THANK YOU!

To our sponsors, speakers, volunteers, and attendees, thank you for making BSides 2023 a resounding success.

Want to help in the meantime? The Illinois Cyber Foundation operates all year long.

Sign up for updates! (we promise, no spam)

Hours

0

Speakers

0

Seats

0

Sponsors

0

2023’s Speakers

Nick SchroederExecutive Director, Illinois Cyber Foundation

Nick Schroeder is a Sr. Principal Threat Intelligence Analyst @ Mandiant/Google, focusing on custom intelligence curation, adversary tracking, and analysis. Nick previously held roles leading incident response engagements & IR teams, consulting, threat hunting, and penetration testing in the federal space. Nick enjoys forensics, malware analysis, and tooling.

Nick SchroederExecutive Director, Illinois Cyber Foundation

Nick Schroeder is a Sr. Principal Threat Intelligence Analyst @ Mandiant/Google, focusing on custom intelligence curation, adversary tracking, and analysis. Nick previously held roles leading incident response engagements & IR teams, consulting, threat hunting, and penetration testing in the federal space. Nick enjoys forensics, malware analysis, and tooling.

closepopup
Cody KretsingerExecutive Director, Illinois Cyber Foundation

Cody has over a decade of experience working with Red, Blue, and Purple cyber security teams, including countless Incident Response and Red Team engagements.

Kretsinger currently provides security research, expert advice, and advisory services to the Managed Service and Security Provider community at Galactic Advisors. Cody helps MSPs and MSSPs strengthen their own security, develop educational security content, and Research & Development for automated Penetration Testing tools, focused on adversarial tactics.

Cody previously worked as the Security Manager with a leading IT and cybersecurity company in Central Illinois providing Red and Blue Team services.

An avid cybersecurity professional, Cody has a passion for guiding information security, including speaking on numerous Cybersecurity topics and his time in LulzSec.

Cody KretsingerExecutive Director, Illinois Cyber Foundation

Cody has over a decade of experience working with Red, Blue, and Purple cyber security teams, including countless Incident Response and Red Team engagements.

Kretsinger currently provides security research, expert advice, and advisory services to the Managed Service and Security Provider community at Galactic Advisors. Cody helps MSPs and MSSPs strengthen their own security, develop educational security content, and Research & Development for automated Penetration Testing tools, focused on adversarial tactics.

Cody previously worked as the Security Manager with a leading IT and cybersecurity company in Central Illinois providing Red and Blue Team services.

An avid cybersecurity professional, Cody has a passion for guiding information security, including speaking on numerous Cybersecurity topics and his time in LulzSec.

closepopup
Anthony MiniPresident, Pearl Technology

Anthony joined Pearl Technology in 2021 and is responsible for overseeing all aspects of the company’s business strategies and cybersecurity objectives.

He has more than 22 years of experience across public, private, and non-profit organizations. As a major with the Air National Guard in Peoria, Anthony serves as Commander, Cyber Operations Officer. He is an accomplished technology professional with experience in strategic planning, project management, and cybersecurity and one of the Peoria area’s 40 leaders under 40. In addition to his proven success, Anthony has the following certifications: CISSP, CCSP, CIO, CCNA, Sec+, ITIL, and 6 Sigma. Anthony also holds a Master’s of Science, with a CIO concentration from NDU College of Information and Cyberspace.

Anthony and his wife, Cristen, live with their three children in Central Illinois. His hobbies include aviation, golf, coaching hockey, and all things technology.

Anthony MiniPresident, Pearl Technology

Anthony joined Pearl Technology in 2021 and is responsible for overseeing all aspects of the company’s business strategies and cybersecurity objectives.

He has more than 22 years of experience across public, private, and non-profit organizations. As a major with the Air National Guard in Peoria, Anthony serves as Commander, Cyber Operations Officer. He is an accomplished technology professional with experience in strategic planning, project management, and cybersecurity and one of the Peoria area’s 40 leaders under 40. In addition to his proven success, Anthony has the following certifications: CISSP, CCSP, CIO, CCNA, Sec+, ITIL, and 6 Sigma. Anthony also holds a Master’s of Science, with a CIO concentration from NDU College of Information and Cyberspace.

