BIC Winter Conference 2023 will be on Saturday February 25, 2023 from 9:00 AM EST - 5:00 PM EST
Tickets are available here.
Access the virtual venue here.
BIC HQ is planning our In-Person meet up after the virtual event at 6:30 PM EST at:
609 H St NE 6th Floor, Washington, DC, 20002
Thank you to our sponsors!
Winter Conference 2023 Call For Papers is currently closed but, usually located here.
Winter Conference Sponsor Sheet
Winter Conference 2023 Talk and Workshop Schedule
Track # 1 - Offensive Security Engineering
Speaker: Hugh Shepherd
Time: 10:00 AM EST
Security Strategies for Critical and Smart Infrastructures
Speaker Biography: N/A
Security of critical infrastructure and smart infrastructure is a serious concern. As more and more of these systems become interconnected, the level of risk increases. The purpose of this talk is to raise awareness and to start a discussion on possible strategies for improved security.
Speaker: Robert McNair
Time: 11:00 AM EST
Cloud Security: The Importance of Defending Your Organization
Robert McNair is a 2nd Generation IT Professional, Cloud Evangelist, Public Speaker and Motivator with over 20 years of experience in the IT industry. He has a passion for speaking and connecting our community to their purpose in Tech! Fun Fact: His father was a hidden figure working on developing Barcodes in the late 1960s.
Talk Description: N/A
Speaker: Chantel Sims
Time: 12:30 PM EST
Title: Refining Your Offensive Pentest Methodology
Using her background in Psychology and Education, Chantel weaves human behavior into her work as a Security Consultant with NCC Group; a global cyber and software resilience security firm. She specializes in pen testing a number of technologies across different industries and sectors. In her free time, she enjoys learning new hacking techniques, researching the cosmos, reading philosophical texts, and spending time with her loved ones. Bringing integrity, positivity, and an open mind to all things new drives her passion for hacking.
A pentest is only as good as the pentester. For a pentester to successfully cover a client's needs, it's important that a thorough pentesting methodology is utilized. Methodologies typically expand as we gain more hands-on experience. In this talk, we'll cover elevating our methodology as pentesters within a shorter time frame while also addressing the barriers that can get in the way of learning new tools & techniques that will ultimately expand our methodology.
Speaker(s): Craig Bowser and Lu Goon
Time: 1:30 PM EST
Title: Security Engineering != (Admin || Analyst || Responder)
Craig Bowser is an infosec professional with over 20 years of experience. He has worked in a number of infosec roles in the US government and is currently a Security Solutions Architect at GuidePoint Security. He is a Christian, Father, Husband, and Scout Leader who enjoys sci-fi fantasy. home networking, reading, and hiking.
The field of Security Engineering has evolved as an essential function within the Information Security industry. Security Engineers are responsible for many aspects of protecting the enterprise including designing of secure systems, supporting security operations, and protecting business platforms, data centers and the cloud. The role of Security Engineers is sometimes confused with system administrators, security analysts or even penetration testers. Yet the industry recognizes the need for Security Engineers with over 1000’s of opportunities in the DMV region alone. This talk will address questions such as “What is a security engineer?” and “Aren’t they the system administrators?” and provide practical direction for building a security engineering career.
Speaker: Leron Gray
Time: 2:30 PM EST
Title: Gimme The Loot - Lemme Hold A Token Real Quick
Leron Gray is a senior security consultant on Bishop Fox's Red Team. With nine years of offensive security experience, he previously served on the Azure Red Team at Microsoft, as a penetration tester, and as a Cryptologic Technician (Networks) for the U.S. Navy. Leron holds a Masters in Cyber Defense from Dakota State University and is a PhD candidate for Cyber Operations. He has a graduate certification in penetration testing and ethical hacking from SANS Technology Institute.
With many organizations building their environments from the ground up in Azure and Azure AD without traditional networks, penetration testers need to change their mindset around initial access and lateral movement to match the nature of cloud environments. Azure AD environments with no Azure provisioned infrastructure (like storage or virtual machines) have much smaller footprints than traditional networks or even hybrid AD environments. This talk will discuss some of the challenges found in pen testing pure Azure AD/Office 365 environments and provides a scenario in which we go from reconnaissance to stealing user access tokens. Post-MFA headers are like currency, so lemme hold a dollar token real quick.
Speaker: LaGarian Smith
Time: 3:00 PM EST
Prepping for OSCP: Achieving Balance
LaGarian is an active duty Marine with nearly 20 years of service and experience in IT and Cyberspace Operations.
Talk Description: This talk will cover the resources needed to prepare and pass the OSCP exam with focus on time management principles that can be applied to avoid undue stress.
