Chris Roberts is a Hacker, InfoSec, Safety, CyberStuff Researcher, Advisor, @Hacknotcrime henchman, and various other names on the technical side of the world vCISO, Executive, consultant, leadership, and other words that have been leveled against me describing some of the other work undertaken over the years.

I’ve been fortunate to be elbow deep in technology for more years than I care to remember, and these days am involved in both tactical and strategic discussions with clients across the spectrum of industries talking maturity, risk, and how to effect change.

Oh, and I just got called a Scottish Security Warlock….I’m kinda digging it.

1 out 4 of hackers don’t submit vulnerabilities due to the fear of out-of-date legislation, press coverage, and companies misdirected policies. This talk will focus on increasing public awareness in order to bring legislation that supports ethical hackers, challenge socially constructed biases, and encourage organizations to support bilateral trust within their policies… and the actions we can do to change the current landscape.

Chloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who supports safe harbor and strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to change the statistics of women in InfoSec. She co-founded Women of Security (WoSEC) and heads the SF Bay Area chapter. As well, she created WomenHackerz, a global online community that provides support and resources for hundreds of women hackers at all levels.

Twitter: @ChloeMessdaghi LinkedIn: https://www.linkedin.com/in/chloemessdaghi/ Instagram: https://www.instagram.com/chloemessdaghi/ YouTube: https://www.youtube.com/chloemessdaghi Website: https://www.chloemessdaghi.com

Social Engineering is both the easiest and hardest part of the wider security field to enter; easy in that it doesn’t always require lots of technical knowledge, and hard because it can be absolutely terrifying to start. As someone who knows this feeling, works in the field, and has been forced to make it up as they go (with a little help from some amazing people), I’ll be talking a bit about lessons learned as I began my journey!

Joe is a Penetration Tester for Wolf and Company, P.C.’s Information Technology (IT) Assurance Services group where he is responsible for coordinating and conducting penetration testing services for clients in a variety of industries, including financial, healthcare, and technical sectors. He has two years experience conducting penetration testing audits with the Firm, and is pursuing certifications from industry-recognized organizations like SANS and Offensive Security.

Areas of expertise consist of internal/external/wireless/physical penetration testing and social engineering.

EDUCATION Northeastern University - Master of Science, Cyber Security University of Massachusetts Boston - Master of Science, International Relations Arizona State University - Bachelor of Arts, Political Science

Cybersecurity majors are being increasingly offered at colleges and universities across the United States. This is in addition to the many informal and corporate-sponsored routes towards cybersecurity education. This talk explores two formal cybersecurity courses offered at Rensselaer Polytechnic Institute: the flagship Information Systems Security course as well as a new course named Modern Binary Exploitation. These two courses provide us a tale of two approaches: one formally designed by a professor and the other originally developed and taught by students. We will examine what worked, what didn’t, future plans for these two courses and the potential for future courses and cybersecurity activities at RPI. We will conclude with strategies for students and teachers to get the most out of their cybersecurity education, regardless of its source.

Brian Callahan is a Lecturer in the Information Technology and Web Science program at Rensselaer Polytechnic Institute in Troy, NY. He oversees the Information Security concentrations of the major at both the undergraduate and graduate levels, and teaches many of the cybersecurity courses offered. He is a long-time developer for the OpenBSD operating system.

Continuous integration and delivery(CI?CD) is a method to quickly deliver software to customers by automating the different stages in development. Some CICD involves the use of virtualized environments and with that, developers fail to properly “locked down” that service resulting to comprised build cycles. Project CI/CD is a post exploitation framework created to exploit CI/CD systems.

Ayobami Emmanuel Adewale is a third year computing security student at RIT who’s trying to learn about various security topics and share his process. His interests are malware reversing, pen-testing and threat hunting.

Sarah (reaper) is a current IBM X-Force Red co-op. She attends the University of Central Florida and is a part of the student club Hack@UCF. She is also on UCF’s CPTC team.

An Introduction the OpenBSD Web Server environment, including frontend technologies such httpd(8), relayd(8), acme-client(1), . And how these technologies use OpenBSD’s proactive security features like pledge,, unveil and others, to stop or mitigate common exploits.

Matt Arnold is a Unix Wizard for hire., in a past life he contributed to projects like Debian, Ubuntu, Slackware and others. His Current Hobbies include auditing IoT firmware for GPL compliance, and other issues

In my years of doing red team work at RIT with the club I wrote a lot of different custom offensive tools. With this I wanted a easy way to integrate all of my ideas together, as well as give other people who were interested in this type of security a good starting base. This talk goes over what I have currently worked on.

Jon Bauer is a fourth year computing security student at RIT. He is currently president of the student run security club RITSEC. In his free time he also is on the Swimming and Diving team as a diver.

BSidesRoc.com 2021

OSINT tools provide security analysts with a powerful set of tools and data that can be leveraged to discover accounts, infrastructure, and long forgotten services that are still running. Using these sources we can research specific companies or users, find easy targets for bug bounties, and begin reconnaissance efforts against our own systems. Learn more about different techniques to gather information while examining North Korea’s public facing infrastructure and their state sponsored operating system.

Nick Roy is currently a Senior Security Specialist at Splunk focusing on security automation and improving blue team response. Before Splunk, Nick was at Phantom Cyber working with partners across the globe build out their security automation practices and delivering them to their customers.

BSidesRoc.com 2021