WOPR Summit 0x01

WOPR Summit 0x1 was held on Oct 20-21, 2022 at Temple University at Mazur Hall in Philadelphia, PA.

Bryan Bechard
CISO and educator of future infosec professionals.

Lessons learned from a breach
Incidents don’t have to be major to significantly alter the security posture of an organization. I will walk through how an incident happened, our reaction to it and what we would have done differently.
Danny Akacki
Ugh, I hate biographies to much. I guess it’s a good place to tell you why you might want to listen to what I have to say. I know security, been doing it for just over a decade. I’m madly in love with the hacker community but I also need to pay the bills so I’ve moved from analyst to customer facing and corporate operations. The thing that ties those two worlds together is my ability to communicate and translate. I’m pretty good at both so maybe 50 minutes listening to my stories isn’t the worst way to spend your time.

Soft Skills, Soft Hearts: A Customer Success Directors Guide to Communication & Empathy.
Before the Cyber Security industry, there were Hackers. Ours is a proud culture of “hey what’s this thing do?” Some of us are content to stay in the shadows. Poking, prodding, learning. What about those that want a seat at the table? Especially those to whom public speaking is as natural as breathing water. Let’s chat about how to speak to those who don’t innately speak out language. Let’s hack our way to that seat at their table. Our world isn’t as black and white as Introverts vs. Extroverts. Some of the most engaging, court holding individuals i’ve ever met freeze when put up on a stage. They can build your product but please dear gods don’t let them in front of the customer. But what if that’s not what they want? What if they want to be out there, selling a vision, inspiring change and driving strategy? What if they just don’t know where to start? I’m a hands-on-keyboard person turned Customer Success manager. I’ve gone from having a stutter that could stop a conversation in its tracks to being not only the person maintaining customer relationships but helping to shape corporate strategy. This talk is a revenge on behalf of everyone who was every told “you’ll never be able to do that”. I’m going to cover creating your own content, finding your voice, connecting with an audience and more. There’s no reason any of us have to stay in the crowd when the podium is calling our name.
With over 10 years’ experience in Information Technology, Libertyunix has held positions in the field such as Physical Security Systems Specialist and Red Team Penetration Tester. Libertyunix is a Certified Cloud Penetration Tester, a Certified Cloud Security Professional, and has extensive experience in offensive security techniques and defensive strategies. Libertyunix most recently developed and wrote a course for Villanova University on cloud security and penetration testing.

An Introduction to Cloud Penetration Testing
Cloud Penetration testing, while still similar to traditional penetration test, can provide it own set a challenges and nuances. Understanding how to apply common offensive security techniques to cloud environments is quickly becoming a critical skill set for penetration testers. This talk will introduce attendees to a practical approach of cloud penetration testing, tools of the trade, as well best practice work flows using IAC.

Hands on BLE Workshop
BLE Workshop!
Mike Dank / @Famicoman
Mike Dank is a developer and writer who builds and participates in hobbyist networks to both learn their underlying technologies and create templates for others to do the same. Mike’s work follows the DIY punk ethic, showing how to approach complex technologies in a simplified way with materials you may already have or are otherwise inexpensive/easy to obtain.
Mike has previously served as editor of the N-O-D-E Zine, an independent publication promoting decentralization and P2P technologies, open source, do-it-yourself tutorials and hardware design, cutting edge technology, and more. Additionally, Mike runs Networks of Philly, an online resource that makes sense of Philadelphia’s hidden network infrastructure, though you may also find him at hacker meetups, playing with mesh networking technologies, or building analog telephone and cable television networks.

Networks of Philly: Exploring Philadelphia’s Hidden Network Infrastructure
Philadelphia’s network infrastructure is messy, clumsy, and often unseen by the general public. Wandering the streets, you may get a vague understanding of what’s going on—a manhole cover sits unassumingly on the crosswalk, or maybe a mysterious box with an antenna sits high upon a wall in a back alley, humming into the night. Under your feet and above your eye line, data is soaring by through brightly-lit fiber cable and ethereal radio transmission. The city is alive, but few may ever understand to what extent. Through this talk, we will take a look at pieces of networking infrastructure that are often hidden in plain sight and use them to understand the underlying communication networks that connect us all on a daily basis.
Moose has over a decade of experience in information security with the majority of her waking hours (and some not-waking hours) consumed by the ever-burning IR fire.
She is a lover of logs, unallocated space dumpster diver, shaker of malware, and C-level grief counselor. Moose currently works as a Manager of Incident Response Services at CrowdStrike, is the support-human to 5 cats, and operates a wildlife halfway-house in NYC.

