
Oklahoma City’s Elite Cybersecurity Conference is returning in-person for 2022 at the new Oklahoma City Convention Center!
Oklahoma City’s Elite Cybersecurity Conference is returning in-person for 2022 at the new Oklahoma City Convention Center!
We’re excited to be back live for 2022! The S3CCON team is working to put together an incredible lineup of experts in the cybersecurity field. Each talk is going to provide attendees with inspiration, tools, and actionable ways you can better protect against hackers. Hope to see you there!
Click the button below to learn more about the sponsorship opportunities at S3CCON 2022.
Click the button below to learn more about the sponsorship opportunities at S3CCON 2022.
This year we will have a few different villages available for attendees to have hands-on experience with. Below are the details for each village.
The RF Village is where people come to learn about radio security, wireless technology, software defined radio (SDR), Bluetooth, WiFi, RFID, and other protocols within the usable RF spectrum. These learning environments are provided in the form of demonstrations and hands-on examples to promote learning on cutting edge topics. The RF Village is supported by experts in the area of RF technologies and information security. We also provide free WiFi.
In the world of cyber security, many forget that one of the greatest vulnerabilities to an organization is through poor physical security.
Understanding the risks to physical devices and locations is extremely important in protecting our people, data, and systems. In this village we will be exploring a variety of hardware tools that are used by attackers to capture data, gain access, and otherwise bypass security controls.
We will be covering tools such as:
There will be several hands on labs learning how to use, improvise and defend against these tools.
If you have ever wanted to learn how to pick locks with paper clips, use a milk jug to open a locked door, or if you want to see how to protect yourself from key loggers, card cloners, and malicious wireless tools, stop by and lets talk about the physical side of cyber security!
The Password Cracking village will be a look at the practical uses of password cracking. From the educational side, as a tool in CTF competitions and training for real world use, to the professional side, as a potential tool for blue teams looking to audit their own passwords to find weak passwords or failing policies. We’ll be covering things like:
KEYTF! A twist on the traditional ctf.
Your goal is to decode a lock, measure a physical key, use a photo to reproduce a key and other crazy challenges.
Are you ready for a challenge?
Put your mind and dexterity to the test while reliving gym-class dodgeball flashbacks with an overwhelming time crunch.
The Lockpick Nerf-Fights Village is a time-based race for two combatants to bypass the lock on a box with a nerf blaster inside. The winner who gains access to the box and manages to hit the opponent first takes the crown.
Instructions:
One-on-one battle
Both combatants will be issued:
The combatants will be spaced apart challenged to pick two commonly found master locks and race against each other to be the first to strike!
They will have until first strike or until the clock runs out.
Combatants may not…
Building a team is hard. Building your dream team is even harder. Over these last ten plus years of building a cybersecurity business, I’ve learned a lot about how to build a successful security team. In this talk you’ll learn practical advice on how to build out a cybersecurity team that is the perfect fit for your organization. How to hire, what skills to look for, and most importantly, how each hire should directly impact your company goals.
Donovan Farrow founded Alias in 2010. He brings over twenty-years of experience working for Schlumberger Oilfield Services, Loves Travel Stops, Chesapeake Energy and NTT Security in the fields of Information Technology, Information Security, Digital Forensics, and Incident Response. Donovan currently serves as CEO of Alias. He has provided digital forensic analysis in over 2,100 court cases, 160 Incident Response engagements, 250 penetration tests, appointed Special Master by the Court, sits on the OCCC Advisory Board, and he is ACE,PCE,CCE and GCFA certified. Donovan was awarded the “Young Entrepreneur of the Year” Award at the Tulsa Small Business Summit and Awards Ceremony in 2018.
After almost every data breach, companies point the finger at employees. While Human error is the number one cause of data breaches, employees play a vital role as the first line of defense at stopping breaches. Businesses just need to learn how to make employees their cyber strength.
Anthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy in its Oklahoma City office. At Crowe & Dunlevy, Hendricks chairs the firm’s Cybersecurity and Data Privacy Practice Group. He guides clients facing sensitive criminal, cybersecurity, banking, and environmental compliance issues. He also advises clients on privacy and data protection laws, coaches clients on developing data breach response plans, and represents clients facing enforcement actions related to cyber laws. Hendricks teaches a cybersecurity law class and an information privacy class at Oklahoma City University School of Law. He also hosts Nothing About You Says Computer Technology, a weekly podcast on cybersecurity and data privacy viewed through the lens of diverse voices. Hendricks is a graduate of Howard University. He holds two Masters from the London School of Economics, where he was a British Marshall Scholar, and a Juris Doctorate from Harvard Law School.
The recent pandemic has many seeking the outdoors. I find lessons in any environment, even on a recent hiking trip in Arizona. The saguaro cactus is a symbol of strength and perseverance in the harshest elements, just like the sole information security professional in a small / medium business. One must be willing to stand tall and put their experience on the line to help the business to not just know better, but to do better. This can be challenging in an SMB environment where the threats are not always obvious and there may not be clear regulatory requirements. I share proven methods to encourage strong security practices in an SMB world without getting prickly.
Chad Kliewer, MS, CISSP, CCSP, is a recovering CISO based in Kingfisher, OK and is currently the Education CPE Evaluator Lead at (ISC)2, the world’s leading cybersecurity professional organization. He has over 25 years experience in Information Security and Information Technology with responsibilities ranging from PC Tech to CIO, including PCI, HIPAA and SOX compliance. While mostly in the healthcare field, Chad has also worked in banking, transportation, and currently in telecommunications. During his career, Chad has been outsourced, insourced, and resourced working with companies from 50 employees to more than 50,000 employees giving him insight to how things work in companies large and small and everywhere in between.
Chad has served on the Communications Sector Coordinating Council, CISA’s ICT Supply Chain Risk Management Task Force, is a member of the FBI Citizens Academy Alumni Association and serves as a past-president and advisor to the Board for the FBI InfraGard Oklahoma Members Alliance. He maintains the Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) and several other certifications. Chad holds an MS degree in Cybersecurity and Information Assurance from Western Governors University.
If data infrastructure is evolving to a dynamic nature, why are you still using static database credentials? This talk raises some difficult questions to the audience about long-lived static access and provides a tested approach to authenticate, authorize, and audit both user and application access
Dewan Ahmed is a Senior Developer Advocate at Aiven, a company that offers a fully managed, open source cloud data platform. Before joining Aiven, he worked at IBM and Red Hat as a developer, QA lead, consultant, and developer advocate.
For the last eight years, Dewan has worked to solve DevOps and infrastructure problems for small startups, large enterprises, and governments. Starting his public speaking at a toastmaster in 2016, he has been speaking at tech conferences and meetups for the last five years. His work is fueled by a passion for open-source and a deep respect for the tech community. Dewan writes about app/data infrastructure, developer advocacy, and his thoughts around a career in tech here: https://www.dewanahmed.com.
Outside of work, he’s an advocate for underrepresented groups in tech and offers pro bono career coaching as his way of giving back.
Attackers are taking advantage of insecure software deployment pipelines; the White House, OWASP, Google, and others have released guidelines on best practices in response. We will break down the key takeaways and compile a list of best practices for mitigating software supply chain security risk.
Tony Loehr is the Developer Advocate for Cycode. Their prerogative is to make it easy for developers to use the Cycode platform, and to help protect data through knowledge sharing. They have professional experience with engineering, marketing, and sales and bring a unique perspective on how to implement comprehensive cybersecurity solutions. They value being a lifelong learner, and aim to help teach cybersecurity solutions to people with varying degrees of technical knowledge. In their free time, Tony enjoys tending houseplants, freestyle rapping, and working on various side projects.
Outside of work, he’s an advocate for underrepresented groups in tech and offers pro bono career coaching as his way of giving back.
