Oklahoma City’s Elite Cybersecurity Conference is returning in-person for 2022 at the new Oklahoma City Convention Center!
S3CCON is back for 2022!
We’re excited to be back live for 2022! The S3CCON team is working to put together an incredible lineup of experts in the cybersecurity field. Each talk is going to provide attendees with inspiration, tools, and actionable ways you can better protect against hackers. Hope to see you there!
BECOME A SPONSOR
Click the button below to learn more about the sponsorship opportunities at S3CCON 2022.
BECOME A SPONSOR
Click the button below to learn more about the sponsorship opportunities at S3CCON 2022.
SEE YOU SOON!
- 00Days
- 00Hours
- 00Minutes
- 00Seconds
VILLAGES
This year we will have a few different villages available for attendees to have hands-on experience with. Below are the details for each village.
RF Hacking
Village Details
The RF Village is where people come to learn about radio security, wireless technology, software defined radio (SDR), Bluetooth, WiFi, RFID, and other protocols within the usable RF spectrum. These learning environments are provided in the form of demonstrations and hands-on examples to promote learning on cutting edge topics. The RF Village is supported by experts in the area of RF technologies and information security. We also provide free WiFi.
Physical Security
Village Details
In the world of cyber security, many forget that one of the greatest vulnerabilities to an organization is through poor physical security.
Understanding the risks to physical devices and locations is extremely important in protecting our people, data, and systems. In this village we will be exploring a variety of hardware tools that are used by attackers to capture data, gain access, and otherwise bypass security controls.
We will be covering tools such as:
- key loggers
- prox cloners
- physical key manufacturing
- physical door/lock bypass tools
- and many more.
There will be several hands on labs learning how to use, improvise and defend against these tools.
If you have ever wanted to learn how to pick locks with paper clips, use a milk jug to open a locked door, or if you want to see how to protect yourself from key loggers, card cloners, and malicious wireless tools, stop by and lets talk about the physical side of cyber security!
Password Cracking
Village Details
The Password Cracking village will be a look at the practical uses of password cracking. From the educational side, as a tool in CTF competitions and training for real world use, to the professional side, as a potential tool for blue teams looking to audit their own passwords to find weak passwords or failing policies. We'll be covering things like:
- What program is best at cracking?
- What wordlists work well?
- What methods or processes work best in different scenarios?
- And More!
KeyTF
Village Details
KEYTF! A twist on the traditional ctf.
Your goal is to decode a lock, measure a physical key, use a photo to reproduce a key and other crazy challenges.
Lockpick Nerf-fights
Village Details
Are you ready for a challenge?
Put your mind and dexterity to the test while reliving gym-class dodgeball flashbacks with an overwhelming time crunch.
The Lockpick Nerf-Fights Village is a time-based race for two combatants to bypass the lock on a box with a nerf blaster inside. The winner who gains access to the box and manages to hit the opponent first takes the crown.
Instructions:
One-on-one battle
Both combatants will be issued:
- Lockpicks
- 1 x Best Buster Snake rake 0.025 Thick
- 1 x Triple Rake 0.025 Thick
- 1 x Small Half Diamond 0.025 Thick
- 1 x Offset Hybrid 0.025 Thick
- 1 x Short Hook 0.025 Thick
- 1 x City Rake 0.025 Thick
- Eye Protection
- 1 x Short Hook 0.015 Thick
- 6 x Tension Wrenches
The combatants will be spaced apart challenged to pick two commonly found master locks and race against each other to be the first to strike!
They will have until first strike or until the clock runs out.
Combatants may not…
- Use destructive means of bypass
- Come in physical contact with opponent or opponent’s box
- Ask or receive outside aid (This is a dual after all)
- One or both persons will fail in the event neither bypasses the lock
- One or both persons will fail if they don’t strike the other with a nerf bolt.
AGENDA
8:45 AM
Introduction
Keynote
9:00 AM
Building Your Dream Team
Donovan Farrow
CEO of Alias
Talk Description
Building a team is hard. Building your dream team is even harder. Over these last ten plus years of building a cybersecurity business, I’ve learned a lot about how to build a successful security team. In this talk you’ll learn practical advice on how to build out a cybersecurity team that is the perfect fit for your organization. How to hire, what skills to look for, and most importantly, how each hire should directly impact your company goals.
