{"$schema": "https://c3voc.de/schedule/schema.json", "generator": {"name": "pretalx", "version": "2026.1.0.dev0"}, "schedule": {"url": "https://pretalx.com/bsides-atlanta-2022/schedule/", "version": "_8222022", "base_url": "https://pretalx.com", "conference": {"acronym": "bsides-atlanta-2022", "title": "BSides Atlanta 2022", "start": "2022-08-27", "end": "2022-08-27", "daysCount": 1, "timeslot_duration": "00:05", "time_zone_name": "US/Eastern", "colors": {"primary": "#3aa57c"}, "rooms": [{"name": "Hudson Grille - Kennesaw", "slug": "1667-hudson-grille-kennesaw", "guid": "bbe36332-f227-5bad-9f9c-77e2249525e0", "description": "After-party venue", "capacity": null}, {"name": "Atrium", "slug": "1586-atrium", "guid": "64f2a929-b6b8-5a93-9b95-dcb90ea884a4", "description": null, "capacity": null}, {"name": "Room 400", "slug": "1471-room-400", "guid": "3c4b0e40-6bf2-5056-ac40-4c8d358af1e0", "description": null, "capacity": null}, {"name": "Room 401 - \"Re-Engage\" track", "slug": "1472-room-401-re-engage-track", "guid": "b70ef160-ea55-57f7-ad42-86d9769cf335", "description": null, "capacity": 60}, {"name": "Room 402 - \"Re-Imagine\" track", "slug": "1473-room-402-re-imagine-track", "guid": "023871a4-6ce2-5b5a-a24c-671e66fffde7", "description": null, "capacity": 60}, {"name": "Room 460 - \"Re-Ignite\" track", "slug": "1474-room-460-re-ignite-track", "guid": "d3f3680f-e880-52a7-ac85-2d2b79749310", "description": null, "capacity": 40}, {"name": "Room 461 - Resume village", "slug": "1655-room-461-resume-village", "guid": "7e1807c7-3529-581f-925d-5fb2c3376bfe", "description": null, "capacity": 15}, {"name": "Room 462 - Secure Code Warrior CTF", "slug": "1657-room-462-secure-code-warrior-ctf", "guid": "41988a7d-13e3-5807-a1cf-bea2c5db521f", "description": null, "capacity": 40}, {"name": "Room 174 - Lockpick village", "slug": "1656-room-174-lockpick-village", "guid": "2fc3ea62-14bc-5a81-8305-df9d57a37f47", "description": null, "capacity": 30}], "tracks": [{"name": "Re-Ignite", "slug": "2981-re-ignite", "color": "#F21241"}, {"name": "Re-Engage", "slug": "2982-re-engage", "color": "#44B15C"}, {"name": "Re-Imagine", "slug": "2980-re-imagine", "color": "#159DF5"}], "days": [{"index": 1, "date": "2022-08-27", "day_start": "2022-08-27T04:00:00-04:00", "day_end": "2022-08-28T03:59:00-04:00", "rooms": {"Hudson Grille - Kennesaw": [{"guid": "643f56dc-b723-5504-a0d1-2040357eb6ed", "code": "CH8EAB", "id": 21759, "logo": null, "date": "2022-08-27T17:30:00-04:00", "start": "17:30", "duration": "02:00", "room": "Hudson Grille - Kennesaw", "slug": "bsides-atlanta-2022-21759-after-party", "url": "https://pretalx.com/bsides-atlanta-2022/talk/CH8EAB/", "title": "After Party", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Please join us for the BSides Atlanta 2022 after-party!\r\n\r\nHudson Grille - Kennesaw location\r\n2500 Cobb Place Lane NW\r\nKennesaw, Georgia 30144\r\n\r\nhttps://goo.gl/maps/8Wjwrg8Qx3ZueieU8", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/CH8EAB/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/CH8EAB/", "attachments": []}], "Atrium": [{"guid": "15174849-1d61-531b-9995-8be80a05f4b9", "code": "ZD7QTL", "id": 20645, "logo": null, "date": "2022-08-27T08:00:00-04:00", "start": "08:00", "duration": "08:00", "room": "Atrium", "slug": "bsides-atlanta-2022-20645-attendee-check-in-and-registration", "url": "https://pretalx.com/bsides-atlanta-2022/talk/ZD7QTL/", "title": "Attendee check-in and registration", "subtitle": "", "track": null, "type": "Village", "language": "en", "abstract": "Welcome to BSides Atlanta 2022!  Attendees will be able to check-in or register at our tables set up in the atrium.  Check-in will begin at 8am, and be open most of the day.  If you registered with us ahead of time, we'll have your badge and whatever swag we're able to get for everyone!  If you didn't register ahead of time, we can't promise you anything except cool talks at a great venue!", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/ZD7QTL/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/ZD7QTL/", "attachments": []}], "Room 400": [{"guid": "5aa16bb5-ec39-5a14-b44f-05029f6626a1", "code": "R8HEXW", "id": 20011, "logo": null, "date": "2022-08-27T08:45:00-04:00", "start": "08:45", "duration": "00:15", "room": "Room 400", "slug": "bsides-atlanta-2022-20011-organizers-welcome-remarks", "url": "https://pretalx.com/bsides-atlanta-2022/talk/R8HEXW/", "title": "Organizers welcome remarks", "subtitle": "", "track": null, "type": "Organizers remarks", "language": "en", "abstract": "The BSides Atlanta organizers will use this time to welcome our attendees!  We will walk everyone through the schedule and various important details for the day, including talk tracks, villages, room locations, restrooms, wireless internet access, lunch, and our terrific sponsors!  We will also take this opportunity to take any questions, then welcome to the stage our keynote speaker!", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "7CYWHU", "name": "Yvette Johnson", "avatar": null, "biography": null, "public_name": "Yvette Johnson", "guid": "629d0fad-7ce9-5f72-9387-01fcee05e47a", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/7CYWHU/"}, {"code": "M98RX8", "name": "JoEtta LeSueur", "avatar": null, "biography": null, "public_name": "JoEtta LeSueur", "guid": "002740e1-81cd-53e1-87f6-557796cfb8ad", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/M98RX8/"}, {"code": "NCRDAA", "name": "Dr. Andy Green", "avatar": "https://pretalx.com/media/avatars/NCRDAA_cYJvGYM.webp", "biography": null, "public_name": "Dr. Andy Green", "guid": "3928b93d-394b-54f3-96eb-31daa4c6806a", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/NCRDAA/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/R8HEXW/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/R8HEXW/", "attachments": []}, {"guid": "80b4a7ac-ab21-59a0-9af2-9f9091f5a7a5", "code": "QKFB8A", "id": 20013, "logo": null, "date": "2022-08-27T09:00:00-04:00", "start": "09:00", "duration": "00:25", "room": "Room 400", "slug": "bsides-atlanta-2022-20013-we-ve-come-a-long-way-matey", "url": "https://pretalx.com/bsides-atlanta-2022/talk/QKFB8A/", "title": "We've Come A Long Way Matey", "subtitle": "", "track": null, "type": "Keynote", "language": "en", "abstract": "As we prepare to re-engage, re-imagine, and re-ignite let's take a subjective look back at where the industry has come over the last 30 years.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "EJ9ZDW", "name": "Mike Pearson", "avatar": null, "biography": "Mike Pearson is a passionate cyber thought leader and entrepreneur with over 30 years of experience in the industry.  As Chief Technology Officer and co-founder for SecureWorks, Mike patented the first intrusion prevention service, coining the term IPS, and was responsible building the iSensor technology that led to the acquisition by Dell.  Since SecureWorks, Mike has served in multiple roles as both a practitioner and advisor to CISO's worldwide. He currently serves as Founder and Managing Partner of Cymrix, a cyber-attack simulation platform.", "public_name": "Mike Pearson", "guid": "6bc67e8f-ab66-5f39-97e2-7e31420148ae", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/EJ9ZDW/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/QKFB8A/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/QKFB8A/", "attachments": []}, {"guid": "16b1c06d-cc14-50f6-a128-49c09fe3f48c", "code": "NGGTKM", "id": 20647, "logo": null, "date": "2022-08-27T12:00:00-04:00", "start": "12:00", "duration": "00:50", "room": "Room 400", "slug": "bsides-atlanta-2022-20647-lunch", "url": "https://pretalx.com/bsides-atlanta-2022/talk/NGGTKM/", "title": "Lunch", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Join us for lunch, catered once again by Dreamland BBQ!  Lunch is courtesy of all of our terrific sponsors, so please say \"thank you\" to them when you have a chance!\r\n\r\nThe menu will consist of:\r\n- BBQ chicken\r\n- BBQ pork\r\n- Baked beans (no meat, vegetarian-friendly)\r\n- Mac and cheese\r\n- Salad (vegetarian-friendly)\r\n- Banana pudding\r\n- Tea (sweet and unsweet)", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/NGGTKM/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/NGGTKM/", "attachments": []}, {"guid": "57e866f0-a08b-5647-b69d-8eec4f301d31", "code": "8F3QXT", "id": 21758, "logo": null, "date": "2022-08-27T16:00:00-04:00", "start": "16:00", "duration": "00:50", "room": "Room 400", "slug": "bsides-atlanta-2022-21758-tackling-diversity-in-the-cybersecurity-workforce", "url": "https://pretalx.com/bsides-atlanta-2022/talk/8F3QXT/", "title": "Tackling Diversity in the Cybersecurity Workforce", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "The Biden administration has taken efforts to fill the hundreds of thousands of cybersecurity jobs in the U.S. as part of a bid to close the workforce gap described as a national security challenge.  