Click here for Keynote
Dennis M. Allen
Let’s Go To The Movies!
Dennis M. Allen is the Cyber Training Technical Manager for the CERT Cyber Workforce Development (CWD) directorate, at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University (CMU) in Pittsburgh, PA. CWD has implemented several cutting edge training solutions for the Department of Defense (DoD) and Federal Government. Dennis received a Bachelor of Science in Computer Science from St. John Fisher College (Rochester, NY), and a Master of Science in Information Assurance from Norwich University (Northfield, VT).
Dennis has been with the SEI for 10 years and has more than 22 years of information technology and security experience with fortune 500 companies, government and military organizations, and many small businesses. He has delivered numerous professional training classes, presented at industry conferences, and he teaches the Applied Information Assurance graduate course for the Information Networking Institute at CMU. Dennis is continuously looking for innovative ways to improve education, training, and assessment for our next generation cyber warriors.
Matthew Arnold
How Secure is your Linux Distro?
Matt Arnold is a random hacker who has worked on Linux Distributions on and off for 7 years, mainly through Debian and Ubuntu, with minor contributions to Slackware, Crunchbang and others through the years. He is currently underemployed although he is open to changing that if you have offers 🙂
Rockie Brockway
Enterprise Class Threat Management like a Boss
Rockie Brockway serves Black Box as Information Security and Business Risk Director and Senior Engineering Director. With over two decades of experience in InfoSec/Risk, he specializes in Information Security Risk Management and the inherent relationship between assets, systems, business process, and function. Rockie offers perspectives on how adversaries may find value in business data, highlights the business impact and ramifications of the theft, disruption, and/or destruction of that data, simulates the adversarial data breach/theft to gauge the organization’s detection and reaction capabilities, and provides rational and reasonable business risk mitigation recommendations. He is a BSidesCLE organizer and recovering cynic, zero FUDs given.
Adam Dean
Real security incidents, unusual situations
Adam Dean is an Associate Security Specialist at GreyCastle Security. Adam is a graduate of the University of Advancing Technology with a Bachelor’s degree in Technology Forensics. Adam has experience identifying, containing, eradicating, and recovering from computer security incidents ranging from malware based infections to malicious insiders.
Gary Dewey
Cluster Pi
I currently work at I3 Electronics, where I do CAD/CAM work for printed circuit boards but I have an associates degree in computer security and forensics, which is my real passion. I have done cyber aces competition online and attended 2015 US Cyber Challenge East Coast Camp. I’m also a member of the Triple Cities Maker Space.
Jeff Foley
Counter UAS (C-UAS)
Jeff Foley is a Director of Engineering for Alion Science & Technology, he sits on several cyber security advisory boards, and his work has been featured within the DoD, DHS, and the Intelligence Community, as well as many universities and Fortune 500 companies. He is an accomplished technologist known for developing and delivering game-changing research findings to help overcome real-world challenges in federal, commercial and academic problem spaces. By leveraging a mix of information security research leadership and IT security expertise, Mr. Foley shares his knowledge and insight to assist government, businesses, students and professionals achieve their missions and objectives in the ever-changing cyberspace domain. In his spare time, Mr. Foley enjoys experimenting with new blends of coffee, supporting local university’s cybersecurity programs, and participating in information security competitions, such as DEF CON Capture the Flag.
Jaime Geiger
Android Application Function Hooking with Xposed
Jaime Geiger is a fourth year Computing Security student at the Rochester Institute of Technology. He is also a Security Consultant for Grimm, the company where he will be working for full time upon graduation as a JMF Vulnerability Engineer. He enjoys CTF’s, teaching people about security, and staring directly into the bits of whatever binaries he can get his hands on.
Artsiom Holub
Deconstructing The Cyber Kill Chain of Angler Exploit Kit
Artsiom Holub is currently security analyst at OpenDNS and has been a freelance pentester in the past.
Nitin Jami
Exploring SecAccessControl Obj in iOS 9 Keychain
Nitin Jami is a security consultant with the NCC Group. Nitin has led and participated in many web and mobile security assessments. Nitin’s main interest lie in OS internals, and spends most of his spare time understanding iOS/OS X internals. He also provides internal and external trainings on mobile application testing. Nitin received a Master of Science in CyberSecurity from NYU Poly and helped run school’s hacknight program.
