If you are interested in inviting me to speak at your event, please reach out via the contact form below. This page is a list of my future and prior speaking engagements.
Speaking topics include:
I'm sure I'm cooking up something, stay tuned.
An annual transparency talk about the history of the conference, the stats for the year, and a celebration of the staff that makes the event possible.
Being a beginner doesn’t have to be all bad. Being an expert doesn’t always mean you’re the best person to solve a problem. Whether you’re brand new or you’ve been in the industry since the Morris worm ran rampant, join us for a session of introspection and hopefully take away a few new perspectives and tools for improving the way you think.
An annual transparency talk about the history of the conference, the stats for the year, and a celebration of the staff that makes the event possible.
A small company, a smaller red team operation. We set out to identify flaws in our anti-fraud and anti-abuse processes, and show the impact of these problems in a way that would get leadership on board for fixing them. Boy howdy did we succeed. In this talk, we’ll discuss how we approached our first red team engagement at a small fintech startup, how we worked around extremely sensitive PII limitations, and how our very lean team was able to use this adversarial engagement to predict an incident that hadn’t happened yet. An incident that we uncovered one week before Christmas.
Internal red teams deal with an environment that is both constantly changing and seemingly not changing at all. As red teams, it is our responsibility to provide an attacker’s perspective of the network. Traditionally this happens in the form of point in time assessments that may span anywhere from a few days to several months and focus on an objective. This talk proposes an additional service for your red team to provide - a continuously monitored attacker’s perspective of the attack surface. This can be used to enable more timely attack simulations and enable the team to proactively detect flaws in the environment. This talk explores some types of data that can be collected continuously and the value that it can provide to a red team. It will also introduce tooling to automate network scanning for continuous data.
Everyone thinks red teaming is awesome, but what happens when the red team becomes a target?