With ~700,000 cybersecurity job openings, this challenge threatens the nation\u2019s global economic viability and must be tackled aggressively.  Moreover, this major talent shortage is exacerbated with a more troublesome issue - the lack of diversity in cybersecurity.\r\n\r\nAccording to the 2021 Aspen Digital Tech Policy Hub report, the latest demographics indicate underrepresented groups such as Black (9%), Hispanic (4%) and Asian (8%) professionals make up an increasingly low percentage of the Cybersecurity workforce.  The Pew Research Center reported women still only represent approximately 25% of the cybersecurity workforce compared to at least 40% of the global workforce. \u201cWith cybersecurity as one of the largest challenges facing the Nation\u2019s security with a major talent shortfall, it is paramount that all talent including gender, ethnicity and culture are not only included but welcome in the workforce. (Cyversity.org)\u201d  \r\n\r\nThis panel will discuss actions that can be taken to shift the narrative and build more diversity into the cybersecurity workforce.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "YDH9K9", "name": "Jacqueline Crawley", "avatar": null, "biography": "Information Security & Privacy Advocate, RT Hawk Consulting\r\nDirector of Diversity and Membership, Atlanta Chapter of ISACA", "public_name": "Jacqueline Crawley", "guid": "ca0b8fac-d90e-5cb9-b072-fb6d984c0cd1", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/YDH9K9/"}, {"code": "7GDCWE", "name": "Kevin Dodson", "avatar": "https://pretalx.com/media/avatars/7GDCWE_9ZROJzo.webp", "biography": "VP of Diversity & Inclusion, Workforce 2000\r\nvCISO, Convergence Networks", "public_name": "Kevin Dodson", "guid": "912d8a2c-e3a8-5494-9322-9e8adb3372a8", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/7GDCWE/"}, {"code": "Z89ZUN", "name": "E Rick Hart", "avatar": null, "biography": "Information Security Manager, Federal Reserve Bank of Atlanta", "public_name": "E Rick Hart", "guid": "6ea7bc4d-ff59-50eb-9dbb-d6d4bc044610", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/Z89ZUN/"}, {"code": "BWSRKJ", "name": "Cassandra Dacus", "avatar": null, "biography": "Cyversity Atlanta Chapter President", "public_name": "Cassandra Dacus", "guid": "30302eb1-53be-5df0-83e1-75a614c228c3", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/BWSRKJ/"}, {"code": "3QM3DN", "name": "Olivia Rose", "avatar": "https://pretalx.com/media/avatars/3QM3DN_wa5w2va.webp", "biography": "Olivia Rose is the CISO, and VP of IT & Security for Amplitude, the world-leader in product analytics. Olivia is a proven cybersecurity leader with close to 20 years building, transforming, and optimizing successful IT and cybersecurity programs. Olivia possesses a unique blend of technical, governance, and business acumen and experience, enabling IT and security initiatives to align with the business and demonstrate value. Olivia is frequently requested at speaker events and podcasts, and is regarded as a mentor and thought leader in the industry. Olivia holds numerous IT and security certifications, including CISSP, CISM, CCSK, and is an active participating member of several industry groups. Olivia was recently elected to the Board of Cyversity, an organization dedicated to the consistent representation of women and underrepresented minorities in the cybersecurity industry through programs designed to diversify, educate, and empower.", "public_name": "Olivia Rose", "guid": "c64daf9a-ab7b-55a7-b5da-182127301ad1", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/3QM3DN/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/8F3QXT/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/8F3QXT/", "attachments": []}, {"guid": "bdc8dedb-c048-5920-b873-803aadf19e7e", "code": "SNT7FH", "id": 20014, "logo": null, "date": "2022-08-27T17:00:00-04:00", "start": "17:00", "duration": "00:30", "room": "Room 400", "slug": "bsides-atlanta-2022-20014-organizers-closing-remarks-and-giveaways", "url": "https://pretalx.com/bsides-atlanta-2022/talk/SNT7FH/", "title": "Organizers closing remarks and giveaways", "subtitle": "", "track": null, "type": "Organizers remarks", "language": "en", "abstract": "BSides Atlanta organizers will put a \"bow on the day\" here!  We will give out door prizes, take questions, and give a big thank you to our sponsors once again!  We will also take questions from the attendees,  add any additional end of day details as needed, and thank our attendees for spending their Saturday with us!", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "7CYWHU", "name": "Yvette Johnson", "avatar": null, "biography": null, "public_name": "Yvette Johnson", "guid": "629d0fad-7ce9-5f72-9387-01fcee05e47a", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/7CYWHU/"}, {"code": "M98RX8", "name": "JoEtta LeSueur", "avatar": null, "biography": null, "public_name": "JoEtta LeSueur", "guid": "002740e1-81cd-53e1-87f6-557796cfb8ad", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/M98RX8/"}, {"code": "NCRDAA", "name": "Dr. Andy Green", "avatar": "https://pretalx.com/media/avatars/NCRDAA_cYJvGYM.webp", "biography": null, "public_name": "Dr. Andy Green", "guid": "3928b93d-394b-54f3-96eb-31daa4c6806a", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/NCRDAA/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/SNT7FH/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/SNT7FH/", "attachments": []}], "Room 401 - \"Re-Engage\" track": [{"guid": "d872d103-acd4-5ebe-9d42-aeefb96fb0b1", "code": "RW7ULJ", "id": 20150, "logo": null, "date": "2022-08-27T09:30:00-04:00", "start": "09:30", "duration": "00:50", "room": "Room 401 - \"Re-Engage\" track", "slug": "bsides-atlanta-2022-20150-a-tale-of-two-saas-providers-around-session-hijacking-a-case-study-in-vuln-disclosure-response-session-hijacking-the-realities-of-reverse-proxies-in-compromising-saas-accounts", "url": "https://pretalx.com/bsides-atlanta-2022/talk/RW7ULJ/", "title": "A Tale of Two SaaS Providers around Session Hijacking - A case study in Vuln Disclosure Response, Session Hijacking & the Realities of Reverse Proxies in Compromising SaaS Accounts", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Tenant hopping via compromised web sessions is one of a SaaS provider's worst nightmares.  Then why are so many shrugging at mitigating real risks from users victimized by reverse web proxies?  In recent months, VerSprite's OffSec team uncovered the prevalence and ease of abusing session tokens for SaaS providers via this attack pattern.   This talk speaks on the effectiveness of this attack patterns against SaaS providers and depicts two distinct SaaS providers responses with regards to responsible disclosure and puts into question shared responsibility models maintained by the Cloud service provider.      \r\n\r\nWe all know attack patterns are commonly layered, traversing over various means (e.g. \u2013 phishing, smishing, XSS, etc.).  SaaS providers presented with an attack path that ultimately ends with session token compromise often claim that pre-requisites of an attack negate their responsibility for improved session management.  This talk will speak on the ease of leveraging reverse web proxies for hijacking user web sessions in SaaS products, responses from two SaaS providers within the same industry and how the regard around responsible disclosure for high impact flaws can be treated extremely differently, and how/ what countermeasures exist to limit these attacks from becoming more widespread in abuse.\r\n\r\nKey takeaways from this talk will center around the following:\r\n1.\tEase of leveraging reverse web proxies for account takeover and defeating MFA/ OTPs\r\n2.\tLessons in responsible disclosure for web application researchers \r\n3.