Speaker Bio
Donovan Farrow founded Alias in 2010. He brings over twenty-years of experience working for Schlumberger Oilfield Services, Loves Travel Stops, Chesapeake Energy and NTT Security in the fields of Information Technology, Information Security, Digital Forensics, and Incident Response. Donovan currently serves as CEO of Alias. He has provided digital forensic analysis in over 2,100 court cases, 160 Incident Response engagements, 250 penetration tests, appointed Special Master by the Court, sits on the OCCC Advisory Board, and he is ACE,PCE,CCE and GCFA certified. Donovan was awarded the “Young Entrepreneur of the Year” Award at the Tulsa Small Business Summit and Awards Ceremony in 2018.
Track 1
10:00 AM
Stop Blaming Employees for Data Breaches: Employees as the Key to Your Cybersecurity
Anthony Hendricks
After almost every data breach, companies point the finger at employees. While Human error is the number one cause of data breaches, employees play a vital role as the first line of defense at stopping breaches. Businesses just need to learn how to make employees their cyber strength.
Speaker Bio
Anthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy in its Oklahoma City office. At Crowe & Dunlevy, Hendricks chairs the firm's Cybersecurity and Data Privacy Practice Group. He guides clients facing sensitive criminal, cybersecurity, banking, and environmental compliance issues. He also advises clients on privacy and data protection laws, coaches clients on developing data breach response plans, and represents clients facing enforcement actions related to cyber laws. Hendricks teaches a cybersecurity law class and an information privacy class at Oklahoma City University School of Law. He also hosts Nothing About You Says Computer Technology, a weekly podcast on cybersecurity and data privacy viewed through the lens of diverse voices. Hendricks is a graduate of Howard University. He holds two Masters from the London School of Economics, where he was a British Marshall Scholar, and a Juris Doctorate from Harvard Law School.
Track 2
10:00 AM
InfoSec Lessons From a
Saguaro Cactus
Chad Kliewer
The recent pandemic has many seeking the outdoors. I find lessons in any environment, even on a recent hiking trip in Arizona. The saguaro cactus is a symbol of strength and perseverance in the harshest elements, just like the sole information security professional in a small / medium business. One must be willing to stand tall and put their experience on the line to help the business to not just know better, but to do better. This can be challenging in an SMB environment where the threats are not always obvious and there may not be clear regulatory requirements. I share proven methods to encourage strong security practices in an SMB world without getting prickly.
Speaker Bio
Chad Kliewer, MS, CISSP, CCSP, is a recovering CISO based in Kingfisher, OK and is currently the Education CPE Evaluator Lead at (ISC)2, the world's leading cybersecurity professional organization. He has over 25 years experience in Information Security and Information Technology with responsibilities ranging from PC Tech to CIO, including PCI, HIPAA and SOX compliance. While mostly in the healthcare field, Chad has also worked in banking, transportation, and currently in telecommunications. During his career, Chad has been outsourced, insourced, and resourced working with companies from 50 employees to more than 50,000 employees giving him insight to how things work in companies large and small and everywhere in between.
Chad has served on the Communications Sector Coordinating Council, CISA's ICT Supply Chain Risk Management Task Force, is a member of the FBI Citizens Academy Alumni Association and serves as a past-president and advisor to the Board for the FBI InfraGard Oklahoma Members Alliance. He maintains the Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) and several other certifications. Chad holds an MS degree in Cybersecurity and Information Assurance from Western Governors University.
11:00 AM
Who's managing the credential for your managed database?
Dewan Ahmed
If data infrastructure is evolving to a dynamic nature, why are you still using static database credentials? This talk raises some difficult questions to the audience about long-lived static access and provides a tested approach to authenticate, authorize, and audit both user and application access
Speaker Bio
Dewan Ahmed is a Senior Developer Advocate at Aiven, a company that offers a fully managed, open source cloud data platform. Before joining Aiven, he worked at IBM and Red Hat as a developer, QA lead, consultant, and developer advocate.