Ransomware continues to wreak havoc in all industries. The thing is, its not a new issue. Ransomware has been around a very long time. Now its evolved into Ransomware as a service, untraceable payments, and events that compromise human health care. In this session, we will explore how it all began and how you can put controls in place to limit the damage Ransomware can do.
David Barton is Chief Technology Officer at High Wire Networks. He oversees High Wire technology solutions and leads the sales engineering teams for High Wire’s Overwatch Managed Security Marketplace, which enables partners to deliver comprehensive cybersecurity that’s easy to sell and easy to buy for an affordable subscription. Barton has more than 20 years of cybersecurity experience with companies in various industries, including telecommunications, health care, software development, finance, mortgage, and government. He is the former CISO for Stellar Cyber, the company behind the open-XDR solution that Overwatch leverages to deliver managed detection and response through its 24/7 Security Operations Center (SOC) as a Service.
Rising premiums? Denied coverage? Told to buy “cyber insurance” and you’re completely lost? Unlike car insurance, Cyber is an immature, rapidly changing market, with skyrocketing rates and cancellations, and even war clauses being used to deny claims. Let’s discuss the pitfalls of cyber insurance.
Kevin serves as the Chief Information Officer for the Oklahoma Municipal Assurance Group, a municipal interlocal cooperative agency with emphases on technology risk, cybersecurity, and cyberliability insurance for cities and towns in Oklahoma. With 21 years of technology experience, Kevin has spent 18 of those years in government technology leadership roles focusing on a wide range of citizen services, including adaptive technologies, K-12 and Postsecondary educational technology, and application development for State natural resources and transportation services. His peer-reviewed research paper, “Immaturity and Moral Hazard in the Cyber Insurance Market” was the featured cover article in the ISSA Journal for October 2019 and named as a “Best of†article for 2019. Kevin has a Masters of Science in Information Assurance from Oklahoma State University. He was the founding chair of the Oklahoma State advisory subcommittee on web accessibility requirements, and currently serves as a founding officer of the Oklahoma Cybersecurity Coalition, and a Board Member of the InfraGard Oklahoma Members Alliance.
3 big problems in the digital oilfield: first it relied heavily on logging which is hard to bring back home, second it required passwords, third it ran on windows. We will show how we can attack the digital oilfield all the way down to the canopy and then a better way of fixing the problems.
Born in Oakridge, TN (The Secret City), James Cabe spent the early years of his career in Cambridge MA working for BBN Planet (Autonomous System 1 on the internet). After being sold to the carrier GTE and spun off during the making of Verizon, James set course for New York and private network consulting and data security for legal firms, commodities trading networks and large global retail. James moved to Houston, TX and began a career in Oil and Gas. The large independent E&P company formed an internal international consultancy to handle companies outside the scope of normal American IT operations. He cut his teeth with satellite and networking in deep water and international deployment. James has worked for Fortinet as a Subject Matter Expert and Evangelist for mega-corporation security architecture, encryption, authentication.
Application security struggles to keep up with modern development. Attacks against applications will only continue to grow. Web3? DevOps? Pipeline? Supply chain? With so many buzz words amidst a myriad of undiscovered vulnerabilities, where does your incident response team start after an incident?
Kris Wall is the Chief Technology Officer and Senior Penetration Testing/Digital Forensics expert at Critical Fault. Kris worked for over a decade for an MSP before freelancing for a few years as a developer. After developing several terribly vulnerable web apps, Kris became obsessed with fixing vulnerabilities in his code and giving talks about this journey. It was then Kris got into offensive security.
Since getting into offensive security, Kris was founded a security testing company, finished his MS and BS in Information Security, and landed several certifications, included his OSCP and CISSP.
We’ve all been beat to death with best practice this or NIST standard that. Attackers have moved away from exploits and worms and into living off the lan tactics masquerading as network admins. In this talk I’ll cover the tools, techniques, and procedures that I use on engagements and the tricks I’ve learned from responding to ransomware incidents. These aren’t theoretical attacks, these are all dirty red team tricks I’ve executed or defended against. Everything from malicious active directory changes to persistence via attacker controlled VPN. We’ll discuss how we discover these attacks and how you can defend against them.