\tCountermeasures that SaaS providers should take for pre-authentication/ post-authentication", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "CGASEB", "name": "Tony UV", "avatar": "https://pretalx.com/media/avatars/CGASEB_GvhEcdF.webp", "biography": "After nearly 25 years of IT/ InfoSec work across a vast range of industries, experience has fueled my drive to deliver a better information security consulting practice. In 2007, I started VerSprite (aka VerSprite Security) with the idea of developing a team of 'security hybrids'\u200b - consummate security professionals that personify both technical mastery around emerging technologies and associated threats, as well as a foundation on business processes, acumen, and overall mindset. As such, the inception of 'true spirited'\u200b security consulting was developed.\u202f\r\n\r\nThrough years of both hands on network, system, and software engineering and a foundation around risk management principles, the reality set in that true security, although relative to each organization, is best managed via a risk based approach where both an understanding of data usage and functional use cases are known in the context of viable threats scenarios and supportive attack vectors.\r\n\r\nThis risk-based approach led to the mantra behind VerSprite Security as well as the PASTA threat modeling methodology (Process for Attack Simulation and Threat Analysis), a co-developed risk based threat modeling methodology that I co-authored along with accompanying book (Risk Centric Threat Modeling, Wiley 2015).\u202f\r\n\r\nLeading VerSprite today requires constant innovation across both technical and non-technical areas. Changes to emerging technologies, regulations, and threat landscapes forces security strategy to be tailored, not pre-fabricated or imitated. As such, I focus on ensuring that VerSprite's consulting practice develops authentic and custom solutions for our clients in consideration of their risk appetite, threat landscape, technology footprint and regulatory environment.\u202f Beyond VerSprite, I run the OWASP Atlanta, GA Chapter and have been heavily involved in the OWASP global initiatives since 2008.", "public_name": "Tony UV", "guid": "1a6459d2-ec8e-50be-a2b7-e562cf9d8c63", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/CGASEB/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/RW7ULJ/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/RW7ULJ/", "attachments": []}, {"guid": "a11429c7-b810-5115-90bc-e2fde8871101", "code": "QA99ZL", "id": 20065, "logo": null, "date": "2022-08-27T10:30:00-04:00", "start": "10:30", "duration": "00:50", "room": "Room 401 - \"Re-Engage\" track", "slug": "bsides-atlanta-2022-20065-a-tale-of-the-times-flying-under-the-radar-screen-connect", "url": "https://pretalx.com/bsides-atlanta-2022/talk/QA99ZL/", "title": "A Tale of the Times:  Flying Under the Radar Screen[Connect]", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Many organizations are employing technology to help lessen the burden on helpdesk personnel. In some cases, that technology is the vector that enables advanced actors to gain a foothold in a network. In other cases, actors are installing the technology to enable command and control. In both cases, the organization generally is unaware as an actor is running rampant in their network. This talk will dive into firsthand tactics from an advanced actor as they took advantage of helpdesk and IT software on their way to owning the domain and critical assets within a few hours of gaining initial access. We will also highlight actionable detection mechanisms that an organization can employ to reduce the chances of them being the next victim.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "3WRYE9", "name": "Fernando Tomlinson", "avatar": "https://pretalx.com/media/avatars/3WRYE9_NBhot7V.webp", "biography": "Fernando Tomlinson is a Principal Digital Forensics and Incident Response Consultant with Mandiant. Before joining Mandiant and retiring from the U.S. Army as a Chief Warrant Officer 4, he was the Senior Technical Advisor at the U.S. Army Cyber Command for forensics and malware analysis and all defensive actions within the U.S. Army. He also previously was a Technical Director of a Cyber Operations Center and has led multi-level Digital Forensics and Incident Response (DFIR) and threat hunting teams. Additionally, he is a collegiate cybersecurity Adjunct Professor who enjoys contributing to the community through his blog at https://cyberfibers.com and projects at https://github.com/wiredpulse.", "public_name": "Fernando Tomlinson", "guid": "77153e4d-04eb-5347-95eb-466ec0280302", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/3WRYE9/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/QA99ZL/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/QA99ZL/", "attachments": []}, {"guid": "2f2b296d-0648-535a-91ad-2b2a960ea435", "code": "AJNA7W", "id": 20627, "logo": null, "date": "2022-08-27T11:30:00-04:00", "start": "11:30", "duration": "00:20", "room": "Room 401 - \"Re-Engage\" track", "slug": "bsides-atlanta-2022-20627-why-automated-dast-scanners-fail-today", "url": "https://pretalx.com/bsides-atlanta-2022/talk/AJNA7W/", "title": "Why Automated DAST Scanners Fail Today", "subtitle": "", "track": null, "type": "20 minute talk", "language": "en", "abstract": "Automated DAST scanners have been around for over 20 years now, so why is it that we have so much trouble using them? From numerous false positives, complicated configurations to scans that take days raging through a single website, why is this still happening? Many factors have changed in the past several years for businesses when it comes to the complexity and number of assets needed to be scanned for security vulnerabilities. How can these businesses meet compliance and regulation requirements when appsec tools can't do the job? In this talk you will see the challenges of automated DAST scanners and why businesses are struggling to keep up with the ever expanding appsec threat landscape.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "NCAZZW", "name": "Ray Kelly", "avatar": "https://pretalx.com/media/avatars/NCAZZW_pbKOPLu.webp", "biography": "Ray Kelly is an internet security professional with over twenty five years of development experience, eighteen of which has focused on the internet security space. Ray has been a key player in multiple successfully acquired cyber security start-ups. He was the lead developer and business unit director for WebInspect with SPI Dynamics which is an industry leading application security scanner (later HP and Micro Focus).  Ray holds three web application scanning patents and speaks regularly at security conferences.  Today, Ray is a Fellow at Synopsis (formally WhiteHat) where he contributes to research, sales and vision of the security product line.", "public_name": "Ray Kelly", "guid": "5656ed0f-96db-5e4e-9465-4eeb588d5e66", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/NCAZZW/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/AJNA7W/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/AJNA7W/", "attachments": []}, {"guid": "930df800-633d-5957-9739-e13bef3a3c59", "code": "S7BNHP", "id": 21241, "logo": null, "date": "2022-08-27T13:00:00-04:00", "start": "13:00", "duration": "00:50", "room": "Room 401 - \"Re-Engage\" track", "slug": "bsides-atlanta-2022-21241-offensive-window-event-logs-for-red-teams", "url": "https://pretalx.com/bsides-atlanta-2022/talk/S7BNHP/", "title": "Offensive Window Event Logs for Red Teams", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Do you know what could be lurking in your Windows event logs? For years, blue teams have been using Windows event logs to track the activities of red teams and threat actors alike, but now we flip the table and use the logs for offensive purposes. Starting with the first public disclosure, this talk takes the attendees through the steps of developing working PoCs and the lessons learned along the way. Attendees will be shown multiple techniques to leverage this capability for persistence and potentially more. Windows event logs are a prime place to store payloads and shellcode, so blue teams better be ready.