Cyber Security in Today’s Evolving Threat Environment

Leading us through our Keynote address is Kenny Holmes (Cisco) and Jeff Hagan (Logicalis). Their discussion will focus on today’s digital landscape where Cyber Security is front and center as a business imperative. Together, Kenny and Jeff will explore the evolving threat environment, the expanding compliance and regulatory demands, and navigating the growing market for security solutions.

Crafting Chaos: Building, Enumerating, and Unleashing Malicious DLL Payloads

This conference talk delves into the sophisticated craft of developing malicious DLL payloads, a powerful technique in cyber attacks. We’ll explore creating stealthy DLLs from scratch in multiple programming languages, enumerating diverse payload vectors for system infiltration, and executing these payloads for maximum impact. Attendees will uncover threat actor techniques, including injection methods, persistence strategies, and evasion tactics, alongside defensive approaches to detect and neutralize such threats. The session will also cover building DLL payloads on-the-fly via C2 frameworks, a critical skill for Red Team operators during assessments. Perfect for security researchers and red teamers aiming to master or counter advanced DLL-based attacks.

Operational Technology (OT) The day the city stopped working! Disaster Recovery in OT

Protecting Workloads at Speed and Scale with Cisco Hypershield

Cisco Hypershield is not the next generation of anything, it's the first generation of something new! A modern architecture for securing applications and workloads wherever they are.

Soft Skills

Technical skills are necessary as an IT professional. When it comes to creating a successful career, however, it's the soft skills that make a difference! This year, Tara talks about the soft skills that make the biggest impact and how to develop them! Check out Soft Skills for Pros: Tips for Successful Application

Secure by Design: Starting Your Data Protection Journey

As AI tools become more pervasive, securing sensitive data is more critical than ever. This session outlines the key steps to launch a data security strategy—starting with governance planning and data labeling, moving through DLP implementation, and concluding with Microsoft Purview DSPM and strategies to defend against rogue AI.

If It Ain't Broke...Scale It

In cybersecurity, it often feels like we're drowning in problems—patches left undone, processes broken, tools underused. But what if instead of obsessing over what’s broken, we focused on the “bright spots”—the security practices, people, and processes already working well—and used them as catalysts for broader change? This session explores how security leaders can apply the behavioral science concept of Bright Spots to build momentum, drive organizational effectiveness, and create a culture of resilience. Attendees will walk away with a fresh perspective on how to reframe challenges, spotlight successes, and amplify what’s already working to meaningfully advance their security programs.

BreakICT

ALL day CTF attack room - Support may or may not be available throughout the day.

Overview of the Defense Innovation OnRamp: Kansas

Discover the Defense Innovation OnRamp Hub: Kansas, a dynamic platform fostering collaboration and innovation in defense solutions. Connect with industry leaders, access advanced resources, and drive the future of defense technology.

IT on a Tightrope

In IT on a Tightrope, Logan Rhamy shares practical strategies for thriving as a one-person IT department. The session covers overcoming leadership and budget challenges, building effective documentation, using automation to save time, strengthening cybersecurity, and knowing when to outsource. Attendees leave with low-cost, actionable steps to improve efficiency, reliability, and security.

Social Engineering, Evolved: A Timeline of Deception

Social engineering has leveled up—and it's not just about phishing emails anymore. Today's attackers are using AI, deepfakes, and even fake job applications to manipulate people in more convincing ways. This session walks through the evolution of social engineering tactics, from early spam and classic phishing to AI-generated scams and deepfake imposters. With real-world examples and practical takeaways, you'll leave with a clearer picture of how social engineering has changed—and how to stay ahead of the next trick up an attacker's sleeve.

Ransomware Reimaged: From Encryption to Extortion

Ransomware has changed from simple encryption-based attacks into complex, multi-layered extortion schemes that threaten organizations all over the world. This talk traces the evolution of ransomware over the past five years, emphasizing the shift from encryption to data exfiltration, escalated extortion tactics, and exploitation of cloud and supply chain vulnerabilities. Drawing on recent trends and high-profile cases, we explore how threat actors are leveraging Ransomware-as-a-Service (RaaS), AI driven attacks, and advanced initial access techniques to maximize success. The session concludes with actionable defensive strategies, robust backups, proactive monitoring, and employee training, to help organizations stay ahead of this escalating threat.

Cybersecurity and workforce development – A success story

AI, IOT and Manufacturing. OH My!

