Learning Labs

Learning Labs provide highly interactive, facilitated learning experiences. All of the content is very hands-on and small group oriented. Seating is limited in Labs, assuring maximum engagement and participation. Labs are open to Full Conference Pass holders only and only one can be reserved. Note: Press is not permitted in Lab sessions.

Adding SAST to CI/CD, Without Losing Any Friends
Tanya Janca, CEO and Founder, We Hack Purple, Director of DevRel and Community, Bright

This learning lab will discuss multiple options for adding static application security testing (SAST) to a CI/CD, in ways that won’t compromise speed or results, such as learning which results can be safely ignored, writing rules, company-specific checks, scanning PRs instead of commits, and splitting blocking scans versus deep audit scans. The lab will also cover ways to continuously find vulnerabilities. 

Advanced Security Threat Modeling: Red vs. Blue

Michael Burch, Director, Application Security, Security Journey
Christopher Romeo, Chief Executive Officer, Kerr Ventures

Ever wanted to test threat modeling skills? Join forces and compete at finding threats and crafting mitigations. In red team mode, review a diagram and collaborate to list the five best threats. When the buzzer sounds, receive a list and unlock the inner blue team, crafting mitigations. Learn from other threat modeling practitioners and become a threat modeling champion!  

Analysis 101 for the Incident Responder

Kristy Westphal, VP, Security Operations, HealthEquity

Have a theory about something that could be a security incident? Questioning how to prove it? This workshop will be a hands-on journey deep into the world of analysis and security analytics to help practitioners figure out how to do just that. Sometimes, the answers weren’t meant to be found, but we’ll also discuss how to make the best of any conclusion reached.


API CTF: Learn the FUNdamentals of API Security

Malcolm Heath, Senior Threat Researcher, F5, Inc.
David Warburton, Director, Threat Research, F5 Labs

Learn API security fundamentals in this beginner-level CTF game, no previous experience necessary. Learn how APIs are commonly attacked by attacking them! This is a no-pressure and inclusive event aimed at anyone wanting to learn how attackers exploit vulnerable APIs. The session ends with a walk-through so that even if participants struggle to make progress, they leave with new skills and knowledge.


Attack, Detect, and Respond with the C2 Matrix and Multiple C2 Frameworks

Jorge Orchilles, Instructor, Author, Purple Team Ambassador, SANS

Use the latest C2 frameworks in various lab environment options (virtual machines, AWS, and/or Azure) to attack systems and then learn how to detect and respond to some of the most popular, open-source C2 frameworks. For RSAC, we are releasing new versions of the SANS Slingshot C2 Matrix Edition, PurpleCloud, and an AWS environment for doing lab based purple team exercises.


Becoming the Threat: Blue Team Friendly Attack Simulations

Aaron Rosenmund, Director of Security Research and Curriculum, Pluralsight

Antivirus and non-human generated detections are continually failing. It is up to the security teams to ensure that their tooling will detect or defend against various known TTP's outside of an antivirus signature. This Lab will provide the methodology and tooling to implement rapid and short span tactic, technique, and procedure testing for extremely fast ROI on attack surface reduction.


Build and Lead an Effective Security Program: 7 Key Factors, 13 Activities

Todd Fitzgerald, CISO, Cybersecurity Leadership Author, CISO SPOTLIGHT, LLC

Is the CISO security program as effective as it can be? Learn to apply 7 time-tested McKinsey 'management effectiveness' 7S factors to 13 cybersecurity leadership activities for program enhancement.


Cyber Defense Matrix Learning Lab

Sounil Yu, CISO and Head of Research, JupiterOne

The Cyber Defense Matrix (CDM) help practitioners organize their overall security program. This Learning Lab will walk participants step-by-step through several use cases of the CDM, including how to map the latest startup vendors and security trends, organize controls, capture measurements and metrics, and prepare board presentations needed to support the security program.


Cyber Due Diligence: Tools of the Trade

Steve Black, Professor of Law, Texas Tech University School of Law

Although questionnaires and interviews may reveal much about a merger target, there is no substitute for an in-depth examination using tools that will inventory, poke, and prod the target’s network. Attendees will look at sandboxed due diligence targets using different toolsets to reveal data flows, vulnerabilities, and other internal and external threats.


Defender’ Guide to Securing Data in Public Cloud Infrastructures

Abhinav Singh, Staff Security Research Engineer, AWS

This hands-on Lab covers use cases for implementing a strong data security posture for a public cloud infrastructure. It will cover defense use-cases on data classification, access governance, and monitoring controls with in-depth modules on implementing them. The demo environment will be AWS with pointers on replicating them on Azure or GCP.


Forensic Analysis of Apple IoT Devices (Apple TV, Watch, HomePod, HomeKit)

Mattia Epifani, Digital Forensics Analyst, Reality Net

The Apple HomeKit system allows users to communicate with and control connected accessories in their home using the Home App on an iPhone or iPad. An HomeKit environment is based on an Home Hub. The Home Hub can be a HomePod, an Apple TV or an iPad. The aim of this Lab is to explore the techniques a forensic examiner can use to extract and analyze data from this kind of device.


Hands on Hacking: Algorithmic Bias Bounties

Rumman Chowdhury, Founder, Bias Buccaneers
Ben Colman, CEO, Reality Defender
Dr. Subho Majumdar, Founder, Bias Buccaneers
Jutta Williams, Founder, Biasbounty.ai

Algorithmic Bias Bounties are a new and exciting method of identifying and mitigating algorithmic harms. This workshop, led by industry experts, launches a new bias bounty focused on an AI use case in finance. Facilitators will provide a hands-on onboarding session focused on the technical components of this bounty, as well as discussion focused on operationalizing outcomes from this and future bounties.