For the last eight years, Dewan has worked to solve DevOps and infrastructure problems for small startups, large enterprises, and governments. Starting his public speaking at a toastmaster in 2016, he has been speaking at tech conferences and meetups for the last five years. His work is fueled by a passion for open-source and a deep respect for the tech community. Dewan writes about app/data infrastructure, developer advocacy, and his thoughts around a career in tech here: https://www.dewanahmed.com.
Outside of work, he's an advocate for underrepresented groups in tech and offers pro bono career coaching as his way of giving back.
11:00 AM
Emerging Best Practices in Software Supply Chain Security: What We Can Learn from Google, the White House, OWASP, and Gartner
Tony Loehr
Attackers are taking advantage of insecure software deployment pipelines; the White House, OWASP, Google, and others have released guidelines on best practices in response. We will break down the key takeaways and compile a list of best practices for mitigating software supply chain security risk.
Speaker Bio
Tony Loehr is the Developer Advocate for Cycode. Their prerogative is to make it easy for developers to use the Cycode platform, and to help protect data through knowledge sharing. They have professional experience with engineering, marketing, and sales and bring a unique perspective on how to implement comprehensive cybersecurity solutions. They value being a lifelong learner, and aim to help teach cybersecurity solutions to people with varying degrees of technical knowledge. In their free time, Tony enjoys tending houseplants, freestyle rapping, and working on various side projects.
Outside of work, he's an advocate for underrepresented groups in tech and offers pro bono career coaching as his way of giving back.
12:00 PM
Lunch!
1:00 PM
The Evolution of Ransomware as a Service
David Barton
Ransomware continues to wreak havoc in all industries. The thing is, its not a new issue. Ransomware has been around a very long time. Now its evolved into Ransomware as a service, untraceable payments, and events that compromise human health care. In this session, we will explore how it all began and how you can put controls in place to limit the damage Ransomware can do.
Speaker Bio
David Barton is Chief Technology Officer at High Wire Networks. He oversees High Wire technology solutions and leads the sales engineering teams for High Wire’s Overwatch Managed Security Marketplace, which enables partners to deliver comprehensive cybersecurity that’s easy to sell and easy to buy for an affordable subscription. Barton has more than 20 years of cybersecurity experience with companies in various industries, including telecommunications, health care, software development, finance, mortgage, and government. He is the former CISO for Stellar Cyber, the company behind the open-XDR solution that Overwatch leverages to deliver managed detection and response through its 24/7 Security Operations Center (SOC) as a Service.
1:00 PM
The Cyber Insurance Market: Pitfalls and Premium Hikes
Kevin Sesock
Rising premiums? Denied coverage? Told to buy “cyber insurance” and you’re completely lost? Unlike car insurance, Cyber is an immature, rapidly changing market, with skyrocketing rates and cancellations, and even war clauses being used to deny claims. Let’s discuss the pitfalls of cyber insurance.
Speaker Bio
Kevin serves as the Chief Information Officer for the Oklahoma Municipal Assurance Group, a municipal interlocal cooperative agency with emphases on technology risk, cybersecurity, and cyberliability insurance for cities and towns in Oklahoma. With 21 years of technology experience, Kevin has spent 18 of those years in government technology leadership roles focusing on a wide range of citizen services, including adaptive technologies, K-12 and Postsecondary educational technology, and application development for State natural resources and transportation services. His peer-reviewed research paper, "Immaturity and Moral Hazard in the Cyber Insurance Market" was the featured cover article in the ISSA Journal for October 2019 and named as a “Best of†article for 2019. Kevin has a Masters of Science in Information Assurance from Oklahoma State University. He was the founding chair of the Oklahoma State advisory subcommittee on web accessibility requirements, and currently serves as a founding officer of the Oklahoma Cybersecurity Coalition, and a Board Member of the InfraGard Oklahoma Members Alliance.
2:00 PM
The Digital Oilfield Was a Great Idea - How Can We Make It Better?
