OzSecurity

Speaker Details

Learn about our speakers

Devin

Keynote

Our keynote presentation this year by Devin is about challenging the current fear-based, consumption-driven state of cybersecurity, urging a return to its core mission: helping people and protecting businesses because it’s the right thing to do.

Reflecting on why many entered the field—to bring justice and prevent harm—a call for cybersecurity professionals to move away from tactics driven by vendors and metrics, and instead embrace creativity, collaboration, and partnership with end-users.

Be the advocate for a risk-based approach that prioritizes realistic solutions over disaster-driven methods, encouraging a culture change back to being heroes who protect.

Jason Taylor

Pentester

OzSec Organizer

Jason is a Senior Information Security Analyst with a passion for offensive security and hacking. He enjoys asking “but what if…” and discussing scenarios and fun thought experiments from both offensive and defensive sides.

Father of two future hackers and husband to a VP of Security and Risk, dinner discussions at his home often involve the latest FFIEC guidelines and the newest attack vectors.

Presentation Abstract

This session explores the process of designing and building custom electronic badges for cybersecurity conferences. We will cover key steps, including hardware selection, PCB integration, and firmware development for interactive features like puzzles and challenges. Attendees will learn how these badges are crafted to align with conference themes while ensuring durability and engagement. Perfect for anyone interested in blending electronics with creativity in the security space.

Anthony George

CEO and Chief Engineer, George Consulting and Engineering, CISSP, GFCA

14 years System Engineer, Defense Contractors

Retired Cyber Warfare Operator, Kansas Air National Guard

Bachelor’s degree in Computer Programming

Presentation Abstract

ICS Cyber Security and How It Is Changing

This talk explores the intersection of Industry 4.0 and industrial cybersecurity, focusing on securing smart factories and manufacturing environments. It highlights practical strategies and technologies like anomaly detection, secure network architectures, and threat modeling to protect against cyber threats in the era of digital transformation.

John Shamasko

CMMC Assessor with JSA/DIBCAC High experience trained by the Cyber AB

The CMMC Team, an authorized C3PAO

John Shamasko has over 20+ years of experience leading cybersecurity projects in cross-functional teams while providing guidance to decision-makers on security risks, business requirements, and regulatory compliance. He is also a CMMC Assessor (CCA) and a CMMC Professional (CCP). John has worked for numerous organizations where he led efforts to improve security posture and minimize security risks by conducting risk assessments and working with product owners and the development team. John has an MBA and a B.S. in Computer Science from Friends University, and his current certifications include CISSP (Certified Information Systems Security Professional), CIPM (Certified Information Privacy Manager), AS9100c Internal Auditor, APICS CPIM Supply Chain Management, MIT Cybersecurity, Security +, AIX, LogRhythm Security Analyst, and Six Sigma.

Presentation Abstract

CMMC Round Table

Small and Medium Businesses that are required to adhere to NIST 800-171 and the upcoming CMMC requirements often are misinformed, ill-advised, or generally confused. Leadership expects IT to meet this challenge. We will cover various ways IT can bridge the gap between compliance and implementing CMMC effectively.

Sara Anstey

Director of Data Analytics and Risk at Novacoast

Sara Anstey is the Director of Data Analytics and Risk at Novacoast who is passionate about empowering businesses to use everyday data to make strategic business decisions. She believes that the intentional adoption of a data-driven culture can be a key differentiator to companies in today’s security climate. Sara has experience in custom web development, artificial intelligence, data analytics, business intelligence, and applied statistics.

Presentation Abstract

The Human Factor: Quantifying Human Risk

This talk will delve into the emerging field of human risk management and quantification, focusing on assigning risk scores to employees based on their actions and access. Similar to where cyber risk quantification was a few years ago, this field is expected to grow significantly. With over 80% of breaches involving the human element, understanding how employees affect security posture is crucial for organizations aiming to enhance their security.

Nicki Swart

Information Security Analyst, Heartland Credit Union

A native Wichitan, Nicki is an award-winning information security enthusiast with experience in both the healthcare and financial sectors. Holding a Master’s in Computer Information Systems, she has worked on a variety of information security projects, including compliance initiatives, security awareness, digital forensics, pentesting, and more. When she’s not at work, she’s chasing after her three boys and spending time with her husband of 15 years.

Presentation Abstract

Debunking Cybersecurity Myths: Elevate Your Professional Knowledge and Defend with Confidence

Join us for a 30-minute lecture aimed at debunking the most persistent myths in the cybersecurity field, from the illusion of invincible passwords to the overreliance on endpoint protection software. Discover the real threats and effective strategies to combat them. This session will equip you with up-to-date insights and practical tactics to strengthen your defenses and stay ahead of cybercriminals.

Tara Parker

Interaction discussion on soft skills and how to use them to brighten your career.

Tara Parker returns to OzSec with her talk on soft skills! As with years past, Tara will talk about what soft skills are most important in your career and how to develop them. This year, she brings something new to her talk and quite honestly, we are intrigued as to what she has up her sleeve!

Joseph White

Enterprise Architect & Security Architect at BCBSKS (Blue Cross and Blue Shield of Kansas)

I have over 20 years of enterprise security experience, including 15 years at Blue Cross and Blue Shield of Kansas, where I've worked in roles such as network admin, incident response, threat hunting, firewall admin, and security architecture. I’ve led teams in red teaming, app security, and threat management. I’m also passionate about volunteering with ARIN and IETF, and in my free time, I enjoy playing tabletop board games.

Presentation Abstract

Description of API fundamentals, attack strategies, and a review of OWASP’s Top 10 for APIs. The goal is to teach and demonstrate common API security flaws. The content will be valuable to security enthusiasts, developers, and pen testers with a focus to learn about API vulnerabilities.

