BSides Sacramento
Sacramento, Ca
October 2019
Presented on my Open Source Software PBDataRecon. This was a repeat of the DEFCON talk.
DEF CON 27
Las Vegas, Nv
August 2019
Presented and released the Open Source Software PBDataRecon. This is a tool that utilizes Pastebin’s API to identify pastes that are not indexed by PasteBin’s native search or Google. The algorithms released with the tool included logic to identify child exploitation along with links to the FBI’s anonymous reporting system. In addition, it included configurable parameters to allow uses to monitor for their names, their organizations names as well as RegEx templates. In the tool’s first two days running as a PoC it identified three child pornography sites as well as a large pirate TV network in Latin America (all reported to the FBI).
Telehealth Innovation Forum
Santa Barbara, Ca
July 2019
Innovation Zone Presenter
Provided risks and mitigations on connected medical and IoT devices to a think tank style conference on innovations in telehealth. The presentation highlighted some of the cyber and regulatory risk assessments done by my partners and I as well as recommended mitigations.
SecureWorld Expo
Santa Clara, Ca
August 2018
Keynote Speaker
Presented the lunchtime keynote at the Santa Clara Convention Center to an audience of C-level security professions titled “From Breach Fatigue to Action: How to Stay Focused to Learn”
Abstract: By looking backward, we can more securely move forward. With so many breaches being reported in the media Information Security professionals can develop “breach fatigue,” losing sight of the cause-and-effect of the controls that failed and not learning from those mistakes. This talk uses specially created technology to re-create some of the more famous and significant breaches, then walks participants through the actual hacks of the vulnerabilities that allowed the breach to occur, and then discusses how the failed controls could have been hardened to reduce or even eliminate the risk.
Cyber Security World
Denver, Co
June, 2017
Workshop Presenter
“Application Security Testing with Kali Linux.” Created and taught a one-day curriculum on web application security testing using Kali Linux as well as special testing tools I wrote for the class.
(ISC)2 World Congress
Austin, Texas
September 2017
Speaker
“Misplaced Trust: The Risks of Third-party Code in Web Applications and Mobile Apps.” Uncontrolled third-party web code has become an epidemic as a vector for such attacks as watering hole attacks, malvertising and ransomware. This talk provided live demonstrations of the attack, technical overviews and most importantly best-practices, cheat sheets and checklists.
Building Owners & Managers Association of Sacramento and the Central Valley (BOMA Sacramento)
Sacramento, Ca
June 2016
Co-presenter
“Emergency Preparedness: Cyber Attacks on Facilities.” This talk to the local members outlined the attack vectors for cyber-attacks against facilities and recommended mitigations.
Healthcare Cybersecurity Symposium
Sacramento, Ca
June 2016
Speaker
“Reverse Engineering Passage into your Organization”
InfoSec World
April 2016
Orlando, Florida
Presenter
“The Five Best Open Source Web Security Test Tools You’ve Never Heard of and How to Use Them.” Presented on five OSSW tools and how they can supplement your current testing portfolio
Sacramento County Sheriff’s Office
February 2016
Guest speaker
“Attack Vectors and Methodologies” Presented attack scenarios and vectors and offered mitigations
(ISC)2 World Congress
Orlando, Florida
September 2016
Speaker
“Ripped from the Headlines: Demonstrations of the Year’s Top Breaches” Demonstrated the control failures associated with some of the year’s major breaches and discussing mitigations.
Sacramento InfraGard 2015 Symposium
September 2015
Symposium Presenter
“Anatomy of a Data Theft Attack.” Presented attack scenarios supported by live demonstrations on current threats to cyber as well as facilities security
Sacramento ASIS Chapter Meeting
August 2015
Meeting Presenter
“Anatomy of a Data Theft Attack.” Presented attack scenarios supported by live demonstrations on current threats to cyber as well as facilities security
ISACA- Sacramento Chapter
August 2015
Meeting Presenter
“Cloudy with a Chance of Optimism: Everything Your CISO Wished You Knew about the Cloud Prior to Signing That Contract.” Presented a modified version of my Cloud Security World talk to the Sacramento ISACA chapter’s July meeting.
University of California IT Security Symposium
Davis, Ca
2015
Workshop Instructor
“After the Scan: Manual Security Assessment and Pen Testing of Your Web Application.” Wrote and taught a hands-on workshop on the validation of DAST results and penetration testing web applications.
Cloud Security World 2015
New Orleans, La
2015
Conference Presenter
“Cloudy with a Chance of Optimism: Everything Your CISO Wished You Knew about the Cloud Prior to Signing That Contract. Gave a one-hour talk on the key security considerations for an organization’s cloud transformation
SANS Healthcare Cyber Security Summit
San Francisco
2015
Panel Member
“Building and Measuring a Software Security Initiative in the Healthcare Domain”
Sat on an expert panel responding to questions on building and measuring security in a healthcare SDLC.
OWASP AppSec USA
Denver, Co
2014
Conference Presenter
“Application Security Testing with Golismero.” Presented a workshop style talk on automating security tests using the Golismero open source tool.
CactusCon 2014
Phoenix, Az
2014
Workshop Instructor
“Web Application Security Testing with Kali Linux.” Wrote and taught a workshop on assessing the security of web applications using the open source tools found in the Kali Linux distribution.
BSides Dallas Fort Worth
Dallas, Tx
2013
Conference Presenter
“Overcoming Objections to Security in Reluctant (and even hostile) Environments.” Spoke on program management strategies for implementing and improving information security programs.
BSides Washington DC
Washington, DC
2013
Conference Presenter
“Overcoming Objections to Security in Reluctant (and even hostile) Environments.” Spoke on program management strategies for implementing and improving information security programs.
BSides Las Vegas
Las Vegas, NV
2013
Workshop Instructor
“Introduction to Wireless Pen Testing and Assessment.” Wrote and taught a four-hour workshop on security testing wireless networks.
CactusCon 2013
Phoenix, AZ
2013
Workshop Instructor
“Testing SOHO Wireless Networks.” Wrote and taught a workshop on security testing wireless network with a focus on small office/home office devices.
BSides Puerto Rico
San Juan, PR
2013
Conference Presenter
“Overcoming Objections to Security in the SDLC.” Spoke on overcoming some of the common objections and obstacles to implementing a secure software development life cycle.