap by exploring adversary behaviors communicated through MITRE ATT&CK and Tidal Cyber. Traditionally, teams have had to wade through large volumes of unstructured CTI to surface the most relevant groups, software, or campaigns, adding so much time that the exercise becomes prohibitive. We will demo and show how structured metadata around threats, such as motivations, sectors, and victim locations unlocks achievable "threat profiling", and how pivoting to relevant techniques, procedures, defenses, and tests allows teams to take action in line with their unique profile.
Ian Davila
Ian Davila is a Lead Adversary Emulation Engineer for Tidal Cyber who is passionate about helping organizations adopt a Threat-Informed Defense. Before joining Tidal Cyber, Ian was a Cyber Security Engineer for The MITRE Corporation.
Ian advanced MITRE ATT&CK® where he researched, developed, and reviewed techniques for the Enterprise domain as a Technique Research Lead. He also supported the software development team of ATT&CK. Ian was part of ATT&CK Evaluations for two Enterprise offerings where he led evaluations and emulated malware used by adversaries.
Ian began his career in Cyber Security in 2015 by competing in CTFs while completing his Bachelor of Science in Computer Science from the University of Puerto Rico, Rio Piedras. He was a Research Assistant for the University of Puerto Rico and interned at the National Institute of Standards and Technology and Carnegie Melon University. After completing his Bachelor of Science, he obtained a Master of Science in Information Security from Carnegie Melon University in 2020 while being an intern for The MITRE Corporation.
A few hours before the Ukraine war officially began, apparently, a Russian-sponsored wiper campaign occurred. During the following weeks and months, we saw several operations and weapons used against Ukraine. One of them is the RomCom RAT. The threat actor behind it used different initial access schemes to compromise the Ukrainian military and governmental entities. In our presentation, we will describe how we hunted it each time the threat actor changed its network infrastructure and how the RomCom RAT works inside the TO (theater of operations).
Dmitry
Dmitry Bestuzhev is BlackBerry's Senior Director, leading the Cyberthreat Intelligence team responsible for tracking large-scale cyber incidents, espionage, and cyber-crime-motivated campaigns.
In addition to producing contextual cyberthreat intelligence reports, he prepares analytical articles and forecasts. He is a trainer in various topics: threat hunting, malware analysis, threat intelligence, and OpSec. Dmitry frequently presents in educational initiatives, webinars, and international security events.
Before joining BlackBerry, Dmitry oversaw the Global Research and Analysis Team in Latin America in anti-malware and threat intelligence research of financially motivated attacks. He has more than 20 years of experience in different fields of cybersecurity.
Jacob Faires
Jacob Faires is a Senior Threat Researcher with BlackBerry’s Threat Research & Intelligence team. Jacob collaborates with data scientists, engineers, and intelligence analysts to actively monitor threats and develop cutting edge research focused internally and externally on the evolving threat landscape. Jacob has nearly two decades of experience in the information and technology security sector. Prior to joining BlackBerry, Jacob was a Senior Threat Researcher with NTT’s Global Threat Intelligence Center (GTIC) where he tracked threat actors and advanced persistent threats (APTs), incident response, extended detection and response (XDR) data, and data net flow analysis to effectively identify threat actors and provide detection to NTT clients.
I will walk participants through what it's like to apply for and then be selected to participate in the FBI Citizen's Academy, from my vantage as a participant and a graduate of the Class of 2022. I'll then outline the FBI's involvement with: FATS (firearms training, both virtual and field-based), the Infraguard, our regional forensics computer crime lab, human trafficking, drug cases, murder, kidnapping, international and domestic terrorism, hate crimes, bomb threats, gangs, public corruption, white collar crimes, weapons of mass destruction, radicalization, counterterrorism and counterintelligence. I'll conclude with a Q&A session. I'm hopeful that this will dispel some myths about the FBI in who they are and what they do, and provide an additional outreach point of contact for anyone who would wish to get involved.
Beck (blither)
Beck (blither) has spent over a decade in cyber security, with a consistent blue-team theme of protecting internal assets, platforms, technologies and people throughout the duration of her career. She's passionate in making the world a more risk-averse place through effectively implementing cyber security practices, in both the literal and figurative sense. In her non-cyber life, she enjoys playing with machinery of various sorts and to varying degrees, fixing broken things, creating things, and spending time with her favorite people and four-legged friends.