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "CVH7YY", "name": "Tim Fowler", "avatar": "https://pretalx.com/media/avatars/CVH7YY_ZM3E2at.webp", "biography": "Tim Fowler is a Security Analyst with Black Hills Information Security has over a decades of experience working in information security. He has worked for Fortune 200 financial institutions as well as a consultant, providing penetration testing and red team services. Tim is passionate about sharing his knowledge with others and has had the pleasure of speaking at multiple security conferences across the county. When not hacking away as a clients network or writing the subsequent report, Tim loves spending time with his wife and son swimming endless laps in the pool and making things with his CNC router and Co2 laser cutters", "public_name": "Tim Fowler", "guid": "82cc2a73-9a73-54d9-aa40-65518934fa25", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/CVH7YY/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/S7BNHP/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/S7BNHP/", "attachments": []}, {"guid": "167516f2-1702-5b1b-b609-44bcec813616", "code": "UMQE97", "id": 21363, "logo": null, "date": "2022-08-27T14:00:00-04:00", "start": "14:00", "duration": "00:50", "room": "Room 401 - \"Re-Engage\" track", "slug": "bsides-atlanta-2022-21363-iot-spy-observability-and-alerting-for-internet-of-things-iot-security", "url": "https://pretalx.com/bsides-atlanta-2022/talk/UMQE97/", "title": "IoT Spy: Observability and Alerting for Internet of Things (IoT) Security", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Observability is the method of revealing the state and measuring attributes that characterize a system. Observability in information security has been prevalently synonymous to Splunk logs, metrics, and dashboards. Interestingly, a multitude of open source monitoring tools that are used for network telemetry can offer a holistic view of the security of an organization by deploying metrics, logs, flows, and structured data processing. \r\n\r\nThe contributions of my talk are twofold. First I will introduce a modern, open source, observability stack, Telegraf-Influx-Grafana (TIG) and discuss what makes it a robust stack for security observability. Telegraf is an open source collector agent that is expandable, offers 200+ plugins, and can be scaled easily with multiple instances for streaming data. Influx Database (DB) is a powerful time series database that offers speed with time series processing, storing, and correlating. Grafana is a visualization tool that specializes in presenting time series with the user experience in mind. In the second part of my talk, I will present a use case of TIG stack for IoT security observability and alerting. I will demonstrate how one can measure, forecast, and alert for anomalies in IoT devices using TIG stack and a set of prevalent home devices such as security cameras, smart plugs, lights, and home assistants. This talk will demonstrate new techniques for security observability and will show the potential for a modern telemetry stack to improve the state of observing and measuring security.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "GMN9YK", "name": "Xenia Mountrouidou", "avatar": "https://pretalx.com/media/avatars/GMN9YK_AKMpZsa.webp", "biography": "Xenia Mountrouidou is a Senior Security Researcher at Cyber adAPT with a versatile experience in academia and industry. She has over 10 years of research experience in network security, machine learning, and data analytics for computer networks. Her research interests revolve around network security, IoT, telemetry, and machine learning. She has authored scholarly papers in the areas of performance modeling, computer networks, embedded computer architectures, and computer network security. She has presented her work in academic and industry conferences such as USENIX Security, IEEE Big Data, Grafana Observability Con, and Interop.", "public_name": "Xenia Mountrouidou", "guid": "75af3bb8-b813-5cd5-8da3-b7e4dd4b71fb", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/GMN9YK/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/UMQE97/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/UMQE97/", "attachments": []}, {"guid": "b00fd87c-254c-54d0-921a-670e98cf5b4c", "code": "NESBFV", "id": 20456, "logo": null, "date": "2022-08-27T15:00:00-04:00", "start": "15:00", "duration": "00:50", "room": "Room 401 - \"Re-Engage\" track", "slug": "bsides-atlanta-2022-20456-why-your-cloudsec-team-should-be-using-your-siem", "url": "https://pretalx.com/bsides-atlanta-2022/talk/NESBFV/", "title": "Why Your CloudSec Team Should Be Using Your SIEM", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "In the last few years, detection of cloud misconfigurations, aka Cloud Security Posture Management, has evolved from a specialized technology into a commodity technology. First came the proliferation of vendors, then came native cloud provider capabilities and open-source solutions, and finally vendor consolidation and a rush to incorporate other selling points such as workload vulnerability management and nebulous support for \"supply chain security\". \r\n\r\nIn this talk, we'll take a whistlestop tour of CSPM options then we'll discuss why your SIEM and CSPM should actually be one and the same. Wait, what? I thought SIEMs were dying a death? And why should your CloudSec team be going anywhere near your SIEM!? \r\n\r\nHear me out. If you combine transactional cloud logs (CloudTrail) with asset management data (AWS Config or similar), and you put a general purpose query engine on top of this (Elasticsearch, Splunk), CSPM rules are not only easy to write, but it also opens up a whole new world of enrichment (who actually launched that Windows EC2 server exposing RDP to the internet?) and \"hybrid\" checks that neither your CSPM nor your SIEM can provide you on their own. In short, we can turn everything into a query. \r\n\r\nFor a concrete example, we'll focus on subdomain takeovers in AWS, a continual source of bug bounty fodder. We'll explain the root cause of two types (spoiler: it's an \"order of operations\" problem) and walk through building hybrid checks to detect these in real-time.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "CHMC7B", "name": "John Heasman", "avatar": null, "biography": "John Heasman is the CISO of Chegg, the leading student-first connected learning platform where he is focused on proactive approaches to building secure software. Prior to Chegg, John was the Deputy CISO at DocuSign. He has presented at Black Hat, Defcon, OWASP AppSec and other industry forums on a diverse range of topics from web application security through to firmware APTs. Earlier in his career, he co-authored The Shellcoder\u2019s Handbook (2nd Ed.) and The Database Hacker\u2019s Handbook.", "public_name": "John Heasman", "guid": "4684ba39-3bc8-5c74-9481-de3ac5811be6", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/CHMC7B/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/NESBFV/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/NESBFV/", "attachments": []}, {"guid": "d28297c9-b02d-53cc-bdfc-642ecd8321e0", "code": "7HEXMD", "id": 20038, "logo": null, "date": "2022-08-27T16:00:00-04:00", "start": "16:00", "duration": "00:50", "room": "Room 401 - \"Re-Engage\" track", "slug": "bsides-atlanta-2022-20038-spilling-the-beans-how-to-spot-a-bad-pentest", "url": "https://pretalx.com/bsides-atlanta-2022/talk/7HEXMD/", "title": "Spilling the Beans: How to Spot a Bad Pentest", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Ever wondered what the magic is behind a penetration test? Did you receive a pentest report that does not line up with your expectations? Do you want to get more out of your consulting partners or want to know the secret to landing that job at a consulting firm? Come join us as we spill the beans and disclose how the (halal) sausage is made. We will discuss pentesting from the perspective of both the client and the consultant. If you're looking to land a job at a consultancy, this talk is for you too. As we peel the curtain and talk through real-world examples, everyone walks out with the magic sauce.