Event Schedule

Please see the 2021 schedule. We are thrilled to again bring you an amazing line-up of speakers from all of North America!

All times are in Atlantic Time Zone (AST).

  • Day 1 November 22, 2021
  • Day 2 November 23, 2021
  • Virtual Sessions
10:00 AM - 10:45 AMOpening Keynote – Building Security Champions By Tanya JancaCEO and Founder, WeHackPurple.com

About the Speaker

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday

11:00 AM - 11:45 AMSocial Engineering the Interview By Ursula CowanThreat Researcher, Mandiant

About the Speaker

Ursula Cowan, is a Senior Threat Research Analyst at Mandiant Security Validation, focusing on researching adversaries’ tactics, techniques, and procedures (TTPs), breaking them down to the smallest behaviors, for the purpose of replicating them within the Mandiant Security Validation Platform.

Ursula’s career started as a police detective investigating cyber-crime, death, and online exploitation. She later added computer forensics examiner to her list of job duties. Her training in computer forensics was at the U.S. Secret Service’s National Computer Forensic Institute (NCFI), she also holds a Bachelor of Science in Applied Psychology from the Florida Institute of Technology, and a Master of Science in Digital Forensics from the University of Central Florida.

12:00 PM - 12:45 PMVirtual Lunch By TBDTBD


01:00 PM - 01:45 PMExploring the Value of Different Threat Intelligence Sources By Jessica LeeThreat Response Analyst, CrowdStrike
This presentation will explore the different types of technical and non-technical sources that are behind threat intelligence collections and analysis. From internal incident response data to criminal forums to open source blogs, different sources serve different purposes for threat intelligence. I will discuss the variety of sources that a threat intelligence team may use, the pros and cons of using each source type, and why some sources may be more valuable or more credible, depending on your goals as a security organization. I will also show examples of different source types and walk through how to think critically about the information in front of you. While this talk focuses on formal threat intelligence processes, the audience will also learn how to understand which sources are better for people in different roles in a security organization and can help those without threat intelligence experience begin their own collections to stay up-to-date with the cyber threats that are the most relevant to them.

About the Speaker
Jessica Lee is a threat hunter on a 24/7/365 global managed threat hunting team, where she has the opportunity to disrupt and defend against today’s most sophisticated adversary groups. She has over seven years of experience in the field and began her career as a cybersecurity consultant helping commercial clients transform their Security Operations Center. She has also helped to build threat intelligence capabilities from the ground up at two Fortune 250 companies in the Oil and Gas and Financial Services industries. Jessica holds the Global Certified Forensic Analyst (GCFA), Global Certified Intrusion Analyst (GCIA), Global Cyber Threat Intelligence (GCTI), and GIAC Security Essentials (GSEC) certifications from GIAC Certifications.
02:00 PM - 02:45 PMHacking with JWT By Adrien de BeauprePrincipal Instructor, SANS

JWTs are an important part of how modern APIs are used, they assert your identify to the application. You will see them in SOAP, REST, and
GraphQL. Many decisions about authorization and access are based on the claims contained within the JWT. If there are vulnerabilities
within the framework used to create them, or in implementation decisions, the impact can be high. In this talk , I will discuss how
JWTs are generated and used. Security issues can include information disclosure, authentication bypass, authorization control bypass,
password cracking, JWT reuse, algorithms such as None, and algorithm exchange. I will demonstrate the None algorithm attack, cracking the
secret key used to sign the JWT, and algorithm exchange.

About the Speaker

Today, in addition to being a prolific SANS instructor and course author, Adrien is an independent penetration tester in both the Government and private sectors around the world.

A sought-after instructor known for his engaging, straight-forward style, professionalism, and real-world experience and examples, Adrien has taught a plethora of SANS courses. Thus showing his depth and breadth of knowledge in penetration testing, vulnerability assessment, incident handling, and intrusion detection. He is the co-author of two SANS courses; SEC460 Enterprise Threat and Vulnerability Assessment and SEC642 Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques. Adrien designs, implements and runs Capture the Flag exercises in each of his classes.

To Adrien, teaching at SANS is an opportunity to pay forward the investment his mentors and teachers made to him throughout his career. This is a chance to share his knowledge and experience while learning from the research he does to teach the material covered in a SANS course. “And, it’s rewarding to see a student who was struggling, finally understand what rooting a box feels like,” he says. “I love what I do, I am either hacking or teaching how to hack!”

