Loading…
Welcome to Diana Initiative 2021 Virtual Conference schedule.
For more information, please see our virtual conference page here :
https://tickets.dianainitiative.org
Simple
Expanded
Grid
By Venue
Friday, July 16
 

8:30am PDT

Sparking your security career: You can't get burned if you are the flame
Feedback Survey
It happens so often it’s almost painful to think about. A passionate, motivated woman sets lofty goals for herself and someone comes along to tell her why she’s not being realistic, why she’s pushing too far too fast, why she’s simply not qualified. Perhaps you’ve been there yourself. Much like a parent tells their child that if they get too close to the fire they’ll get burned, seemingly well-meaning people in our lives try to keep us from jumping into something they think will scorch us. What they don’t understand is that you can’t get burned if you’re the flame. In her keynote address, Alyssa Miller talks about the mistakes that many of us fall into when we believe the voices that tell us if we’re too aspirational that somehow we’ll get hurt. She’ll discuss where these voices come from, how they threaten to hurt not only our careers but our ability to contribute to the cyber security community. She’ll draw from examples in her own career progression to illustrate both the mistakes and successes she found along the way. Listen as she gives you tangible tools to shut out those voices, embrace your value, and reach the heights you aspire to (and perhaps beyond). Remember, every trip to the moon begins with just a spark.
Speakers
avatar for Alyssa Miller

Alyssa Miller

Chief Information Security Officer, Epiq Global
Alyssa Miller is a life-long hacker, programmer, and security executive. She’s always had a passion for computers. She bought her first PC at age 12 and taught herself BASIC programming. Her career began as a software developer and later pivoted to security as a penetration tester... Read More →

Friday July 16, 2021 8:30am - 10:00am PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Keynote track1

8:30am PDT

Staff @ Axonius Expo Booth
Friday July 16, 2021 8:30am - 2:00pm PDT
Expo Hall - Axonius Booth https://app.hopin.com/events/2021-diana-initative/expo/480085
  Partner Booth

9:00am PDT

Leviathan Security live chat
Friday July 16, 2021 9:00am - 9:30am PDT
Expo Hall - Leviathan Booth https://app.hopin.com/events/2021-diana-initative/expo/481834
  Partner Booth

9:00am PDT

Live chat with the admissions staff at CMU Information Networking Institute
Friday July 16, 2021 9:00am - 4:00pm PDT
Expo Hall - CMU Booth https://app.hopin.com/events/2021-diana-initative/expo/481749
  Partner Booth

9:45am PDT

Leviathan Security live chat
Friday July 16, 2021 9:45am - 11:00am PDT
Expo Hall - Leviathan Booth https://app.hopin.com/events/2021-diana-initative/expo/481834
  Partner Booth

10:00am PDT

Welcome to CTF Village
Welcome from Marcelle
Intros for Secure Code Warrior, INL CTF, DevSlop
CTFs kick off
Friday July 16, 2021 10:00am - 10:30am PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

10:00am PDT

Careers in Awareness, Training & Knowledge Management
Speakers
avatar for Duane Dunston

Duane Dunston

Associate Professor, Champlain College
Duane Dunston is an Associate Professor of Cybersecurity at Champlain College. He has been in Information Security for over 20 years working in both the education and government sectors. He focuses on risk management, cryptography, security education, and using technology for social... Read More →
CS
AB
SR

Friday July 16, 2021 10:00am - 10:45am PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

10:00am PDT

CISO & Leader Panel
Feedback Survey
Moderators
avatar for Tracy Z. Maleeff

Tracy Z. Maleeff

Security Researcher, Krebs Stamos Group
Tracy Z. Maleeff, aka @InfoSecSherpa on Twitter, is a Security Researcher with the Krebs Stamos Group and has previously worked in security at GlaxoSmithKline and The New York Times Company. Prior to joining the Info Sec field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a... Read More →

Speakers
avatar for Wendy Nather (wendy0)

Wendy Nather (wendy0)

Head of Advisory CISOs, Cisco
Wendy Nather leads the Advisory CISO team at Cisco. She was previously the Research Director at the Retail ISAC, and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation... Read More →
avatar for Lena Smart

Lena Smart

CISO, MongoDB
Lena Smart is the Chief Information Security Officer at MongoDB, a cross platform document oriented database platform. Lena joined MongoDB with more than 20 years of cyber security experience. Before joining MongoDB, she was the Global Chief Information Security Officer for the international... Read More →
avatar for Rinki Sethi

Rinki Sethi

VP & CISO (Chief information security officer), Twitter
Rinki Sethi is Vice President and Chief Information Security Officer at Twitter, where she is responsible for leading efforts to protect Twitter’s information and technology assets and advises the company’s continued product innovations in the security space. Prior to Twitter... Read More →
avatar for Ann S. Johnson

Ann S. Johnson

Corporate Vice President of Security, Compliance & Identity (SCI) Business Development, Microsoft
As Corporate Vice President of Security, Compliance & Identity (SCI) Business Development at Microsoft, Ann Johnson oversees the long-term investment and partnership strategies for security, compliance, and identity for one of the largest tech companies on our planet. Driving the... Read More →

TDI CISO Panel txt
Friday July 16, 2021 10:00am - 11:00am PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  CISO & Leader Panel

10:00am PDT

Supernatural six build
Speakers
avatar for @TechGirlMN

Friday July 16, 2021 10:00am - 11:00am PDT
Session - Maker Village (Soldering Village) https://tdi.mobi/JoinSoldering
  Maker Village

10:00am PDT

"Trust me, I'm an insider" - Deep dive into Zero Trust Security
Feedback Survey
Zero Trust Network is a paradigm shift from the existing security infrastructure, which proposes **“Trust no one, Inspect everyone”.**

The current scenario of Network Security highly depends on the assumption that if a client has a set of “good” credentials, they can be trusted with access to all or at least some confidential resources of the network.
Back to reality – with exponential data usage nowadays, there is a definite increase in the degree of a data breach in an organization. So, with the conventional checks, any “authenticated” client, making a connection from “outside” or “inside” can access this data and possibly exploit it. Most of the time, unknowingly.
Having just a single security layer solution like VPNs or 1st Gen Firewalls but still relying on the good old dictionary credentials for SSH is evidently not good enough.

