YoloCon 24 has concluded! Thank you to our sponsors who made it possible!

About YoloCon

YoloCon (Ypsilanti Online Learning Opportunity Conference) is an industry engagement conference organized by the Information Assurance Student Association (IASA) at Eastern Michigan University. The conference provides a unique opportunity for cybersecurity professionals to speak and inspire the next generation. It is designed for companies to engage with students and professionals in the cybersecurity industry.

YoloCon is the primary fundraiser for the IASA, and it supports all the events hosted by the association. The conference enables students to grow their skills, learn about current technological advancements, compete in cybersecurity competitions, and expand their networks. Additionally, YoloCon grants students access to gamified learning resources that provide comprehensive training for competitions such as the National Cyber League and the National Collegiate Cyber Defense Competition. By participating in YoloCon, companies can support and educate students in cybersecurity and strengthen the quality of applicants they can expect to see.

YoloCon 24 takes place on Saturday, April 13th, 2024 from 9am to 2:30pm. The conference will be hosted in Sill Hall, 109 Jones-Goddard, Ypsilanti, MI 48197.

The club recently participated at ISTS 2024, a 3-day cyber attack/defend competition hosted by Rochester Institute of Technology (RITSEC).

Schedule

Overview

09:00 - 9:30

🍩 Pre-Networking / Breakfast provided by Game Above College of Engineering and Technology

9:30 - 11:45

🗣 Enjoy awesome talks.

11:45 - 12:00

😋 Lunch Preparation

12:00 - 13:00

🍕 Lunch provided by Game Above College of Engineering and Technology

13:00 - 14:15

🗣 Enjoy more awesome talks.

14:15 - 14:30

💼 Network with YoloCon's sponsors, fellow students, and industry professionals!

Morning Talks

9:30 - 10:00

My Career Path to Becoming a Lead Incident Response Specialist

Edward Miskowiec — MISEC Southfield Chapter

Talking about my long path on how I became a Lead Incident Response Specialist.

Edward Miskowiec is a CO-Admin of the MISEC Southfield chapter. He is also the Lead Incident Response Specialist for a large managed care company.

10:00 - 10:30

Security Awareness & Training Maturity Model

Denise Browning — Little Caesars Enterprises

A review of the SANS Institute Maturity Model for Security Awareness & Training — Why it's important, how to build a security & awareness training program.

Denise Browning is the Governance, Risk and Compliance Manager in Cyber Security at Little Caesars Enterprises which includes the pizza business, but also the Detroit Red Wings, Detroit Tigers, Fox Theater, 313 Presents and the Olympia Development, Entertainment and Parking organizations. She has a Master's Degree in Information Assurance with a specialization in Digital Forensics from Walsh College. She holds the CISSP, CRISC and CDPSE certifications. Denise has been working in cyber security since HIPAA Privacy and Security Rules were enacted 20 years ago for Detroit based companies such as Henry Ford Health System, Blue Cross Blue Shield of Michigan and General Motors. She has also been an adjunct instructor at Monroe County Community College. Denise is actively involved with ISACA Detroit, Michigan InfraGard, and the Motor City ISSA chapters.

10:30 - 10:45

Intermission

10:45 - 11:45Keynote Presentation

The Painful Truth About SBOMs: Exposing the Challenges in Software Supply Chain Security

Kent Gruber — HashiCorp

Software bill of materials (SBOMs) are widely touted as a critical tool for securing modern software supply chains. However, the reality is that organizations often struggle with the practical implementation and management of SBOMs. In this talk, we'll explore the common pain points and limitations of SBOMs in practice.

Kent Gruber is a product security engineer at HashiCorp and an alumnus of Eastern Michigan University. He is a former member of the IASA and has previously competed in the ISTS and CCDC events. His primary focus is on static analysis with experience in the field of software security. With a deep understanding of the practical challenges organizations face in managing software supply chain security, he is well-positioned to share valuable insights on the realities of implementing and utilizing software bill of materials (SBOMs).

Afternoon Talks

13:00 - 13:30

Github Actions & Terraform from a Lead Cloud Security Engineer

Ryan Weber — A Cloud Sec Ninja

In this talk we will dive into the world of GitHub Actions & Terraform and integrating this into a CI/CD pipeline to drive Cloud Security requirements in modern developers landscapes.

Ryan Weber is a highly experienced technical Cloud/Cyber Security Professional in technical leadership-based roles & offers years of experience with various industries. He is also an experienced professor in higher education and is always trying to better himself and the next generation to keep as up-to-date as possible. Ryan currently works as a lead cloud security engineer for Cisco Systems managing from a technical perspective a group of talented engineers from around the world and working remotely here in Michigan. He has built state-of-the-art cloud environments and prides himself on protecting the company where he is working. He has many industry certifications including from HashiCorp, AWS, GCP, DoD, NSA, and in the past Cisco and other industry certifications. He received his Graduate Certificate in Cyber Criminology & Cyber Security from Michigan State University. He also received his Masters in Information Assurance from Eastern Michigan University. He is also an Adjunct Professor of Cloud Security and Cloud technologies at Eastern Michigan University for 5 years and at Trine University for about a year.

13:30 - 13:45

Intermission

13:45 - 14:15

Enhancing Blue Team Ops with Ansible Semaphore

Jack Rosenberg & Spencer Guiney — IASA

We will discuss the lessons our recent competitions and the lessons that can be taken from them, then give an overview of what Ansible is, how we've been attempting to use it to solve our previous problems, and our future plans for using it at next year's competitions.

Jack is a sophomore at EMU that has been involved with the IASA for about a year and a half now. He has participated in CCDC, ISTS, NCAE, NCL, and other competitions with EMU's teams. During these competitions, he has developed a strong background in reverse engineering, firewall administration, and Linux hardening.

Spencer is a senior at Eastern Michigan University with four years of IT experience. A member of the IASA, he has participated in national cybersecurity competitions, including recent events at NCAE and ISTS. He has experience hardening various Linux systems in blue team competitions.