BSides Sacramento

Sacramento, Ca

October 2019 

Presented on my Open Source Software PBDataRecon. This was a repeat of the DEFCON talk.

DEF CON 27

Las Vegas, Nv

August 2019 

Presented and released the Open Source Software PBDataRecon. This is a tool that utilizes Pastebin’s API to identify pastes that are not indexed by PasteBin’s native search or Google. The algorithms released with the tool included logic to identify child exploitation along with links to the FBI’s anonymous reporting system. In addition, it included configurable parameters to allow uses to monitor for their names, their organizations names as well as RegEx templates. In the tool’s first two days running as a PoC it identified three child pornography sites as well as a large pirate TV network in Latin America (all reported to the FBI).

Telehealth Innovation Forum

Santa Barbara, Ca

July 2019

Innovation Zone Presenter

Provided risks and mitigations on connected medical and IoT devices to a think tank style conference on innovations in telehealth. The presentation highlighted some of the cyber and regulatory risk assessments done by my partners and I as well as recommended mitigations.

SecureWorld Expo

Santa Clara, Ca

August 2018

Keynote Speaker

Presented the lunchtime keynote at the Santa Clara Convention Center to an audience of C-level security professions titled “From Breach Fatigue to Action: How to Stay Focused to Learn”

Abstract: By looking backward, we can more securely move forward. With so many breaches being reported in the media Information Security professionals can develop “breach fatigue,” losing sight of the cause-and-effect of the controls that failed and not learning from those mistakes. This talk uses specially created technology to re-create some of the more famous and significant breaches, then walks participants through the actual hacks of the vulnerabilities that allowed the breach to occur, and then discusses how the failed controls could have been hardened to reduce or even eliminate the risk.

Cyber Security World

Denver, Co

June, 2017

Workshop Presenter

“Application Security Testing with Kali Linux.” Created and taught a one-day curriculum on web application security testing using Kali Linux as well as special testing tools I wrote for the class.

(ISC)2 World Congress

Austin, Texas

September 2017

Speaker

“Misplaced Trust: The Risks of Third-party Code in Web Applications and Mobile Apps.”  Uncontrolled third-party web code has become an epidemic as a vector for such attacks as watering hole attacks, malvertising and ransomware. This talk provided live demonstrations of the attack, technical overviews and most importantly best-practices, cheat sheets and checklists.

Building Owners & Managers Association of Sacramento and the Central Valley (BOMA Sacramento)

Sacramento, Ca

June 2016

Co-presenter

“Emergency Preparedness: Cyber Attacks on Facilities.” This talk to the local members outlined the attack vectors for cyber-attacks against facilities and recommended mitigations.

Healthcare Cybersecurity Symposium

Sacramento, Ca

June 2016

Speaker

“Reverse Engineering Passage into your Organization”

InfoSec World

April 2016

Orlando, Florida

Presenter

“The Five Best Open Source Web Security Test Tools You’ve Never Heard of and How to Use Them.” Presented on five OSSW tools and how they can supplement your current testing portfolio

Sacramento County Sheriff’s Office

February 2016

Guest speaker

“Attack Vectors and Methodologies” Presented attack scenarios and vectors and offered mitigations

(ISC)2 World Congress

Orlando, Florida

September 2016

Speaker

“Ripped from the Headlines: Demonstrations of the Year’s Top Breaches” Demonstrated the control failures associated with some of the year’s major breaches and discussing mitigations.

Sacramento InfraGard 2015 Symposium

September 2015

Symposium Presenter

“Anatomy of a Data Theft Attack.” Presented attack scenarios supported by live demonstrations on current threats to cyber as well as facilities security

Sacramento ASIS Chapter Meeting

August 2015

Meeting Presenter

“Anatomy of a Data Theft Attack.” Presented attack scenarios supported by live demonstrations on current threats to cyber as well as facilities security

ISACA- Sacramento Chapter

August 2015

Meeting Presenter

“Cloudy with a Chance of Optimism: Everything Your CISO Wished You Knew about the Cloud Prior to Signing That Contract.” Presented a modified version of my Cloud Security World talk to the Sacramento ISACA chapter’s July meeting.

University of California IT Security Symposium

Davis, Ca

2015

Workshop Instructor

“After the Scan: Manual Security Assessment and Pen Testing of Your Web Application.” Wrote and taught a hands-on workshop on the validation of DAST results and penetration testing web applications.

Cloud Security World 2015

New Orleans, La

2015

Conference Presenter

“Cloudy with a Chance of Optimism: Everything Your CISO Wished You Knew about the Cloud Prior to Signing That Contract. Gave a one-hour talk on the key security considerations for an organization’s cloud transformation

SANS Healthcare Cyber Security Summit

San Francisco

2015

Panel Member

“Building and Measuring a Software Security Initiative in the Healthcare Domain”

Sat on an expert panel responding to questions on building and measuring security in a healthcare SDLC.

OWASP AppSec USA

Denver, Co

2014

Conference Presenter

“Application Security Testing with Golismero.” Presented a workshop style talk on automating security tests using the Golismero open source tool.

CactusCon 2014

Phoenix, Az

2014

Workshop Instructor

“Web Application Security Testing with Kali Linux.” Wrote and taught a workshop on assessing the security of web applications using the open source tools found in the Kali Linux distribution.

BSides Dallas Fort Worth

Dallas, Tx

2013

Conference Presenter

“Overcoming Objections to Security in Reluctant (and even hostile) Environments.” Spoke on program management strategies for implementing and improving information security programs.

BSides Washington DC

Washington, DC

2013

Conference Presenter

“Overcoming Objections to Security in Reluctant (and even hostile) Environments.” Spoke on program management strategies for implementing and improving information security programs.

BSides Las Vegas

Las Vegas, NV

2013

Workshop Instructor

“Introduction to Wireless Pen Testing and Assessment.” Wrote and taught a four-hour workshop on security testing wireless networks.

CactusCon 2013

Phoenix, AZ

2013

Workshop Instructor

“Testing SOHO Wireless Networks.” Wrote and taught a workshop on security testing wireless network with a focus on small office/home office devices.

BSides Puerto Rico

San Juan, PR

2013

Conference Presenter

“Overcoming Objections to Security in the SDLC.” Spoke on overcoming some of the common objections and obstacles to implementing a secure software development life cycle.