James Cabe
3 big problems in the digital oilfield: first it relied heavily on logging which is hard to bring back home, second it required passwords, third it ran on windows. We will show how we can attack the digital oilfield all the way down to the canopy and then a better way of fixing the problems.
Speaker Bio
Born in Oakridge, TN (The Secret City), James Cabe spent the early years of his career in Cambridge MA working for BBN Planet (Autonomous System 1 on the internet). After being sold to the carrier GTE and spun off during the making of Verizon, James set course for New York and private network consulting and data security for legal firms, commodities trading networks and large global retail. James moved to Houston, TX and began a career in Oil and Gas. The large independent E&P company formed an internal international consultancy to handle companies outside the scope of normal American IT operations. He cut his teeth with satellite and networking in deep water and international deployment. James has worked for Fortinet as a Subject Matter Expert and Evangelist for mega-corporation security architecture, encryption, authentication.
2:00 PM
Digital Forensics: Reconstructing an Attack in Modern Web Apps
Kris Wall
Application security struggles to keep up with modern development. Attacks against applications will only continue to grow. Web3? DevOps? Pipeline? Supply chain? With so many buzz words amidst a myriad of undiscovered vulnerabilities, where does your incident response team start after an incident?
Speaker Bio
Kris Wall is the Chief Technology Officer and Senior Penetration Testing/Digital Forensics expert at Critical Fault. Kris worked for over a decade for an MSP before freelancing for a few years as a developer. After developing several terribly vulnerable web apps, Kris became obsessed with fixing vulnerabilities in his code and giving talks about this journey. It was then Kris got into offensive security.
Since getting into offensive security, Kris was founded a security testing company, finished his MS and BS in Information Security, and landed several certifications, included his OSCP and CISSP.
3:00 PM
Worst Practices for Malicious Admins
Andrew Lemon
We’ve all been beat to death with best practice this or NIST standard that. Attackers have moved away from exploits and worms and into living off the lan tactics masquerading as network admins. In this talk I’ll cover the tools, techniques, and procedures that I use on engagements and the tricks I’ve learned from responding to ransomware incidents. These aren’t theoretical attacks, these are all dirty red team tricks I’ve executed or defended against. Everything from malicious active directory changes to persistence via attacker controlled VPN. We’ll discuss how we discover these attacks and how you can defend against them.
Speaker Bio
Andrew Lemon is currently a Principal Security Engineer at Alias where he serves as the head of Reconnaissance and Destruction. His job entails designing new and creative solutions to enhance the teams offensive capabilities, Incident response procedures, and Digital Forensic tooling.
3:00 PM
Building Effective Attack Surface Management Programs
Phillip Wylie, CISSP, GWAPT, OSCP
An essential part of Attack Surface Management (ASM), Offensive Security can be misunderstood and underutilized. Offensive Cybersecurity utilizes a threat actor perspective to assess security postures. When combined correctly in an ASM program, the synergy makes for a more effective program.
Speaker Bio
Phillip Wylie is a cybersecurity professional and offensive security SME with over 18 years of experience, over half of his career in offensive security. Wylie is the Tech Evangelism & Enablement Manager at CyCognito. He is a former college adjunct instructor and published author. He is the concept creator and co-author of The Pentester Blueprint: Starting a Career as an Ethical Hacker and was featured in the Tribe of Hackers: Red Team.
4:00 PM
Raffle Prize Giveaway!
Join us in the third floor ballroom for a chance to win some raffle prizes! Grab a raffle ticket when you enter. If you haven’t turned in to the registration table yet, now is the time. Give your completed vendor passport to the organizers for the chance to win an additional prize.
4:30 - 7:00 PM
TapHouse OKC
Join us for free food and drinks at the OKC Tap House for our Happy Hour! We will be in a private area on the second floor from 4:30 pm to 7:00 pm. Located a short walk away in the Omni Hotel.
