Learning Labs

Adversarial Machine Learning - Learn Why and How to Break AI!

Facilitator:
Beat Buesser, Research Staff Member, IBM Research
Adversaries continuously transform their tactics and tools to deceive or break applications based on AI. With increasing numbers of AI deployed in security critical applications their focus is on evading and extracting the underlying ML to achieve their malicious goals. This hands-on Learning Lab will be a unique opportunity to learn why we should break our own AI, and more importantly how to break it!

 

Build and Lead an Effective Security Program: 7 Key Factors, 13 Activities

Facilitator:
Todd Fitzgerald, CISO, Cybersecurity Leadership Author, CISO SPOTLIGHT, LLC

How do CISOs know if their security programs are effective? This session combines the well-respected management effectiveness framework (McKinsey 7S Model including strategy, structure, systems, skills, style, staff, and shared values factors), with 13 cybersecurity program activities the CISO must perform to determine how the effectiveness of a security program.

 

Cloud Threat Gamification: Implementable Tabletop Exercises

Facilitators:
Jon-Michael Brook, Principal Security Architect, Starbucks
Randall Brooks, Principal Engineering Fellow, Raytheon Technologies

In cloud environments, identifying ongoing threats to an organization is complex. Evolving threats degrade control effectiveness. Developers do not "Think Evil" about their circumstances or their current system status. Cloud Threat Modeling Gamification will assist by helping participants to ask the right questions and illustrate assets and threats resulting in business continuity.

 

Collateral Damage: Prepping Your Organization for a Supply Chain Attack

Facilitators:
Christopher Pierson, Founder & CEO, BlackCloak
James Shreve, Partner and Cybersecurity Chair, Thompson Coburn LLP

Supply chain risks can allow a backdoor into a company. This learning lab will focus on a fast moving scenario that examines risks to a company from hardware and software and will focus on the (1) risk assessment, (2) governance, and (3) response and isolation phases.

 

Conducting Cyber Due Diligence

Facilitator:
Steve Black, Professor of Law, Texas Tech University School of Law

In a proposed merger, management needs to know about all the risks, including the risks of combining the computer systems of different organizations. This Lab will immerse attendees in the world of cyber due diligence. Attendees will look at actual due diligence documents and their shortcomings, discuss common problems with cyber investigations, and examine how to value adverse disclosures.

 

Cyber Defense Matrix Learning Lab

Facilitator:
Sounil Yu, CISO and Head of Research, JupiterOne

The Cyber Defense Matrix (CDM) helps practitioners organize their overall security program. This Learning Lab will walk participants step-by-step through several use cases of the CDM, including how to map the latest startup vendors and security trends, organize controls, capture measurements and metrics, and align skill sets needed to support the functions of the security program.

 

Decentralized Identity and How to Use it in an App!

Facilitators:
Razi Rais, Senior Program Manager, Microsoft
Jas Suri, Senior Program Manager, Microsoft

Learn how to use Decentralized Identity to move, share, and verify data instantly. Use DID for authenticating users. No need for 3rd parties to maintain personal information on their servers. Leverage blockchain technology to attach user signature to every agreed action for accountability.

 

Go Reverse-Engineering Workshop: Zero Knowledge Required

Facilitator:
Ivan Kwiatkowski, Senior Security Researcher, Kaspersky

Many a reverse-engineer has cringed at the mere mention of Go malware? The days of teeth-grinding are over: Participants in this workshop will be guided through the analysis of Nobelium’s Sunshuttle malware and learn the basics of reverse-engineering GO. This class is perfect for reversers who have never worked on Go malware before.

 

Hands-On Ransomware Response and Analysis

Facilitator:
Aaron Rosenmund, Head of Research and Content Development: Security, Pluralsight

In this lab, attendees will learn to set up a ransomware lab and walk through the response from an operational and hands-on tactical perspective. Learn how to develop indicators of compromise, understand the class of the malware and the intent of the attackers. Answer questions like, “what is the scope of the infection?” and “what artifacts are still available for analysis?”

 

Human Security Engineering: Stopping User Initiated Loss

Facilitators:
Tracy Celaya Brown, President, Go Consulting International
Ira Winkler, CISO, Skyline Technology Solutions

A common solution to user error is awareness, but we need to fix the system that facilitated the creation of the error, the action, and the results, which means not just stopping errors but also accidents and malice. We will share a model of Human Security Engineering identifying the optimal suite of countermeasures, and work through user targeted attacks to experience implementing the model.

