Artificial Intelligence has long been heralded as a force for progress, but what happens when our most advanced models take an unexpected turn? Dr. Jekyll and Mr. AI: When good models go bad explores the dual nature of GenAI—its potential for innovation and its risks when misaligned, manipulated, or misunderstood. Through real-world examples, Dr. G will examine how AI models can go astray, from bias amplification to security vulnerabilities, and what these challenges reveal about the future of AI development, regulation, and ethical responsibility.
Dr. G has been a pioneer in designing and implementing predictive and generative AI systems in Sales at Cisco. Teaching and mentoring students have been core aspects of his various roles during his 25-year tenure at the company. In addition to leading a solutions engineering team, he is actively involved in teaching AI, fostering strategic partnerships within Cisco and the industry, and guiding companies on their overall AI strategy. In his current role, he is focused on talking to our customers and partners about AI, using it to drive organizational transformation and being an advisor on overall AI strategy. He also teaches a foundational AI/ML course at Stanford Continuing Studies. Originally from New York, he has been a long-time resident of San Jose, CA, with his wife and two teenage children. He received his B.S. in Physics from Yale and his Ph.D. in Materials Science and Engineering from Stanford University.
In a realm where threats loom at every corner, where trust is a currency, and where the smallest oversight can lead to catastrophe, there is much to glean from the intricate tapestry of Westeros and the rich world of Game of Thrones.
Drawing from two decades in the cybersecurity arena, this keynote presentation delves deep into the parallels between the worlds of "Game of Thrones" and today's cyber ecosystems. Just as the Houses of Westeros must continuously adapt to political and martial threats, organizations today must be agile in response to an ever-evolving cyber landscape.
Participants will embark on a journey through the Seven Kingdoms, using pivotal moments and iconic characters from the series to illuminate key lessons in cybersecurity, and communicate valuable cybersecurity principles.
In the realms of Westeros and cybersecurity alike, the night is dark and full of terrors – but with preparation and wisdom, one can navigate and overcome them.
Dr. Auger is a 20+ year cybersecurity professional, academic, and author. He has been the cybersecurity architect at MUSC, a multi-billion dollar academic medical center. He has built cybersecurity programs from the ground up, educates as Adjunct Faculty in The Citadel Military College Cyber Sciences department, and fulfills the role of Chief Content Creator on the successful YouTube channel Simply Cyber.
Dr. Auger is passionate about cybersecurity and has educated 10's of thousands of students on the discipline. Dr. Auger holds a PhD in cyber operations and two Masters in Computer Science and Information Assurance.
In this insightful talk, Dennis Eger, the Senior OSINT Advisor at INSCOM (U.S. Army Intelligence and Security Command), will explore the evolving landscape of Open-Source Intelligence (OSINT) and its critical role in modern intelligence operations. He will discuss the tools, techniques, and methodologies used to gather, analyze, and leverage publicly available information for security, defense, and cyber operations.
Attendees will gain valuable insights into the challenges and ethical considerations of OSINT, real-world applications in threat intelligence and cybersecurity, and how intelligence professionals can harness open-source data to enhance situational awareness and decision-making. Whether you're a cybersecurity expert, researcher, or simply curious about the intelligence field, this talk will provide a fascinating glimpse into the power of OSINT.
Mr. Dennis Eger is a Senior Exective at the U.S. Department of Defense, leading the U.S. Army's Open-Source Intelligence Program. With 37 years of government experience, 33 of those in U.S. Army Intelligence, he has held senior leadership and executive roles for 19 years. His assignments include working with the NSA, NATO, and the Pentagon, supporting over 60,000 personnel in intelligence and national security. Eger also has industry experience as a Director of Programs at the Veterans Administration. He is a public speaker, guest lecturer, and is pursuing a doctoral degree at Vanderbilt University. He holds a master's in human resources and a bachelor's in behavioral science, along with certifications in coaching and leadership. His speaking topics focus on crisis leadership, program evaluation, change management, and leadership development.
DNSForge is a network penetration testing tool that introduces a novel tactic to intercept and respond to name resolution requests made to the authoritative DNS server in an internal network environment. DNSForge achieves interception and reuse of Windows user credentials without any user interaction. While existing poisoning attacks target fallback protocols (such as LLMNR and NBT-NS) or DNS over IPv6, DNSForge employs manipulations on layer 2 to target the primary DNS protocol over IPv4. This enables the tool to bypass current mitigations against existing poisoning attacks as it imitates a legitimate response to name resolutions requests over DNS. Hence, the non-interactive, vulnerable-by-design and seemingly legitimate elements of this attack ensure higher success rates as compared to traditional poisoning attacks.
Apurva Goenka is a Manager at Aon Cyber Solutions (formerly Gotham Digital Science). He is a SME for internal network and cloud penetration testing and has performed a large variety of assessments including bespoke Red Team and insider threat simulations. His research revolves around network protocols and initial attack / privilege escalation vectors in internal network environments.
It doesn’t matter how advanced your shellcode loader is, if you don’t protect your shellcode from prying AV & EDR sensors, you’re going to have a bad time. From simple encryption schemes like the Caesar cipher to more complex schemes like AES, reversing arrays, steganography, encoding shellcode as other data types, and other techniques, this talk will cover a variety of ways to hide shellcode in your loader. I’ll demonstrate how these techniques score against many engines using VirusTotal. In some cases, AV engines will detect the decoding routine. I’ll also discuss techniques you can use to break this detection. I will also be sharing a repository demonstrating the different evasion techniques discussed in this talk. Note – this talk will not cover behavioral evasion techniques like unhooking, direct and indirect syscalls, or other evasion techniques. Whether you’re new to obfuscating shellcode or an experienced pro, there’s something in this talk for you!