100 Oklahoma City Blvd
Oklahoma City, OK 73109
Agenda
8:45 AM
Introduction
Keynote
9:00 AM
Building Your Dream Team
Donovan Farrow
CEO of Alias
Talk Description
Building a team is hard. Building your dream team is even harder. One these last ten plus years of building a cybersecurity business, I’ve learned a lot about how to build a successful security team. In this talk you’ll learn practical advice on how to build out a cybersecurity team that is the perfect fit for your organization. How to hire, what skills to look for, and most importantly, how each hire should directly impact your company goals.
Speaker Bio
Donovan Farrow founded Alias in 2010. He brings over twenty-years of experience working for Schlumberger Oilfield Services, Loves Travel Stops, Chesapeake Energy and NTT Security in the fields of Information Technology, Information Security, Digital Forensics, and Incident Response. Donovan currently serves as CEO of Alias. He has provided digital forensic analysis in over 2,100 court cases, 160 Incident Response engagements, 250 penetration tests, appointed Special Master by the Court, sits on the OCCC Advisory Board, and he is ACE,PCE,CCE and GCFA certified. Donovan was awarded the “Young Entrepreneur of the Year” Award at the Tulsa Small Business Summit and Awards Ceremony in 2018.
Track 1
10:00 AM
Stop Blaming Employees for Data Breaches: Employees as the Key to Your Cybersecurity
Anthony Hendricks
After almost every data breach, companies point the finger at employees. While Human error is the number one cause of data breaches, employees play a vital role as the first line of defense at stopping breaches. Businesses just need to learn how to make employees their cyber strength.
Speaker Bio
Anthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy in its Oklahoma City office. At Crowe & Dunlevy, Hendricks chairs the firm's Cybersecurity and Data Privacy Practice Group. He guides clients facing sensitive criminal, cybersecurity, banking, and environmental compliance issues. He also advises clients on privacy and data protection laws, coaches clients on developing data breach response plans, and represents clients facing enforcement actions related to cyber laws. Hendricks teaches a cybersecurity law class and an information privacy class at Oklahoma City University School of Law. He also hosts Nothing About You Says Computer Technology, a weekly podcast on cybersecurity and data privacy viewed through the lens of diverse voices. Hendricks is a graduate of Howard University. He holds two Masters from the London School of Economics, where he was a British Marshall Scholar, and a Juris Doctorate from Harvard Law School.
11:00 AM
Who's managing the credential for your managed database?
Dewan Ahmed
If data infrastructure is evolving to a dynamic nature, why are you still using static database credentials? This talk raises some difficult questions to the audience about long-lived static access and provides a tested approach to authenticate, authorize, and audit both user and application access
Speaker Bio
Dewan Ahmed is a Senior Developer Advocate at Aiven, a company that offers a fully managed, open source cloud data platform. Before joining Aiven, he worked at IBM and Red Hat as a developer, QA lead, consultant, and developer advocate.
For the last eight years, Dewan has worked to solve DevOps and infrastructure problems for small startups, large enterprises, and governments. Starting his public speaking at a toastmaster in 2016, he has been speaking at tech conferences and meetups for the last five years. His work is fueled by a passion for open-source and a deep respect for the tech community. Dewan writes about app/data infrastructure, developer advocacy, and his thoughts around a career in tech here: https://www.dewanahmed.com.
Outside of work, he's an advocate for underrepresented groups in tech and offers pro bono career coaching as his way of giving back.
12:00 PM
Lunch!
1:00 PM
The Evolution of Ransomware as a Service
David Barton
Ransomware continues to wreak havoc in all industries. The thing is, it’s not a new issue. Ransomware has been around a very long time. Now it’s evolved into Ransomware as a service, untraceable payments, and events that compromise human health care. In this session, we will explore how it all began and how you can put controls in place to limit the damage Ransomware can do.
Speaker Bio
David Barton is Chief Technology Officer at High Wire Networks. He oversees High Wire technology solutions and leads the sales engineering teams for High Wire’s Overwatch Managed Security Marketplace, which enables partners to deliver comprehensive cybersecurity that’s easy to sell and easy to buy for an affordable subscription. Barton has more than 20 years of cybersecurity experience with companies in various industries, including telecommunications, health care, software development, finance, mortgage, and government. He is the former CISO for Stellar Cyber, the company behind the open-XDR solution that Overwatch leverages to deliver managed detection and response through its 24/7 Security Operations Center (SOC) as a Service.
