Russ From

Russ From

Micro And Nano-Segmentation: Lessons Learned From The Field, Thoughts On The Future

This presentation introduces Micro-Segmentation and includes industry adoption statistics, strategies, and implementation examples. This presentation came from my personal experience implementing Micro-Segmentation in a fully virtualized hosted infrastructure environment for many large hospital systems. This talk will cover why we need segmentation, what the benefits are, how it evolved, and what it enables before explaining a flaw of Micro- Segmentation and how it is addressed using the recently defined term Nano-Segmentation. I also briefly touch on the famous Zero Trust Model and how Micro-Segmentation makes security more effective by following the principles of the Zero Trust Framework. Last, I will briefly cover how any organization can implement Micro and Nano-Segmentation using Tanium in a physical and/or virtual environment that scales up to millions of endpoints.


Johnny Xmas

Johnny Xmas

Sorry About your WAF: Modern Bypass Techniques for Autonomous Attacks

Scripting and automation are absolutely critical to many aspects of an attacker’s effectiveness, penetration tester or otherwise. Modern WAFs and “bot detections” often add a small layer of intelligence to their monitoring, attempting to determine whether or not an attack is being automated, and shut the bot/botnet down. This presentation will be a mini-tutorial on how the various forms of “bot detection” out there work, and how to modify/spoof the necessary client environments to bypass nearly all of them using anything from Python Requests to Selenium, Puppet and beyond.


Chris Merkel

Chris Merkel

Shifting Security Left: Self-Service Security for Developers and Beyond

The shift to the cloud, Agile and DevOps is making it more difficult than ever for security teams to control what happens in their organizations and secure systems.

The obvious solution is more security tools, more security people, and ever-inventive ways to reign in your environment.

You. Will. Fail.

The only way to get better is by giving up the illusion of control and the delusion that you can achieve control.

Instead, we’ll talk about how engineering automation to create a culture of empowerment, self-reliance and trust can result in better security outcomes. Along the way, we’ll learn about how the adoption of Agile and DevOps is creating value in some unexpected ways…


Michelle Meas

Michelle Meas

What happens when a genome database is breached?

DNA sequencing has gotten exponentially cheaper since its invention, and is rapidly becoming a popular consumer good, given as Christmas presents and advertised on Facebook. However, the companies that perform this sequencing are effectively unregulated, and what they do with the mountains of data accumulated in this process is hardly transparent. This talk will begin with an overview of gene sequencing technology, then discuss the data actually collected by many popular companies. The talk will conclude with a discussion of how this data could be weaponized by bad actors after a data breach, both now and going forwards.


Ed Skoudis

Ed Skoudis

KeyNote: I, For One, Welcome Our New AI Over Lords

Title: I, For One, Welcome Our New AI Over Lords
Subtitle: The Ultimate Insider in the Cloud
By: Ed Skoudis and Surprise Guest
Amazing new AI-based services from Amazon, Google, and Microsoft let organizations rely on automated technology to crawl through their cloud-based data stores to identify sensitive data, security weaknesses, and hacking attempts. These AI offerings are impressive and can automate security at a scale impossible to achieve by humans alone. But, to use these commercial services, organizations must allow their cloud providers access to all of that information, exposing it to the deep gaze of an AI. In this talk, Ed will analyze the security implications of such offerings, along with the ethical, business, and privacy issues they raise as cloud-based AI intertwines itself in our lives more deeply every day. Oh, and it can turn on and off your lights too!