Keynote Speakers

Caroline Wong () is the Chief Strategy Officer at Cobalt. As CSO, Caroline leads the Security, Community, and Pentest Operation teams at Cobalt. She brings a proven background in communications, cybersecurity, and experience delivering global programs to the role. Caroline’s close and practical information security knowledge stems from her broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. Caroline also hosts the Humans of InfoSec podcast, teaches cybersecurity courses on LinkedIn Learning and has authored the award-winning textbook Security Metrics, A Beginner’s Guide. Caroline holds a bachelor’s degree in electrical engineering and computer sciences from UC Berkeley and a certificate in finance and accounting from Stanford University Graduate School of Business.

Melanie Ensign () is the Founder and CEO of Discernible Inc, a specialized communications consultancy for security and privacy teams. After managing security, privacy, and engineering communications for some of the world’s most notable brands including Uber, Facebook, and AT&T, she now coaches teams around the world to increase their influence with business leaders and reduce risk. She counsels executives and technical teams alike on how to cut through internal politics, dysfunctional inertia, and meaningless metrics. Previously, Melanie led the press department for DEF CON as a volunteer for 10 years. A certified rescue scuba diver, she brings lessons from navigating unexpected, high-risk underwater incidents to her professional work.


Beyond Booze: Rethinking Networking Events for a Healthier Security Culture
Working in security can be stressful, and substances are often used as coping mechanisms. This is especially prominent at networking events, which almost always involve alcohol. But it doesn’t have to be that way. I’ll share tips for employers and event organizers who want to make their events more inclusive, and some un-scary steps individuals can take to move towards a more sober lifestyle.

Jen VanAntwerp
Jen VanAntwerp is the founder of Sober in Cyber, a nonprofit on a mission to provide alcohol-free events and community-building opportunities for sober individuals working in cybersecurity. She is deeply passionate about breaking the stigma surrounding addiction recovery. As the owner of JVAN Consulting, she provides marketing consultation services to cybersecurity startups. Jen also enjoys sewing, volunteering, and working on her beloved ‘65 Ranchero.


Cloud IAM Strategy for Multicloud and Hybrid Environments: Risks and Gaps
As companies move beyond single-cloud migrations into multicloud, cloud-savvy threat actors continually adapt. Much of the extensive damage resulting from these breaches is compounded by the theft and abuse of highly privileged credentials. In this talk, we’ll discuss the multicloud attack surface, and walk through strategic and technical do’s and don’ts of cloud-focused IAM.

Cassandra Young (muteki)
Cassandra (aka muteki) works full time in cybersecurity consulting, specializing in proactive cloud security technical assessments for Azure and GCP. She holds a master’s degree in Computer Science, focusing on cloud-based app development and academic research on serverless security and privacy/anonymity technology. As one of the directors of Blue Team Village, she also works to bring free Blue Team talks, workshops and more to the broader security community.

Christian Nicholson (GuardianCosmos)
Cybersecurity veteran, multi-cloud maestro, passionate problem solver. Christian’s career has been a relentless pursuit of security excellence, spanning every realm from consultancy owner and educator to Fortune 5 leader and architect, and spanning across offense, defense, intelligence, and secure design and architecture domains, Christian has honed their skills by diving headfirst into diverse assessments, no challenge too big or too small. Currently Owner and Partner at Indelible Security LLC.


Defenders can use ATT&CK! Oh really?
As a defender, what does “I use ATT&CK” really mean? In this talk, we will share how defenders like you can translate the adversary perspective provided by ATT&CK into knowledge on how to detect and protect against cyber threats. We will also explore using ATT&CK to identify defensive gaps, develop analytics, and measure/improve your SOC maturity.

Lex Crumpton
Alexia “Lex” Crumpton is a Principal Cybersecurity Engineer – SOC and Blue team for the MITRE Corporation. Lex is a multi-functional leader whose current work spans across various exciting efforts involving security operations and research, specializing in defensive countermeasures and heuristic behavior analysis. She leads teams that help shape and deliver cyber analytics, mitigations, and detections within MITRE ATT&CK®, the Center for Threat-Informed Defense, and ATT&CK Evaluations. Lex previously worked as an Exploitation Developer, Windows Blue Team/Threat Hunter analyst, Malware Reverse Engineer, and lead DFIR analyst. Lex holds a M.S. in Cybersecurity from University of Maryland, Baltimore County (UMBC) and a B.S. in Computer Science from Bowie State University. Her personal mission is creating defensive solutions for the everyday user to understand and showing representation of technical women within the cybersecurity field to make a positive impact on youth.