Matthew McGill

Manager Security Engineering and Threat Management

As an Information Security Consultant at HBS, Matthew helps clients establish thorough risk management programs and strong security postures within the Financial, Software-as-a-Service, Manufacturing, and Healthcare industry sectors. A computer engineering graduate from Iowa State, Matthew guides clients on technical details, policy creation and overall business considerations related to cybersecurity.

Presentation Abstract

Ransomware attacks keep rising. Cyber insurance rates are climbing. And companies are requiring vendors to prove that they handle data securely. What are your actionable next steps in the midst of all that noise? In this session, a cybersecurity expert provides a clear summary of the current cybersecurity landscape.

Practical tips presented in plain English take you inside the mind of cyber criminals to see their playbook and learn basic security fixes that send the bad guys looking for easier targets. Topics include: updated defenses for the latest ransomware, building a multi-layered program to tackle network, application, data, and system security, basic steps that could've stopped some of the latest breaches, and actions you can take now to limit the damage if hackers come after your system.

Community Organization Discussion Panel

ASIS Wichita Chapter

Defcon316

ISSA Central Plains

ISC2 Wichita Chapter

Presentation Abstract

Wichita's Information Security Community Organizations are a dynamic community dedicated to advancing cybersecurity knowledge and fostering collaboration among professionals, enthusiasts, and beginners. We aim to create a supportive environment where members can learn, share, and hone their skills through hands-on challenges, workshops, and discussions. Our mission is to strengthen the cybersecurity landscape by promoting education, awareness, and innovation, while building a network of passionate individuals who are committed to safeguarding the digital world.

Adam Sewell

Founder & CEO, Waterleaf International/Cyberleaf

Adam has been a successful senior executive and entrepreneur in network and cyber for more than 20 years. Adam founded Waterleaf International LLC ‘Waterleaf’ and developed the worlds first commercial low latency microwave networks for the High Frequency Trading (HFT) markets.

Adam’s technical background includes work in RF engineering, SDR, mobile s/w development, hardware engineering, cybersecurity and telecommunications architecture. BS Degree, graduate studies/certificates in engineering, finance, mathematics and economics at Stevens Institute, Columbia and Pace Universities. MSEE (2024) UC, Boulder. He is a published author and SME on critical infrastructure cybersecurity. PhD studies and research in QED (Quantum Zeno Effect).

Presentation Abstract

Why Cyber Defense Fails

What are the common elements of failures within enterprise defense – lessons learned, tools, skills, and capabilities.

Case studies based on recent events in IT, OT, and other sectors.

Focus on defense (Defense Industrial Base), Financial Services, and Health Care.

What is needed now and in the near future?

Gordon Shumway

Brain Computing Interface (BCI) You’re late, the future is already here

Gordon Shumway is an author and security veteran with over thirty years of experience traversing physical security, protective services, forensics, ransoms and recoveries, incident response to red teaming for Las Vegas casinos. Often found as the solutions and hardware creator for security companies, Gordon brings cutting edge security technologies and tools to the community and makes them accessible to everyone.

BCI Speedrun for Security Professionals

A workshop for all ages, audiences, and aptitudes that speedruns participants through terminology and the basic knowledge to understand the brain computing interface. From there, the BCI security framework is introduced to allow safe implementation of BCI technologies through a security assessment framework.

Discover the workshop that has led to legislation and protections for human thought and is considered the information you need right now to understand the future. The quintessential boot camp for BCI built for security professionals.

Participants will walk away with a baseline understanding of BCI concepts, tools, runbooks, frameworks, and will be able to execute their own safe and ethical experiments and testing for security. Witness over a decade of ethical research condensed into a four-hour workshop.

All supporting content and materials for the course are available on a freely provided GitHub the day of the workshop. Attendees do not need to provide or bring any materials.

Donovan Farrow

CEO at Alias Cybersecurity & Serial Entrepreneur

Presentation Abstract

Open Source Your Incident Response

Hackers use advanced tools tailored to particular types of engagements and environments. Understanding those to defend against them can take a level of sophistication and training that many organizations don’t have the staff or resources to dedicate. But did you know hackers also use tools freely available to anyone? That these are ones you can use for both defense and response? In this talk, you’ll learn how you can use these tools to assess and secure your infrastructure from the more advanced threats and aid in the event of an incident. You’ll learn the open source tools red and blue teams can employ, how to utilize them, and what action points they can provide for your security and IT teams. Actual demonstrations of the tools and training on how to utilize them will be provided as well as real-world stories of how these tools are common first steps in both a penetration test and incident response. This talk is for cybersecurity and IT professionals.

Zane West

Chief Information Security Officer (CISO) - Rapidscale

Presentation Abstract

Technology Sprawl: Creating the Cybersecurity Skills Shortage

Across all industries, the number of point solutions to enforce specific controls has directly contributed to significant security resource shortages in the market. It is also a major contributor to poor implementations and gaps in security controls. In this talk, we will discuss some research on evaluating, implementing, and operating security technology and the impact it has on many organizations. We will look at a case study and some of the changes that were made to optimize their architecture and reduce operating costs. Finally, we will discuss how cloud and AI/ML can and have been used to enhance your security posture.

Logan Rhamy

CEO - Air Capital Cyber Security

Presentation Abstract

IT on a Tightrope: Balancing Automation, Security, and Documentation Solo

Small businesses often face significant challenges when relying on a one-person IT department. In this presentation, we’ll focus on three key areas that form the foundation of success: automation, security, and documentation. We’ll also explore how to navigate leadership that doesn’t always understand IT and provide practical recommendations and actionable steps you can implement right away to improve your operations and drive forward with confidence.