Pre-Conference Workshops

W1 Building an Effective Insider Threat Program

Saturday, March 30, 2019 
9:00 AM – 5:00 PM
One-Day, 8 CPEs
Randall Trzeciak, Director—National Insider Threat Center, Carnegie Mellon University, CERT

Since 2001, the National Insider Threat Center (NITC) at CERT has been researching insider threats and the risk posed to organization's critical assets. Over those 17 years, the NITC has amassed a corpus of over 2000 incidents where insiders have harmed DoD, USG, LE, Industry, and Academia organizations. This workshop will describe how malicious and non-malicious insider incidents tend to evolve over time; identify behavioral and technical potential risk indicators (PRIs) specific to insider incident types (fraud, theft of information, sabotage, unintentional); present a framework to effectively develop insider threat controls; and describe insider threat program building strategies to identify and mitigate insider threats in your organization.

  • Describe how insider incidents tend to evolve over time, identifying behavioral and technical potential risk indicators (PRIs)

  • Identify, select, develop, and implement insider threat controls

  • Navigate the insider threat control landscape

  • Incorporate insider threat controls into a formal insider risk program

W2 Securing Mobile Devices and Mobile Applications

Saturday, March 30, 2019  
9:00 AM – 5:00 PM
One-Day, 8 CPEs 
Jerod Brennen, Security Architect, One Identity

Once upon a time, a “no mobile” policy was the supposed answer to managing mobile device and mobile application security risks. Fast forward a few years, and many organizations who initially adopted that policy have exchanged it for a “mobile everything” policy. Mobile devices have found their way into organizations from financial institutions to public schools, and mobile app downloads are occurring to the tune of 200 billion downloads per year. This workshop will help professionals with mobile security responsibilities to keep up-to-date on mobile security tools, trends & techniques.

  • Then and Now
    • Evolution of consumer & corporate mobile computing
    • Current state of mobile devices & mobile applications
  • Mobile Device Security
    • Recommended settings
    • Associated risks
    • Potential business impact
  • Mobile Application Security
    • Leading practices
    • Resources for developers
  • Managing Mobile Devices
    • Mobile Device Management (MDM)
    • Enterprise Mobility Management (EMM)
    • Governance
  • Attacking and Defending Mobile Devices
    • Tools and techniques for attackers
    • Tools and techniques for defenders
  • Attacking and Defending Mobile Applications
    • Tools and techniques for attackers
    • Tools and techniques for defenders
  • Mobile Assessments and Auditing
    • Resources for assessors and auditors
    • Useful metrics
    • Understanding your stakeholders
    • Legal implications
    • Looking ahead

W3 Analogue Network Security Architecture & Design HANDS-ON

Sunday, March 31, 2019  
9:00 AM – 5:00 PM
One-Day, 8 CPEs 
Winn Schwartau, Founder, Security Awareness Company
Mark Carney, Researcher / Consultant, Security Research Labs

Can new approaches to security solve DoS/DDoS, Spam, Phishing and Data Exfiltration?

Using Analogue Security building blocks, we will begin design application concepts for attendees to work on analogue I&A designs, cryptographic applications, multiple detection and feedback operations.

Attendees will be encouraged to come up with their own security problems to solve and will also be tasked with designing security architectures for various security problems, and come up with analogue solutions, with mathematical proofs.

  • Why Analogue Security? The problems with using 40-year-old security models in a synchronous communications environment.
  • The Strategic Profile of a modern security model
  • Basic Time-Based Security: Introducing the first analogue security maths, physical metaphors that do work, and why there is no measurably definitive protection
  • A Primer on analogue concepts: Square waves, smoothing, adding and mixing, perception, trending, fractals and more
  • The Administrative Root problem, multiple administrators, and the good and bad about the Two Man Rule. Introducing the concept of Trust Factors
  • Out of Band Control Signals, VCAs & SCADA/ICS
  • Detection in Depth in the physical world and applying to cybersecurity, programming and networking. Defining the mathematical limits of security.
  • Bayesian Probability Primer
  • Bounding Security Domains
  • Measure and compare the security performance of security products
  • Analogue anti-phishing circuits
  • How to design DoS/DDoS protection with Out of Band circuitry
  • Designing tools to stop SPAM and Identification (Notification) of members of botnets

Technical Requirements: Attendees need a fundamental engineering understanding of the world of security & security modeling. A super-technical background is not necessary, but those with more technical skills will likely enjoy the problem-solving sections.

Laptop, plenty of note paper and lots of imagination!

W4 Hands on Drones: Moving from Business Threat to Business Advantage HANDS-ON

Sunday, March 31, 2019   
9:00 AM – 5:00 PM
One-Day, 8 CPEs 
Chris Kiggins, Drone Scientist, DroneWarz

*This workshop is capped at 12 attendees

Companies are looking at ways to utilize drones for business advantage and also safeguard against threats they may pose. In this workshop you’ll take a drone from concept to actual implementation. Get hands on with the technology to accurately evaluate vendor claims and understand the concepts and planning factors for employing drones or defensive systems, including:

  • Drone systems concept and communications methods
  • Experience systems with limited stabilization for nano drones
  • Hands on drone architecture: flight controller, motors, motor controllers, RF module, and other components
  • Hands on drone architecture: flight controller, motors, motor controllers, RF module, and other components
  • Payload options and planning discussion: cameras, leave behind modules to attack networks, and other sensors
  • Counter drone technology overview
  • Assembly of a counter drone turret

W5 Adversarial Threat Hunting HANDS-ON

Sunday, March 31, 2019  
9:00 AM – 5:00 PM
One-Day, 8 CPEs 
Ben Mauch, Senior Security Consultant, TrustedSec
Larry Spohn, Practice Lead, Force, TrustedSec

This course is completely hands-on, focusing on the latest attack techniques and building a defense strategy around them. This workshop will cover purple team efforts and provide methods for understanding how to best detect threats in an enterprise. It will give penetration testers the ability to learn the newest techniques, as well as teach blue teamers how to defend against them. This course applies real-world offense and defense capabilities to truly paint the full picture of understanding how attacks happen today and how to best prevent them. It contains all of the latest pentester methods as well as unreleased methods for detecting attacks. Attendees can have a penetration testing background, or be someone who focuses on defense.