Andrew Lemon is currently a Principal Security Engineer at Alias where he serves as the head of Reconnaissance and Destruction. His job entails designing new and creative solutions to enhance the teams offensive capabilities, Incident response procedures, and Digital Forensic tooling.
An essential part of Attack Surface Management (ASM), Offensive Security can be misunderstood and underutilized. Offensive Cybersecurity utilizes a threat actor perspective to assess security postures. When combined correctly in an ASM program, the synergy makes for a more effective program.
Phillip Wylie is a cybersecurity professional and offensive security SME with over 18 years of experience, over half of his career in offensive security. Wylie is the Tech Evangelism & Enablement Manager at CyCognito. He is a former college adjunct instructor and published author. He is the concept creator and co-author of The Pentester Blueprint: Starting a Career as an Ethical Hacker and was featured in the Tribe of Hackers: Red Team.
Join us in the third floor ballroom for a chance to win some raffle prizes! Grab a raffle ticket when you enter. If you haven’t turned in to the registration table yet, now is the time. Give your completed vendor passport to the organizers for the chance to win an additional prize.
Join us for free food and drinks at the OKC Tap House for our Happy Hour! We will be in a private area on the second floor from 4:30 pm to 7:00 pm. Located a short walk away in the Omni Hotel.
100 Oklahoma City Blvd
Oklahoma City, OK 73109
Building a team is hard. Building your dream team is even harder. One these last ten plus years of building a cybersecurity business, I’ve learned a lot about how to build a successful security team. In this talk you’ll learn practical advice on how to build out a cybersecurity team that is the perfect fit for your organization. How to hire, what skills to look for, and most importantly, how each hire should directly impact your company goals.
Donovan Farrow founded Alias in 2010. He brings over twenty-years of experience working for Schlumberger Oilfield Services, Loves Travel Stops, Chesapeake Energy and NTT Security in the fields of Information Technology, Information Security, Digital Forensics, and Incident Response. Donovan currently serves as CEO of Alias. He has provided digital forensic analysis in over 2,100 court cases, 160 Incident Response engagements, 250 penetration tests, appointed Special Master by the Court, sits on the OCCC Advisory Board, and he is ACE,PCE,CCE and GCFA certified. Donovan was awarded the “Young Entrepreneur of the Year” Award at the Tulsa Small Business Summit and Awards Ceremony in 2018.
After almost every data breach, companies point the finger at employees. While Human error is the number one cause of data breaches, employees play a vital role as the first line of defense at stopping breaches. Businesses just need to learn how to make employees their cyber strength.
Anthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy in its Oklahoma City office. At Crowe & Dunlevy, Hendricks chairs the firm’s Cybersecurity and Data Privacy Practice Group. He guides clients facing sensitive criminal, cybersecurity, banking, and environmental compliance issues. He also advises clients on privacy and data protection laws, coaches clients on developing data breach response plans, and represents clients facing enforcement actions related to cyber laws. Hendricks teaches a cybersecurity law class and an information privacy class at Oklahoma City University School of Law. He also hosts Nothing About You Says Computer Technology, a weekly podcast on cybersecurity and data privacy viewed through the lens of diverse voices. Hendricks is a graduate of Howard University. He holds two Masters from the London School of Economics, where he was a British Marshall Scholar, and a Juris Doctorate from Harvard Law School.
If data infrastructure is evolving to a dynamic nature, why are you still using static database credentials? This talk raises some difficult questions to the audience about long-lived static access and provides a tested approach to authenticate, authorize, and audit both user and application access
Dewan Ahmed is a Senior Developer Advocate at Aiven, a company that offers a fully managed, open source cloud data platform. Before joining Aiven, he worked at IBM and Red Hat as a developer, QA lead, consultant, and developer advocate.