Adrien has taught SANS SEC504 Hacker Tools, Techniques, and Incident Handling; SEC460 Enterprise Threat and Vulnerability Assessment (course co-author and lead instructor); SEC560 Network Penetration Testing and Ethical Hacking; SEC642 Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques (course co-author and main instructor); SEC542 Web App Penetration Testing and Ethical Hacking.

Adrien contributed to the OSSTMM3, Hacking Exposed Linux (3rd Edition)Security Incident Handling Step-by-Step Guide (SANS), the Security Incident Management Capability Maturity Model (Bell) and other vulnerability assessment and security management frameworks as well as methodologies such as SANS courseware.

A long-term volunteer member of the SANS Internet Storm Center, where he performs incident handling and threat analysis, Adrien also holds GSEC, GPEN, GWAPT, GCIA, GCIH, GXPN, OPSA, OPST, MCSE and CISSP certifications.

When he’s not teaching or consulting, you’ll find Adrien hacking in his personal time…both computers and through his practice of Karate.

03:00 PM - 03:45 PMBent on Intent: Leveraging Reconnaissance & Illegitimate Traffic By GS McNamaraSenior Application Security Engineer, Okta

About the Speaker

GS is a cyber security and intelligence professional who brings his software development background to the table, qualifying him as a purple team member advocating and understanding both the attack and defense sides of application security. He has worked in environments as fast as startups, as small as a sole proprietorship, as large as a Fortune 50, and as challenging as DARPA.

04:00 PM - 04:15 PMDay 1 Closing By Peter MorinEvent Chair


  • Virtual Sessions
10:00 AM - 10:45 AMOpening Keynote – From COP to SOC: applying criminal justice theories in cybersecurity. By Nicole BeckwithAdvanced Security Engineer, Kroger

About the Speaker

Ms. Beckwith is a former state police officer, and federally sworn U.S. Marshal. She worked as a financial fraud Investigator and digital forensic examiner for the State of Ohio and a Task Force Officer for the United States Secret Service in their Financial and Electronic Crimes division.

Formally trained by the United States Secret Service at the National Computer Forensics Institute in digital forensics, network investigations, network intrusion response and virtual currency investigations. Recently Nicole developed two cybersecurity training programs, teaching more than 1600 officers how to respond to cybercrime and over 4400 government employees on information security best practices. She is also Ohio’s first certified female police sniper.

Ms. Beckwith works as an Advanced Security Engineer for the Kroger Technology Automation and Tools team. In this role she is responsible for the planning, design and build of security architectures to ensure a strong security posture, compliance with regulations, and safeguard customer’s data.

She also conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.

Nicole recently worked as a Staff Cyber Intelligence Analyst for GE Aviation tracking and researching APT and cybercrime groups and conducting OSINT investigations for stakeholders.

Nicole is an international keynote speaker recognized in the fields of information security, policy, OSINT and cybercrime.

11:00 AM - 11:45 AMPowerShell – An Auditors Best Friend By Sunny JamwalConsultant, MNP

Auditing an environment with hundreds of servers can be a time-consuming process for an Auditor. Artifacts provided by clients in the form of reports, screenshots etc. are helpful but as they say “Trust but Verify”. Manual verification process can be time consuming. PowerShell has come a long way from being a “blue version of command line” to a cross platform tool which not only is supported on Windows but is also available for Linux and MacOS.

PowerShell has been gaining popularity among system admins for their daily operations. PowerShell can be a very powerful tool for system auditors. Traditional audit process involves auditing one system at a time for verification. PowerShell provides the capability to audit large number of systems quickly and effectively. This presentation provides a walk-through of an automated framework created by the author to automate evidence collection for some PCI DSS requirements. The automated framework contains test cases as they map to various PCI DSS requirements. Some typical test cases which were part of this automated framework are:

1. Anti-Virus unit test
2. Listening Ports Unit Test
3. Windows Update Unit Test
4. File integrity monitoring Unit Test
5. Installed program Unit Test
6. User account review unit test
7. Application white listing unit test
8. GPO unit test

About the Speaker

Sunny Jamwal is a Senior Security Consultant for MNP’s Cyber Security team. With over 10 years of experience, Sunny has extensive knowledge of information security, networking, and related information technologies allowing him to quickly and knowledgeably inspect system architectures, identify vulnerabilities, assess risks and recommend safeguards to reduce and mitigate risk to information assets. Sunny has acted as the primary technical lead and subject matter expert on numerous Cyber Security Assessments for various private and public organizations in government and industries such as retail, finance, insurance, manufacturing, computer, communication, utilities, healthcare, and business services.