Devon Kerr
Passive detection doesn’t work: lessons from a hunter of elusive nation-states
Devon Kerr is a Principal Consultant in Mandiant’s Alexandria office. Mr. Kerr has led and participated in threat assessments, incident response engagements, forensic analysis, and proactive assessments. Mr. Kerr routinely teaches enterprise incident response for Mandiant and FireEye customers as well as at Blackhat.
Mr. Kerr has worked with clients in financial services, defense, manufacturing, aerospace, telecommunications, media, healthcare and infrastructure. Many of those clients rank in the Fortune 50 or Fortune 100.
Technical publications include the topics of Windows Management Instrumentation (WMI), Windows Scripting Host (WSH), Incident Response methodologies, proactive threat detection, ColdFusion exploits, security issues facing government contractors, UNIX-based investigative techniques, and investigative case studies. Mr. Kerr has spoken at CanSecWest, SANS DFIR USA, the inaugural DoD Incident Response Forum, FS-ISAC Summit, and delivered the keynote at SANS DFIR Prague. In March 2016, Mr. Kerr will be speaking at Norway’s CERT summit is Oslo.
Prior to joining Mandiant in 2011, Mr. Kerr spent more than a decade in Network Operations and ISP infrastructure.
Mike Kershaw
Bringing a project back from hibernation – Reviving Kismet
Mike Kershaw is the author of Kismet and related open-source Wi-Fi and Android tools, and assorted open-source hardware projects.
John N. King
CSRF Attack & Defense
John is an application developer with 10+ years of experience, with a focus on product development and application security. He works for RIT, serves as an officer of the Rochester chapters of OWASP and ISSA, and assists with the annual Rochester Security Summit.
Gabe Kirkpatrick
I Know Where You Live: Privacy Issues in Location-Based Apps
Gabe Kirkpatrick wasted the majority of his youth staring at Pokemon ROMs in hex editors. He is currently studying Computer Science at Rochester Institute of Technology where he continues to waste most of his young adulthood staring at things in hex editors.
Fernando Montenegro
Economics of Information Security
Fernando is a Senior Systems Engineer with vArmour. He works with organizations looking to leverage micro segmentation and other security architectures for cloud and data centre environments. Prior to vArmour, Fernando was a Systems Engineer with RSA, SilverTail, Crossbeam, and Hewlett-Packard. His areas of interest include security economics, particularly behaviour economics, data science, and network security. He holds a degree in Computer Science and industry certifications.
Nicholas Piazza
Fault Tolerant Command and Control Networks
Nick Piazza 4th Year BS/MS Computing Security at RIT Former Technology Lead and VP of RIT’s Competitive Cybersecurity Club (RC3)
Chaim Sanders
The Life and Times of Hans Ostmaster
The Security of Base64
Chaim Sanders has a versatile background in many areas of security ranging from signals emanation research to secure software development lifecycles. His currently works at both RIT where he lectures and at Trustwave where he conducts web application security research as well as development and support of both the ModSecurity web application firewall and the OWASP Core Rule Set (CRS) projects. Chaim frequently shares his research at many conferences nationwide and on various blogs.
Chaim holds a Bachelor and Master of Science in Information Security from the Rochester Institute of Technology (RIT)
David Schuetz
A (not so quick) Primer on iOS Encryption
David is a Senior Consultant with NCC Group, where he performs web and iOS application security testing, iOS research, MDM reverse engineering, and other such fun. He’s honored to have spoken at multiple security conferences on topics from rainbow tables to iOS and MDM to puzzle contests. When not actively engaged in paying work, David loves solving crypto puzzles, working on side projects like KhanFu, and playing Ingress. He can be found on Twitter as DarthNull, and is perpetually behind in his blogging at darthnull.org.