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "9UUQS3", "name": "Qasim Ijaz", "avatar": "https://pretalx.com/media/avatars/9UUQS3_hBabnJw.webp", "biography": "Qasim \"Q\" Ijaz is a Director of Offensive Security at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the \"dry\" business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.", "public_name": "Qasim Ijaz", "guid": "47b33b4c-9149-5e52-8831-2222d7a305cb", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/9UUQS3/"}, {"code": "KUB8EC", "name": "Andrew Clinton", "avatar": null, "biography": "Andrew Clinton has been working in IT and Information Security for more than 15 years. He\u2019s held a wide range of roles from engineering to senior leadership across a wide range of focuses such as defensive security engineering, penetration testing, and compliance. He has a bizarre appreciation for project management. Outside of work he spends unreasonable amounts of money on complex hobbies he doesn\u2019t have time for. He is currently Director of Cyber Security at Aveanna Healthcare where he oversees security engineering, incident response, and internal penetration testing.", "public_name": "Andrew Clinton", "guid": "2adbc4d2-0c4b-5c70-910c-960d63af010b", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/KUB8EC/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/7HEXMD/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/7HEXMD/", "attachments": []}], "Room 402 - \"Re-Imagine\" track": [{"guid": "87e12d71-a0cc-5318-8a33-60ae1bfc5c3c", "code": "MWSP87", "id": 20195, "logo": null, "date": "2022-08-27T09:30:00-04:00", "start": "09:30", "duration": "00:50", "room": "Room 402 - \"Re-Imagine\" track", "slug": "bsides-atlanta-2022-20195-building-an-effective-security-strategy-it-s-more-than-a-list-of-tech", "url": "https://pretalx.com/bsides-atlanta-2022/talk/MWSP87/", "title": "Building an Effective Security Strategy: It's More Than A List Of Tech", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "In this discussion we will discuss the process of developing a workable and effective security strategy for an enterprise.  Covering steps from Evaluation to Context to Mission to Budget we will discuss what a security strategy is, what a security strategy isn't, and why much of what you think you know about creating a strategy likely isn't correct.  This talk can help leaders rethink how they approach strategy and can help individual contributors realize why sometimes their leader does things that seem odd.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "L8C7UV", "name": "Martin Fisher", "avatar": "https://pretalx.com/media/avatars/L8C7UV_dCVGL64.webp", "biography": "Martin Fisher is a 20+ year information security veteran who has worked in the commercial aviation, finance, and healthcare delivery industries.  He currently serves as the CISO of Northside Hospital in Atlanta, Georgia.  He was a founding host of the award winning Southern Fried Security Podcast for 10 years, has appeared on NPRs \u201cScience Friday with Ira Fladow\u201d, and has spoken internationally on a variety of information security topics.  He has led a variety of teams through significant transformations and helped create high-performing teams of engaged and effective security professionals.  Martin can be contacted on Twitter via @armorguy.\r\n\r\nhttps://www.linkedin.com/in/martinjfisher/", "public_name": "Martin Fisher", "guid": "e3719282-1bd5-5557-8436-b75b6071cfed", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/L8C7UV/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/MWSP87/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/MWSP87/", "attachments": []}, {"guid": "349807ca-cfae-568a-855a-931970f76ae9", "code": "9VCSYR", "id": 20510, "logo": null, "date": "2022-08-27T10:30:00-04:00", "start": "10:30", "duration": "00:50", "room": "Room 402 - \"Re-Imagine\" track", "slug": "bsides-atlanta-2022-20510-cyber-defense-with-security-as-code", "url": "https://pretalx.com/bsides-atlanta-2022/talk/9VCSYR/", "title": "Cyber Defense with Security as Code", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "\"Why are things like Deployment Consistency, Automated Scanning, Secrets Management, Configuration Drift, Disaster Recovery, Dynamic Provisioning, and Version Control all so important from a security perspective. For some this may be a rhetorical question with a set of obvious answers, for others, not so much.\r\n\r\nAs organizations move infrastructure to the cloud, the need for automating processes has become a requirement. No longer can Operations administrators spend countless hours clicking through web interfaces to deploy or configure cloud assets, it is too time consuming and more importantly prone to human error. In most organizations it's the IT Operations teams that are primarily responsible for deploying and configuring these assets and many of these people often have little code development experience. I come from an IT Operations background and want to show you how simple it can be to get started with source control and deploying resources in the Cloud. We will also dive into why we should care from a security perspective and what it means going forward.\"", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "VXS8PJ", "name": "David Hall", "avatar": "https://pretalx.com/media/avatars/VXS8PJ_sWxqJcu.webp", "biography": "David Hall has more than 23 years experience in cybersecurity and IT operations. He is currently a Senior Customer Engineer at Microsoft specializing in cybersecurity. Before joining Microsoft in 2018 he served more than 21 years in the Army as a Signal Warrant Officer. He finished his Army career as an Instructor at the US Army Cyber Center Of Excellence, FT Gordon GA, teaching Microsoft Official curricula. He is also a former collegiate Adjunct Instructor and enjoys sharing knowledge with the community through his blog and YouTube channel at (https://www.cyberautomate.io)", "public_name": "David Hall", "guid": "c540defa-53d4-59be-b626-2e342bd36789", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/VXS8PJ/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/9VCSYR/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/9VCSYR/", "attachments": []}, {"guid": "4a084864-a91c-5be3-bc69-a87554673c56", "code": "8CBG78", "id": 21296, "logo": null, "date": "2022-08-27T11:30:00-04:00", "start": "11:30", "duration": "00:20", "room": "Room 402 - \"Re-Imagine\" track", "slug": "bsides-atlanta-2022-21296-protecting-the-centerpiece-jewel-in-your-crown-jewels-enterprise-financial-system-forensic-model-detection-and-logic", "url": "https://pretalx.com/bsides-atlanta-2022/talk/8CBG78/", "title": "Protecting the Centerpiece Jewel in your Crown Jewels: Enterprise Financial System- Forensic Model, Detection and Logic", "subtitle": "", "track": null, "type": "20 minute talk", "language": "en", "abstract": "ERP systems are critical systems in all enterprises worldwide. Its common usage and large number of users within organizations makes it vulnerable to external threats and internal activity,\r\nwhich if breached can lead to dire consequences and great loss to an organization. Understanding financial systems and its architecture would help  build security used cases and detection rules useful for cyber security incident response techniques.\r\n\r\nAttendees would gain insight into ingesting ERP logs to a security management tool or log collector, an example of how to develop a base forensic model on financial data would be demonstrated. \r\nOne easy and one medium-hard detection and correlation rules and its logic would be shown. \r\nCentral repository of an analytical dashboard for a single panel view would be explained for management viewing. \r\n \r\nAll of above would be summed up to improve incident analysis, pattern analysis and operational security posture of financial systems in enterprises.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "KXGWC7", "name": "Ashwin Rajendra", "avatar": "https://pretalx.com/media/avatars/KXGWC7_l3mpvuU.webp", "biography": "Ashwin Rajendra is an Cyber Security Incident Response manager on the incident response remediations team at Kimberly-Clark Corporation. His prior experience includes roles in both network security and threat intelligence, with a total of 10 years of security experience, four years in DFIR and Incident Response. Rajendra previously worked at ATOS and DELL. He holds a Master of Science in Cybersecurity, and certifications in digital forensics and data analytics. Rajendra loves to use and play with data in all aspects of work and he has a passion for security.", "public_name": "Ashwin Rajendra", "guid": "bbecb019-38ae-5e09-80dc-6c5533ebcb55", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/KXGWC7/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/8CBG78/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/8CBG78/", "attachments": []}, {"guid": "61797994-3888-57ab-88ed-ec497293c0ba", "code": "AQ989A", "id": 21365, "logo": null, "date": "2022-08-27T13:00:00-04:00", "start": "13:00", "duration": "00:50", "room": "Room 402 - \"Re-Imagine\" track", "slug": "bsides-atlanta-2022-21365-hell-firewire-and-infosec-a-sermon", "url": "https://pretalx.com/bsides-atlanta-2022/talk/AQ989A/", "title": "Hell, Firewire and Infosec: A Sermon", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "How does one face the world with so many vulnerabilities out there?  