Track # 2 - Industry Knowledge and Academia
Speaker: Dr. Cynthia Sutherland
Time: 10:00 AM EST
Title: Navigating Cybersecurity: Getting In and Staying In!
Dr. Cynthia Sutherland is a multiaward winning, global cybersecurity leader serving as Amazon Web Services' Global Automotive Security Assurance Lead with a 16 year cybersecurity career across multiple industries. Prior to AWS, she was the first senior executive to serve as the Chief Information Security Officer (CISO) for Federal Emergency Management Agency (FEMA) were she led integration of cybersecurity into America's emergency management systems. She came to FEMA from serving as the Joint Chiefs of Staff CISO were she led the integration of cybersecurity into military weapons for U.S., 23 countries, and NATO. Her passion is professional development and mental health of the cybersecurity profession.
Most look at Cybersecurity from the perspective of technology, cyber-attacks, and as a high demanding career field with solid compensation. However, what is not discussed is what it takes to get in, stay in, and be successful in the field. Navigating a cybersecurity career can be even more of a challenge when you have limited exposure and unconscious biases. This session navigates through the Confidentiality, Individuality, and Awareness (C.I. A.) Pillars for a Successful Cybersecurity Career, mental health as a security concern, and shows how representation does matter in cybersecurity. The goal is for participants to walk away with tips on how to close the gaps in their performance and identify their uniqueness, value to an organization, and ideas on how to increase awareness of their capabilities in their organization.
Speaker: Dr. Xavier-Lewis Palmer
Time: 11:00 AM EST
Title: Simplifying Graduate School w/ Interactive Q&A Session
Dr. Xavier-Lewis Palmer is a multipotentialite of biology, engineering, and cybersecurity. He holds an Engineering PhD, an MS in Cybersecurity, an MS in Biotechnology, a BS in Biology, and a BA in Philosophy, with an interdisciplinary mix of numerous biology, engineering, and cybersecurity-based publications. A strong passion for both STEM education outreach and technological intersections that can improve community health and outcomes, fostered by diverse work experiences, help drive him He believes that in this ever-complex world, it is beneficial that we all keep learning, find ways to be involved in education, and help bring forth creative and helpful innovations, ideas, and conversations, where practical.
This talk aims to simplify graduate school for those interested in Graduate School, but not knowing where to start. Topics to cover are: Reasons and Tips for Applying, Navigating the Graduate School Process from start to Graduation, and Helpful Resources. The last half is open for specific questions that the audience has that are not covered.
Speaker: Kassandra Pierre
Time: 12:30 PM EST
Threat Modeling Your Careers: Creating a Plan for your Professional Success
Kassandra Pierre is a champion of advocacy. She has seen firsthand the positive impact diverse spaces can have on women, individuals with disabilities, and multi-minority individuals and she recognizes allyship as imperative to unlocking human and organizational potential.Kassandra’s work with youth and adults in education and mental health care settings fuels her
ongoing mental health advocacy and has enabled her to empower many people to overcome personal and professional obstacles. She is a trained crisis Interventionist and support group facilitator with over fifteen years of experience providing technical assistance and governance in
the nonprofit, public and private sectors. Kassandra is a Certified Scrum Master and a Certified Scrum Product Owner currently employed as an AVP in Technology Talent Development with a global financial institution. She
serves as a Disability:IN NextGen Leaders Program Mentor, has been an Advisory Board Member and presenter for the 2022 SANs Neurodiversity Summit and is the Founder and Affiliate President of the WiCyS (Women in Cybersecurity) Neurodiversity Affiliate. Kassandra is a technology enthusiast and is a nerd for threat intelligence, data privacy, and cybercrime. She is currently completing a degree in Cybersecurity and in her free time, enjoys
gardening, playing with her dogs and cooking for friends and family.
Contact Kassandra Pierre:
Speaker: Dondi West
Time: 1:30 PM EST
Title: DEI 2.0: It’s time to see Diversity, Equity and Inclusion measured and tracked as a security control
Dondi West is Global Security Counsel at TikTok where he advises senior leaders and network defenders on matters related to Cybersecurity, Incident Response, Security Governance and Security Legal Compliance.
This talk will consider diversity as a cyber readiness issue. It’s time for the security community to consider whether the level of diversity in a company's security workforce should be viewed as a security control, or factor that reduces risk. We must have a diverse security workforce to counter quickly evolving and diverse threats. Diversity and Inclusion in a company’s security workforce can no longer be viewed as an HR/recruitment issue, or a nice to have.