Everything You Didn’t Want to Know About CVE
In the past year (or so), many events have highlighted issues with vulnerability disclosure and CVE. This makes the defender’s jobs difficult as evaluating and prioritizing remediation for vulnerabilities is a complex and time-consuming task. In this talk, I will discuss in detail several different events that exemplify the shortcomings of vulnerability disclosure and specifically the CVE process

Paul Asadoorian
Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.


From Aspire to Hire: Navigating Your First Cyber Job
Embark on your journey into cybersecurity! Learn practical tips to land your first job. Discover how to effectively market yourself, excel at networking, and stand out in the job market. Get insights on essential skills and certifications to kickstart your career. Whether you’re a recent grad, switching careers, or still in school, this session provides actionable steps to turn your dreams into a reality.

Sully Vickers
Sully Vickers is a Cyber Researcher and Developer at Leidos and is currently in their first year as a Bachelor’s Degree student at WGU. Sully’s deep passion for cybersecurity and cyber education is unmistakable, demonstrated through active participation in speaking engagements and podcasts and showcasing a dedication to advancing knowledge in the field.


Generative AI for Blue Teams
Although the cybersecurity conversation about generative AI tends to focus on abuses, vulnerabilities, and offensive security use cases, the technology is being rapidly incorporated both into the networks we defend, and the tools we use to do so. With that in mind, it’s important we understand how it works, and where we should be wary of its (usually) convincing answers. This talk is an introduction for defensive cybersecurity practitioners and blue teams to Generative Artificial Intelligence (AI). It will review generative AI terminology and concepts, show practitioners how to get started with free and minimally paid resources, and demonstrate use cases in defensive cybersecurity.

Chris Wheeler
Chris is a Blue Team Lead in the financial services sector, currently specializing in SOAR and Incident Response. In his 14 year career he has also led Threat Intelligence, Automation, and Operations teams at Resilience Insurance, Arbor Networks, and the US Navy. He enjoys running, home networking, and joining too many fantasy football leagues.


Getting Started in ICS – Not just for engineers
Workforce gaps in ICS/OT cybersecurity present a significant problem to the critical infrastructure we rely on. This presentation tries to dispel common misconceptions and provide perspective, encouragement, and resources for those interested in getting started in ICS/OT cybersecurity.

Tyler Jansen
Tyler is an Industrial Cyber Security Consultant for 1898 & Co.’s Industrial Managed Security Services (MSS) group with 8 years of experience in cybersecurity. Before 1898 & Co., Tyler served as a Discovery & Counter Intrusion (DCI) analyst on multiple DoD Cyber Protection Teams (CPTs) aligned to Industrial Controls Systems (ICS) and critical infrastructure security. When not burying his head in 1s and 0s Tyler enjoys running, hiking, and traveling with his wife.


Graph Activity Logs for Incident Responders
This talk explores the utilization of Microsoft Graph Activity Logs which was a missing piece of resource for deriving valuable insights within Azure environments for incident responders. The talk introduces the Log analytic workspace and the process of turning these on in your own tenants, the existing core telemetry necessary for investigations and dive into the new Graph activity log source schema and possible use cases.

Pallav Gurung
Pallav is a cyber security professional with 10 years of experience in the financial services industry. Started his career as an info sec analyst and has worked in different roles like threat hunt, detection engineering and DFIR. Currently he focuses on Cloud security and holds the CCSP. He recently moved to the US and loves to travel and attend security conferences.


Hackers in Jurassic Park: When Attackers Find a Way
Kevin Johnson of Secure Ideas delves into the world of cybersecurity, through the lens of hacking stories. Just as ‘Jurassic Park’ unveiled the consequences of bringing dinosaurs back to life, this presentation uncovers the methods used by cyber attackers to breach seemingly impregnable digital fortresses. Our journey takes us through a series of true tales from the front lines of cybersecurity.

