Schedule
Overview
09:00 - 9:30🍩 Pre-Networking / Breakfast provided by Game Above College of Engineering and Technology
9:30 - 11:45
🗣 Enjoy awesome talks.
11:45 - 12:00
😋 Lunch Preparation
12:00 - 13:00
🍕 Lunch provided by Game Above College of Engineering and Technology
13:00 - 14:15
🗣 Enjoy more awesome talks.
14:15 - 14:30
💼 Network with YoloCon's sponsors, fellow students, and industry professionals!
Morning Talks
My Career Path to Becoming a Lead Incident Response Specialist
Edward Miskowiec — MISEC Southfield Chapter
Talking about my long path on how I became a Lead Incident Response Specialist.
Edward Miskowiec is a CO-Admin of the MISEC Southfield chapter. He is also the Lead Incident Response Specialist for a large managed care company.
Security Awareness & Training Maturity Model
Denise Browning — Little Caesars Enterprises
A review of the SANS Institute Maturity Model for Security Awareness & Training — Why it's important, how to build a security & awareness training program.
Denise Browning is the Governance, Risk and Compliance Manager in Cyber Security at Little Caesars Enterprises which includes the pizza business, but also the Detroit Red Wings, Detroit Tigers, Fox Theater, 313 Presents and the Olympia Development, Entertainment and Parking organizations. She has a Master's Degree in Information Assurance with a specialization in Digital Forensics from Walsh College. She holds the CISSP, CRISC and CDPSE certifications. Denise has been working in cyber security since HIPAA Privacy and Security Rules were enacted 20 years ago for Detroit based companies such as Henry Ford Health System, Blue Cross Blue Shield of Michigan and General Motors. She has also been an adjunct instructor at Monroe County Community College. Denise is actively involved with ISACA Detroit, Michigan InfraGard, and the Motor City ISSA chapters.
Intermission
The Painful Truth About SBOMs: Exposing the Challenges in Software Supply Chain Security
Software bill of materials (SBOMs) are widely touted as a critical tool for securing modern software supply chains. However, the reality is that organizations often struggle with the practical implementation and management of SBOMs. In this talk, we'll explore the common pain points and limitations of SBOMs in practice.
Kent Gruber is a product security engineer at HashiCorp and an alumnus of Eastern Michigan University. He is a former member of the IASA and has previously competed in the ISTS and CCDC events. His primary focus is on static analysis with experience in the field of software security. With a deep understanding of the practical challenges organizations face in managing software supply chain security, he is well-positioned to share valuable insights on the realities of implementing and utilizing software bill of materials (SBOMs).
Afternoon Talks
Github Actions & Terraform from a Lead Cloud Security Engineer
Ryan Weber — A Cloud Sec Ninja
In this talk we will dive into the world of GitHub Actions & Terraform and integrating this into a CI/CD pipeline to drive Cloud Security requirements in modern developers landscapes.
Ryan Weber is a highly experienced technical Cloud/Cyber Security Professional in technical leadership-based roles & offers years of experience with various industries. He is also an experienced professor in higher education and is always trying to better himself and the next generation to keep as up-to-date as possible. Ryan currently works as a lead cloud security engineer for Cisco Systems managing from a technical perspective a group of talented engineers from around the world and working remotely here in Michigan. He has built state-of-the-art cloud environments and prides himself on protecting the company where he is working. He has many industry certifications including from HashiCorp, AWS, GCP, DoD, NSA, and in the past Cisco and other industry certifications. He received his Graduate Certificate in Cyber Criminology & Cyber Security from Michigan State University. He also received his Masters in Information Assurance from Eastern Michigan University. He is also an Adjunct Professor of Cloud Security and Cloud technologies at Eastern Michigan University for 5 years and at Trine University for about a year.
Intermission
Enhancing Blue Team Ops with Ansible Semaphore
Jack Rosenberg & Spencer Guiney — IASA
We will discuss the lessons our recent competitions and the lessons that can be taken from them, then give an overview of what Ansible is, how we've been attempting to use it to solve our previous problems, and our future plans for using it at next year's competitions.
Jack is a sophomore at EMU that has been involved with the IASA for about a year and a half now. He has participated in CCDC, ISTS, NCAE, NCL, and other competitions with EMU's teams. During these competitions, he has developed a strong background in reverse engineering, firewall administration, and Linux hardening.
Spencer is a senior at Eastern Michigan University with four years of IT experience. A member of the IASA, he has participated in national cybersecurity competitions, including recent events at NCAE and ISTS. He has experience hardening various Linux systems in blue team competitions.