CanBus has shifted the entire automotive industry into a ccommunication-centric operation. Yet, firefighters and rescue personnel are still using the same physical techniques for rescue. Why can vehicles not support "FF mode" like elevators and other large systems?
Incident attribution is riddled with controversy and folly for even the most seasoned analysts. Leaked code, commodity malware, and the rapid rebranding of ransomware strains have further complicated the task. Blockchain intelligence can help visualize the underground ecosystem and attack kill chain, lending to unique financial footprints of specific threat actors or groups – not to mention where scammed, extorted, or stolen funds go. This talk covers examples of how blockchain forensics can unmask ransomware rebrands and threat actors leveraging multiple monikers and crimes.
Jackie Burns Koven
Jackie Burns Koven is the Head of Cyber Threat Intelligence at Chainalysis, leading the team that tracks cybercriminals and nation state actors stealing, scamming, and extorting cryptocurrency. She spends most of her time combing the blockchain for financial signatures of threat actors and mapping out the underground economy. She is a member of the Ransomware Task Force, which unites key stakeholders across industry, government, and civil society to innovate new solutions countering the ransomware threat. Prior to Chainalysis, she served in the U.S. Intelligence Community.
ChatGPT is here to stay. With the increasing reliance on Artificial Intelligence everywhere, it is crucial to consider the security and privacy implications of generative AI.
The talk will cover potential misuse of AI: spreading false information, abusing its capabilities to assist with security attacks such as phishing or malware, and the difficulties in detecting and mitigating malicious input and output.
The goal of this talk is to increase awareness and understanding of the security challenges with generative AIs. And to encourage efforts to ensure the safe and secure use of these powerful tools. Yes, tools.
Aditya Patel
Aditya is a Security Leader at Amazon, with over 15 years of experience in software and cybersecurity. He is an expert in cloud security, vulnerability and risk management, and threat modeling for enterprises. As a member of the Security Technical Field Community within AWS, Aditya has led numerous enterprise customers in building their cloud security programs. He is also an Amazon Certified Senior Speaker and speaks at local security and global AWS events on various technical topics related to security, privacy, and compliance. He also writes a popular security blog at https://secwale.com.
Supply chain compromises and ransomware attacks have presented new sources of cyber risk which are magnified in the context of the ubiquity of data and automation. However, with new threats come new technologies and concepts; software bills of materials (SBOMs) and AI/ML enabled operations have become increasingly popular as potential countermeasures for the evolving threat landscape. We'll spend part of this talk discussing SBOMs and AI/ML tools for cybersecurity workflows (including cautionary tales), and wrap up with a discussion of the soft underbelly of all emergent tools and strategies: validation, verification, and effective prescriptive data science and operations.
Both Chinese and Russian-speaking actors continue to pose threats to organizations globally. It is critical for cybersecurity specialists to be prepared against these threat actors by understanding underground ecosystems and seeing how they evolve through a clear lens. The case studies covered in this presentation will shed light on the connections between geopolitical events and underground activities. Information and data analysis included in this presentation will help cybersecurity specialists and network defenders predict future trends and protect their organizations against threats originating from both China and Russia.
Mao Sui
Mao Sui and Oxana are Senior Analysts at LookingGlass Cyber Solutions. With their multi-lingual skills and deep understanding of cultural nuances, they conduct research into Chinese and Cantonese – speaking cyberspace, and Russian-speaking cybercrime world, respectively. Their other focus areas include tracking threat actor behaviors, TTPs, ransomware groups, and cybercrime toolkits to develop actionable analyses that provide valuable insights for decision-makers.
Oxana
Mao Sui and Oxana are Senior Analysts at LookingGlass Cyber Solutions. With their multi-lingual skills and deep understanding of cultural nuances, they conduct research into Chinese and Cantonese – speaking cyberspace, and Russian-speaking cybercrime world, respectively. Their other focus areas include tracking threat actor behaviors, TTPs, ransomware groups, and cybercrime toolkits to develop actionable analyses that provide valuable insights for decision-makers.