Kevin Johnson
Kevin Johnson is CEO of Secure Ideas, a consulting company dedicated to security testing and training. Kevin passionately advocates for cybersecurity through his work with Secure Ideas, as a global board member for OWASP and as a faculty member at IANS. During his over 30 years in the industry, Kevin acted as an instructor and author for the SANS institute. He also contributed to a number of open-source projects, including OWASP SamuraiWTF (a web pen-testing training environment), Laudanum (a collection of injectable web payloads) and Yokoso (an infrastructure fingerprinting project) and was the founder and lead of the BASE project for Snort. Kevin has served as an expert witness in court cases involving cybersecurity. Kevin began his IT career in system administration and application development. He went on to build incident response and forensic teams, architect security solutions for large enterprises and pen test everything from government agencies to Fortune 100 companies. He is the author of three SANS Institute classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. In 2010 Kevin established Secure Ideas, LLC. Kevin understands that the path to security is through education and information sharing. As a result, Kevin participates in various podcasts and training activities. He is regularly invited to keynote cybersecurity events like ISSA, GrrCon, and ShowMeCon. He has also spoken at many conferences including RSA, DEF CON, OWASP, DerbyCon, ShmooCon, and BlackHat. When not immersed in consulting, testing, and educating, Kevin loves spending time with his daughters and exploring woodworking and costuming with the 501st Legion.


Identifying and Securing Psychologically Vulnerable Users
As studies show 4% of users cause 80% of the loss, it is critical to identify those users who put the organization most at risk. A study was performed that allowed for the determination of psychological traits that led to susceptibility. This presentation shows how this study data can be used to both better secure the organization and make red teams more useful.

Ira Winkler
Ira Winkler, CISSP is the Field CISO for CYE Security, former Chief Security Architect at Walmart, and author of You Can Stop Stupid, Security Awareness for Dummies, and Advanced Persistent Security.


Network Segmentation without a Network Engineer
Create a network segmentation strategy by solely utilizing the Windows Host-Based Firewall. Using Group Policy as an orchestrator for centralized management, firewall rules can be deployed to endpoint firewalls to limit the ports and protocols that are allowed to communicate between security zones. These security zones will be based upon Active Directory User and Computer Security Group memberships

Mike Burns
Mike Burns is a Senior Technical Architect that has helped many organizations implement recommendations for enhancing detections, hardening environments, and bolstering security governance during Incident Response and proactive engagements. Mike has experience performing assessments for network architecture, Microsoft technologies (Active Directory, PKI), and cloud services (Microsoft 365, Azure, Amazon Web Services). Mike has served as a leader to develop, implement, and manage organizational vision and strategy to reduce risks, improve incident response capabilities, and enhance enterprise networks defensive resiliency.


Protect Your Most Sensitive Users With This One Weird Trick!
The Protected Users Group (PUG) has existed in Windows Server since 2012 R2, but it’s the undercover legend few have heard of. This talk shines a spotlight on the PUG’s impressive protections for sensitive accounts and details how those protections thwart attacks. You’ll learn the limitations of the group and how to safely begin using it to protect your most sensitive users!

Jake Hildreth
Jake Hildreth is a man of many roles – devoted husband, fun-loving dad, seasoned IT expert. With 20+ years entrenched in IT, he currently leads Trimarc’s Active Directory (AD) Security Assessment. Jake’s daily mission involves bolstering the digital fortifications of major corporations, ensuring their AD security is rock solid. His creations, Locksmith and BlueTuxedo, attempt to alleviate the burden on overworked AD admins while his CISSP certification demonstrates his wide-ranging experience.


Purple Teaming 301 – Free Attack Simulation and Alarm/Control Validation via Atomic Red
This presentation will be a technical demonstration. It will showcase how to leverage a completely free utility, Atomic Red, to run attack simulations safely in your own organization. Many organizations are puzzled at whether or not they are obtaining the most out oftheir in house SecOps / SOC teams, Managed Security Service Providers, or MDR/EDR suites. Atomic Red Team is an open-source library of tests that security teams can use to simulate adversarial activity in their environments. These tests map to the MITRE framework to validate control operation and verify alarms through detection mechanisms. Creating local accounts, domain accounts, Process Inject/Hollowing via Powershell and Obtaining Credentials from Password Stores. This presentation will cover why to run this type of simulation, the principles of purple teaming, the technical prerequisites to achieve this in a lab environment (great for students!) or a dev environment, the architecture of the lab in this use case, several Atomic Red simulations via recorded demos and finally how to use this information to improve an organizations detection and response program and get the most out of one’s MSSP.