Couch to 500k: An IR Marathon Survival Guide
We play how we practice, and there’s no time like the present to hit the SIEM, flex that change control, and make sure all your business units are in shape. Join LitMoose, a global incident responder who has handled single disk to 500k+ endpoint environments in the throws of attack, to talk about things you can be doing to prep yourself and your team for surviving the IR marathon. You never know when you’ll wake up and find yourself running.
Omer Farooq
Omer Farooq is the founder and CTO of Auxin.io, a Maryland-based firm specializing in Data Science, Cloud and application security, DevSecOps, System Architecture, Artificial Intelligence, Machine Learning, and data-driven Business Intelligence related services and SaaS products.Omer was named 40 under 40 by his bachelor’s Alma Mater – Stony Brook University in Stony Brook, NY.Omer leads the Cloud and Security practice at Auxin Security. He is a principal consultant with over 20 years of experience. His experience includes consulting with diverse clients, including Insurance, Banking, Media and Entertainment, Telecommunications, FinTech, Home Automation, Healthcare, Government Defense, and higher education.Omer’s primary areas of interest lie at the intersection of cloud and application security assessment, blockchain, embedded IoT and mobile software development, and system engineering. Omer has authored official security guidance for Media and Entertainment industry for public cloud providers, including Microsoft Azure, Google Cloud Platform, Amazon Web Services, and Alibaba Cloud.Omer Farooq holds a BS degree in Computer Engineering from Stony Brook University, an MS degree in Electrical Engineering from Rochester Institute of Technology, an ABD Ph.D. candidate at the Computer and Electrical Engineering department of the University of Maryland at Baltimore County (UMBC), and an eternal student in multidisciplinary studies. Omer is an accomplished speaker, including conference presentations and panels at RSA, BSides DC, BSides San Diego, BSides DC, Vice Magazine Motherboard, and InfoSec magazine webinars. Outside of work, Omer is a history, art, automotive, and philosophy buff – who thoroughly enjoys healthy discussions with family and friends while enjoying small-batch cold brew coffee or boba tea.

Stop Doing this – Useless Vulnerability Management
Over the past 10 years, the cybersecurity industry, including the OWASP community, has been all about risk management through Vulnerability Management. At Auxin Security, we not only think about the current holistic Vulnerability Management, but we also show how it wastes thousands of expensive engineering man-hours are wasted daily on useless metrics and data collection. This talk talks about how traditional top-down or bottom-up Vulnerability Management is flawed and outdated. Stop using it.
Rachel Bleiman

Are you smarter than a deepfake?
This talk presents a study that examines people’s ability and decision-making processes in detecting deepfakes. Survey respondents viewed a series of deepfake or AI generated/altered videos, images, and audios, mixed alongside a series of real media. Following their viewing of each piece of media, respondents rated their believability of it and provided factors that influenced their decision. The presentation will include a discussion of some of the possible dangers associated with the growing use and ease of creating deepfakes, examples of deepfakes that were used in the survey, and preliminary qualitative and quantitative findings from the study.
Tyler is an electrical engineer who started tearing things apart when he was old enough to hold a screwdriver. He’s worked as an electrical engineer since 97 and has been operating and building amateur radios since 94.

Antennas 101 – How a weirdly shaped piece of metal pulls in your cat videos
Antennas are used by everyone, but not well understood. The basics aren’t that tough. If it’s not explained by Dr. R. F. Field or Mr. Mark E. Ting, then the concepts and theories are easily grasped.
You can view our speakers at this link: https://cfp.woprsummit.org/2022/speaker/

You can view the schedule at this link: https://cfp.woprsummit.org/2022/talk/