Another day, another 0-day, but yet we must overcome.  We are the front line; we are the last line. WE ARE INFOSEC.  We are the chosen people to protect the flock.  We must find the inspiration to harness the energy of the Multicolored Hat.  Whether you worship the red or the blue, we must join together as a nation, as a people, as a subculture.\r\n\r\nWait\u2026 Do I spot a sinner?  Do you tell your neighbor, \u201cDon\u2019t reuse thine password\u201d, yet do so yourself?  Are you guilty of committing your keys to GitHub?  Do you covet thy neighbor\u2019s bandwidth?  Come to the sermon of the Holy Multicolored Hat to securely erase those sins.  Let your conscious be free of guilt so that you can carry the good word to the world.  Be cool.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "VSLX9U", "name": "Xavier Ashe", "avatar": "https://pretalx.com/media/avatars/VSLX9U_Qp4iDtf.webp", "biography": "Xavier Ashe is currently a Senior Vice President in Truist's Security Operations division and the Vice-Chair of the Technology Association of Georgia (TAG) Information Security Society. Xavier is a Georgia Institute of Technology alumnus and has over 29 years of leadership experience in information security, working for various vendors and consulting firms, including IBM, Gartner, and Carbon Black. Xavier was the first hire at the startup Drawbridge Networks, where he was instrumental in bringing the first microsegmentation solution for servers and workstations to market. Mr. Ashe holds many industry certifications, including CISM, CISSP, ITIL, and SOA. Xavier has been invited to speak at many security conferences including DefCon, BSides, Splunk .conf, SANS, and others.", "public_name": "Xavier Ashe", "guid": "e6456c5e-156f-5bc9-8f3e-1a2ee8e12da2", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/VSLX9U/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/AQ989A/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/AQ989A/", "attachments": []}, {"guid": "227dc7da-eeb0-57fa-a681-ad7069967a0c", "code": "EPFMEW", "id": 20218, "logo": null, "date": "2022-08-27T14:00:00-04:00", "start": "14:00", "duration": "00:50", "room": "Room 402 - \"Re-Imagine\" track", "slug": "bsides-atlanta-2022-20218-planning-is-indispensable-tools-to-ensure-threat-intelligence-success", "url": "https://pretalx.com/bsides-atlanta-2022/talk/EPFMEW/", "title": "Planning is Indispensable: Tools to Ensure Threat Intelligence Success", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "This presentation will educate users on the importance of the overlooked Planning & Direction step of the Intelligence Cycle. Most presentations on this step merely teach \"Go elicit requirements\". In the real world, when a stakeholder is asked, \u201cWhat are your intelligence requirements?\u201d the answer is almost always, \u201cAren\u2019t you supposed to tell me that?\u201d Only about 10% of CISOs have military or intelligence community experience and within that cohort, even fewer have been intelligence commanders or policymakers trained to integrate intelligence into planning or policy. In this presentation, we'll discuss how to reverse engineer intelligence requirements via empathetic techniques. Then, attendees will learn how requirements drive the rest of the Intelligence Cycle (spoiler alert: the cycle isn\u2019t a simple circle!). Attendees will learn best practices for eliciting intelligence requirements, designing an intelligence architecture, creating a robust collection plan, and collecting the right metrics!", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ERLTNP", "name": "Brian Kime", "avatar": "https://pretalx.com/media/avatars/ERLTNP_dRtqVfL.webp", "biography": "Brian leads strategic intelligence production, competitive intelligence, and customer advisory at ZeroFox. He formerly led all threat intelligence, vulnerability risk management, and industrial control systems security research at Forrester. He is also a major in the United States Army Reserve Innovation Command where he seeks out operational innovation, concepts, and capabilities to enhance the readiness and lethality of the US Army as an Innovation Liaison Officer.\r\n\r\nWith over 15 years in Intelligence operations, Brian knows intelligence programs can only succeed with robust management support and an in-depth understanding of the environment and threats. Brian has worked at Secureworks where he helped defend the premier managed security service provider and later embedded in one of the firm\u2019s largest client\u2019s security teams. He also helped defend the electric grid from state-nexus actors at Southern Company. As an Army Reserve officer, he deployed to Operation Enduring Freedom where he provided intelligence support to special operations forces.\r\n\r\nBrian holds many security certifications including CISSP, GLEG, GPEN, GCFA, GCCC, GCPM, GCIA, GCIH, GSEC and is an Army Cyber Operations Planner. He holds masters of science degrees from the SANS Technology Institute and Georgia State University, and a Bachelor of Science degree from Georgia Tech.", "public_name": "Brian Kime", "guid": "9936ce96-fffe-5556-90a0-9da803da3fe4", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/ERLTNP/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/EPFMEW/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/EPFMEW/", "attachments": []}, {"guid": "ef552d9e-1172-5d34-97ac-dd70793fdcd1", "code": "G7HDJ3", "id": 21386, "logo": null, "date": "2022-08-27T15:00:00-04:00", "start": "15:00", "duration": "00:50", "room": "Room 402 - \"Re-Imagine\" track", "slug": "bsides-atlanta-2022-21386-what-air-disasters-can-teach-us-about-incident-response", "url": "https://pretalx.com/bsides-atlanta-2022/talk/G7HDJ3/", "title": "What Air Disasters Can Teach Us about Incident Response", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Computer Forensics is a relatively new field when compared to other related fields. By contrast, the men and women of the NTSB have been investigating air accidents for as long as there have been airplanes, and well before the advent of computers. Computer Intrusions and Air Disasters share a lot in common. While computer intrusions thankfully seldom involve loss of life or serious injury, just as with Air Disasters, they are cascade failures of people, process and technology.  In this talk a look is taken at how Air Disasters are investigated, and how we can apply that to Computer Forensic investigations.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "MSWZC9", "name": "Tony Drake", "avatar": null, "biography": "Tony Drake has been involved in computer security roles beginning with his first job out of college. He has held positions in most aspects of computer security, system administration, and application administration over a career spanning 22 years and 4 states.", "public_name": "Tony Drake", "guid": "70f8d21b-a533-5827-bd7e-5d9546c2f52c", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/MSWZC9/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/G7HDJ3/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/G7HDJ3/", "attachments": []}, {"guid": "b480b37d-7814-5ef7-bd71-4ddc99b9f767", "code": "FTGXK3", "id": 20805, "logo": null, "date": "2022-08-27T16:00:00-04:00", "start": "16:00", "duration": "00:50", "room": "Room 402 - \"Re-Imagine\" track", "slug": "bsides-atlanta-2022-20805-re-imagining-incident-response-with-velociraptor", "url": "https://pretalx.com/bsides-atlanta-2022/talk/FTGXK3/", "title": "Re-Imagining Incident Response with Velociraptor", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Can you imagine easily investigating alerts or triaging hosts \u2013 even thousands at once \u2013 using a single cross-platform, lightweight, open source tool? \r\n\r\nCan you imagine quickly dissecting adversary activity and locating malware through YARA, Sigma, process memory scanning, and more?\r\n\r\nCan you imagine then actively responding to an infection by quarantining hosts, removing persistence mechanisms, and performing overall remediation using your favorite commands or tools using the same tool?