N/A

Security of critical infrastructure and smart infrastructure is a serious concern. As more and more of these systems become interconnected, the level of risk increases. The purpose of this talk is to raise awareness and to start a discussion on possible strategies for improved security.

Robert McNair is a 2nd Generation IT Professional, Cloud Evangelist, Public Speaker and Motivator. He has over 20 years in the IT industry, Fun Fact: His father was a hidden figure working on developing Barcodes in the late 1960s. He has a passion for talking and connecting our People to their purpose in Tech.

N/A

Using her background in Psychology and Education, Chantel weaves human behavior into her work as a Security Consultant with NCC Group; a global cyber and software resilience security firm. She specializes in pen testing a number of technologies across different industries and sectors. In her free time, she enjoys learning new hacking techniques, researching the cosmos, reading philosophical texts, and spending time with her loved ones. Bringing integrity, positivity, and an open mind to all things new drives her passion for hacking.

A pentest is only as good as the pentester. For a pentester to successfully cover a client's needs, it's important that a thorough pentesting methodology is utilized. Methodologies typically expand as we gain more hands-on experience. In this talk, we'll cover elevating our methodology as pentesters within a shorter time frame while also addressing the barriers that can get in the way of learning new tools & techniques that will ultimately expand our methodology.

Craig Bowser is an infosec professional with over 20 years of experience. He has worked in a number of infosec roles in the US government and is currently a Security Solutions Architect at GuidePoint Security. He is a Christian, Father, Husband, and Scout Leader who enjoys sci-fi fantasy. home networking, reading, and hiking.

The field of Security Engineering has evolved as an essential function within the Information Security industry. Security Engineers are responsible for many aspects of protecting the enterprise including designing of secure systems, supporting security operations, and protecting business platforms, data centers and the cloud. The role of Security Engineers is sometimes confused with system administrators, security analysts or even penetration testers. Yet the industry recognizes the need for Security Engineers with over 1000’s of opportunities in the DMV region alone. This talk will address questions such as “What is a security engineer?” and “Aren’t they the system administrators?” and provide practical direction for building a security engineering career.

The field of Security Engineering has evolved as an essential function within the Information Security industry. Security Engineers are responsible for many aspects of protecting the enterprise including designing of secure systems, supporting security operations, and protecting business platforms, data centers and the cloud. The role of Security Engineers is sometimes confused with system administrators, security analysts or even penetration testers. Yet the industry recognizes the need for Security Engineers with over 1000’s of opportunities in the DMV region alone. This talk will address questions such as “What is a security engineer?” and “Aren’t they the system administrators?” and provide practical direction for building a security engineering career.

Leron Gray is a senior security consultant on Bishop Fox's Red Team. With nine years of offensive security experience, he previously served on the Azure Red Team at Microsoft, as a penetration tester, and as a Cryptologic Technician (Networks) for the U.S. Navy. Leron holds a Masters in Cyber Defense from Dakota State University and is a PhD candidate for Cyber Operations. He has a graduate certification in penetration testing and ethical hacking from SANS Technology Institute.

With many organizations building their environments from the ground up in Azure and Azure AD without traditional networks, penetration testers need to change their mindset around initial access and lateral movement to match the nature of cloud environments. Azure AD environments with no Azure provisioned infrastructure (like storage or virtual machines) have much smaller footprints than traditional networks or even hybrid AD environments. This talk will discuss some of the challenges found in pen testing pure Azure AD/Office 365 environments and provides a scenario in which we go from reconnaissance to stealing user access tokens. Post-MFA headers are like currency, so lemme hold a dollar token real quick.

LaGarian is an active duty Marine with nearly 20 years of service and experience in IT and Cyberspace Operations.

This talk will cover the resources needed to prepare and pass the OSCP exam with focus on time management principles that can be applied to avoid undue stress

Dr. Cynthia Sutherland is a multiaward winning, global cybersecurity leader serving as Amazon Web Services' Global Automotive Security Assurance Lead with a 16 year cybersecurity career across multiple industries. Prior to AWS, she was the first senior executive to serve as the Chief Information Security Officer (CISO) for Federal Emergency Management Agency (FEMA) were she led integration of cybersecurity into America's emergency management systems. She came to FEMA from serving as the Joint Chiefs of Staff CISO were she led the integration of cybersecurity into military weapons for U.S., 23 countries, and NATO. Her passion is professional development and mental health of the cybersecurity profession.

