Learning Labs

Learning Labs are two-hour facilitated experiences, designed to immerse attendees in interactive exercises and discussions. Attendance is capped at 64 participants, assuring that every person in the room has the opportunity to engage with the facilitator and get the most out of the experience. Unlike a traditional track session with the “sage on the stage,” the Lab facilitator is a “guide on the side,” leading participants through the content and exercises, while challenging them to apply what they are learning and engage with one another.

NEW FOR 2017! We’ve added four more Learning Labs, bringing the total this year to 16!

NOTE: Learning Labs are free for attendees with a Full Conference pass. Expo and Discover passholders cannot register for these Labs. Because these sessions have become so popular, attendees may not register for more than one Lab.

Tracking Ransomware—Using Behavior to Find New Threats

This hands-on interactive lab (bring your own laptop) will explore the latest ransomware trends and how to defend your enterprise against this threat. Attendees will understand what is ransomware, the attack vectors and the commonalities between variants. They will learn the skills to find and track new ransomware with dynamic analysis of behavior, and what is the sophistication of the perpetrators.

Jessica Bair, Sr. Manager, Advanced Threat Solutions, Cisco Systems 
Eric Hulse, Technical Lead, Research and Efficacy Team, Cisco Systems
Joshua Reynolds, Software Engineer, Research and Efficacy Team, Cisco Systems

Integrating IT and OT: Design Challenges in Critical Infrastructure Security

Using a simulated Industrial Internet of Things environment, this Learning Lab will demonstrate the scenario of converging IT and OT critical infrastructure systems, and will integrate a simulated OT environment into a simulated IT environment. Through this hands-on approach, the audience will gain an understanding of design challenges faced during IT/OT integration and their implications.

Lane Thames, Software Engineer and Security Researcher, Tripwire

Hands-On Exploit Development for Beginners

Participants will hack into a series of vulnerable servers and get onto winners boards.  Instead of using tools, you will create your own attacks. The easier challenges require nothing but a web browser: command injection and SQL injection. The harder challenges require a Kali Linux virtual machine and exploit buffer overflows at the binary level.

Sam Bowne, Instructor, Computer Networking and Information Technology, City College San Francisco
Dylan James Smith, Systems Consultant, heydylan
Devin Duffy, Student, City College of San Francisco

Nation under Attack: Live Cyber-Exercise 

The country is under a serious cyberattack with national consequences. Multiple industry sectors are impacted. How would senior government officials and private sector experts respond? Join this unique exercise as an observer to see how world-renowned experts in positions of power respond to challenges of a realistic scenario and unveil the curtain on joint government and industry response.

Dmitri Alperovitch, Co-Founder and CTO, CrowdStrike Inc.
Jason Healey, Senior Research Scholar, Columbia University School for International and Public Affairs

Threat Modeling Demystified

Most organizations require threat models. The industry has recommended threat modeling for years. What holds us back? Master security architect, author and teacher Brook Schoenfield will take participants through a threat model experience based upon years of teaching. Expect a kick start. Practitioners will increase understanding. Experts will gain insight for teaching and programs.

Brook Stephan Schoenfield, Principal Architect Product Security, Intel Security

Analytics and Detection through Coding, Scripting and Organizing Data

Detecting complex attacks has changed from reliance on tooling like SIEM and been replaced with analyst-derived code. Whether asking the data questions to determine deviation from normal, distilling data for manual analysis or automating SOC functions, python, scripting, unique data structures and search tools are the new normal. This lab will demonstrate and teach analysts creative use of coding tools.

Mischel Kwon, President and CEO, MKACyber
Brian Kwon, SOC Analyst, MKACyber
David Smith, Developer, Phantom
Dilan Bellinghoven, SOC Analyst, MKACyber
Matt Norris, Senior Analyst, MKACyber 

A General Introduction to Modern Cryptography

What actually happens when you buy a book from Amazon? This session will use this scenario to describe the fundamentals of modern symmetric and asymmetric cryptography on which the rest of the field is built. The SSL/TLS protocol, block ciphers such as DES and AES, stream ciphers, Diffie-Hellman key exchange, and of course, RSA will all be explained and dissected. Hands on—bring your computer!

