Exploring attack paths across AWS, Azure, GCP and OCI. Learn to dissect misconfigurations through graph-mode visualization, map potential attack paths, and implement practical mitigation using open-source tools. Elevate your defense strategy and fortify cloud environments against evolving threats.
I've been working as Head of Identity Threat Labs and Global Product Advocate at Segura, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies... Read More →
Friday May 9, 2025 9:00am - 9:45am EDT The Mill & Mine227 W Depot Ave, Knoxville, TN 37917
After a decade in consulting roles like software engineer and penetration tester, I joined an open-source company to secure its 300+ repositories across numerous platforms. This session highlights key vulnerabilities and lessons learned, with actionable advice for attendees of all backgrounds.
Lorenzo is currently a Staff Product Security Engineer at Mattermost where his responsibilities include security testing, security reviews, secure coding training, bug bounty program, security champions program, security automation, and more. Prior to his role at Mattermost he spent... Read More →
Friday May 9, 2025 10:00am - 10:45am EDT The Mill & Mine227 W Depot Ave, Knoxville, TN 37917
For years, cybersecurity leaders have been caught in a cycle of compliance—chasing checkboxes, aligning to frameworks, and struggling to keep up with ever-changing regulations. But here’s the real question: Are these standards making us more secure, or just more compliant?
Russell is a Managing Partner at Cyverity, an information security consulting firm specializing in governance and fractional CISO based in Venice, Florida. He is the former CIO and CISO of the Federal Reserve Bank of Atlanta and Principal Instructor and Author with the SANS Institute... Read More →
Friday May 9, 2025 11:00am - 11:15am EDT The Mill & Mine227 W Depot Ave, Knoxville, TN 37917
Ready to reign in rogue robots? Let's use our hive mind to sting them where it hurts in the circuits. Fuzz sensors, pwn software, lace AI with venom. Crack firmware hives, jam RF, shred control loops. Join the swarm at BSides Knoxville for an electrifying hack fest that'll make bots scatter!
KweenB is an ethical hacker and security researcher with a passion for buzzing into the frontiers of cybersecurity. Known for her hands-on research into vulnerabilities, KweenB fuels a hive mind of inspiration, sparking bold, visionary ideas that elevate the hacking community. With... Read More →
Friday May 9, 2025 11:15am - 11:30am EDT The Mill & Mine227 W Depot Ave, Knoxville, TN 37917
Dave has 30 years of industry experience. He has extensive experience in IT security operations and management. Dave is the Global Advisory CISO for 1Password.He is the founder of the security site Liquidmatrix Security Digest & podcast. He is currently a member of the board of directors... Read More →
Friday May 9, 2025 1:00pm - 1:45pm EDT The Mill & Mine227 W Depot Ave, Knoxville, TN 37917
Tired of running the same commands over and over? Wish your notes didn't look like a crime scene? Bash scripting can automate the boring, streamline engagements, and save your butt when things go sideways. Come learn how to hack smarter, not harder, because pentesting should be fun, not tedious!
Adam Compton has been a programmer, researcher, instructor, professional pentester, father, husband, and farmer. Adam has over 2 decades of programming, network security, incident response, security assessment, and penetration testing experience. Throughout Adam's career, he has worked... Read More →
Friday May 9, 2025 2:00pm - 2:45pm EDT The Mill & Mine227 W Depot Ave, Knoxville, TN 37917
The misuse of open-source red-teaming tools by cybercriminals and nation-states is rising, turning security assets into attack vectors. Tools like Sliver are exploited for advanced threats. Our AI methodology analyzes high-risk tools, enabling organizations to detect/mitigate threats proactively.
Stephen Hilt is a Sr. Threat Researcher at Trend Micro. Stephen focuses on General Security Research, Threat Actors, Malware behind attacks, and Industrial Control System Security. Stephen enjoys breaking things and putting them back together with a few extra parts to spare. Stephen... Read More →
Friday May 9, 2025 3:00pm - 3:45pm EDT The Mill & Mine227 W Depot Ave, Knoxville, TN 37917
Modern disassemblers are awesome, but assemblers today are little better than they were in the nineties. I'm fixing that by writing one that easily ports to new architectures, saving me a ton of work in embedded systems exploitation.
Grateful to be back in Knoxville, Travis Goodspeed spends his days reverse engineering electronics and editing the International Journal of PoC||GTFO. He drives a fleet of Studebakers and enjoys developing X-rays in his home dark room.
Friday May 9, 2025 4:00pm - 4:45pm EDT The Mill & Mine227 W Depot Ave, Knoxville, TN 37917
In an era of increasing data breaches, inadequate security isn't just a technical gap, it's a legal ticking time bomb. Learn how seemingly small oversights in access control and data protection can expose businesses to crippling liability, and discover practical steps to minimize your risk.
## Introduction
Businesses of every size are under mounting pressure to protect sensitive data. When an organization's security posture is weak, especially in areas like access control or policy enforcement, the legal consequences can be swift and severe. In this talk, we'll dissect the intersection of cybersecurity and liability, revealing the most common pitfalls that can leave businesses exposed to lawsuits, regulatory fines, and reputational damage.
## Why This Topic Matters
The growing complexity of cybersecurity means that many organizations overlook the legal implications of their security posture. Often, executives view security as a purely technical concern, until an incident happens, and the legal fallout is severe. This session aims to illuminate how specific security failures, especially around access control and privilege management, can directly translate into legal liability.
## What You'll Learn
1. Legal Frameworks & Regulations
Overview of relevant U.S. and international laws, from data protection regulations (GDPR, HIPAA) to newer legislation targeting corporate accountability (such as the SEC's cybersecurity rules).
2. Common Failure Points
How poorly enforced access policies, insider threats, and deficient incident response protocols create liability.
3. Case Studies & Lessons Learned
Real-world examples showcasing the severe financial, operational, and reputational consequences for companies that failed to protect sensitive data.
4. Risk Mitigation Tactics
Best practices for building robust access controls, continuous monitoring, and governance frameworks that stand up in court and regulatory investigations.
## Who Should Attend?
This talk is geared toward anyone responsible for or interested in cybersecurity risk management, security engineers, IT managers, CISOs, compliance officers, and legal professionals. By integrating both the technical and legal viewpoints, attendees will gain a holistic understanding of the steps required to protect not just their data, but their entire organization from crippling liability.