Mike Saunders is Red Siege Information Security’s Principal Consultant. Mike has over 25 years of IT and security expertise, having worked in the ISP, banking, insurance, and agriculture businesses. Mike gained knowledge in a range of roles throughout his career, including system and network administration, development, and security architecture. Mike is a highly regarded and experienced international speaker with notable cybersecurity talks at conferences such as DerbyCon, Circle City Con, SANS Enterprise Summit, and NorthSec, in addition to having more than a decade of experience as a penetration tester. You can find Mike’s in-depth technical blogs and tool releases online and learn from his several offensive and defensive-focused SiegeCasts. He has been a member of the NCCCDC Red Team on several occasions and is the Lead Red Team Operator for Red Siege Information Security.
Discover how applying scientific principles to detection engineering can elevate your threat detection program. Hayden Covington, Senior SOC Analyst at Black Hills Information Security, shares practical insights for building a structured, repeatable approach that delivers higher-quality, higher-fidelity detections.
Hayden Covington joined Black Hills Information Security (BHIS) in the Summer of 2022 as a SOC Analyst. He chose BHIS after hearing many great things over the years and seeing the quality of work, as well as finding people who have the same passion for the field as he does. His favorite part of the job so far has been the community. Previously, Harden worked in a SOC for a Naval contractor, where he also served as their SOAR project manager and SME, as well as insider threat lead. When he’s not working, Hayden can be found doing anything athletic (like triathlons!), as well as enjoying video gaming and Formula 1.
Success in cybersecurity isn’t just about technical skills - it’s about perseverance, adaptability, and balance. Kent Ickler and Jordan Drysdale dive into what it truly takes to sustain a long-term career in offensive security. From late nights in the lab to high-pressure engagements, staying sharp in this industry requires ongoing commitment, community involvement, and an ability to navigate both technical and personal challenges.
The duo will explore the realities of maintaining expertise in an ever-evolving field, the sacrifices often required to stay ahead, and the strategies for avoiding burnout while continuing to grow. Whether you're a student, a seasoned professional, or somewhere in between, this discussion will provide insights into not just surviving—but thriving—in cybersecurity.
Jordan Drysdale has been with the Black Hills Information Security (BHIS) tribe since December 2015. He is a Security Analyst, course author, quality assurance lead for internal and external penetration testing, as well as a member of the systems administration team. Jordan came to BHIS with a strong background, including many years in networking tech support and engineering for HP, UNi, and Managed Services — he never stops learning and sharpening his skills. His favorite part of penetration testing is demonstrating risk to his customers and explaining why it matters, as well as the family atmosphere that BHIS provides.
Success in cybersecurity isn’t just about technical skills - it’s about perseverance, adaptability, and balance. Kent Ickler and Jordan Drysdale dive into what it truly takes to sustain a long-term career in offensive security. From late nights in the lab to high-pressure engagements, staying sharp in this industry requires ongoing commitment, community involvement, and an ability to navigate both technical and personal challenges.
The duo will explore the realities of maintaining expertise in an ever-evolving field, the sacrifices often required to stay ahead, and the strategies for avoiding burnout while continuing to grow. Whether you're a student, a seasoned professional, or somewhere in between, this discussion will provide insights into not just surviving—but thriving—in cybersecurity.
IKent Ickler has been a Security Analyst and Systems Administrator for Black Hills Information Security (BHIS) since 2017. He has a Bachelor’s degree in Information Technology Management and a Master’s in Business Management. Kent’s education and management background allow him to be realistic and practical when aiding customers with evaluating risk on their networks. Kent enjoys being a part of the BHIS team because he gets to make a difference in not only the customers’ cybersecurity but also in the Information Security industry as a whole by contributing to the available resources; he has developed frameworks and open-source tools along with building and administering CTFs. When he is away from work, Kent enjoys woodworking and medieval architecture.
After 16 years in itsec and 23 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications
As operational technology (OT) environments become increasingly interconnected with traditional IT networks, the risks associated with cyber threats continue to rise. This presentation will provide a foundational understanding of OT, its critical role in industries such as manufacturing, energy, and water treatment, and discuss real-world security incidents that highlight the unique challenges OT presents.
Whether you are new to Operational Technology security or looking to deepen your understanding, this session will provide actionable insights and career guidance to help you navigate this rapidly evolving field.
Matt Hansen is a seasoned professional with 15 years of experience in IT and OT design, management, and security. As a Senior Systems Analyst at Interstates, he specializes in Active Directory and Endpoint Security, helping secure and streamline critical infrastructure. Matt holds industry certifications, including VMware Certified Professional, and ThinManager, reflecting his expertise in security, virtualization, and industrial automation. Outside of work, he enjoys camping, riding motorcycles, and homebrewing, combining technical precision with creativity to craft unique beers."
We will dive into how North Dakota is utilizing automation to be a world-class SOC. We will give a sneak peek into what we have accomplished with automation, and the challenges that we face.
I have been working for State government since 2017, starting at Bank of North Dakota, and with IT unification with North Dakota Information Technology Department, I started working there in 2021 in the Network Engineering team until 2022, when I started with NDIT's security team as a Cybersecurity Automation Engineer. I am now a Senior Cybersecurity Automation Engineer with NDIT, and I love it! Our team essentially tries to automate as much of Cybersecurity operations as possible by creating automation systems to be used by the Cybersecurity Operations Center to help get their work done faster. I have experience with programming, security, networking, and general IT. My broad experience in the field helps greatly when we work with other teams throughout the organization to integrate systems with data and functionality needed to accomplish our goals.