IT/OT convergence

Incident Response Maturity - From Planning to Remediation

Given the rise in sophisticated digital threats, organizations must assume that a security incident is inevitable. The ability to detect, respond to, and recover from cybersecurity incidents quickly and effectively is critical to protecting data, maintaining operations, and preserving trust. The ability to detect, respond to, and recover from cybersecurity incidents quickly and effectively is critical to protecting data, maintaining operations, and preserving trust. This presentation dives into the full lifecycle of Incident Response (IR)—from strategic planning and preparation, to real-time detection and alerting, to coordinated response and remediation. Participants will gain insight into the essential components of a mature IR program and learn how to build response capabilities that reduce downtime, limit impact, and ensure regulatory and contractual obligations are met. Key focus areas include: Developing an incident response plan that aligns with business and compliance requirements Establishing detection mechanisms and alerting workflows across the enterprise Coordinating internal and external response teams for timely and effective containment Implementing root cause analysis, corrective actions, and communication protocols post-incident Leveraging tabletop exercises and threat intelligence to improve readiness over time Whether you're building an IR program from the ground up or looking to enhance existing processes, this session offers actionable guidance to help your organization detect threats earlier, respond faster, and recover smarter.

BreakICT

ALL day CTF attack room - Support may or may not be available throughout the day.

CMMC Roundtable

Live Malware Analysis: Unraveling Phishing Attacks and Malicious Document Payloads from Today's Phishing Lures

This dynamic conference talk offers an in-depth, live demonstration of malware analysis, zeroing in on malicious documents from contemporary phishing attacks, including 'Tolls Due' and 'Taxes' lures. We'll dissect real-world samples, exposing the tactics, techniques, and procedures (TTPs) attackers use to exploit victims. From decoding embedded macros and scripts to tracing payload delivery and command-and-control (C2) communication, this session provides a detailed, step-by-step breakdown. Attendees will explore cutting-edge tools and methodologies for safe analysis while learning defensive strategies to detect and counter these threats. Ideal for security analysts, incident responders, and blue teamers aiming to master malware analysis against evolving phishing campaigns.

Transforming IT Operations: Leveraging Security, Configuration Baselines, and AI for Efficiency and Compliance

This session explores how integrating robust security practices, configuration baselines, and artificial intelligence can transform IT operational efficiency. Attendees will learn foundational security concepts, the importance of standard operating procedures (SOPs), and how configuration baselines support compliance and streamline workflows. The presentation highlights common challenges faced by IT teams without security best practices and demonstrates how standardized configurations reduce incidents and operational overhead. The session also showcases AI-driven innovations—including automated asset discovery, real-time monitoring, deviation detection, and proactive remediation—that empower IT teams to establish, maintain, and optimize secure baselines. Join us for practical insights and a live demo on generating SOPs with AI, equipping your organization to achieve resilient, agile, and compliant IT operations in a rapidly evolving threat landscape.

Data brokers and The reclaiming of online privacy

In Reclaiming Online Privacy, Logan Rhamy exposes how data brokers collect, sell, and weaponize personal information. Using real examples and case studies, the session shows how this data fuels scams, stalking, and harassment. Attendees learn practical, low-cost steps to protect their identity, secure accounts, remove themselves from broker lists, and take back control of their digital footprint.

CMMC past present and future

The Evolution of AI

The Evolution of AI: Where we were, and where we're going

Social Engineering CTF

BreakICT

ALL day CTF attack room - Support may or may not be available throughout the day.

Security in the age of AI: a Developers approach to Security

Ready to move from theory to a tangible project? This talk is your idea factory. We'll explore generic examples of AI applications in cybersecurity with one goal: inspiring you to build something cool. Get ready to see the potential of AI as the bridge for connecting your security tools together.

Cybersecurity Lessons from Star Wars

This session takes a unique approach to cybersecurity by drawing parallels between the collapse of the Empire in Star Wars and common cybersecurity failures in modern organizations. We will explore how the Empire's poor cybersecurity practices led to catastrophic failures, such as the destruction of the Death Star, and how implementing modern cybersecurity strategies could have altered the course of the Galactic Civil War.Key points include the role of insider threats, supply chain vulnerabilities, lack of multifactor authentication, and unsecured network access points. Using iconic scenes from Star Wars, we'll break down how these failings mirror real-world cybersecurity challenges. For example, the lack of endpoint protection allowed unauthorized devices like R2-D2 to access critical systems. The Empire's failure to secure operational technology (OT), such as shield generators and reactor cores, directly mirrors the growing need for IoT and OT security in today's organizations. Through these cinematic examples, the session will introduce modern cybersecurity solutions such as passwordless authentication, endpoint protection, and IoT/OT security. Attendees will walk away with actionable insights into how they can strengthen their organization's defenses by learning from the Empire's mistakes. The session will use case studies from Star Wars to highlight the risks of outdated security measures and demonstrate how adopting advanced cybersecurity practices can prevent similar 'galactic' consequences in the corporate world. Attendees will be encouraged to reflect on their current security frameworks and leave with a strategic plan to enhance cybersecurity within their organizations. ObjectiveThis session offers a fresh and engaging way to understand critical cybersecurity concepts by blending pop culture with practical insights. By using Star Wars as an illustrative case study, attendees will not only be entertained but will leave with tangible strategies to implement in their cybersecurity frameworks. It's a unique, memorable approach to a vital topic.