12:00 PM - 12:45 PMVirtual Lunch


01:00 PM - 01:45 PMCybersustainability and Protecting Digital Ecosystems By Karen WalshFounder, Allegro Solutions
Digital business models parallel the basic principles of  environmental sustainable development. Applying environmentalism’s “sustainable development” and complex adaptive systems models offer a new way to view putting secure, compliant architectures in place.

This talk focuses on:

  • Explaining the foundational principles of sustainable development and complex adaptive systems
  • Applying these principles to complex, cloud-based ecosystems
  • Suggestions for how to create “cybersustainable” digital environments to secure data and meet compliance requirements.

About the Speaker

Karen Walsh, CEO and Founder of Allegro Solutions, is a lawyer and former internal auditor turned subject matter expert in cybersecurity and privacy regulatory compliance. She provides consulting and content services for cybersecurity startups, translating technology features into business-oriented solutions. She believes that securing today’s data protects tomorrow’s users. Karen has been published in the ISACA Journal, Dark Reading, HelpNet Security, NextGov, and Security Magazine.

02:00 PM - 02:45 PMShifting Knowledge Left: Keeping up with Modern Application Security By Mark StanislavVP, Information Security, Gemini

With security “shifting left” into DevSecOps, it’s more difficult than ever to keep up with a rapidly evolving landscape of web technologies and the threats that come with them. While familiar vulnerabilities like XSS and SQL injection attacks continue to plague our apps, many frameworks are adopting automatic defenses that protect against common abuse cases. At the same time, as the work of developers is abstracted away from these security decisions, remaining points of failure can more easily go overlooked.

Keeping applications secure in a world where developers deploy and commit production code many times a day requires software engineers to be well versed and up-to-date in secure coding techniques relevant to their particular language and framework. Education in application security is hard, and passive compliance-based training using outdated videos and slideshows can’t keep up.

We must find better ways to share appsec knowledge, both within teams and across the industry, beyond relying on slow-to-update measures like the OWASP Top 10 to guide us. To this end, Duo and Hunter2 have partnered to bring a set of free training resources that can be shared among development teams, including interactive training labs that allow engineers to practice exploiting and patching up modern web applications in their stack of choice.

About the Speaker

After nearly 20 years in information security & technology roles, I continue to be excited by the chance to use a growth-oriented mindset to mix deep technical expertise with a passion for solving complex business problems in a sustained, measurable manner.

Whether it’s creating a greenfield security architecture, advising on a corporate security program, speaking at industry conferences, testifying before the government, or mentoring a student, I am always ready to maximize the return on the professional investments from across my career.

I firmly believe that careers are meant to be challenging, meaningful, and dynamic. A great employee is not the one you keep the longest, but the one who is there every day to make a forward-looking contribution to the vision & mission of their team. Whether as a people leader, or an individual contributor, I focus not on what’s there today, but what should be in place for the team after me.

03:00 PM - 03:45 PMHow I spent my Covid-19 Spring vacation or Extreme Telecommuting Security By Lee Neely and Chelle ClementsSecurity Professional, Lawrence Livermore National Laboratory

With the C-19 pandemic we were all thrust into a new dynamic of remote work (you know – Work From Home!). This dynamic put people, systems, technology and processes to a test which they were not prepared or designed for.
The challenges of updating and adapting policy to accommodate a work force heretofore not working from home, ofttimes without a company issued laptop, to one where business was conducted using available platforms while continuing to properly protect information (both corporate and regulated), were unexpected and difficult to grasp. Clear communication of what was permitted where, intermixed with rapid assessment and associated acceptance of risks, kept us all jumping.

Unexpected complications arose from enlisting elements in the user’s home office which, while not permitted in policy, had to be re-evaluated for this modified situation. Even simple tasks, such as providing headsets to work with softphones and webinars were not only challenged by supply chain delays, but also by disabled computer interfaces. Additionally, employees not used to remote work needed handholding in unexpected ways.
I will cover: issues raised of moving to a 100% remote workforce almost overnight, solutions discovered and the constant reassessment of them, plans to prevent recurrence of issues discovered while supporting a larger (10x) overall remote work force, restart impacts as more essential services spin up, and resuming essential functions which cannot operate remotely.

About the Speaker

Lee Neely is a senior IT and security professional at Lawrence Livermore National Laboratory (LLNL) with over 30 years of experience. He has been involved in many aspects of IT from system integration and quality testing to system and security architecture since 1986. He has had extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions. Lee has worked with securing information systems since he installed his first firewall in 1989.

04:00 PM - 04:15 PMEvent Closing By Peter MorinEvent Chair