Anthony and his wife, Cristen, live with their three children in Central Illinois. His hobbies include aviation, golf, coaching hockey, and all things technology.

closepopup
Charles HerringChief Technology Officer, WitFoo

Charles Herring is co-Founder and Chief Technology Officer at WitFoo. WitFoo was founded to enable the sharing of information and operations across the craft of Cybersecurity. Charles leads research and development of the WitFoo Precinct platform that utilizes Apache Cassandra as a fundamental component in its architecture. Precinct ingests trillions of messages each day across hundreds of clusters to detect cybercrime and provide secure methods of sharing data and operations across corporations, organizations, law enforcement, national security and insurers.

Charles regularly speaks on research at conferences including DEFCON, Secure360 and GrrCON. Charles began his career in cybersecurity analytics in 2002 while in the US Navy serving as the Network Security Officer for the Naval Postgraduate School. After leaving active duty in 2005, he ran a consulting company that focused on data and operations sharing across private and public sector organizations. In 2012, Charles joined network behavioral and anomaly company, Lancope designing and deploying advanced network security solutions. In 2015, Charles joined Cisco Systems through the Lancope acquisition and supported the Global Security Sales Organization until launching WitFoo in 2016.

When Charles is not researching challenges in big-data and cybersecurity, he enjoys SCUBA diving, travel and long dinners with his wife, Mai.

Charles HerringChief Technology Officer, WitFoo

Charles Herring is co-Founder and Chief Technology Officer at WitFoo. WitFoo was founded to enable the sharing of information and operations across the craft of Cybersecurity. Charles leads research and development of the WitFoo Precinct platform that utilizes Apache Cassandra as a fundamental component in its architecture. Precinct ingests trillions of messages each day across hundreds of clusters to detect cybercrime and provide secure methods of sharing data and operations across corporations, organizations, law enforcement, national security and insurers.

Charles regularly speaks on research at conferences including DEFCON, Secure360 and GrrCON. Charles began his career in cybersecurity analytics in 2002 while in the US Navy serving as the Network Security Officer for the Naval Postgraduate School. After leaving active duty in 2005, he ran a consulting company that focused on data and operations sharing across private and public sector organizations. In 2012, Charles joined network behavioral and anomaly company, Lancope designing and deploying advanced network security solutions. In 2015, Charles joined Cisco Systems through the Lancope acquisition and supported the Global Security Sales Organization until launching WitFoo in 2016.

When Charles is not researching challenges in big-data and cybersecurity, he enjoys SCUBA diving, travel and long dinners with his wife, Mai.

closepopup
Matt TopperSenior Evangelism Director, Connectwise

Matt Topper is a security professional with a passion for captivating audiences. With almost two decades of experience in technology, Matt has thrived in roles ranging from development to CTO. Today, he focuses on information security, compliance, and security program management at MSPs.

As ConnectWise's Security Evangelist, Matt's mission is to educate and inspire. Armed with a Computer Science degree and CISSP, CISM, and CCSP certifications, he draws from his expertise across Internal IT, MSP, and vendor roles to provide unique insights. Outside of tech, Matt finds balance in running and family time.

Matt TopperSenior Evangelism Director, Connectwise

Matt Topper is a security professional with a passion for captivating audiences. With almost two decades of experience in technology, Matt has thrived in roles ranging from development to CTO. Today, he focuses on information security, compliance, and security program management at MSPs.

As ConnectWise's Security Evangelist, Matt's mission is to educate and inspire. Armed with a Computer Science degree and CISSP, CISM, and CCSP certifications, he draws from his expertise across Internal IT, MSP, and vendor roles to provide unique insights. Outside of tech, Matt finds balance in running and family time.

closepopup
Matt LeeSenior Director of Security and Compliance, Pax8

Matt Lee has dedicated the last 10 years to raising the security tide in the SMB market. His efforts have served in every capacity in a growing MSP that grew to support 20,000 endpoints. His leadership around technology direction and security/compliance protected and elevated over 17,000 people in Small to midsize businesses in five states. He has since taken on a new role as a force multiplier under Brad Fugitt as the Senior director of Security and Compliance at Pax8. He is driving the external thought leadership to empower MSPs to continue to grow in their security knowledge and operability. He lives to ensure his children maintain the same quality of life we do around technology, which is imperiled daily by threat actors.

