Olivia Stella

Olivia Stella

Deciphering Aviation Cybersecurity Regulations

The aviation industry is synonymous with government regulation, but what does that mean in regards to cybersecurity? The industry is historically reluctant to provide information, leading to an assumption by those on the outside that security by obscurity is the standard. However there are several statutes in place if you know where to look. This presentation aims to decipher current aviation cybersecurity regulation by focusing on what would directly impact security researchers and how to better educate oneself on current & future regulation.


Susan Lincke

Susan Lincke

The Ethics of Risk

Security is often not funded because risk costs, as evaluated by an organization for its own benefit, has a ROI that is below other possible investments. However, there are multiple benefits of evaluating risk from an ethical perspective. This presentation proposes a maturity model for the ethics of risk, based on an evaluation of research related to ethical risk. The framework describes risk, management, legal, and engineering concerns appropriate to risk analysts, security staff, or software engineering professionals. The framework provides a list of actionable items for each of five levels of ethical risk maturity.


Byron Franz

Byron Franz

The FBI Wants You! (To help in Protecting the U.S. From Cyberattacks)

System Administrators, information security professionals, and ethical hackers are often the first line of defense in protecting U.S. companies and public institutions from cyberattacks.  However, there are local, state, and federal resources available to assist in mitigating and investigating a cyber incident.  Presidential Policy Directive 41 (PPD-41) established the FBI as the lead federal agency for cyber threat response activities in the U.S.  How does the FBI conduct this threat response?  This presentation will discuss various cyber threats to U.S. institutions, seek to dispel various myths about the FBI’s cyber efforts, and seek to clarify what an institution can expect when contacting the FBI to report a computer intrusion, ransomware attack, or other incident.  Special Agent Franz will also discuss the vital importance in IT professionals both reporting IOCs to the FBI and considering applying for an FBI Special Agent, Intelligence Analyst, or related position to bolster the U.S.’ national  cyber defense capabilities.


J. Wolfgang Goerlich

J. Wolfgang Goerlich

Zero Trust for Zero Days

Zero Trust has evolved from hype to security concept, and is evolving into a security standard. Zero Trust has gone from being network-centric to applying to people, applications, and data. And yet? The value of any defensive security control can only be determined within the context of the offensive tactics. The value gets further obscured when unexpected vulnerabilities rip holes in our defenses. In this presentation, threat models and attack scenarios will highlight the strengths and weakness of Zero Trust. This session provides an adversarial view of limiting trust in our environments.


Adam Baso

Adam Baso

Crowdsourcing and Collaborative Product Development at Wikipedia

The early days of the open web encouraged a collaborative model of software development – technology built from the ground up, systems that were developed collectively and without hierarchy. For the past two decades, Wikipedia has succeeded to a large degree because of that collaborative model. It invites contributions, from our content down to our code. This talk will discuss how to build a truly participatory product development model, the opportunities and challenges Wikipedia has faced as a result of its open approach to technology platforms, and what the future looks like.