For the last eight years, Dewan has worked to solve DevOps and infrastructure problems for small startups, large enterprises, and governments. Starting his public speaking at a toastmaster in 2016, he has been speaking at tech conferences and meetups for the last five years. His work is fueled by a passion for open-source and a deep respect for the tech community. Dewan writes about app/data infrastructure, developer advocacy, and his thoughts around a career in tech here: https://www.dewanahmed.com.
Outside of work, he’s an advocate for underrepresented groups in tech and offers pro bono career coaching as his way of giving back.
Ransomware continues to wreak havoc in all industries. The thing is, it’s not a new issue. Ransomware has been around a very long time. Now it’s evolved into Ransomware as a service, untraceable payments, and events that compromise human health care. In this session, we will explore how it all began and how you can put controls in place to limit the damage Ransomware can do.
David Barton is Chief Technology Officer at High Wire Networks. He oversees High Wire technology solutions and leads the sales engineering teams for High Wire’s Overwatch Managed Security Marketplace, which enables partners to deliver comprehensive cybersecurity that’s easy to sell and easy to buy for an affordable subscription. Barton has more than 20 years of cybersecurity experience with companies in various industries, including telecommunications, health care, software development, finance, mortgage, and government. He is the former CISO for Stellar Cyber, the company behind the open-XDR solution that Overwatch leverages to deliver managed detection and response through its 24/7 Security Operations Center (SOC) as a Service.
3 big problems in the digital oilfield: first it relied heavily on logging which is hard to bring back home, second it required passwords, third it ran on windows. We will show how we can attack the digital oilfield all the way down to the canopy and then a better way of fixing the problems.
Born in Oakridge, TN (The Secret City), James Cabe spent the early years of his career in Cambridge MA working for BBN Planet (Autonomous System 1 on the internet). After being sold to the carrier GTE and spun off during the making of Verizon, James set course for New York and private network consulting and data security for legal firms, commodities trading networks and large global retail. James moved to Houston, TX and began a career in Oil and Gas. The large independent E&P company formed an internal international consultancy to handle companies outside the scope of normal American IT operations. He cut his teeth with satellite and networking in deep water and international deployment. James has worked for Fortinet as a Subject Matter Expert and Evangelist for mega-corporation security architecture, encryption, authentication.
We’ve all been beat to death with best practice this or NIST standard that. Attackers have moved away from exploits and worms and into living off the lan tactics masquerading as network admins. In this talk I’ll cover the tools, techniques, and procedures that I use on engagements and the tricks I’ve learned from responding to ransomware incidents. These aren’t theoretical attacks, these are all dirty red team tricks I’ve executed or defended against. Everything from malicious active directory changes to persistence via attacker controlled VPN. We’ll discuss how we discover these attacks and how you can defend against them.
Andrew Lemon is currently a Principal Security Engineer at Alias where he serves as the head of Reconnaissance and Destruction. His job entails designing new and creative solutions to enhance the teams offensive capabilities, Incident response procedures, and Digital Forensic tooling.
Join us in the third floor ballroom for a chance to win some raffle prizes! Grab a raffle ticket when you enter. If you haven’t turned in to the registration table yet, now is the time. Give your completed vendor passport to the organizers for the chance to win an additional prize.
The recent pandemic has many seeking the outdoors. I find lessons in any environment, even on a recent hiking trip in Arizona. The saguaro cactus is a symbol of strength and perseverance on the harshest elements, just like the sole information security professional in a small / medium business. One must be willing to stand tall and put their experience on the line to help the business to not just know better, but to do better. This can be challenging in an SMB environment where the threats are not always obvious and there may not be clear regulatory requirements. I share proven methods to encourage strong security practices in an SMB world without getting prickly.
Chad Kliewer, MS, CISSP, CCSP, is a recovering CISO based in Kingfisher, OK and is currently the Education CPE Evaluator Lead at (ISC)2, the world’s leading cybersecurity professional organization. He has over 25 years experience in Information Security and Information Technology with responsibilities ranging from PC Tech to CIO, including PCI, HIPAA and SOX compliance. While mostly in the healthcare field, Chad has also worked in banking, transportation, and currently in telecommunications. During his career, Chad has been outsourced, insourced, and resourced working with companies from 50 employees to more than 50,000 employees giving him insight to how things work in companies large and small and everywhere in between.