Matt LeeSenior Director of Security and Compliance, Pax8

Matt Lee has dedicated the last 10 years to raising the security tide in the SMB market. His efforts have served in every capacity in a growing MSP that grew to support 20,000 endpoints. His leadership around technology direction and security/compliance protected and elevated over 17,000 people in Small to midsize businesses in five states. He has since taken on a new role as a force multiplier under Brad Fugitt as the Senior director of Security and Compliance at Pax8. He is driving the external thought leadership to empower MSPs to continue to grow in their security knowledge and operability. He lives to ensure his children maintain the same quality of life we do around technology, which is imperiled daily by threat actors.

closepopup
Sebastian Whiting

I am originally from Washington, Illinois were I attended Washington Community High School graduating in 2010. I immediately began my professional career in the U.S. Navy operating and maintaining nuclear reactors and later training new operators. My time spent in this highly challenging technical environment provided me the foundation I rely on to this day. While on active duty, I lived in South Carolina, New York, and Hawaii.

My post Navy career began at Kitware in Clifton Park, NY. Kitware maintains a number of open source software solutions to include CMake one of the most popular build solutions for C++ today. My time there was spent developing policies and strategies for security initiatives as well as building out security processes. While there, I developed a program that integrated with the company's endpoint management, vulnerability management, and HR/Payroll system to deliver tailored vulnerability reports to end users. My contributions led to Kitware being awarded the James S. Cogswell Outstanding Industrial Security Achievement Award by the Defense Counterintelligence and Security Agency.

After Kitware, I began working at Mercury, a FinTech company providing a banking platform to startups and eCommerce companies. I am part of a small InfoSec team building out the security program to include training, endpoint security, infrastructure security, development of policies and procedures, and implementation of detection and response capabilities.

I hold a B.S. in Nuclear Energy Engineering Technology from Thomas Edison State University and I am set to graduate with an M.S. in Cybersecurity with a concentration in Computer Security from DePaul University in June 2023.

Certifications Held: CISSP, Sec+, PenTest+, and CySA+.

Sebastian Whiting

I am originally from Washington, Illinois were I attended Washington Community High School graduating in 2010. I immediately began my professional career in the U.S. Navy operating and maintaining nuclear reactors and later training new operators. My time spent in this highly challenging technical environment provided me the foundation I rely on to this day. While on active duty, I lived in South Carolina, New York, and Hawaii.

My post Navy career began at Kitware in Clifton Park, NY. Kitware maintains a number of open source software solutions to include CMake one of the most popular build solutions for C++ today. My time there was spent developing policies and strategies for security initiatives as well as building out security processes. While there, I developed a program that integrated with the company's endpoint management, vulnerability management, and HR/Payroll system to deliver tailored vulnerability reports to end users. My contributions led to Kitware being awarded the James S. Cogswell Outstanding Industrial Security Achievement Award by the Defense Counterintelligence and Security Agency.

After Kitware, I began working at Mercury, a FinTech company providing a banking platform to startups and eCommerce companies. I am part of a small InfoSec team building out the security program to include training, endpoint security, infrastructure security, development of policies and procedures, and implementation of detection and response capabilities.

I hold a B.S. in Nuclear Energy Engineering Technology from Thomas Edison State University and I am set to graduate with an M.S. in Cybersecurity with a concentration in Computer Security from DePaul University in June 2023.

Certifications Held: CISSP, Sec+, PenTest+, and CySA+.

closepopup
Nicholas RoddyInformation Security Analyst, RLI Insurance Company

I am an Information Security Analyst for RLI Insurance Company based out of Home Office here in Peoria, Illinois. I work on the Security Operation team there where we are responsible for handling incidents as they arise, performing Threat Hunting, phishing analysis, alert triage, and wearing many other Security "Hats". Outside of work, I enjoy working on analyzing malware (as a hobby), playing Dungeons & Dragons and Warhammer 40,000 with friends, and building computers.