\r\n\r\nCan you imagine post-processing and reducing the result set using the same tool, or easily shipping the data off to s3, Elastic, Splunk or other platforms to tie in with other types of data?\r\n \r\nIt's time to re-imagine the level of effort, expertise, and funding necessary to keep the enterprise safe. It's time to learn more about Velociraptor. This presentation will provide several examples of how this open source tool platform can be used for threat hunting, detection, and incident response. \r\n\r\nAttendees will walk away with an immediate understanding of how they can start using Velociraptor to monitor for, investigate, and respond to evildoers in their environment.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "GKNEFP", "name": "Wes Lambert", "avatar": null, "biography": "Wes Lambert is a Principal Engineer at Security Onion Solutions, where he helps companies to implement enterprise security monitoring solutions and better understand their computer networks. He is a huge fan of open source software projects, and loves to solve problems and enhance organizational security using completely free and easily deployable tools.", "public_name": "Wes Lambert", "guid": "5804ad92-f68d-5f66-94e3-a9bd453fdcc8", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/GKNEFP/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/FTGXK3/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/FTGXK3/", "attachments": []}], "Room 460 - \"Re-Ignite\" track": [{"guid": "323115c7-f953-5f27-9c9a-ad3fd11caf44", "code": "APRUFV", "id": 20831, "logo": null, "date": "2022-08-27T09:30:00-04:00", "start": "09:30", "duration": "00:50", "room": "Room 460 - \"Re-Ignite\" track", "slug": "bsides-atlanta-2022-20831-death-by-a-thousand-cuts-how-to-secure-windows-network-protocols-and-frustrate-your-next-pentester", "url": "https://pretalx.com/bsides-atlanta-2022/talk/APRUFV/", "title": "Death by a thousand cuts: How to secure Windows network protocols and frustrate your next pentester", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "For years internal network penetration tests have taken advantage of weak network protocols and a plethora of insecure defaults found within Windows environments. \r\n\r\nIn some cases, you might hear a pentester even say \"we can basically write the report before we even test\" due to the prevalence and repeatability of these attack vectors.\r\n\r\nThis sucks.\r\n\r\nHow do you know you're moving the needle?\r\n\r\nHow do you ensure that you won't be hit with the same findings year after year?\r\n\r\nHow do you know you're winning?\r\n\r\nYou can think of this talk alternatively as \"10 tips pentesters don't want you to know about\u2026 you won't believe number 6!\" I'll walk through the history of internal network penetration testing, what we find in almost every test, and give you actionable steps you take to make your next pentester have a tough time.\r\n\r\nI will focus specifically on attacks that target on premise Active Directory, as this receives the most attention by red teamers and actual adversaries (think ransomware gangs) alike.\r\n\r\nDoes this sound aggressive? It should. As a penetration tester, it is a good thing if my job is frustrating. \r\n\r\nThat means you're winning.\r\n\r\nI want you to win.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "LFLBQN", "name": "Deleted User", "avatar": null, "biography": "", "public_name": "Deleted User", "guid": "481e3e28-0635-5484-a5aa-106cd73d2b72", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/LFLBQN/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/APRUFV/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/APRUFV/", "attachments": []}, {"guid": "069254b8-9416-557d-8043-b0f0ebab648a", "code": "XBEJFU", "id": 20584, "logo": null, "date": "2022-08-27T10:30:00-04:00", "start": "10:30", "duration": "00:50", "room": "Room 460 - \"Re-Ignite\" track", "slug": "bsides-atlanta-2022-20584-gambling-with-security-comparing-casino-and-slot-machine-security-with-corporate-security", "url": "https://pretalx.com/bsides-atlanta-2022/talk/XBEJFU/", "title": "GAMBLING WITH SECURITY - Comparing Casino and Slot Machine Security with Corporate Security.", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "When I first jumped into the Slot Machines and Casino industry, I was expecting a super airtight security system and procedures. What I found out was shocking.  They were just the same as most corporate and government organizations if not worse in some cases. I have taken this on in three different angles as a Pen tester, gaming lab researcher and head of a slot development department. \r\nRegulations for Casinos vary from state to state and mostly focus on financials and player fairness. When it does refer to system security it usually is vague, out of dat. Some gaming vendors take advantage of security testing while other do not and assume they are going to be in air-gapped environment. The trend continues today even with online gambling and wagering systems online. \r\nThis talk is meant to be fun as I am often asked; \u201cHow do you cheat a slot machine?\u201d. Until now, I have never been allowed to answer and this will be my first public talk on the subject out of many!!", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "USSXFN", "name": "Scott \"Duckie\" Melnick", "avatar": "https://pretalx.com/media/avatars/USSXFN_oI0LlJX.webp", "biography": "Scott currently leads the security research and development department for Bulletproof, a GLI Company conducting security penetration testing in the gaming and government sectors. Scott is an experienced IT leader and a white-hat hacker with over 25 years of experience. He specializes in the gaming industry with experience in slot system R&D and security operations. During his tenure in the gaming sector, Scott has assisted law enforcement and casino operators with the player and internal employee fraud investigations. Scott holds over 6 patents based on gaming and security and has one on the way for an anti-cheat engine.", "public_name": "Scott \"Duckie\" Melnick", "guid": "3743f940-1d2f-5838-a71e-fc5c0d00d0fe", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/USSXFN/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/XBEJFU/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/XBEJFU/", "attachments": []}, {"guid": "dfb574ef-1880-5508-9fbd-47e93c934d82", "code": "C3GZRM", "id": 20438, "logo": null, "date": "2022-08-27T13:00:00-04:00", "start": "13:00", "duration": "00:50", "room": "Room 460 - \"Re-Ignite\" track", "slug": "bsides-atlanta-2022-20438-ir-in-the-cloud-don-t-panic-take-a-deep-breath-you-ve-got-this", "url": "https://pretalx.com/bsides-atlanta-2022/talk/C3GZRM/", "title": "IR in the Cloud: Don't panic, take a deep breath, you've got this.", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "The dangers of the cloud are many. Are you prepared for the email from AWS saying your access keys are in GitHub? Do you know what to do when your bill spikes 500% overnight? What about when GuardDuty tells you your middleware server is engaged in intimate traffic patterns with the Kremlin?\r\n\r\nPanic is an appropriate and very human response to all of the above.  Or you could attend this talk and we'll talk through a cloud-centric version of Preparation, Identification, Containment, Eradication. Then, if one of these unfortunate events happens to your company, you'll be ready to rise to the occasion and lead your responders to victory.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "ANRBXD", "name": "Chris Farris", "avatar": "https://pretalx.com/media/avatars/ANRBXD_RIVOrYa.webp", "biography": "Chris Farris has been in the IT field since 1994 primarily focused Linux, networking, and security. For the last 7 years he has focused on public-cloud and public-cloud security for major media companies. He has built and evolved multiple cloud security programs focusing on enabling the broader security team\u2019s objectives of secure design, incident response and vulnerability management. He has developed cloud security standard and baselines to provide risk-based guidance to development and operations teams. As a practitioner, he\u2019s architected and implemented multiple serverless and traditional cloud applications, focused on deployment, security, operations, and financial modeling.