Chad has served on the Communications Sector Coordinating Council, CISA’s ICT Supply Chain Risk Management Task Force, is a member of the FBI Citizens Academy Alumni Association and serves as a past-president and advisor to the Board for the FBI InfraGard Oklahoma Members Alliance. He maintains the Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) and several other certifications. Chad holds an MS degree in Cybersecurity and Information Assurance from Western Governors University.
Attackers are taking advantage of insecure software deployment pipelines; the White House, OWASP, Google, and others have released guidelines on best practices in response. We will break down the key takeaways and compile a list of best practices for mitigating software supply chain security risk.
Tony Loehr is the Developer Advocate for Cycode. Their prerogative is to make it easy for developers to use the Cycode platform, and to help protect data through knowledge sharing. They have professional experience with engineering, marketing, and sales and bring a unique perspective on how to implement comprehensive cybersecurity solutions. They value being a lifelong learner, and aim to help teach cybersecurity solutions to people with varying degrees of technical knowledge. In their free time, Tony enjoys tending houseplants, freestyle rapping, and working on various side projects.
Rising premiums? Denied coverage? Told to buy “cyber insurance” and you’re completely lost? Unlike car insurance, Cyber is an immature, rapidly changing market, with skyrocketing rates and cancellations, and even war clauses being used to deny claims. Let’s discuss the pitfalls of cyber insurance.
Kevin serves as the Chief Information Officer for the Oklahoma Municipal Assurance Group, a municipal interlocal cooperative agency with emphases on technology risk, cybersecurity, and cyberliability insurance for cities and towns in Oklahoma. With 21 years of technology experience, Kevin has spent 18 of those years in government technology leadership roles focusing on a wide range of citizen services, including adaptive technologies, K-12 and Postsecondary educational technology, and application development for State natural resources and transportation services. His peer-reviewed research paper, “Immaturity and Moral Hazard in the Cyber Insurance Market” was the featured cover article in the ISSA Journal for October 2019 and named as a “Best of†article for 2019. Kevin has a Masters of Science in Information Assurance from Oklahoma State University. He was the founding chair of the Oklahoma State advisory subcommittee on web accessibility requirements, and currently serves as a founding officer of the Oklahoma Cybersecurity Coalition, and a Board Member of the InfraGard Oklahoma Members Alliance.
Application security struggles to keep up with modern development. Attacks against applications will only continue to grow. Web3? DevOps? Pipeline? Supply chain? With so many buzz words amidst a myriad of undiscovered vulnerabilities, where does your incident response team start after an incident?
Kris Wall is the Chief Technology Officer and Senior Penetration Testing/Digital Forensics expert at Critical Fault. Kris worked for over a decade for an MSP before freelancing for a few years as a developer. After developing several terribly vulnerable web apps, Kris became obsessed with fixing vulnerabilities in his code and giving talks about this journey. It was then Kris got into offensive security.
Since getting into offensive security, Kris was founded a security testing company, finished his MS and BS in Information Security, and landed several certifications, included his OSCP and CISSP.
An essential part of Attach Surface Management (ASM), Offensive Security can be misunderstood and underutilized. Offensive Cybersecurity utilizes a threat actor perspective to assess security postures. When combined correctly in an ASM program, the synergy makes for a more effective program.
Phillip Wylie is a cybersecurity professional and offensive security SME with over 18 years of experience, over half of his career in offensive security. Wylie is the Tech Evangelism & Enablement Manager at CyCognito. He is a former college adjunct instructor and published author. He is the concept creator and co-author of The Pentester Blueprint: Starting a Career as an Ethical Hacker and was featured in the Tribe of Hackers: Red Team.
100 Mick Cornett Dr
Oklahoma City, OK 73109
Floor 2 – Rooms 207 & 208
Floor 3 – Junior Ballroom