Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Defender Strategy [clear filter]
Friday, May 5


Burning Down the Haystack
How do you find the needle in the haystack? Burn all the hay! In this talk, Tim aims to show how automation can help "burn the hay" and deal with the overwhelming volume of alerts that IR analysts deal with on a daily basis. Tim will give examples of Security Automation & Orchestration (SAO) speeding up the alert triage process through enrichment from internal and external tools, proceeding to a human decision in the loop and then going directly to take response action through integration with existing security tools such as firewalls, proxies, and endpoint solutions.

avatar for Tim Frazier

Tim Frazier

Security Engineer, Phantom
After 10+ years working on IT Networking and InfoSec in and with large organizations such as the US Army and the Federal Government, Tim made the only logical choice and joined a Cyber Security start up. During his varied career, Tim has built networks, led teams, architected security... Read More →

Friday May 5, 2017 9:00am - 10:00am
Scruffy City Hall 32 Market Square, Knoxville, TN 37902


Put up a CryptoWall and Locky the Key - Stopping the Explosion of Ransomware
Ransomware is spreading at an alarming pace and infecting networks across all industries and company sizes, primarily though phishing attacks. The cyber criminals behind the attacks are furiously innovating and keeping ahead of the defenses. In this session we will have an interactive discussion related to the latest in ransomware threats and how to best protect your organization and yourself against this growing threat. In this session we will examine:
  • Current phishing trends
  • Ransomware and how it is infecting networks
  • Effective mitigation strategies
  • Recovering from an attack

avatar for Erich Kron

Erich Kron

Security Awareness Advocate, KnowBe4

Friday May 5, 2017 9:00am - 10:00am
Preservation Pub 28 Market Square, Knoxville, TN 37902


You can't screw up Poptarts
Implementing an Information Security Program is not a simple process. There's not a simple, one size fits all, two instruction (e.g. Poptarts), playbook for getting it done, and as a result things can be missed.

This is not a technical talk. This is a talk about gaps commonly found in the information security programs in place at organizations of all sizes, verticals, and industries. Its about the details that are sometimes missed within the blueprints of an organizations security program designs. I will discuss some of these key gaps I've seen in my experiences as a Security and Compliance consultant of 15 years and offer guidance on how to address them.

avatar for Kevin Thomas

Kevin Thomas

Co-Founder, Contextual Security
Co-founder of Contextual Security Solutions, Halo Enthusiast, Fan of Poptarts, Bald.

Friday May 5, 2017 10:00am - 11:00am
KEC 17 Market Square #101, Knoxville, TN 37902


Open Source Defense: Building a Security Program with Zero Budget
Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?

avatar for Kyle Bubp

Kyle Bubp

Founder & Principal Consultant, Savage Security
For over a decade, Kyle Bubp has been elevating the state of security for enterprises, service providers, government organizations and the industry at large. Throughout his career, Kyle has worked on several privileged and classified U.S. government projects for multiple 3-letter... Read More →

Friday May 5, 2017 11:00am - 12:00pm
Scruffy City Hall 32 Market Square, Knoxville, TN 37902


Escape And Evade: Fugitive Infosec Lessons from CBS's "HUNTED"
About the Talk
We will talk about the ways the people on CBS's "HUNTED" used technology to escape, evade, and even taunt the trained hunters pursuing them. We will use these clips to talk about security techniques, methods, and real world applications for today's information security professional.

About Hunted
Hunted follows nine teams of two in a real-life manhunt as they attempt the nearly impossible task of disappearing in today’s vast digital world as highly skilled investigators combine state-of-the-art tracking methods with traditional tactics to pursue and catch them. From searching their targets’ homes and scouring their internet and cell phone histories, to identifying behavioral patterns, Hunters in the field and Command Center investigators work together to identify clues to potential hiding places and collaborators that can ultimately lead to capture. A grand prize of $250,000 will be awarded to each team that successfully evades being caught for up to 28 days.


Shannon Powers

He first started hacking on a TRS80 at the kitchen table. While not in front of a glowing screen, he has a growing interest in escape rooms.

Friday May 5, 2017 2:00pm - 3:00pm
KEC 17 Market Square #101, Knoxville, TN 37902


Exploit Kits Explained
Exploit kits (EKs) first appeared in 2006 but their initial growth was limited by the high level of technical expertise required to use them. Over time, however, EKs have steadily evolved into easy to use (and important) tools in the growing Crimeware-as-a-Service (CaaS) industry. Due to their effectiveness in delivering many different kinds of malware, Blue Teams should understand them. This presentation will begin by differentiating an exploit from a payload. It will then define the term exploit kit and discuss their most common characteristics, including their management consoles and delivery techniques. To give attendees some perspective, the presentation will examine several famous EKs to explain what makes them so successful. Attendees will then be led through an example EK Infection Chain, including a discussion of the crucial role that DNS plays in EK effectiveness. The session will close with a discussion of current best practices for protecting against EKs and predictions of what Blue Teams can expect to see from EKs in the future.

At the end of this presentation participants will be able to:
•Explain what exploits kits are and what they are most commonly used for
•Describe the relationship between exploit kits and Crimeware-as-a-Service (CaaS)
•Describe the difference between an exploit and a payload
•Name exploit kit components and architecture
•Discuss exploit kit delivery methods
•List the prerequisites required for an exploit kit to successfully compromise a device
•Deploy those best practices that will most protect against exploit kits
•Explain why exploit kits will continue to threaten all types of organizations for the foreseeable future

avatar for David Vargas

David Vargas

Dave Vargas is a lead consultant at VATG, Inc. where he fights (and sometimes defeats) all kinds of malware. In his spare time, he teaches cybersecurity at several colleges in the Washington, DC-area. Dave graduated magna cum laude from The George Washington University and has completed... Read More →

Friday May 5, 2017 4:00pm - 5:00pm
KEC 17 Market Square #101, Knoxville, TN 37902