Nicholas RoddyInformation Security Analyst, RLI Insurance Company

I am an Information Security Analyst for RLI Insurance Company based out of Home Office here in Peoria, Illinois. I work on the Security Operation team there where we are responsible for handling incidents as they arise, performing Threat Hunting, phishing analysis, alert triage, and wearing many other Security "Hats". Outside of work, I enjoy working on analyzing malware (as a hobby), playing Dungeons & Dragons and Warhammer 40,000 with friends, and building computers.

closepopup
Ben Padgit

Ben Padgitt is a graduate assistant for the Center for Cybersecurity at Bradley University and instructor for the networking class. He participated in the 2021 and 2022 engagements. As a former undergraduate student in the Management Information Systems – Cybersecurity program at Bradley, Ben now assists with the red team’s infrastructure and provides other support to the team. He is a founding member of the new Cybersecurity Club which provides students with the opportunity to improve their hacking skills. His interests are in cryptography, infrastructure, and the security of computer systems.

Ben Padgit

Ben Padgitt is a graduate assistant for the Center for Cybersecurity at Bradley University and instructor for the networking class. He participated in the 2021 and 2022 engagements. As a former undergraduate student in the Management Information Systems – Cybersecurity program at Bradley, Ben now assists with the red team’s infrastructure and provides other support to the team. He is a founding member of the new Cybersecurity Club which provides students with the opportunity to improve their hacking skills. His interests are in cryptography, infrastructure, and the security of computer systems.

closepopup

Location Map

2023 Conference Schedule

  • BSides Peoria 2023
  • Main Room
09:00 AM - 09:30 AMBSides 2023 Kickoff By Nick Schroeder & Cody Kretsinger

Welcome to BSides 2023! Nick & Cody welcome and introduce the event.

09:30 AM - 10:10 AMSpamming Spears By Anthony Mini

How Artificial Intelligence (AI), synthetic content, and evolving digital marketing techniques are enhancing scalability of highly targeted social engineering attacks.

10:15 AM - 10:55 AMSecOps Driving Criminal Prosecution By Charles Herring

At a key point in the history of cybersecurity operations, it was passively decided that SECOPS is an extension of IT OPS. This session will examine the thesis that SECOPS is an extension of the craft of Law Enforcement and the consequences of building SECOPS on IT models (that were derived from manufacturing models.) Approaches from Law Enforcement that can accelerate and improve SECOPS will be examined. Methods of safely leveraging law enforcement to reduce cyber risk and costs will also be demonstrated.

10:55 AM - 11:15 AMMorning Break
11:15 AM - 11:55 AMUser Centered Security By Sebastian Whiting

Practitioners often focus on putting limitations on users in the name of good security. After all, it has been proven time and time again that the human element is one of the weakest links. However, when users require freedom to build and create we as practitioners must change our approach. This talk focuses on ways to engage users in a meaningful way that fosters creativity while maintaining security.

First, a security team must understand its role in the organization. Security exists to be a business enabler, not the department of no. How the team engages with the company, both management and employees, sets this very important tone. If security is seen as an enabler of business, users are more likely to bring to light issues across the enterprise. On the contrary, if security is seen as a blocker then end users are more likely to brush issues under the rug out of fear of rejection or negative consequences.

With a proper tone set, a security team must then decide how best to actively engage with end users. It is critical that security be seen as an active member of the organization that brings value rather than a shadowy entity that people know little about. Training and active participation in business initiatives are great entry points.

The most challenging element is how to enforce good security in a user centered way. In a business with a high need for creativity, particularly software development creativity, typical heavy handed approaches may be poorly received and ultimately result in loss of talent. The user centered approach relies on enforcing ownership of devices and empowering end users with the tools and information required to execute on that ownership.