Adding onto my 2019 Derby con talk about using pre-paid cards to gain hosting infrastructure. This talk will detail a few other ways to anonymize Red Team activities. Such as, self-destroying drop box’s to hinder IR; OPSEC notes about using infrastructure with Tor access; highlighting trackers to avoid when cloning a site and ways to avoid brand monitoring; ways to build better concealment for drop boxes; OPSEC concealment with infrastructure , TLS and LTE service. I will also review what no longer works from my 2019 talk as related to anonymous accounts.
Patrick Matthews
A chaotic good lead security consultant with Nettitude. Who tends to get distracted with hardware, malware and trying to do well to those around me. Over my career I have held positions in most areas of IT, such as a programmer, SOC operator, network, and system administrator. I currently hold a number of industry certificates that allows me to bypass HR role qualification filters. When I'm not on my computer, I pretend to be a farmer and beekeeper.
You will learn how to play Backdoors & Breaches from Black Hills Information Security. The workshop trainers have been trained by BHIS.
D Niu
D is a software engineer at Datadog, working mostly on dependency security, kubernetes runtime integrity, and threat intel research. She graduated from Duke University with a degree in Computer Science in 2021 and spends most of her free time doing yoga.
Tom Goodheart
Tom Goodheart started in security after studying economics at Wagner College on Staten Island. A life longer tinkerer Tom spends a majority of his time working on his home lab, hiking, scuba diving, and cooking. Currently, Tom works on JP Morgan and Chase's Attack Analysis Team triaging the variety of alerts an organization of that size offers.
Dennis Murphy
Dennis Murphy started his career in 1993 as a Control System Engineer, specializing in designing, installing, and maintaining process automation networks in dozens of industry segments, including the Electric Utility sector. In 2005, Mr. Murphy shifted his focus to from designing to securing control system networks, working on R&D projects to secure US critical infrastructure as a member of BAE Systems. In 2015, Mr. Murphy joined SecurityMatters as the first US employee, responsible for the design, installation and support of Intrusion Detection Systems built specifically for OT networks. Mr. Murphy has installed OT specific IDS systems at multiple US electric utility and oil & gas companies, specializing in the integration of OT specific alerts into existing Security Operation Centers and creation of bespoke workflows and playbooks. In 2021, Mr. Murphy joined National Grid as the Lead OT Security Engineer for the Digital Substation group in the US, responsible for securing OT networks with IDS systems and adapting IT-based security solutions to install an edge compute element to field sites. Mr. Murphy, a father of three who currently resides in New Hampshire with his wife, is an active member of the Appalachian Mountain Club, seeking to hike all forty-eight 4000-ft. peaks in NH. Mr. Murphy also enjoys sailing the New England coastline in his free time.
Are you ready to take on one of the most formidable cybersecurity challenges of our time? Ransomware has emerged as a massive threat, stretching organizational defenses across Cybersecurity, IT, Legal, Finance, and even daily workplace interactions.
Don't miss this interactive tabletop-style simulation at BSides NYC 2023! Dive into a realistic ransomware scenario and collaborate with fellow participants to determine the most effective actions.
Top Reasons to Attend:
Real-World Experience: Gain firsthand exposure to critical decision-making during a ransomware incident and acquire practical tabletop experience to strengthen your organization's defenses.
In-Depth Education: Deepen your understanding of ransomware and learn about the tactics employed by attackers to maximize their profits.
Unparalleled Networking: Engage with industry peers in a dynamic, problem-solving environment and potentially discover your next career opportunity.
Hands-On Interaction: You're not just an observer; you're an active participant influencing the outcome of the simulation.
Who Should Attend?
An Inclusive Session for All: This engaging workshop is designed to accommodate professionals across various backgrounds and experience levels, including those in incident response, threat and vulnerability management, training and awareness, privacy, legal, data analysis, and communications, as well as students.
Don't miss this chance to sharpen your skills and expand your network. See you at BSides NYC 2023!
Harry Halikias
As a seasoned professional with over 15 years of experience in cybersecurity and privacy, I am a frequent public speaker and thought leader on the importance of protecting sensitive information. I hold a Master’s Degree in Cybersecurity and numerous certifications, including the CISSP, which have enabled me to comprehensively understand the latest technologies and best practices in the industry.
