BSides CHS 2017

Here is a List of Current Talks!

Click Here for the Speaker Schedule

Gerald Auger - Black Box FISMA-based SCA of Public Cloud (IaaS) Providers - @Gerald_Auger

Gerald Auger’s been working within the Information Technology (IT) and Security industry for ten years supporting multiple industries. He is an active CISSP, CISM, and CISA. Gerald has had the distinguished pleasure to work for Booz Allen Hamilton in the public sector, providing cyber security solutions to the DoD, the Dept. of Veterans Affairs and the National Science Foundation United States Antarctic Program. He has earned a master’s in Computer Science and a master’s in Information Assurance, which affords him the ability to analyze a problem set on a technical and engineering level, and cross-cut this analysis with security concepts and thought processes. Gerald is currently working toward a Doctorate of Science in Cyber Security from Dakota State University with a research focus in developing biomedical device risk management frameworks for small and medium-sized healthcare organizations.

Jeff Man - Do We Still Need Pen Testing? - @MrJeffMan

Jeff is a respected Information Security expert, adviser,and evangelist. He has over 33 years of experience working in all aspects ofcomputer, network, and information security, including risk management,vulnerability analysis, compliance assessment, forensic analysis andpenetration testing. He has held security research, management and productdevelopment roles with NSA, the DoD and private-sector enterprises and was partof the first penetration testing "red team" at NSA. For the pasttwenty years, he has been a pen tester, security architect, consultant, QSA,and PCI SME, providing consulting and advisory services to many of the nation'sbest known brands.

April M Jones - OMNOMNOM: A Newbie Chick’s Take on InfoSec - @inkandfyre

April is a Newbie Chica in the InfoSec world. She fell into it purely on accident (she was *almost* pulled kicking and screaming), but had already developed second-hand paranoia due to her connections, so it was a natural next step. Managing to get a newbie-type of position at a Large Unnamed Company, she has begun happily delving into the lighter and darker sides of InfoSec. Sure, she might not have quite the background that most speakers have, but she definitely can provide a new twist on things and a new way of thinking about them. When she's not attending conferences and trying to solve the world's InfoSec issues, she enjoys spinning creative tales and reading.

Jason Gillam - The Hacker Evolution: What have we become? - @jgillam

Jason Gillam is a Principal Security Consultant with Secure Ideas. He has over 15 years of industry experience in enterprise software solutions, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture. Jason co-built and managed an award-winning ethical hacking program at one of the world's largest financial institutions. He also provided numerous application security training and awareness briefings to a large internal technical audience and led the development of best practices code and documentation for the the same. Jason is especially passionate about integration of security best practices with the SDLC. Jason holds his GIAC Web-Application Tester certification. He has spoken at several events including the Charlotte-Metro ISSA Summit, multiple BSides events, Hackfest (Canada), and the UNC Charlotte Cyber Symposium. He is also the author of several Burp extensions including CO2 and Paramalizer, and an active contributor to other open-source projects including MobiSec, SamuraiWTF, and Laudanum

Joe Stewart and James Bettke - Wire Wire - The African Persistent Threat - @joestewart71and @jbettke

Joe Stewart and James Bettke are researchers with Dell SecureWorks, authors of multiple security papers and tools including DCEPT and PDFXpose. In addition to their day jobs performing threat research, Joe and James are also founding members of the SubProto hackerspace in Myrtle Beach.

Patrick Fussell and Josh Stone - Hunting High-Value Targets in Corporate Networks - @pfizzell and @Josh5tone

Josh Stone and Patrick Fussell are penetration testers with PSC, working primarily in the PCI compliance space. Between the two of them, there’s over 15 years of penetration testing experience, and they get to work with some of the world’s largest service providers and merchants.

Jared Haight - Adding PowerShell to your Arsenal with PS>Attack - @jaredhaight

Jared Haight is a Security Engineer with Gotham Digital Science in Charlotte, NC. Before making the transition to Information Security he was a Systems Administrator for a decade where he spent most of his time writing scripts to automate everything he did so he could spend more time looking at pictures of Corgis on the Internet.

Josh Huff - What I learned being an OSINT creeper - @baywolf88

Josh Huff is a Digital Forensics Analyst for private investigation firm in Columbia, SC. He uses his knowledge of security and open source intelligence to break into a security role at Stillinger Investigations early this year. Josh currently uses his OSINT knowledge to assist the investigators with casework while handling the assorted tech landscape of personal devices and computers that come through the forensics lab. he also co-organizes for ColaSec (Columbia's local infosec meetup)

Max Harley - Shellcoding basics - @max_68

Max Harley is a freshman in college who loves security. Max worked for Soteria, a Charleston-local security firm during his senior year in high school. Security is Max's passion, so he strives to become better at it.

Mic Whitehorn-Gillam - Weaponize JS : Making the most of XSS opportunities

Mic Whitehorn-Gillam has been a security enthusiast for as long as he can remember, having started playing around with cryptography before he really knew anything about anything. Professionally, Mic comes from a background in building web applications across a diverse array of server-side technologies including asp.net, java, ruby, and node.js. After spending about a decade as a full-stack developer, Mic combined his passion for security and his experience with web applications to start penetration testing. When he's not working on client engagements or his own development projects, Mic can often been found running on nearest trails.

Leo Pate - Mon'Amie: XXE - @lpate3

Leo is a National Guard Minuteman serving within South Carolina as a Team Leader on the state’s Cyber Team and now employed at SPAWAR as a Network Security Analyst. Graduating from the College of Charleston and the founder of the College’s first Cybersecurity led Leo to work as a Consultant with the homegrown cybersecurity firm located in Charleston dubbed Soteria. Leo also serves as a Program Coordinator and Technical Mentor for NodeSC, a Charleston-based non-profit specializing in cybersecurity education, technology education and business entrepreneurship.

Ralph Collum - Anonymize Me: A Technician's Guide to Hiding from the Internet - @Optimus__Prime

Ralph Collum is a certified information security, risk, and compliance professional with over 8 years experience. He currently holds five industry certifications in security: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Hacking Forensics Investigator (CHFI), CompTIA Advance Security Practitioner (CASP), and CompTIA Security+.

Mr. Collum specializes in I.T. Training and Consulting for Training Concepts in Columbia with focus in information assurance and software infrastructure management, risk management and vulnerability scanning, penetration testing, group policy content development, and remediation strategy development. His goal is to secure companies by educating them on the methods used by attackers, identifying vulnerabilities, and mitigating issues through appropriate levels of awareness and security.

Ralph now teaches a variety of classes at Training Concepts in Columbia focusing on Information Assurance and SharePoint Development.

Bryan Rhodes - Hacking Young Minds: How to get Students interested in Infosec - @rho_io

After graduating from Clemson University with a degree in Computer Science, Bryan Rhodes has spent more than a decade securing networks for the Department of Defense. He's currently a penetration tester and Red Team operator with a passion for anything InfoSec. Bryan is also Red Team co-lead of the Palmetto Cyber Defense Competition and always enjoys a good CTF!

Jason Davison King Salemno - The Alma Doesn't Fall Far From the Tree - @j_hackz and @kingsalemno

Jason has worked for PhishLabs after graduating school in May 2015. King works as a the Technical Lead and Malware Researcher at PhishLabs.