July 11th 8:00AM - 5:00PM EST
Miami Valley Research Park 1900 Founders Drive Suite 100 Dayton, Ohio 45420
Get listed as an official sponsor of the Ohio InfoSec Forum on our Sponsors Page and on our monthly side deck!
|8 AM||8:45 AM||Registrations and Breakfast|
|8:45 AM||9 AM||Introduction|
|9 AM||10 AM||Ben Ten|
|10:15 AM||11:15 AM||Dave Kennedy|
|11:30 AM||12:30 PM||Adrian Crenshaw|
|12:30 PM||1:30 PM||Lunch|
|1:30 PM||2:30 PM||Phil Grimes|
|2:45 PM||3:45 PM||Dino Tsibouris|
|3:45 PM||4 PM||Cake|
Dave Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and Artillery. Kennedy has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. Kennedy is the co-host of the social-engineer podcast and on a number of additional podcasts. Kennedy has testified in front of Congress on two occasions on the security around government websites. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.
It seems that businesses are truly struggling with how to handle the threats we face as organizations when it comes to information security. From breach to breach, the techniques seem similar yet they completely rip through everything we’ve tried to protect against. As an industry, we’re fighting to define ourselves in a manner where we can actively combat the different demographics we see from attackers. This presentation will walk through what we face as organizations, both politically as well as an industry. Information security isn’t a technology problem – it’s a social issue. Until we recognize that, we will continue to see the continued breaches year after year as we continue to battle (and lose) the same types of attacks. There’s a lot of talk inside the industry on technical controls, products, adversarial simulation, and more for strengthening our defenses. These couldn’t be further away from what we really need to combat these types of attacks. This talk will also be demonstrating effective measures to combat some of the main techniques attackers use in order to attack an organization.
Phil Grimes is parent, biker, and Information Security Professional with experience in providing security assessments and penetration testing services to organizations ranging from small businesses, financial institutions, e-commerce, telecommunications, manufacturing, education and government agencies, as well as international corporations. Phil started working with network and Internet security as a hobby harassing AOL in the late 1990’s, developing his technical skill set independently until joining the professional security industry in 2009. After a change in career trajectory in 2012, vulnerability research and exploit development became a main focus of attention. Phil’s experience in application security, penetration testing, mobile/Smart Phone security, and social engineering have proven successful in assessments for high profile customers both domestically and around the globe. An accomplished speaker and presenter, Phil has engaged on various topics for notacon, CUISPA conferences, OWASP meetings, and at the Central Ohio ISSA InfoSec Summit in addition to various other speaking appearances to a wide range of audiences.
With growing trends in globalization, the Information Technology bundle of industries continue to be saturated with bodies and starving for talent at the same time. In this session, hear the perception of a basement hacker turned IT professional about learning how to learn, the challenges of growing up in "the underground", and bridging the gap into the professional arena; and members of the Reynoldsburg High School Cyber Patriot team who are forging their skills and identities within the Information Security crowd. We have to grow beyond "turning it off and then turning it back on again". Fostering the growth of talented kids is vital to strengthening the ranks of industry roles in the future by getting involved and engaging them on their turf. This is a high-level discussion on how we (and our peers) view, interact with, and take part in watering the fruit of tomorrow's IT Crowd.
Dino Tsibouris is the founding principal of the law firm Tsibouris & Associates, LLC. His practice concentrates in the area of technology and intellectual property law with specific expertise in electronic commerce, online financial services, software licensing, and privacy law. In addition, Mr. Tsibouris' practice includes the implementation of electronic signatures, records management and information security. He was previously an attorney with Thompson Hine LLP and a Vice President and Counsel for e-Commerce and Technology at Bank One Corporation (now JPMorgan Chase). He has conducted CLE and trade association presentations on various e-banking and e-commerce matters, and participated in many regulatory and industry task forces addressing new legislation.
Please read Dino's full bio.
Dino Tsibouris and Mehmet Munur will be presenting about the lawyer’s perspective on data security breaches and recent developments and trends in data security breaches. They will also discuss issues relating to managing and responding to data security issues in the cloud. They will also talk about addressing security and data breach related issues with vendors in contracts.
Ben Ten is a Senior Security Consultant. He has over 14 years of experience doing Application & Web Development; Security Implementation, Consulting, & Training; Federal Regulation and Compliance oversight in relation to Information Technology (HIPAA, HITECH, PCI); and managing a team of developers and IT professionals. He is the creator of the PoshSec Framework. He also runs the BSides Joint Task Force CTF, is an active board member of Secure Chicago, LLC, and works with the PoshSec development team.
We have seen PowerShell gain attention and adoption in the last few years. People are beginning to realize that there is more to PowerShell than another scripting language. With the adoption comes more tools and resources for both the offensive and defensive sides of security. This talk is designed to give you a first hand look of using PowerShell in both an offensive attacking scenario as well as a defensive scenario. In this talk I will be focusing on the tools, methods, and techniques that are being used from both offensive and defensive mindsets. I will highlight existing tools that can be leveraged as well as teach you how to write some custom tools yourself. We will dive into the more complex ideas with PowerShell and the .NET Framework. At the end of this talk, you will learn that there are many ways to leverage PowerShell to your advantage; regardless of what color hat you wear.
Adrian Crenshaw has worked in the IT industry for the last seventeen years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for the tests himself. He holds a Master of Science in Security Informatics, works for TrustedSec as a Senior Security Consultant and is one of the co-founders of Derbycon.
This talking will cover the history of passwords and password storage. We will talk about how storage of passwords has evolved over the years, screw ups in password schemes, hash types, weaknesses, etc.
Thanks for attending this year! As a gift to our generous speakers and a giveaway to a random attendee, we're giving out Raspberry Pi 2 units in a custom-made OISF Case! You can find download and print your own using this part on Thingiverse, if you're into viewing the source repository, including logo SVG, head over to GitHub. This part and all associated files are licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) License. Feel free to share, remix, download, print, and modify it as you wish. Thanks to walter for the original part!