Technical Requirements: A basic understanding of Windows and Linux systems. A laptop with 30GB free space.

Post Conference Workshops

W6 Building Incident Response Playbooks 

Wednesday, April 3, 2019
1:00 PM – 5:00 PM
Half-Day, 5 CPEs
Chris Taylor, Security Consultant, Taksati Consulting

Incident Response is a lot like fighting fires. While a house is burning down is not the best time to try to come up with a plan on how to properly attack a fire. By developing a series of plans of actions for the most common types of incidents, the plan of attack can be laid out ahead of time and then followed when needed. Following a pre-planned playbook ensures actions occur quickly, no steps are missed, incidents are responded to consistently, and new incident responders can easily fall into the team’s way of responding. In this workshop we will discuss some common incident types and then develop playbooks for those incident types, with the goal of teaching how playbooks are built so you can create your own customized specifically to your environment.

  • Planning for Incident Response
  • Security Orchestration Tool Comparison
  • Incident Types and Categories
  • Playbook Design
  • Playbook Execution

W7 Cloud Risk and Governance HANDS-ON

Wednesday, April 3, 2019
1:00 PM – 5:00 PM
Half-Day, 5 CPEs
Jon-Michael Brook, Principal, Guide Holdings
Randall Brooks, Engineering Fellow, Raytheon

  • Landscape of the risk and compliance frameworks
  • Where to integrate with other industry cloud tool sets for policies and standards compliance
  • How to streamline your cloud approval and adoption process
  • Hands-on software experience with STAR Watch, the Cloud Controls Matrix, and open source tools
  • Demonstrations of the compliance software vendor competitive landscape

W8 But It’s Only Me! Designing a Practical, Pragmatic Security Program for SMBs

Wednesday, April 3, 2019
1:00 PM – 5:00 PM
Half-Day, 5 CPEs
Barak Engel, Founder, EAmmune & Author of Why CISOs Fail

For the majority of small and medium businesses, hiring a Chief Information Security Officer isn’t an option. The development and implementation of a security program falls upon IT team members already in place, and most of these IT professionals don’t have the experience to create a security program for their organizations.

This workshop takes attendees through the basics of an InfoSec program, and focuses on key objectives every security program should have. Attendees will leave with practical lessons on identifying what’s really required at their company, what resources they can call upon, and how to structure a program that can reduce the risks facing their IT environments.

  • Examine “real life” scenarios where small organizations have created InfoSec programs
  • Practical advice on how to select controls and identify objectives for a successful InfoSec program, regardless of size
  • Review opportunities to collaborate with other business teams, and engage external resources
  • Walk through scenarios and design program components as a team within the session

Technical Requirements: Laptop with web browser

W9 The Defender Mindset: Application Security for Today’s Leaders

Wednesday, April 3, 2019
1:00 PM – 5:00 PM
Half-Day, 5 CPEs
Ted Harrington, Executive Partner, Independent Security Evaluators

This workshop is structured to address the seemingly overwhelming collection of security concerns with which today’s leaders contend:

  • Do you struggle with designing and implementing a security program that effectively achieves the goals outlined in your security mission?
  • Are you interested in better understanding how hackers think, how they operate, and how to defend accordingly?
  • Do you struggle to know where to invest resources in order to best deliver security to your organization?
  • Are you concerned about your organization suffering a security incident under your watch?
  • Are you seeking more certainty that by investing resources into a given security approach, that investment will deliver the outcomes you seek?
  • Do you have the appetite and capacity for change?

If any of this describes you, this is the workshop for you. A mixture of research-based presentation combined with interactive group exercise, this workshop seeks to empower today’s security leaders. This workshop will teach attendees how to:

  • Implement a 3-phase action plan, based on years of practical experience in security research and security consulting, designed to help equip leaders to deal with modern attackers
  • Define and implement a threat model
  • Differentiate between assessment methods
  • Understand level of attacker intensity
  • Challenge conventional wisdom

W10 Critical Thinking for Investigators

Thursday, April 4, 2019  
9:00 AM – 5:00 PM
One-Day, 8 CPEs 
David Toddington, Founder & CEO, Toddington International

“Critical thinking is an objective analysis of a problem based on rational thought, self-awareness, honesty, open-mindedness, and an awareness of the frailty (and danger) of our own judgements.”

All too often, mission critical investigations fail because those involved jump to conclusions and draw faulty inferences that leave the trail cold. Correct conclusions are not the result of guessing, but by applying efficient thought processes. “Critical Thinking for Investigators” is an intensive one-day classroom-based workshop designed to help investigators and intelligence professionals, in both the private and public sector, avoid making incorrect assumptions by using logic, reasoning, critical thinking, and scientific methodology in their investigations.

Having been involved with criminal investigations for nearly 30 years and OSINT training within the law enforcement and corporate world for over two decades, David Toddington provides insight into “how to think about” the vast amount of data that can be uncovered during the course of an digital investigation along with an overview of some surprising lessons learned in his filming of four seasons of the "social experiment" that is the BAFTA nominated, hit UK television series “Hunted”.

Technical Requirements: Laptop with web browser


  • March 30 - April 1, 2020:
    InfoSec World 2020 Conference & Expo!