2:00 PM
The Digital Oilfield Was a Great Idea - How Can We Make It Better?
James Cabe
3 big problems in the digital oilfield: first it relied heavily on logging which is hard to bring back home, second it required passwords, third it ran on windows. We will show how we can attack the digital oilfield all the way down to the canopy and then a better way of fixing the problems.
Speaker Bio
Born in Oakridge, TN (The Secret City), James Cabe spent the early years of his career in Cambridge MA working for BBN Planet (Autonomous System 1 on the internet). After being sold to the carrier GTE and spun off during the making of Verizon, James set course for New York and private network consulting and data security for legal firms, commodities trading networks and large global retail. James moved to Houston, TX and began a career in Oil and Gas. The large independent E&P company formed an internal international consultancy to handle companies outside the scope of normal American IT operations. He cut his teeth with satellite and networking in deep water and international deployment. James has worked for Fortinet as a Subject Matter Expert and Evangelist for mega-corporation security architecture, encryption, authentication.
3:00 PM
Worst Practices for Malicious Admins
Andrew Lemon
We’ve all been beat to death with best practice this or NIST standard that. Attackers have moved away from exploits and worms and into living off the lan tactics masquerading as network admins. In this talk I’ll cover the tools, techniques, and procedures that I use on engagements and the tricks I’ve learned from responding to ransomware incidents. These aren’t theoretical attacks, these are all dirty red team tricks I’ve executed or defended against. Everything from malicious active directory changes to persistence via attacker controlled VPN. We’ll discuss how we discover these attacks and how you can defend against them.
Speaker Bio
Andrew Lemon is currently a Principal Security Engineer at Alias where he serves as the head of Reconnaissance and Destruction. His job entails designing new and creative solutions to enhance the teams offensive capabilities, Incident response procedures, and Digital Forensic tooling.
4:00 PM
Raffle Prize Giveaway!
Join us in the third floor ballroom for a chance to win some raffle prizes! Grab a raffle ticket when you enter. If you haven’t turned in to the registration table yet, now is the time. Give your completed vendor passport to the organizers for the chance to win an additional prize.
Happy Hour!
4:30 - 7:00 PM
TapHouse OKC
Track 2
10:00 AM
InfoSec Lessons From a Saguaro Cactus
Chad Kliewer
The recent pandemic has many seeking the outdoors. I find lessons in any environment, even on a recent hiking trip in Arizona. The saguaro cactus is a symbol of strength and perseverance on the harshest elements, just like the sole information security professional in a small / medium business. One must be willing to stand tall and put their experience on the line to help the business to not just know better, but to do better. This can be challenging in an SMB environment where the threats are not always obvious and there may not be clear regulatory requirements. I share proven methods to encourage strong security practices in an SMB world without getting prickly.
Speaker Bio
Chad Kliewer, MS, CISSP, CCSP, is a recovering CISO based in Kingfisher, OK and is currently the Education CPE Evaluator Lead at (ISC)2, the world's leading cybersecurity professional organization. He has over 25 years experience in Information Security and Information Technology with responsibilities ranging from PC Tech to CIO, including PCI, HIPAA and SOX compliance. While mostly in the healthcare field, Chad has also worked in banking, transportation, and currently in telecommunications. During his career, Chad has been outsourced, insourced, and resourced working with companies from 50 employees to more than 50,000 employees giving him insight to how things work in companies large and small and everywhere in between.
Chad has served on the Communications Sector Coordinating Council, CISA's ICT Supply Chain Risk Management Task Force, is a member of the FBI Citizens Academy Alumni Association and serves as a past-president and advisor to the Board for the FBI InfraGard Oklahoma Members Alliance. He maintains the Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) and several other certifications. Chad holds an MS degree in Cybersecurity and Information Assurance from Western Governors University.