Max Sobell
Letting the Crap Out of the Bag: Adventures Disclosing IoT Bugs
Max has extensively researched and responsibly disclosed vulnerabilities in contactless payment systems, mass transit access control, and mobile applications. Before working in security, he designed high speed trading algorithms and worked in commodities. Max is a licensed HAM operator and contributes chapters to several best selling Linux books. He has presented his research at ShmooCon, CanSecWest, EuSecWest, Derbycon, SOURCE: Boston, and various local conferences.
Duncan Sparrell
eSDP – Rings Around Things in the Cloud
Duncan Sparrell (@dsparrell) is a seasoned (aka old) network security evangelist with 38 years of expertise in conceiving, developing and delivering state-of-the art software platforms. Duncan graduated from RPI with Bachelor and Master Degrees in Electrical Engineering back when computers were the size of buildings and programmed with punch cards. He joined AT&T Bell Labs before most of the attendees were born and is now enjoying retirement and having time to get funny letters after his name (CSSIP, CSSLP, CCSK, PE) and to go to cons. Duncan has been doing cybersecurity since the first Gulf War where he worked red team projects that helped him recognize how far behind the blue team was. Working as the lead architect in Chief Security Office, Duncan architected many of AT&T’s network security technologies and programs. In 1994, the US Government awarded Duncan the Intelligence Seal Medallion and in 2010 AT&T awarded him the AT&T Science and Technology Medal. He resides in Virginia but summers on Lake Canandaigua. His passions include his family, genealogy, NoVa Hackers, cloud security, agile, secure software development, and the erlang programming language.
Jared Stroud & Bryan Harmat
Red Ops: Scaling & Automating Your Pwnage
SPARSA Graduate Student Advisors Bryan and Jared are two BS/MS students of the Computing Security Department at the Rochester Institute of Technology. During their academic careers they have engaged in several attack/defend competitions. These competitions have a red team (the attackers) actively seeking to exploit networks, and a blue team (the defenders) which actively defends their environment. This talk is discussing how they are using DevOps tools to effectively control hosts in order to maintain persistence on a network.
Jon Szymaniak
BSidesROC CTF: QA Session
Jon is the BSidesROC CTF Op. He lives for two things: punk rock and embedded systems. When he’s not developing software, debugging drivers, or staging firmware builds, you’ll likely find him kicking it to Mischief Brew while voiding the warranty on his latest toy. He is currently an embedded systems engineer at Nuand, developing and maintaining the open source software for the bladeRF software defined radio (SDR).
Joe Testa
Bitclamp: A Permanent and Anonymous Publishing Platform Over Bitcoin
Joe Testa is co-founder of Positron Security, a Rochester-based computer security company. He specializes in penetration testing, exploit development, social engineering, and server & network hardening. Prior to co-founding the company, he excelled as a security researcher and vulnerability test programmer for Rapid7. Testa holds a Master of Science degree in Computer Security and Information Assurance from the Rochester Institute of Technology, along with a Bachelor of Science degree in Psychology and Computer Science from the University of Maryland at College Park.
Holly Turner
How to Hug a Hacker
Holly, who is a Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP) and a LSS Black Belt, joined Xerox in 1996. Her path in Xerox included roles in development, test, project management, and technical support, spanning Technical Services, Managed Services and her most recent position as Professional Services Security Analyst. Holly has been the national process owner for the Hard Drive Retention Offering, as well as Security Technical Consultant advising LEO field accounts teams on critical security and vulnerability issues impacting service delivery. Holly is currently the Vice-President of the Rochester ISSA chapter and chairperson for the Rochester Security Summit. See LinkedIn for more information
Christopher Wood
Let’s Check Let’s Encrypt: A Tool for Code-Driven Threat Modeling
Christopher Wood is a third year Ph.D. student at the University of California Irvine, focusing on the intersection of cryptographic engineering, content-centric networking security, and related applications. He is also a member of the CCNx core development team at PARC. He obtained a B.S. in software engineering and computer science and an M.S. in computer science from the Rochester Institute of Technology (RIT) in 2013. He was a summer intern at PARC in the summers of 2013 and 2014. Earlier, he interned at Intel, L-3 Communications, and other small software firms. Christopher is a recipient of the NSF GRFP fellowship, and a student member of the IEEE, SIAM, ACM, and IACR.