Jason Wright
Jason Wright is an IT and Cybersecurity Professional with over a decade of experience across several industries, such as critical supply chain and financial sectors. Jason primarily serves as a Senior Security Engineer for Convera, a global finance organization, specializing in security operations. Jason also serves as Adjunct Faculty at Chesapeake Community College in the Computer Science and Technology program. Jason possesses several industry certifications, such as the CISSP and Sans GIAC GCIH among others. Jason currently lives in Delmar, Delaware with his wife.


CI/CD talent development pipeline
Using the CI/CD pipeline analog, let us apply it to the concept of talent development and pipelining new candidates to integrate into the workforce as we continuously develop others. This concept can be used at both the micro stages of particular companies or the macro stages of workforce development at the state or national level.

Chris Foulon
Christophe Foulon, founder and cybersecurity coach at CPF Coaching LLC, brings over 15 years of experience as a vCISO, information security manager, adjunct professor, author, and cybersecurity strategist, and a passion for customer service, process improvement, and information security. He has also spent over ten years leading, coaching, and mentoring people.

As a security practitioner, Christophe is focused on helping businesses tackle their cybersecurity risks while minimizing friction, resulting in increased resiliency, and helping to secure people and processes with a solid understanding of the technology involved. He gives back by producing a podcast, “Breaking into Cybersecurity,” focused on helping people transition into the cybersecurity industry by sharing the stories of those who have done it in the past five years to inspire those looking to do it now. He also co-authored “Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level” and “Hack the Cybersecurity Interview: A Complete Interview Preparation Guide for Jumpstarting Your Cybersecurity Career”.

Christophe holds a Master of Science in Information Technology, Information Assurance, and Cybersecurity, a graduate certificate in Information Systems, and a bachelor’s degree in Business Administration/Information Systems from Walden University. These include several industry certifications like the CISSP, GSLC, etc.


Scaling the Security Wall: Agile Threat Modeling for Complex Systems
This talk advocates for a paradigm shift in threat modeling to tackle complexities in large-scale systems. It emphasizes the drawbacks of traditional security measures and proposes threat modeling as a cost-effective solution. Challenges posed by cloud architectures and rapid development are discussed, alongside strategies for integrating scalable threat modeling into the SDLC.

Vineeth Sai Narajala
As an Application Security Engineer at Amazon Web Services (AWS), I specialize in core Data Analytics services such as EMR, Athena, and LakeFormation. Prior to my current role, I held positions in Pentesting and Threat Intelligence. Additionally, I gained valuable experience in Business Recovery and Disaster Recovery, particularly in mitigating ransomware attacks during my tenure at Nordstrom.


Securing generative AI: threats, old and new
As we move closer towards generative AI becoming widely adopted, it’s important to understand the security implications, how they differ from more traditional cybersecurity, and where we can apply existing approaches to new systems and applications. This talk introduces AI security concepts, with a focus on LLMs, to equip participants with an understanding of the security landscape surrounding AI.

Adam Swanda
Adam Swanda is a threat researcher with over 10 years working in cybersecurity, largely focusing on tactical and strategic threat intelligence. Adam is currently working as an AI Security Researcher at Robust Intelligence. He recently released the open source project “Vigil”, a Python library implementing various LLM defense measures for prompt injection and jailbreak detection.


Sysmon or it Didn’t Happen
Out of the myriad of evidence sources, one that has gained traction as a solid go-to is Windows System Monitor. Providing insight into program execution, registry writes and DNS queries, Sysmon has quickly become the threat responder’s friend. This session focuses on how to leverage Sysmon logs during an incident investigation to determine what actions a threat actor took on a system.

Gerard Johansen
Gerard Johansen is a cyber security professional with over a decade of experience in Incident Response, Digital Forensics, Security Operations and Cyber Threat Intelligence. During his tenure in the cyber security field, Gerard has served as both a digital forensics and instruction analysis professional as well as an Incident Commander, managing large scale network intrusions and ransomware cases. Currently Gerard works within a Managed Detection and Response vendor where he works directly with customers providing consultation and guidance around forensics, log management and incident resolution. A frequent speaker, Gerard has presented at various conferences including SANS DFIR and Wild West Hackin’ Fest. He is also completing a fourth edition of his book; Digital Forensics and Incident Response.


The Fellowship of the Ring0
Unveiling the Driver Risk Scores (DRS) threat detection system. Using research from we know which drivers are vulnerable, and we know not all vulnerabilities are created equal. How can you quickly and accurately determine the risk that a device driver creates by either having built-in vulnerabilities or malicious behavior? The Driver Risk Score harnesses seven vital traits that include both security features and real-world insights to calculate a single, easy to understand ranking, similar to a CVE score, which allows system administrators and security operation teams to make educated decisions about the drivers allowed in their environments.

