Opening Keynote: Maddie Stone

Maddie Stone (@maddiestone) is a Security Researcher on Google Project Zero where she focuses on 0-days used in-the-wild. Previously, she was a reverse engineer and team lead on the Android Security team, focusing predominantly on pre-installed and off-Google Play malware. Maddie also spent many years deep in the circuitry and firmware of embedded devices including 8051, ARM, C166, MIPS, PowerPC, BlackFin, the many flavors of Renesas, and more. Maddie has previously spoken at conferences including Black Hat USA, REcon, OffensiveCon, KasperskySAS, and others. She holds a Bachelors of Science, with a double major in Computer Science and Russian, and a Masters of Science in Computer Science from Johns Hopkins University.

Closing Keynote: Sara Jayne Terp

Disinformation is the deliberate promotion of false, misleading, or mis-attributed information, often designed to change the beliefs of large numbers of people. The CogSecCollab team got a little cross about that, so we built a disinformation response network based on theory, tools and frameworks from information operations, data science, narrative analysis and infosec, and are running it in several groups including the CTI League, and sharing our toolset with MITRE, NATO and various countries round the world. It’s been 4 years of work to get here: this is how we did it.

Protecting the Elderly from Cybercrime: A Community Education Approach

Sydney Brazeau

Cyber based scams and fraud disproportionately affect the elderly due to both increased targeting and psychological factors. The Internet serves as a resource for senior citizens to connect with friends and family, as well as access information about their health and finances The increased reliance on the Internet for communication and connection leaves senior citizens vulnerable to cybercrime, especially cyberfraud. Protecting the elderly from cybercrime requires interagency communication, accessible mental health resources, and community education. Through reviewing the relationship between senior citizens and cyber issues and analyzing the current frameworks, this project develops a cybersecurity community education program and adaptable framework tailored to the needs of senior citizens. The curriculum includes a lesson plan, a short quiz, a cybersecurity reference handout, an assisted notes handout, and a slide show presentation. The included framework will allow the curriculum to be updated as new cyber threats and scam trends emerge. The talk will cover reasons behind senior citizen fraud victimization and the steps communities can take to reduce it.

Sydney Brazeau will be graduating from American Public University in October with a masters degree in Cybersecurity Studies. She received her undergraduate degree in Homeland Security and Emergency Management with a concentration in Cybersecurity Management from the University of Alaska Fairbanks in 2018. In her free time, she enjoys playing with her two golden retrievers and teaching kids how to code.

Michael Jenks and Aire Youmans

There is great demand for a higher standard for the privacy of information. It is important for netizens to understand how and why their information is collected through websites, web-based service providers, and device applications. The presenters will bring together their backgrounds in law and tech to address the issues presented by mass cookie collection and storage. The goals of this presentation are to raise awareness about tracking cookies, to understand private sector uses, and to gain support from the community writ large in pushing for legislation that better regulates companies’ uses of tracking cookies. The presentation will also address the regulatory legislation of the GDPR and the CCPA and how that affects U.S. consumers. At the end of the presentation, we will cover some tips and tricks to discover, prevent, and remove these cookies on your phone and computer. (We may even sneak in techniques on how to distort the information collected and relayed to companies.) We will conclude with how you can get involved to help influence consumer-protective legislation.

Michael: Michael is an information security consultant by day and podcaster by night. He has a heavy SOC focus as he has helped build multiple SOCs and mainly in the utility sector of Portland, Oregon. He is a co-host on a Blue Team focused weekly podcast called Detections.

Aire: Aire is a law student focusing on data-privacy policy. She hopes to help drive privacy-focused policy and legislation toward greater individual and consumer protections.

Automated Social Engineering for the Antisocial Engineer

Patrick Sayler

While modern technical controls and protections can thwart basic phishing attempts, phone communication remains a lucrative avenue for would-be attackers. This is a typical route used to gain a foothold into an environment via an unsuspecting employee. However, this time-consuming manual process makes documenting and utilizing your social engineering results difficult.

Fortunately, existing interactive voice response (IVR) technology can help solve this problem. While these systems are typically used to assist people, we could also leverage them to attack.

The abundance of cloud-based services makes this easy to accomplish and even easier to expand upon with your own custom scenarios, all while capturing respondent information. This presentation will cover how to take existing, off-the-shelf tools and configure them to build your own social engineering “robot”.

Patrick Sayler is a Principal Security Consultant at NetSPI, where he leads their social engineering services.

Breaking down the ship: How Kubernetes is put together and how you can take it apart

Alex Ivkin

With the hundreds of moving the pieces in a typical Kubernetes deployment, it’s no wonder securing a cluster is a tall order. Let’s go step by step in building up the security layers, plugging up leaks along the way. Then wedge new tools in the cracks and watch it crumble back again.

Alex Ivkin is a director of solutions at Eclypsium, a Portland firmware security company. His focus is on secure deployments of (in)secure software, including container orchestration, application and platform security. Alex has two decades of security integration experience, presents, trains, teaches, drinks beer and climbs mountains in his spare time.