12:00 PM - 12:40 PMIntroducing the Bradley University Red Team By Ben Padgit

The Bradley Red Team is the group of students enrolled in the capstone course for Bradley University’s cybersecurity class: Advanced Ethical Hacking. This presentation is about the experience as a participant, outcomes of the engagements, and the program’s future. The class allows students in the undergraduate program to perform a fully authorized physical and digital penetration test for a local business in the Peoria area. The class has three phases: planning, executing, and reporting. This presentation gives a preview of the tactics, techniques, and procedures we’ve been able to attempt. The class highlights social engineering, intelligence gathering, and assessing vulnerabilities. There have also been several roadblocks and challenges as technology changes. We will also be discussing the plans for the program to expand in frequency and capabilities. We hope that by presenting, the Bradley Red Team can give insight into some of the areas we target, how we execute, and shed light on what students can accomplish in very ambiguous situations.

12:40 PM - 01:40 PMLunch
01:40 PM - 02:20 PMIcebergs Ahead – Hidden MSP Security Snafus By Matt Topper & Matt Lee

From the smallest of startups to the empire builders, Matt has seen and contributed to countless MSP architectures. In this session, hear about the dark side. Where these architectures break down and some of the most common mistakes.

We’re not talking about tools or products, except in a broad categorical sense. If you’re in the MSP world, come learn about what can go wrong that’s NOT about just buying more tools.

02:25 PM - 03:05 PMUnmasking the Shadows: How Detection is Just the Beginning By Nicholas Roddy

The practice of Threat Hunting is becoming more popular as our industry evolves to meet the ever-changing threat landscape; however, many individuals think that the hunt stops at detection. As Blue Teamers and Threat Hunters, we must do more than just detect the threat; we must also respond to it, mitigate it, and build better detections for the future. In order to perform a hunt, we must better understand what we are hunting for. What I am describing is looking at Threat Hunting as a cycle rather than a list of procedures. We must start our hunt based on threat intelligence that is relevant to the organization we are protecting. Once the chosen activity has been decided, we must then go hunt for it. For some, if the activity has been found, the Threat Hunt may be viewed as a success because the activity has been noted and their job done. Although the hunt has been completed, our job as Defenders is just getting started. We need to then indicate and verify the severity of the activity’s impact. Depending on our findings (and what one may classify as an incident), we may have an incident on our hands, and by extension, the incident response cycle will need to begin. Once the incident has been addressed, during the lessons learned phase, we as defenders can use the data gathered during our hunt to build better detections to strengthen our security posture in the future. Thus is the Threat Hunting cycle, where Threat Hunting and Incident Response are one in the same and are not two separate schools of thought. I have used this thought process in my own professional life, and not only does this make my team’s tactics better, but it also allows us to be more proactive Blue Teamers.

03:05 PM - 03:20 PMAfternoon Break
03:20 PM - 04:00 PMThis little light of mine, I’m going to get it pwned By Nick Schroeder & Cody Kretsinger

The dazzling special effects and light shows you see on prestigious buildings, bridges, theaters, and landmarks are controlled by a unique class of devices and communication protocols. But how do these systems turn complex lighting designs into reality? How easy it is to alter the carefully choreographed show to something more nefarious? What if you manipulate it from thousands of miles away, watching carefully from the comfort of your couch?

Industrial Lighting Controllers are commonly installed in large scale illumination projects for complex lighting effects; imagine historic bridges, national monuments, and massive award-winning convention centers. It turns out these devices, if not configured properly, lack the most basic security controls. It gets more fun when they are connected to the internet. And we have proof.

Nick Schroeder and Cody Kretsinger present their findings surrounding their research of Industrial Lighting Controls and their weaknesses (CVE(s) pending). This talk guides you from Nick and Cody’s initial curiosity in these systems to uncovering vulnerabilities in internet-exposed industrial lighting controllers across the world. The discussion includes covering a few popular Industrial Lighting Control products, their design, locations they’ve been installed in, what they control, and ultimately: sensitive information disclosure.


So, gather ’round, crack open a cold one, and join us for 25 minutes of compromise, laughs, and visual effects.

04:00 PM - 04:30 PMClosing Remarks By Nick Schroeder & Cody Kretsinger

Thats it folks! We’re wrapping BSides 2023!

Tickets are gone!