Dana Behling
Dana Behling is a cyber security researcher at Carbon Black by day, and a science fiction and fantasy enthusiast by night. With a keen eye for digital threats and a passion for exploring otherworldly realms through literature, Dana thrives on the cutting edge of technology while escaping into imaginative worlds beyond. Whether decoding complex cyber puzzles or unraveling the mysteries of distant galaxies, Dana brings a unique blend of analytical prowess and creative insight to every endeavor. Join Dana on a journey through the digital frontier and beyond.

Mike Haag


The Problem with Identity Security & How to Fix It
We have an Identity problem & not the kind you might think of. Attacks have shifted from perimeter to endpoints & now attackers focus on identity. This talk explores the issues with Identity security specifically Active Directory & Azure AD leading to full compromise, recent breaches (MGM), & mitigations.

Sean Metcalf
Sean Metcalf is founder and CTO at Trimarc (, a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) Active Directory certification, is a former Microsoft MVP, and has presented on Active Directory, Azure AD/Entra ID, & Microsoft Cloud attack and defense at security conferences such as Black Hat, BSides, DEF CON, DerbyCon, & BlueHat.


Top Ways I Still Hack Your Company (and How to Defend Against Them)
In this technical deep-dive, we explore the landscape of current vulnerabilities and weaknesses based on extensive field experience penetration testing. This session focuses on persistent vulnerabilities that continue to challenge application and network security defenses into 2024. We’ll dissect common penetration test successes, shedding light on enduring issues like auth flaws and network poisoning. This analysis aims to uncover why organizations struggle to defend against well-known vulnerabilities. Attendees will learn about attackers’ evolving tactics and effective strategies to reinforce their security frameworks. This presentation is designed to equip security professionals with the knowledge necessary to anticipate and thwart both established and emerging cybersecurity threats, ensuring a robust defense for their organizations in the ever-evolving digital landscape.

Bennett Warner
Bennett Warner is the Penetration Testing Practice Leader at RISCPoint. His expertise is built on a foundation of experience working in both software development and penetration testing with concentration in application security. Prior to RISCPoint, Bennett worked in the defense industry as a software engineer and taught cybersecurity as an adjunct instructor for the University of Pennsylvania.


Using Bloodhound as a Defender: Tips from the Red Team
Network defenders are often not armed with the right information to fix critical permission issues and general misconfigurations within Active Directory (AD). Many of these flaws lay dormant in the network for 10+ years until either an attacker or pentester takes advantage of the flaw. The reason for this is that these flaws don’t show up in security checklists, or vulnerability scanners, which alone can be a daunting task to handle for a large enterprise. We often get in this mindset of “need to fix what the tool tells me” and if it’s not a critical or high impact flaw coming out of a vulnerability scanner it just isn’t addressed. When I take over an entire network I don’t use a vulnerability scanner, or the data it provides. This talk is aimed at providing defenders with an attacker perspective into their Active Directory (AD) environment. As part of the talk a tool will be released that automates numerous complex queries going through BloodHound data via Neo4j cypher queries. Ad-recon is a tool designed to quickly triage BloodHound data (~2-4 seconds to run without pathing queries enabled) and will identify numerous security issues within the AD environment. The talk will walk through each query the tool covers, why the data is interesting, discuss what could an attacker do, and what can a defender do to secure it. Ad-recon also supports printing out all these queries and descriptions to allow the user to modify them and make use in their own code, Neo4j interface, Cypher-Shell query, or BloodHound GUI.

Andrew McNicol
Andrew McNicol has over 13 years of experience performing offensive security assessments (red teaming and penetration testing). He currently serves as BreakPoint Labs (BPL) Chief Technology Officer (CTO). He holds dozens of industry recognized certifications (OSCP, OSCE, etc.), a B.S. from Towson University, M.S. degree from Capital Technology University. He’s worked in DoD, Federal, Law Enforcement, and commercial sectors performing red teaming and penetration testing.