Most look at Cybersecurity from the perspective of technology, cyber-attacks, and as a high demanding career field with solid compensation. However, what is not discussed is what it takes to get in, stay in, and be successful in the field. Navigating a cybersecurity career can be even more of a challenge when you have limited exposure and unconscious biases. This session navigates through the Confidentiality, Individuality, and Awareness (C.I. A.) Pillars for a Successful Cybersecurity Career, mental health as a security concern, and shows how representation does matter in cybersecurity. The goal is for participants to walk away with tips on how to close the gaps in their performance and identify their uniqueness, value to an organization, and ideas on how to increase awareness of their capabilities in their organization.

Dr. Xavier-Lewis Palmer is a multipotentialite of biology, engineering, and cybersecurity. He holds an Engineering PhD, an MS in Cybersecurity, an MS in Biotechnology, a BS in Biology, and a BA in Philosophy, with an interdisciplinary mix of numerous biology, engineering, and cybersecurity-based publications. A strong passion for both STEM education outreach and technological intersections that can improve community health and outcomes, fostered by diverse work experiences, help drive him He believes that in this ever-complex world, it is beneficial that we all keep learning, find ways to be involved in education, and help bring forth creative and helpful innovations, ideas, and conversations, where practical.

This talk aims to simplify graduate school for those interested in Graduate School, but not knowing where to start. Topics to cover are: Reasons and Tips for Applying, Navigating the Graduate School Process from start to Graduation, and Helpful Resources. The last half is open for specific questions that the audience has that are not covered.

Kassandra Pierre is a champion of advocacy. She has seen firsthand the positive impact diverse spaces can have on women, individuals with disabilities, and multi-minority individuals and she recognizes allyship as imperative to unlocking human and organizational potential.

Kassandra’s work with youth and adults in education and mental health care settings fuels her ongoing mental health advocacy and has enabled her to empower many people to overcome personal and professional obstacles. She is a trained crisis Interventionist and support group facilitator with over fifteen years of experience providing technical assistance and governance in the nonprofit, public and private sectors.

Kassandra is a Certified Scrum Master and a Certified Scrum Product Owner currently employed as an AVP in Technology Talent Development with a global financial institution. She serves as a Disability:IN NextGen Leaders Program Mentor, has been an Advisory Board Member and presenter for the 2022 SANs Neurodiversity Summit and is the Founder and Affiliate President of the WiCyS (Women in Cybersecurity) Neurodiversity Affiliate.

Kassandra is a technology enthusiast and is a nerd for threat intelligence, data privacy, and cybercrime. She is currently completing a degree in Cybersecurity and in her free time, enjoys gardening, playing with her dogs and cooking for friends and family.

N/A

Dondi West is Global Security Counsel at TikTok where he advises senior leaders and network defenders on matters related to Cybersecurity, Incident Response, Security Governance and Security Legal Compliance.

It’s time for the security community to consider whether the level of diversity in a company's security workforce should be viewed as a security control or factor that reduces risk. We must have a diverse security workforce to counter quickly evolving and diverse threats. Diversity and inclusion in a company’s security workforce can no longer be viewed as an HR/recruitment issue, or a nice to have. It’s time for us to ensure that every company has real skin in the game on this issue, and to consider diversity as a cyber readiness issue. Ideally, there should be a control category for diversity, equity and inclusion and companies not meeting the standard should be required to create a plan of actions and milestones to address a lack of diversity as an unmitigated security risk. It’s time to walk the walk on this. It’s 2022 and we know better now. This is conventional wisdom that needs to be reflected in security standards and frameworks.