Speaker: Ashley Sequeira
Time: 3:00 PM EST
Title: From Gamestop to Google: How to leverage your personal skillset into a unique cybersecurity career
Ashley Sequeira hails from Las Cruces, NM with her husband, Dan and her two dogs, Carbon Fiber and Graham Cracker. She is a recent graduate of Boise State University. During her time at Boise State University, she concluded her career at Palo Alto Networks and started with Google July 2022. While at Palo Alto Networks, she ran the Security Operations training program, consulted for SOAR platforms, worked as a Professional Services Consultant and ran an employee resource group focused on Veterans. Prior to her time at Palo Alto Networks, Ashley worked in a Security Operations Center and served 13 years in the Army Reserve. In the Army, she competed on the National Taekwondo Team(2011, 2015), played in the Army Band and learned her fundamentals in IT.
She holds a Bachelor's degree from Southern New Hampshire University in General Studies, an Associate of Science in Information Systems Security, an Associate of Arts in English Literature and Communication, an Associate of Arts in English and an Associate of Arts in General Studies. Ashley holds technical certifications from SANS(GCIH), CompTIA(A+, Mobility+, Security+, CySA+), and Palo Alto Networks(PCSAE, PCDRA).
This talk will cover my journey through cybersecurity. I began in retail and now work at Google, without writing any code. All folks involved in cybersecurity already have unique skills that can likely be leveraged to further their careers in the industry. All folks who want to break into cybersecurity also have other skills that can be leveraged to "break in".
Speaker: TJ McClearin
Time: 4:00 PM EST
Title: Who is Xcape, Inc. and what is PTaaS?
A builder of systems, infrastructure, and tech, with a concentration in security, DFIR, and cellular communications, building redundant highly available systems inside mixed unforgiving environments is my specialty. Whether on-premises, cloud-based, or mixed-use, I take pride in maximizing uptime on infrastructure through policy and automation. Coupled with my executive background, I excel working on and with teams of both engineers and decision makers, my best quality is the ability to make high-level concepts easy to understand, to provide a roadmap to success identifying hurdles and addressing them with solutions.
Track # 3 - Interactive Panels and Live Streams
Speaker(s): Akil George and Melissa Daley
Time: 11:00 AM EST
Title: Sophisticated Scams for the Average User
Speaker Biography: N/A
Scam messages, we get them all the time. Be it emails, texts, private messages on social media; they'll always find some way to you. But with these attempts to get your sensitive information getting more and more sophisticated, how can we better defend ourselves? What do some of these look like and what are some easy ways to ensure you don't get scammed?
Learn all this and more at the presentation!
Speaker: Kaitlin O'Neil
Time: 4:00 PM EST
Title: Hiring Hacked: Using Linkedin Like a Pro
Kaitlin O’Neil, is the Recruiting Manager at Bishop Fox and co-founder of the Bishop Fox mentorship program. She has spent the past ten years in technical recruiting for multiple Fortune 100 software organizations. She is passionate about connecting with diverse talent in the cybersecurity space.
Track # 4 - Workshops and Classes
Speaker: Teresa Allison
Time: 9:00 AM - 2:00 PM EST
Title: Developing Your Cyber Career Action Plan
Teresa Allison is the ISSA DC Chapter VP of Programs and Events. She is a Cybersecurity Consultant with over 20 years of experience in IT for a large consulting firm in the Washington DC Metropolitan Area. She has served as a trusted advisor to CIOs and CISOs as well as their staffs by providing them with solutions for addressing their
management needs for multi-billion-dollar federal information
Have you been thinking about transitioning to a career in cybersecurity, but are not quite sure how to make your dream a reality? Are you currently working a cyber job but want to make a plan for advancement? This program walks you through the steps that you need to take in order to explore your cyber career options. It gives you a structured framework for exploring your interest in cyber, researching cyber positions, learning about cyber policies and standards, learning cyber tools, obtaining cyber / IT certifications, as well as applying for cyber jobs. This approach helps you to create your own cyber career action plan so that you can position yourself to join the field of cybersecurity.
Speaker: Dontae Tyler
Time: 2:00 PM EST
Title: Cyber Hygiene 101
A community college drop-out born in Southeast Washington DC but by way of Prince Georges County, Dontae Tyler believes that success in the tech industry does not have to be traditional. With over 9 years of experience in IT, supporting various federal agencies Dontae has begun to distinguish himself as a premier advocate for GRC, Data Privacy and Security Awareness Training. He currently holds several certifications including CISM, CDSPE, CEH, SEC+. Dontae's unconventional cyber awareness training and education teaching methods seek to educate the everyday user and challenge the most experienced tech professionals on the evolving cyber threats.
Dontae Tyler developed a security awareness training called Cyber Hygiene after getting tired of sitting through boring cyber security awareness videos that were not effective. After conducting his own research, He was able to come to the conclusion that the annual security training of the past was not as effective in remediating issues related to non-technical people utilizing interconnected devices and systems to complete their work. In his training he plans to equip end users with simple yet effective mitigation strategies and tools to reduce risk to acceptable levels.