\r\n\r\n He opines on security and technology on Twitter and at his website https://www.chrisfarris.com", "public_name": "Chris Farris", "guid": "2ef41c64-3ba9-5834-8c69-db5bd5f80174", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/ANRBXD/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/C3GZRM/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/C3GZRM/", "attachments": []}, {"guid": "3c2aeecd-fdf4-5f98-bd13-1e7cd7feda33", "code": "YTP8RS", "id": 20094, "logo": "https://pretalx.com/media/bsides-atlanta-2022/submissions/YTP8RS/STOS_Pl3FW1f.png", "date": "2022-08-27T14:00:00-04:00", "start": "14:00", "duration": "00:50", "room": "Room 460 - \"Re-Ignite\" track", "slug": "bsides-atlanta-2022-20094-security-team-operating-system", "url": "https://pretalx.com/bsides-atlanta-2022/talk/YTP8RS/", "title": "Security Team Operating System", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Based on building security programs at 100s of organizations and interviews with dozens of security leaders, Christian provides a 6 part system for managing high performing security teams. This leadership framework is not based on theory, but real world experience building and managing security programs for organization across the nation.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "MUKLEY", "name": "Christian Hyatt", "avatar": "https://pretalx.com/media/avatars/MUKLEY_YsQ2YVZ.webp", "biography": "Christian Hyatt is the CEO and Co-founder or risk3sixty. At risk3sixty, Christian has helped assess and build 100s of security programs. Risk3sixty is a winner of Atlanta's fastest growing company and best places to work 2020, 2021, and 2022. Learn more about risk3sixty at www.risk3sixty.com.", "public_name": "Christian Hyatt", "guid": "747f0eb8-5985-5ff9-be8e-5c10beed639a", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/MUKLEY/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/YTP8RS/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/YTP8RS/", "attachments": []}, {"guid": "7b4c8869-04db-5c26-9f87-5f15b29066db", "code": "NWZ7SU", "id": 20803, "logo": null, "date": "2022-08-27T15:00:00-04:00", "start": "15:00", "duration": "00:50", "room": "Room 460 - \"Re-Ignite\" track", "slug": "bsides-atlanta-2022-20803-these-violent-delights-burnout-recovery-and-prevention-101", "url": "https://pretalx.com/bsides-atlanta-2022/talk/NWZ7SU/", "title": "These Violent Delights: Burnout Recovery and Prevention 101", "subtitle": "", "track": null, "type": "50 minute talk", "language": "en", "abstract": "Burnout is too common among working people, especially those in the information security industry. Our understanding of security is undergoing massive change and growth, and for that to be a successful process, we need people who are passionate and energized.\r\n\r\nLike many, I spent the majority of 2020 burning too hot and I burnt out as a result. What confounded me is that I was just doing something I loved: learning and improving my pentesting skill set. The price I ended up paying was steep, and it took a lot longer to cover my debt to my passion than it did to *destroy* my passion.\r\n\r\nThis talk will be about my personal journey OUT of burnout, what I learned, and how others can recover from burnout and avoid it going forward. Perhaps more importantly, I'll discuss things that contribute to burnout that are out of our control. If we've done everything we can to improve our situation, but burnout potential is still high, it may be time to find a different situation.", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "XQSKT7", "name": "Ryan Basden", "avatar": "https://pretalx.com/media/avatars/XQSKT7_lJ1GsBr.webp", "biography": "I am a penetration tester, red teamer, and adversary simulation practice lead at risk3sixty.", "public_name": "Ryan Basden", "guid": "a101ad0b-310e-5c3d-b1b0-4ca10283da67", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/XQSKT7/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/NWZ7SU/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/NWZ7SU/", "attachments": []}], "Room 461 - Resume village": [{"guid": "e71f3f2b-1a48-528a-bd54-eb8e50f262d6", "code": "GXALUN", "id": 21560, "logo": null, "date": "2022-08-27T09:30:00-04:00", "start": "09:30", "duration": "06:00", "room": "Room 461 - Resume village", "slug": "bsides-atlanta-2022-21560-resume-village", "url": "https://pretalx.com/bsides-atlanta-2022/talk/GXALUN/", "title": "Resume village", "subtitle": "", "track": null, "type": "Village", "language": "en", "abstract": "BSides Atlanta is happy to be once again offer resume review and feedback for attendees!  \r\n9:30-10:45am Kevin\r\n12:00-2:00pm Jessica\r\nLunch\r\n2:15-3:30 Oliva", "description": null, "recording_license": "", "do_not_record": false, "persons": [{"code": "AECVJZ", "name": "Jessica A Lucas", "avatar": "https://pretalx.com/media/avatars/AECVJZ_oCPlUNc.webp", "biography": null, "public_name": "Jessica A Lucas", "guid": "881bca2f-4c88-52e5-998e-e6bf663dd47a", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/AECVJZ/"}, {"code": "7GDCWE", "name": "Kevin Dodson", "avatar": "https://pretalx.com/media/avatars/7GDCWE_9ZROJzo.webp", "biography": "VP of Diversity & Inclusion, Workforce 2000\r\nvCISO, Convergence Networks", "public_name": "Kevin Dodson", "guid": "912d8a2c-e3a8-5494-9322-9e8adb3372a8", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/7GDCWE/"}, {"code": "3QM3DN", "name": "Olivia Rose", "avatar": "https://pretalx.com/media/avatars/3QM3DN_wa5w2va.webp", "biography": "Olivia Rose is the CISO, and VP of IT & Security for Amplitude, the world-leader in product analytics. Olivia is a proven cybersecurity leader with close to 20 years building, transforming, and optimizing successful IT and cybersecurity programs. Olivia possesses a unique blend of technical, governance, and business acumen and experience, enabling IT and security initiatives to align with the business and demonstrate value. Olivia is frequently requested at speaker events and podcasts, and is regarded as a mentor and thought leader in the industry. Olivia holds numerous IT and security certifications, including CISSP, CISM, CCSK, and is an active participating member of several industry groups. Olivia was recently elected to the Board of Cyversity, an organization dedicated to the consistent representation of women and underrepresented minorities in the cybersecurity industry through programs designed to diversify, educate, and empower.", "public_name": "Olivia Rose", "guid": "c64daf9a-ab7b-55a7-b5da-182127301ad1", "url": "https://pretalx.com/bsides-atlanta-2022/speaker/3QM3DN/"}], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/GXALUN/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/GXALUN/", "attachments": []}], "Room 462 - Secure Code Warrior CTF": [{"guid": "530e458e-8476-5666-9b01-5fb4ab2316df", "code": "A9HSZ3", "id": 21679, "logo": null, "date": "2022-08-27T09:30:00-04:00", "start": "09:30", "duration": "07:00", "room": "Room 462 - Secure Code Warrior CTF", "slug": "bsides-atlanta-2022-21679-ctf-secure-code-warrior-and-netkoth", "url": "https://pretalx.com/bsides-atlanta-2022/talk/A9HSZ3/", "title": "CTF Secure Code Warrior and NetKotH", "subtitle": "", "track": null, "type": "Village", "language": "en", "abstract": "CTF Room with Secure Code Warrior and NetworkKingoftheHill available.", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/A9HSZ3/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/A9HSZ3/", "attachments": []}], "Room 174 - Lockpick village": [{"guid": "ea837b57-5f8d-5dba-bc64-5a77179c613b", "code": "FGJEDE", "id": 20015, "logo": null, "date": "2022-08-27T09:30:00-04:00", "start": "09:30", "duration": "07:00", "room": "Room 174 - Lockpick village", "slug": "bsides-atlanta-2022-20015-lockpick-village", "url": "https://pretalx.com/bsides-atlanta-2022/talk/FGJEDE/", "title": "Lockpick Village", "subtitle": "", "track": null, "type": "Village", "language": "en", "abstract": "Come learn how to pick locks at the Lockpick Village.  All are welcome, regardless of prior experience!  You've never picked a lock before?  This is the place for you to get your feet wet!\r\n\r\nThe village is being conducted by the good folks at Atlanta Locksport.  You can find out more about them by visiting their website at https://atlantalocksport.org/", "description": null, "recording_license": "", "do_not_record": false, "persons": [], "links": [], "feedback_url": "https://pretalx.com/bsides-atlanta-2022/talk/FGJEDE/feedback/", "origin_url": "https://pretalx.com/bsides-atlanta-2022/talk/FGJEDE/", "attachments": []}]}}]}}}