Ashley Sequeira hails from Las Cruces, NM with her husband, Dan and her two dogs, Carbon Fiber and Graham Cracker. She is a recent graduate of Boise State University. During her time at Boise State University, she concluded her career at Palo Alto Networks and started with Google July 2022. While at Palo Alto Networks, she ran the Security Operations training program, consulted for SOAR platforms, worked as a Professional Services Consultant and ran an employee resource group focused on Veterans. Prior to her time at Palo Alto Networks, Ashley worked in a Security Operations Center and served 13 years in the Army Reserve. In the Army, she competed on the National Taekwondo Team(2011, 2015), played in the Army Band and learned her fundamentals in IT. She holds a Bachelor's degree from Southern New Hampshire University in General Studies, an Associate of Science in Information Systems Security, an Associate of Arts in English Literature and Communication, an Associate of Arts in English and an Associate of Arts in General Studies. Ashley holds technical certifications from SANS(GCIH), CompTIA(A+, Mobility+, Security+, CySA+), and Palo Alto Networks(PCSAE, PCDRA).

This talk will cover my journey through cybersecurity. I began in retail and now work at Google, without writing any code. All folks involved in cybersecurity already have unique skills that can likely be leveraged to further their careers in the industry. All folks who want to break into cybersecurity also have other skills that can be leveraged to "break in".

A builder of systems, infrastructure, and tech, with a concentration in security, DFIR, and cellular communications, building redundant highly available systems inside mixed unforgiving environments is my specialty. Whether on-premises, cloud-based, or mixed-use, I take pride in maximizing uptime on infrastructure through policy and automation. Coupled with my executive background, I excel working on and with teams of both engineers and decision makers, my best quality is the ability to make high-level concepts easy to understand, to provide a roadmap to success identifying hurdles and addressing them with solutions.

N/A

N/A

Scam messages, we get them all the time. Be it emails, texts, private messages on social media; they'll always find some way to you. But with these attempts to get your sensitive information getting more and more sophisticated, how can we better defend ourselves? What do some of these look like and what are some easy ways to ensure you don't get scammed? Learn all this and more at the presentation!

N/A

Scam messages, we get them all the time. Be it emails, texts, private messages on social media; they'll always find some way to you. But with these attempts to get your sensitive information getting more and more sophisticated, how can we better defend ourselves? What do some of these look like and what are some easy ways to ensure you don't get scammed? Learn all this and more at the presentation!

Kaitlin O’Neil, is the Recruiting Manager at Bishop Fox and co-founder of the Bishop Fox mentorship program. She has spent the past ten years in technical recruiting for multiple Fortune 100 software organizations. She is passionate about connecting with diverse talent in the cybersecurity space.

N/A

Teresa Allison is the ISSA DC Chapter VP of Programs and Events. She is a Cybersecurity Consultant with over 20 years of experience in IT for a large consulting firm in the Washington DC Metropolitan Area. She has served as a trusted advisor to CIOs and CISOs as well as their staffs by providing them with solutions for addressing their management needs for multi-billion-dollar federal information technology programs.

Have you been thinking about transitioning to a career in cybersecurity, but are not quite sure how to make your dream a reality? Are you currently working a cyber job but want to make a plan for advancement? This program walks you through the steps that you need to take in order to explore your cyber career options. It gives you a structured framework for exploring your interest in cyber, researching cyber positions, learning about cyber policies and standards, learning cyber tools, obtaining cyber / IT certifications, as well as applying for cyber jobs. This approach helps you to create your own cyber career action plan so that you can position yourself to join the field of cybersecurity.

A community college drop-out born in Southeast Washington DC but by way of Prince Georges County, Dontae Tyler believes that success in the tech industry does not have to be traditional. With over 9 years of experience in IT, supporting various federal agencies Dontae has begun to distinguish himself as a premier advocate for GRC, Data Privacy and Security Awareness Training. He currently holds several certifications including CISM, CDSPE, CEH, SEC+. Dontae's unconventional cyber awareness training and education teaching methods seek to educate the everyday user and challenge the most experienced tech professionals on the evolving cyber threats.

Dontae Tyler developed a security awareness training called Cyber Hygiene after getting tired of sitting through boring cyber security awareness videos that were not effective. After conducting his own research, He was able to come to the conclusion that the annual security training of the past was not as effective in remediating issues related to non-technical people utilizing interconnected devices and systems to complete their work. In his training he plans to equip end users with simple yet effective mitigation strategies and tools to reduce risk to acceptable levels.