I am passionate about privacy and believe it is a fundamental right for everyone. I am committed to protecting personal and sensitive data and ensuring that people's information is secure and kept confidential.
As a senior leader in the field, I am dedicated to staying at the forefront of emerging trends and technologies to provide the best possible defense against cyber threats. I am constantly seeking new opportunities to learn, grow, and share my expertise with others, so let's connect.
how to market yourself, resume, linkedin, applying for jobs, connecting with people.
Kevin Apolinario
I worked for an MSP environment, apple store, department of education, and multiple hedge funds. I also have about 12 years of restaurant experience and did 4 years for the NYPD volunteer. Train students, military veterans and provide hands-on training. Tech Trainer for Jobskillshare and Boots to books. My passion is helping others break into IT/Cybersecurity. I recently created a Udemy course which has helped over 12,000 students learn the on demand skills needed to work IT Support.
This workshop is designed to provide participants with a comprehensive understanding of the process and best practices for building a robust Cyber Threat Intelligence (CTI) program. The workshop will cover various aspects of threat intelligence including data collection, analysis, and dissemination. Participants will learn about the importance of threat intelligence in the current threat landscape, and how to establish an effective program that can help mitigate risks and prevent attacks.
Through interactive discussions and case studies, participants will gain insights into the tools and techniques required for collecting, analyzing, and reporting on threat intelligence. The workshop is ideal for security professionals, threat analysts, and anyone responsible for managing security risks. Participants will come away with a solid understanding of the key components of a successful threat intelligence program, and how to implement them in their own organizations.
Susan Peediyakkal
With nearly 20 years of IT and cybersecurity experience, focused primarily on Cyber Threat Intelligence (CTI), V. Susan Peediyakkal draws on her significant knowledge from working with various intelligence operations in the federal government, commercial, and international domains. Susan's career began in the US Air Force where she has served 20 years, both active and reserve, before retiring in 2021. She joined NASA in October 2020 as the InfoSec Operations Manager for Ames Research Center and recently transitioned to her new role as Service Management Practice Lead for the Cybersecurity Services (CyS) Service Line. An active member of the cybersecurity community; Susan is the founder and director of BSides Sacramento, was named a 2020-2022 technologist fellow for the National Security Institute (NSI) at George Mason University, and appointed to the advisory board for CSU Chico's Executive Program. In March 2018, Susan was named one of “10 Women in Security You May Not Know But Should” by one of the most widely-read cyber security news sites on the Web, Dark Reading.
Little attention is given to tracking the perpetrators of cyber-attacks in the world of forensics. Using real world examples, I will present some OSINT methods to trace the location and identity of threat actors, including revealing deleted parts of screenshots/PDFs, discerning fake accounts, finding suspicious VPN addresses, uncovering identities from pseudonyms; using account leaks, search engine analytics, maps, social media, images and more. I will also present the results of my original research of thousands of leaked accounts, into identifying gender, age and predicted passwords in use, which can assist in threat actor identification.
Abi Waddell
Abi is the founder of Inquirix which provides tailored OSINT services having more than two decades of experience in open source data gathering, attack surface testing, threat assessment and investigations. Abi's recent research has focused on improving OSINT techniques in forensic investigations and vulnerability assessments, attack recon behaviour detection and credential analysis and testing. She has made a number of vulnerability findings which have facilitated data exposure assessments, blue teaming and created tools to help in this work.
No matter the number of weeks between my submitting this abstract and you reading it, we’ve probably seen about as many wrong market predictions as we’ve seen CVEs. Economic uncertainty is… not great, but it does give security teams and CEOs a potential common language– if we can learn to speak their dialect. In this crash course, you’ll learn how to explain true zero trust to your boss’s boss’s boss so it actually gets funded, and maybe– just maybe– we can start tackling 30+ years of market-driven technical debt. Come for the hot takes, stay for the strategy.
Ariel Robinson
After a multi-year hiatus of zoom birthdays and remote happy hours, nationally-recognized security speaker Ariel Robinson is back on the circuit with a host of new talks, trainings, and pandemic puppy pics. (He was planned before the pandemic, okay?) With an academic background in cognitive science and linguistics, Ariel has built a career out of using pictures and small words to translate highly technical concepts between vastly different stakeholders (most of whom have little in common besides appearing vaguely humanoid). Ariel's work has brought her face-to-face with some of society's most dangerous members, from Marines, to lawyers, to seven year old's at a birthday party after cake. Outside of her current role as a senior security product manager, Ariel draws, paints, and climbs really big rocks.