Josh Benaloh, Senior Cryptographer, Microsoft Research

Cyber-Overlord: Nation-State Cyberattack Exercise

In this realistic interactive exercise you will be members of a National CERT (CERTrsac) responding to a nation-state attack. You will need to investigate an unfolding incident across multiple industry sectors working out the scope and impact of the incident. You will then brief the FBI, develop industry warnings, make a media announcement and appear before a congressional hearing.

Stephen McCombie, Senior Practice Manager Advanced Cyber Defense – Asia Pacific and Japan, RSA

A Hard Privacy Impact Assessment: Monitoring and Protecting Children Online

In this lab you will develop a privacy impact assessment (PIA) for a system that monitors online chat behavior with the aim of keeping children safe online, balancing individual rights with preventing crime, perceptions of surveillance and data access. You will discover ways of thinking about privacy issues when you have to conduct less emotive PIAs, and partner with privacy professionals and lawyers.

John Elliott, Head of Payment Security, EasyJet

Achieving and Measuring Success with the Security Awareness Maturity Model

Far too often security awareness officers are not sure what stage their awareness program is at, what success looks like or what path to take to achieve their goals. Learn how others have used the proven Security Awareness Maturity Model to build, maintain and measure a mature awareness program.

Lance Spitzner, Director, SANS Institute

A Successful Application Security Program: Envision, Build and Scale

Learn how to build an application security program that is successfully integrated into various stages of software development life cycle and product life cycle. This lab will draw from the facilitators’ successful experience at Sabre, focusing on the top five maxims to design, build and scale.

Jyothi Charyulu, Sr. Principal Application Security Architect, Sabre
Jaya Chilakamarri, Director, Enterprise Governance and Audit, Sabre

Optimize Your Supply Chain Cybersecurity

Securing your organization’s cyber-activity is no longer enough. Contracting with vendors solves many business challenges, but it also creates cyber-vulnerabilities. Hackers not only know this, they are exploiting it. In this Learning Lab, you will create an actionable plan to improve your current cybersecurity practices and keep your company safe within its own supply chain.

Jamison Day, Principal Data Scientist, LookingGlass Cyber Solutions
Allan Thomson, Chief Technology Officer, LookingGlass Cyber Solutions

Investigating and Prosecuting Cybercrime—Enter the Law Enforcement Trenches

Abstract: Join current and former federal prosecutors and agents in investigating cybercrimes and prosecuting the offenders—while protecting the myriad interests of victims. Using actual case scenarios, step into the shoes of investigators, prosecutors and victims to build the investigation, tackle cutting-edge legal issues, protect the victims and prove a cybercrime case in a courtroom.

Brian Coleman, Senior Manager, Global Information Security and Digital Forensics, Pfizer
Edward McAndrew, Partner and Leader, Privacy and Data Security Group, Ballard Spahr LLP
Ted Theisen, Managing Director, Cyber Risk Solutions Practice, UnitedLex Corporation

Deep Impact: Explore the Wide Reaching Impact of a Cyberattack

Abstract: The impacts of a cyberattack are long-lasting and extend well beyond technology. In this cyber-wargame, participants will test their assumptions and incident response know-how against a cyberattack scenario with complex business impacts that unfolds over a simulated year.

Mary Galligan, Managing Director, Deloitte & Touche LLP; former Special Agent in Charge of Cyber and Special Operations, FBI
Daniel Soo, Principal, Deloitte Advisory Cyber Risk Services

Data Breach Digest—Perspectives on “the Human Element”

Data breaches involving the human element are not just IT problems, but also pose challenges for legal, HR and marketing/PR stakeholders. Through exercises led by IR stakeholder facilitators, attendees will engage in discussions covering data breach response activities through multi-stakeholder points-of-view, and in doing so, gain a better understanding of the many dimensions of breach response.

Jeremy Bohrer, Partner, Brown Rudnick LLP
John Grim, Senior Manager/RISK Team, Verizon
John Loveland, Director, Network Security Solutions, Verizon
Chris Novak, Director, Network Security, Verizon

The Art and Science of Making Better Decisions: The Pathway to Leadership

Abstract: Explore the link between your biases, your decisions and your leadership style. Through individual self-reflective exercises, attendees will develop a portfolio of leadership skills that will help them to understand their biases and to make better decisions. This Lab is ideal for hiring managers and team leaders committed to diversity in all its forms and those seeking to become better leaders.

Dr. Uma Gupta, Consultant,

This document was retrieved from on Tue, 23 Jul 2019 07:12:52 -0400.