11:00 AM
Emerging Best Practices in Software Supply Chain Security: What We Can Learn from Google, the White House, OWASP, and Gartner
Tony Loehr
Attackers are taking advantage of insecure software deployment pipelines; the White House, OWASP, Google, and others have released guidelines on best practices in response. We will break down the key takeaways and compile a list of best practices for mitigating software supply chain security risk.
Speaker Bio
Tony Loehr is the Developer Advocate for Cycode. Their prerogative is to make it easy for developers to use the Cycode platform, and to help protect data through knowledge sharing. They have professional experience with engineering, marketing, and sales and bring a unique perspective on how to implement comprehensive cybersecurity solutions. They value being a lifelong learner, and aim to help teach cybersecurity solutions to people with varying degrees of technical knowledge. In their free time, Tony enjoys tending houseplants, freestyle rapping, and working on various side projects.
12:00 PM (CST)
Lunch!
1:00 PM
The Cyber Insurance Market: Pitfalls and Premium Hikes
Kevin Sesock
Rising premiums? Denied coverage? Told to buy “cyber insurance” and you’re completely lost? Unlike car insurance, Cyber is an immature, rapidly changing market, with skyrocketing rates and cancellations, and even war clauses being used to deny claims. Let’s discuss the pitfalls of cyber insurance.
Speaker Bio
Kevin serves as the Chief Information Officer for the Oklahoma Municipal Assurance Group, a municipal interlocal cooperative agency with emphases on technology risk, cybersecurity, and cyberliability insurance for cities and towns in Oklahoma. With 21 years of technology experience, Kevin has spent 18 of those years in government technology leadership roles focusing on a wide range of citizen services, including adaptive technologies, K-12 and Postsecondary educational technology, and application development for State natural resources and transportation services. His peer-reviewed research paper, "Immaturity and Moral Hazard in the Cyber Insurance Market" was the featured cover article in the ISSA Journal for October 2019 and named as a “Best of†article for 2019. Kevin has a Masters of Science in Information Assurance from Oklahoma State University. He was the founding chair of the Oklahoma State advisory subcommittee on web accessibility requirements, and currently serves as a founding officer of the Oklahoma Cybersecurity Coalition, and a Board Member of the InfraGard Oklahoma Members Alliance.
2:00 PM
Digital Forensics: Reconstructing an Attack in Modern Web Apps
Kris Wall
Application security struggles to keep up with modern development. Attacks against applications will only continue to grow. Web3? DevOps? Pipeline? Supply chain? With so many buzz words amidst a myriad of undiscovered vulnerabilities, where does your incident response team start after an incident?
Speaker Bio
Kris Wall is the Chief Technology Officer and Senior Penetration Testing/Digital Forensics expert at Critical Fault. Kris worked for over a decade for an MSP before freelancing for a few years as a developer. After developing several terribly vulnerable web apps, Kris became obsessed with fixing vulnerabilities in his code and giving talks about this journey. It was then Kris got into offensive security.
Since getting into offensive security, Kris was founded a security testing company, finished his MS and BS in Information Security, and landed several certifications, included his OSCP and CISSP.
3:00 PM
Building Effective Attack Surface Management Programs
Phillip Wylie, CISSP, GWAPT, OSCP
An essential part of Attach Surface Management (ASM), Offensive Security can be misunderstood and underutilized. Offensive Cybersecurity utilizes a threat actor perspective to assess security postures. When combined correctly in an ASM program, the synergy makes for a more effective program.
Speaker Bio
Phillip Wylie is a cybersecurity professional and offensive security SME with over 18 years of experience, over half of his career in offensive security. Wylie is the Tech Evangelism & Enablement Manager at CyCognito. He is a former college adjunct instructor and published author. He is the concept creator and co-author of The Pentester Blueprint: Starting a Career as an Ethical Hacker and was featured in the Tribe of Hackers: Red Team.
Happy Hour!
4:00 PM
TapHouse OKC
LOCATION
100 Mick Cornett Dr
Oklahoma City, OK 73109
Floor 2 – Rooms 207 & 208
Floor 3 – Junior Ballroom