Frugal known vulnerability detection


Detecting known software vulnerabilities is hard to do perfectly, but it’s easy to get part way there. The CVE Binary Tool is a tool that detects issues in a few components but has grand ambitions. Learn how it works, how to use it & how to improve it so together we can help everyone be more secure.

Terri specializes in saying no and explaining things, which either describes her professional work as an open source security expert, her personal time as a the parent of a child whose favourite phrase is “what happened?” or her volunteer work bringing new contributors into Python projects through Google Summer of Code.

I tried harder


My name is FalconSpy and it took my 7 long years to make it into the Information Security Field as an Offensive Security Engineer. In order to obtain my position, I jumped through numerous hoops, networked with various individuals, and finally after 2 failed attempts, acquired my OSCP Certification in May 2019. My journey took me through graduating in 2013 from Rochester Institute of Technology with a degree in Information Security and Forensics, working web and middleware services at two Fortune 50 companies, and to finally working as a penetration tester. This presentation will share my journey with you.

Falconspy is an Offensive Security Engineer at Oracle with a background in Information Security and Forensics. I have two wonderful Shiba Inus and a loving wife that I enjoy relaxing with, hiking, or exploring.

I am new to Oregon as of March 2020.

PowerShell & Alarm Bells

Heidi Metzler

Did you know that gzip could help you classify malware?

Algorithmic complexity, also called Kolmogorov complexity, motivates the use of the Normalized Compression Distance metric to approximate the complexity of objects and measure similarities between them. This talk will show you how compression algorithms can be another tool in your security research toolbelt. From ordering snail mail chain letters to extracting the evolution of mammals from DNA sequences, this robust method of analysis can pick up patterns across diverse domains. We will examine how this powerful, language-independent technique can be employed in the realm of information security by examining previous work on worm classification and tackling the problem of detecting PowerShell-based malware. No previous knowledge of compression algorithms, PowerShell, Soviet mathematicians, or algorithmic complexity is required.

Heidi is a puzzle-solving polyglot with a penchant for pentesting. She earned a Master’s degree from the Institute for Logic, Language & Computation in Amsterdam and now hunts bugs for Summit Security Group.

From SysAdmin to InfoSec: How to Make the Jump

Jeff McJunkin & Daniel Pendolino

Join us as we explore the SysAdmin to InfoSec transition, including why it makes a logical career progression and how different SysAdmin to InfoSec paths can be. We’ll discuss concrete next steps that you can take if you want to segue from a SysAdmin role into an InfoSec career.

We’re a pair of friends and former coworkers who started out as SysAdmins before moving into the InfoSec space. Jeff is a SANS instructor and pen-tester, and Daniel works for Counter Hack doing DevOps, challenge design, and pen-testing.

Garbage Day! Sorting Through Container Image Contents

Nisha Kumar

Suppose you need to go back to a running container and figure out how exactly you made it. Maybe you want to, I dunno, see what version of software you are actually running, whether it is vulnerable, or whether it came from a trusted source, or whether you can upgrade it or reproduce it. Maybe you’d look at the Dockerfile? Maybe run a vuln scanner on it? Maybe you’re one of those YOLO devs and rebuilt it to see if your problem goes away or people stop asking for that information. Bottom line is that you can’t solve this problem easily. This talk is about why and how it can be fixed.

Nisha is the container packaging lead at the Open Source Technology Center at VMware. She maintains an open source project called Tern. She likes to think about how learnings from one field of study can be applied to another, why humans behave the way they do, and food.

What I’d really like, Dev, is to borrow the signing keys

Matt King

Signing binaries and firmware images is easy, but the mere existence of a signature doesn’t make code secure or trustworthy. If signing keys are not created, managed, and used correctly then they won’t provide the expected security benefits. This talk will review best practices for making signatures meaningful.

Firmware security and beer enthusiast.

Breached! Notification Requirements For Everyone

Robert Wayt

Regardless of the line of business your organization focuses on, there are undoubtedly breach notification requirements directed by compliance, regulatory agencies, or security practice that apply to you. When a breach is ongoing, the best time to be prepared for the stressful events surrounding the compromise have already passed. In order to be ready, organizations must accurately identify what notification requirements apply to them according to data types and processes used. Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), North American electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), Cybersecurity Maturity Model Certification (CMMC) and state statutes are just some of the compliance frameworks that provide specific direction on breach notification. This discussion will cover the requirements directed by compliance and best practice, and provide recommendations for ensuring your response documentation such as Incident Response Programs are in good order for the day we all hope never comes.

As Director of Governance and Compliance for Structured Communication Systems, Rob Wayt is currently focused on managing the team of engineers that conduct assessments and penetration testing. The team covers specialty areas such as PCI, HIPAA, NIST/CMMC, NERC CIP and risk assessment solutions across a wide variety of requirements.

Rob has over 25 years of experience in IT security, compliance and networking. His background includes security management, security program development and assessment, enclave compliance, security testing, and oversight of large scale enterprise networks.

Rob has worked extensively with the U.S. Department of Defense, state and municipal governments, school districts and commercial entities in retail, entertainment, legal, healthcare and municipal commercial parking. He has designed and implemented comprehensive security programs across enterprise networks, designed and implemented security systems, and performed compliance assessment and audits.