Mitigating AI LLM threats in the enterprise -

Insecure by Default LLM's with MCP's - Similar to macros, but acting as autonomous agents operating without human oversight driven by the LLM for connectivity to resources inside and outside of an organization, Model Context Protocols (MCPs), present a growing wave of hidden threats. As MCPs become smarter, effortlessly linking powerful LLMs to external tools, their vulnerabilities silently multiply. Examples include browser extensions quietly harvesting data or compromised plugins slipping under the radar, these subtle yet significant risks can quickly escalate into serious breaches. Security risks of MCP in enterprise LLMs Integrating the Model Context Protocol (MCP) into enterprise Large Language Models (LLMs) significantly enhances their capabilities by connecting them to various data sources and tools. However, this interconnectivity also introduces a range of serious security risks that enterprises must actively address. We will cover the risks, exposure and mitigation best practices of using LLM's.

Skynet or Clippy: Separating AI Hype from Everyday Reality

Skynet or Clippy: Separating AI Hype from Everyday Reality explores the gap between sensationalized fears and practical uses of AI like ChatGPT. Logan Rhamy examines real workplace applications, ethical considerations, and policy needs, giving attendees clear guidance on integrating AI responsibly while protecting data, maintaining compliance, and ensuring human oversight.

Strategies for Adopting Secure AI

Artificial Intelligence (AI) is radically transforming industries and reshaping the threat landscape. While AI delivers significant business value, it also enhances the capabilities of both attackers and defenders in cybersecurity. This session will explore pragmatic strategies to protect organizations while embracing advanced technologies. We will delve into real-world examples of how organizations are navigating these changes, highlighting best practices and innovative approaches.

Extracting Secrets from IoT Devices

Have you ever wondered what kind of secrets are floating around in IoT devices in your life? As 'smart' IoT devices become more and more ubiquitous you might have some concerns about the amount of effort these companies are putting into the 'security' of these devices and their infrastructure, as well as what kind of data they are picking up and sharing, and the possible consequences of this. I'm going to explain and demonstrate some methods for extracting the firmware from 'smart' sensors, cameras, routers, and various other IoT devices, then explain and demonstrate how to find various secrets that are floating around in the firmware. In addition, I will also explain (and try and demonstrate) ways of finding secrets in network traffic.

BreakICT

ALL day CTF attack room - Support may or may not be available throughout the day.

Still Swinging: How to Overcome Impostor Syndrome

A tribute to Billy Boatright's life, work, and lasting impact on the information security community. Billy Boatright’s journey began on the baseball fields of Southern California, where he learned valuable life lessons. He later took these lessons to two of the world’s most bustling cities—New York and Las Vegas. For nearly a decade, Billy was a bartender on the Las Vegas Strip, earning global recognition as a top-ranked Flair Bartender with multiple awards. However, after a debilitating illness and numerous surgeries ended his promising career, Billy pivoted to a new challenge: social engineering. From being known as DefCon’s number one volunteer to the world’s most proficient social operator Billy never stopped being a hacker. This culminated in a series of talks he delivered at DefCon, which he then transformed into the book: “Swing Away: Conquering Impostor Syndrome”. Billy was passionate about helping others overcome impostor syndrome so they could participate in all the fun he was having in the security industry. In this 45-minute session, packed with energy and practical advice, Billy’s research and insights offer powerful tools for identifying and combatting impostor syndrome. Proven to reignite the spirits of even the most burned-out security professionals, this session includes hands-on exercises designed to help participants apply these tools in real-time and avoid the traps of self-doubt and sabotage.While the industry lost a remarkable figure, the community has united to carry Billy’s work forward. This session puts his tools directly in your hands, so you can keep swinging and continue his mission. Join us to honor Billy and discover how to break free from impostor syndrome.