Hands-on Tutorial to Red Teaming AI Systems with Open Source Tools

Raja Sekhar Rao Dheekonda, Senior Software Engineer, Microsoft
Charlotte Siska, Senior Applied Machine Learning Researcher, Microsoft

Attendees will learn how to use open source tools to red team AI models. Specifically, they will learn how to evade these models and strategies for poisoning and model stealing. The tools can be adapted to multiple environments, models, and data types. Attendees should leave with a new experience and perspective on AI security and how they can affect positive security changes in an organization.


How to Align Values, Find Purpose, and Enjoy Meaningful Work in Cyber

David Wolf, Security Researcher, Devo

Our diverse thinking styles, personalities, and morals compel us to favor different roles in the cyber workforce. Learn what makes a person quantifiably unique, how these traits lead to interpersonal conflict, and how to spot the difference in the workplace and personal life. Whether builder, breaker, manager or recruiter, this hands-on lab results in memorable aha! moments with career-lasting impact.


Human Security Engineering: Stopping User Initiated Loss

Tracy Celaya Brown, Sr. Manager, Global Programs, Iron Mountain Data Centers
Ira Winkler, CISO, CYE Security

A common solution to user error is awareness, but an alternative solution is to fix the system that facilitated the creation of the error, the action, and the results. This also has the benefit of not just stopping errors, but accidents, malice, and harmful actions for any reason. Instructors provide a model of Human Security Engineering that identifies the optimal suite of countermeasures.


Ignorance is Not Bliss: Leading During a Cyber Incident

Robert Darling, Founder, Flash-EM
Mark Sangster, Chief of Strategy, mbsangster.com

The more sweat in preparation, the less blood in incident response! In this interactive workshop experts share their experiences from 9/11, preparing Presidential inaugurations and securing the Superbowl. Based on real-world events, learn how technical leaders broker trust with business executives. Leaders learn to be good followers and create a collaborative response team.


Inviting Users to the P.I.C.N.I.C. Instead of Poking Fun at Them

Jonall Cobble, Cybersecurity, On the Terrace Tech
Beth Schwindt, UX Research Manager, Meta

A secret weapon one of the facilitators has had throughout her career in IT and beyond is her user-centered, user-researcher sister. The two have developed a set of methods and tools that attendees can adapt to their IT/IS practice so that they can empower users, better solve IT/IS problem, and turn users into their best tech allies.


Money Mules War Games

Erin Englund, Threat Analytics Lead - North America, BioCatch
Uri Rivner, CEO, Refine Intelligence

Organized cybercriminals are finding innovative ways to fund illicit activity. Money mules are infiltrating financial institutions online. Who is prepared? Test the necessary skills in our Money Mules War Games! Work with fellow fraud fighters to investigate real-world cases. Learn how to spot the difference between a genuine user from a money mule.


My Employee’s Home Has Been Breached - Now What?

Dr. Christopher Pierson, Founder and CEO, BlackCloak
James Shreve, Partner and Cybersecurity Chair, Thompson Coburn LLP

This interactive session will take attendees through a constantly morphing set of incident response scenarios covering attacks against the home network where employees work these days. Attendees will be split up into groups representing security, legal, privacy, board, execs, and PR, as we go through scenarios affecting ransomware, malware, IoT, and social media.


OSINT for Cybersecurity Professionals

Lee McWhorter, CTO, Covered 6
Sandra Stibbards, Owner and President, Camelot Investigations

In this Lab, attendees will learn some of the most impactful techniques and tools to increase the value of OSINT to their organizations. A guided learning experience, instructors will immerse attendees in hands-on exercises.


Purple Team Cloud Security Ninja

Abhay Bhargav, Founder, AppSecEngineer
Rajesh Kanumuru, Cloud Security Lead, we45 Solutions India Pvt Ltd
Vishnu Prasad, DevSecOps Lead, we45 Solutions India Pvt Ltd

This Lab will be a completely hands-on exploration of cloud security attacks and defense against major cloud providers, AWS, Azure, and GCP. Participants will be given vulnerable cloud environments on cyber ranges. The participants have to identify and fix the vulnerabilities in the cloud environments.


SANS Core Netwars Tournament

Chris Elgee, Builder & Breaker, Counter Hack Challenges

SANS Netwars Version 8 is a new and exciting Cyber Range from SANS. Featuring AWS cloud content and more, it has fun story driven challenges to keep attendees engaged in learning and practicing their essential cybersecurity skills. We’ve also eliminated the need to download large VM files locally — 100% browser based challenges!


Tabletop Exercise: Ransomware and Cyber Extortion

Sherri Davidoff, CEO, LMG Security
Matt Durrin, Director of Training and Research, LMG Security

Cyber extortion is evolving, and practitioners need to prepare for the worst. In this fast-paced tabletop exercise, participants will work together and respond to a modern cyber extortion scenario, guided by seasoned experts. Participants will be assigned roles, collaborate and determine the organization’s course of action at each stage. Join us to experience a ransomware incident and hone a response.

The Cybersecurity Trusted Advisor - Building Influence to Reduce Risks

Ronald Woerner, Senior Consultant, Forrester Research

Building influence is a challenge for cybersecurity professionals. Trusted advisors will increase their credibility and persuasion abilities for managing cyber risks. In this practical and interactive workshop, participants will explore how to communicate, collaborate more effectively, and cultivate relationships to better manage cyber projects, programs, and risks as a trusted advisor.