Who’s going to secure the code our army of robots are going to be writing?
LLMs are allowing developers to write increasing code with the same vulnerabilities. Security is already hopelessly outnumbered, but we’re barreling towards a future with no practical oversight. The only way to keep up is with AI security engineers. This talk will illustrate the scale of the issue, discuss new & original research, and walk through open source tools for building your own AI helpers

Arshan Dabirsiaghi
Arshan is a security researcher pretending to be a software executive, with many years of experience advising organizations on code security. He has spoken at conferences like Bluehat, Blackhat and OWASP, and definitely wrote his own bio. He is also a co-founder of Contrast Security, a cybersecurity unicorn focused on vulnerability discovery through runtime instrumentation. He now serves as CTO of Pixee where he’s done finding and asking about security issues — he’s just fixing it for you.


Training courses are available on a first-come, first-served seat assignment only to current BSidesCharm ticket holders.

Securing the Cloud with Cloud Threat Intelligence and Open Source Security
Cloud cyberattacks targeting enterprise environments have nearly tripled this past year, and cloud misconfigurations have become an open door to threat actors. Understanding cloud threat actors and how they are breaching misconfigured cloud environments will help security professionals defend cloud environments.

This workshop will showcase the cloud-conscious adversary and how to run cloud security assessments using open source tools Prowler and ScoutSuite. We will provide a demo on how to use these tools, and then train participants to conduct their own cloud security assessment using our test environment. We will review the output of the Prowler and ScoutSuite assessments, and utilize threat intelligence to identify vulnerabilities that cloud-conscious adversaries are known to target.

Natalie Simpson
Natalie Simpson is a Consultant at CrowdStrike where she assists customers with optimizing Falcon applications to enhance their security program. Natalie is certified as a CrowdStrike Cloud Specialist (CCCS), and helps customers deploy Falcon Cloud Security to secure and manage their cloud environment.

Prior to joining CrowdStrike, Natalie worked as a Senior Security Analyst for a startup company where she was the SOC lead analyst and managed a security team. Natalie was also a lead security architect for the company’s AWS environments, conducting monthly cloud security assessments and application security assessments.

Natalie is based in New York City and is currently earning her Masters in Cybersecurity from New York University. She graduated from Belmont University in Nashville, Tennessee with a degree in Political Science and Psychology. She holds CISSP and Security+ certifications, as well as CCCS, CCFR, and CCFA CrowdStrike certifications.

Nivu Jejurikar
Nivu Jejurikar is a Senior Consultant at Mandiant within Google Cloud where she focuses on proactively helping clients identify and mitigate cyber risks. Prior to joining Mandiant, Nivu worked with customers of varying size and industry vertical through CrowdStrike’s proactive services team. Nivu holds the Security+, CEH, Splunk Core Certified Power User, and AWS Cloud Practitioner certifications. She loves to spend time outdoors and read fiction novels in her spare time.


Welcome to SecurityAI. The goal of this course is to inform on how artificial intelligence is becoming one of the major tools in our security arsenal. The problem is that, unless you have a specific type of degree, you are at the mercy of product vendors, collaborators, ChatGPT, or search engines to understand these concepts. This course demystifies artificial intelligence and its relationships.

This is an interactive course, with the goal of teaching security professionals how to implement AI in order to obtain valuable insights. This course will encompass various topics including: machine learning (ML), natural language processing (NLP), and large-language models (LLMs). The combination of AI and security allows the security community to move our assumptions, opinions and beliefs into knowledge.

No previous experience is necessary. Background understanding programming is very helpful, specifically Python.

Imani Palmer


Threat Actors: Gotta Catch Them All!
How do we quantify threat actor activity? There are many ways to do this, but I like mapping to various frameworks and models. In this session we will use tools such as MITRE ATT&CK, Diamond Model, Pyramid of Pain, and more in an effort to categorize threat activity.

Marcelle Lee
Marcelle Lee is a principal information security engineer and the lead for threat research and operations at Equinix. She is also an adjunct professor and training consultant. She specializes in security research and digital forensics and has worked in both the government sector and private industry. She has been involved with many industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu, the NIST Cyber Competitions Working Group, and the Cybersecurity Association of Maryland Advisory Council. She also both builds and participates in cyber competitions.

Marcelle has earned the CISSP, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|HFI, C|EH, CSX-P, CCNA, PenTest+, Security+, Network+, and ACE industry certifications. She holds four degrees, including a master’s degree in cybersecurity. She has received the Chesapeake Regional Tech Council Women in Tech (WIT) Award and the Volunteer of the Year award from the Women’s Society of Cyberjutsu. Marcelle frequently presents at conferences and training events and is an active volunteer in the cybersecurity community.