State of the Cyber Jobs Market
Adrianna Iadarola
Adrianna Iadarola is a seasoned cybersecurity professional and business leader with over 15 years of experience in the industry. As the Managing Director at CyberSN, a leading cybersecurity staffing and recruitment firm, Adrianna is responsible for overseeing the company's day-to-day operations, strategic planning, and business development initiatives.
Throughout her career, Adrianna has established herself as a respected thought leader and expert in the field of cybersecurity. She is widely recognized for her ability to navigate the complex and ever-evolving cybersecurity landscape, and her deep knowledge of industry trends, best practices, and emerging technologies.
Prior to joining CyberSN, Adrianna held a variety of senior leadership roles in the IT and Cybersecurity industry,
Adrianna is also a passionate advocate for diversity and inclusion in the cybersecurity industry. She is an ambassador for Secure Diversity, a non-profit organization dedicated to empowering and supporting women in cybersecurity.
The Job Searching and Hiring (for those with experience)
Adrianna Iadarola
Adrianna Iadarola is a seasoned cybersecurity professional and business leader with over 15 years of experience in the industry. As the Managing Director at CyberSN, a leading cybersecurity staffing and recruitment firm, Adrianna is responsible for overseeing the company's day-to-day operations, strategic planning, and business development initiatives.
Throughout her career, Adrianna has established herself as a respected thought leader and expert in the field of cybersecurity. She is widely recognized for her ability to navigate the complex and ever-evolving cybersecurity landscape, and her deep knowledge of industry trends, best practices, and emerging technologies.
Prior to joining CyberSN, Adrianna held a variety of senior leadership roles in the IT and Cybersecurity industry,
Adrianna is also a passionate advocate for diversity and inclusion in the cybersecurity industry. She is an ambassador for Secure Diversity, a non-profit organization dedicated to empowering and supporting women in cybersecurity.
The Job Searching and Hiring (for those new to security)
Jacob Colacion
Meet Jacob, CyberSN's Lead Recruiter and job-matching platform champion. Jacob stumbled into the cybersecurity field via referral after college, and since then, he's been captivated. He appreciates being part of the community and has had some of the most enlightening conversations with cybersecurity professionals. As the lead of a team of four recruiters, Jacob thrives on placing candidates into their next career move. From kick-off calls with hiring managers to crafting job descriptions and offering resume advice, he and his team strive to provide value wherever applicable.
One of Jacob's proudest accomplishments is the opportunity to train and educate junior recruiters. He's watched them transform and develop, serving the community with a positive and genuine attitude. Jacob's passion for matching professionals to their dream job led him to champion CyberSN's Job Matching Platform. By creating a shared taxonomy between hiring managers and professionals, the platform fosters transparency and stronger matching.
In his free time, Jacob loves attending Bay Area events, especially OWASP, and tinkering around with TryHackMe. He's also an avid reader and enjoys exploring new topics in psychology, science fiction, and buddhism. You'll often find him strolling through San Francisco, enjoying some dim sum and stumbling upon live music.
Adam Mayer
Adam Mayer is a longtime NYCR member and former 3D printer manufacturer. They currently teach classes in electronic salvage and SMT soldering techniques. They spend way too much time thinking about manufacturing, repurposing e-waste, and building robots out of trash.
A discussion about personal privacy risks with a focus on practical strategies everyone can use to improve their privacy and reduce risk exposure in everyday life. Risks aren't new, but they are evolving and thankfully so is our ability to mitigate them in meaningful ways.
Gene Radin
Gene Radin is the Head of Product for a startup that collects and processes sensitive data. He’s spent the last 15 years working in Product Management roles where he’s been responsible for the design and delivery of web-based services that depend on and generate sensitive data. He’s been involved in many aspects of new and mature product development, ranging from strategy to content, design and a lot of testing! He is a proponent of digital privacy rights and volunteers his time to support related initiatives through education, advocacy on public policy, and art.