 

Ignorance Is not Bliss—It’s Negligence: Leading During a Crisis

Facilitators:
Robert Darling, Founder and CEO, Turning Point Crisis Management (TPCM-USA)
Bob Quinn, Chief Operating Officer and Lead Instructor, Turning Point Crisis Management (TPCM-USA)
Mark Sangster, VP and Industry Security Strategist, eSentire

The more sweat that comes in preparation, the less blood there will be in incident response! In this interactive workshop experts will share their experiences from 9/11, preparing presidential inaugurations and securing the Superbowl. Based on real-world events, learn how technical leaders broker trust with business executives. Leaders learn to be good followers and create a collaborative response team.

 

Intrusion Analysis and Threat Hunting with Open-Source Tools

Facilitators:
Josh Stroschein, Director of Training, Open Information Security Foundation
Peter Manev, Suricata Lead for Quality Assurance, The Open Information Security Foundation (OSIF)/Suricata

Lab participants will learn how to dig deep into network traffic to identify key evidence that a compromise has occurred, learn how to deal with new forms of attack, and develop the skills necessary to proactively search for evidence of new breaches.

 

Privacy Threats and Vulnerabilities

Facilitator:
Smitha Sriharsha, Security Architect, Cisco

This will be a bootcamp-like session with practical examples on each aspect of Privacy Engineering through the lens of Security Engineering.

 

Privilege Escalation and Persistence in AWS

Facilitators:
Colin Estep, Cloud Security Researcher, Netskope
Jenko Hwong, Cloud Security Researcher, Netskope

How does an attacker escalate privileges and gain persistence in AWS? Participants will learn multiple red team techniques and apply them against live AWS accounts. Participants will also learn mitigation, detection, and remediation strategies to defend against these techniques. We will provide participants the tools to apply this knowledge within their own organizations.

 

Protect Customers: Elevate Web Application Security

Facilitator:
Siddhesh Yawalkar, Director of Engineering, Tala Security

With a surge in client side attacks on the web, enterprises are inadequately equipped at defending themselves. This hands-on technical lab will explore these new age attacks using real-world samples and the defenses that can be built to better protect enterprise websites and web applications.

 

Raise Your Game, Not Your Voice: Communicating and Storytelling for Impact

Facilitators:
Lisa Beth Lentini Walker, Owner, Lumen Worldwide Endeavors
Stef Tschida, Owner, Tschida Communications

Attendees will be guided through a communication planning session specific to their department and organization’s unique goals and challenges – from identifying ways they can increase their influence by becoming an organizational scholar and intentionally managing relationships, to balancing their own objectives with those of their audience and making content memorable through storytelling.

 

Secure the Supply Chain: Hands-on Incident Response Workshop

Facilitator:
Keatron Evans, Principle Security Researcher, Instructor & Author, Infosec Institute

If there’s one thing people learned from 2021, it’s that supply chains need a major upgrade to sustain the onslaught of APTs targeting our nation. Join this hands-on workshop to learn common attacks & threats and how to identify IoCs and mitigate active threats. Participants will develop cyber skills to help SOC teams shorten detection & response times.

 

Security Threat Modeling

Facilitator:
Christopher Romeo, CEO, Security Journey

Threat modeling – everyone from security teams to CISOs wants to ingrain it across the organization, but how can threat modeling be taught at scale? In this two-hour security threat modeling workshop, participants will learn by doing threat modeling through real-world, hands-on exercises, reviewing data flow diagrams, identifying threats and mitigations, and sharing results.

 

Social Engineering War Games

Facilitators:
Erin Englund, Threat Analytics Lead - North America, BioCatch
Uri Rivner, CEO and Co-Founder, Regutize

Social engineering attacks are on the rise and increasing in sophistication. Cases of victims wiring all their savings to a cybercriminal are occurring worldwide. Is anyone prepared? Participants can test their skills in this Social Engineering War Games! Work with fellow fraud fighters to investigate real-world cases. Learn how to spot the difference between a genuine user and a victim of coercion.

 

Strategically Using Offensive Litigation to Promote Information Security

Facilitator:
Christopher Ott, Partner, Rothwell Figg

More and more, companies are making public lawsuits out of their private fights against information security bad actors, including state actors. What is making these fights public and non-criminal? In this session, we will discuss the types of cases that have been arising, outline some of the risks and benefits provided by these types of offensive lawsuits, and discuss what more can be done.