The Zero Trust approach involves a combination of stronger authentication methods like MFA, profiling, posturing of the client device, and performing stronger encryption checks.
Only after complete holistic verification of the entity, “thou shall pass!”.

So how does it do a better job? How scalable is it? And why trust the “Zero Trust”?
Speakers
avatar for Sindhuja Rao

Sindhuja Rao

Network Security Engineer, Cisco Systems Inc
I currently work at Cisco Systems Inc as a Technical Consulting Engineer part of the Security Solutions helping customers and partners around the world with VPNs, AAA, and FW, NGFWs.As part of the Customer Experience squad, I am always challenged with various concerns around security... Read More →

Friday July 16, 2021 10:00am - 11:00am PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

10:00am PDT

Dissecting Go and Rust binaries
Feedback Survey
Go and Rust, despite being younger languages, are emerging fast because of their efficiency, code readability, and overall task handling capabilities. These languages are taking over as a choice by developers. Whether you are a developer trying to grasp up new technologies or a C reverse engineer flabbergasted with the arrival of Go and Rust binaries, it is time to get to know these languages in-depth and understand how they function from a reverse engineering point of view. In this talk, we will talk about the basics of golang and rust, how their binaries look like when compiled and disassembled, difficulties faced while reversing them and how these binaries are different from that of C. Last but not the least, we shall sum up the learnings of the session by tackling small CTF challenges. Let's reverse them using IDA and gdb and see what we have learned!
Speakers
avatar for Simran Kathpalia

Simran Kathpalia

Student, Amrita Vishwa Vidyapeetham
Simran Kathpalia is a second-year computer science undergraduate student at Amrita Vishwa Vidyapeetham, a member of Team bi0s (#1 CTF team in India) and Team Shakti (Women's only CTF team) - #20 in India. Being a part of these teams and participating in CTFs gave her good exposure... Read More →
avatar for Namitha S

Namitha S

Student, Amrita Vishwa Vidyapeetham

Friday July 16, 2021 10:00am - 11:00am PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

10:00am PDT

Cybersecurity & Infrastructure Security Industry (CISA) Industrial Control Systems (ICS) CTF
Imagine this scenario: Azalea Power Co. is experiencing the effects of a large-scale cyber attack and is in need of a cyber incident response team to help them investigate. You and your team of cyber incident responders have been brought in to help the internal IT team as they identify the extent of the impacts to their IT network, corporate building management system (BMS), and power distribution system. In this challenge, participants will explore network and host artifacts from Azalia Power’s IT, BMS and electric distribution networks. Throughout the exercise, participants will be exposed to real world techniques and leverage multiple open source tools to dig into the artifacts and discover indicators of compromise (IOCs) and techniques that the attackers used to get into the environment.

The CISA ICS CTF is brought to you by both Idaho National Labs and CISA.

Friday July 16, 2021 10:00am - 4:30pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

10:00am PDT

Secure Code Warrior CTF
Secure Code Warrior brings you a defensive security-based tournament from a developer’s perspective. The tournament allows you to test your skill against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. You don’t need extensive programming knowledge as this will be a great way to learn the foundations and intermediates of leveraging code that is not only functional but is also secure. We thank Secure Code Warrior for being a silver sponsor for the event!
Friday July 16, 2021 10:00am - Saturday July 17, 2021 4:30pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

10:00am PDT

TDI Core CTF
Brought to you by a team of volunteers and the Women’s Society of Cyberjutsu, this CTF features a wide range of challenges from trivia to forensics to reverse engineering and more! We will be using the TryHackMe platform for this event and we thank them for sponsoring us a second year in a row!  
Friday July 16, 2021 10:00am - Saturday July 17, 2021 4:30pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

10:30am PDT

TryHackMe platform walkthrough
Friday July 16, 2021 10:30am - 11:00am PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

10:30am PDT

AMA with Alison @ Google Expo Booth
Friday July 16, 2021 10:30am - 11:30am PDT
Expo Hall - Google Booth https://app.hopin.com/events/2021-diana-initative/expo/481743
  Partner Booth

10:45am PDT

Blue Team Careers: SecOps & Incident Response
Speakers
avatar for Jasmine Henry

Jasmine Henry

Director of Cybersecurity, Esper.io
Jasmine (she/her) is Director of Cybersecurity at Esper.io, a midsized Seattle startup in the Android DevOps space. She's recently completed a successful PCI DSS, SOC 2, and ISO 27001 security audit cycle with a fully DIY / inner-sourced approach. Jasmine is passionate about compliance... Read More →
SR
JP
JS

Friday July 16, 2021 10:45am - 11:30am PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

11:00am PDT

Navigating the Imposter Syndrome
Feedback Survey
Feeling insecure about your technical background? I’ve put together my first talk ever for you. Well, really for everyone who wants to help tame the negative mind chatter of impostor syndrome. Either for themselves, or as mentors to others - especially career changers. I've been in a technical role in information security for six years now, but I will always identify as a career changer who moved across continents and cultures while pivoting from a non-technical career into information security. I am here to admit I have personally battled with the question: "What value could I possibly bring to security???" But you know what? I always prepared, showed up, and was present. And I'm here to help inspire others with my lessons learned.

In this talk, I will share how I tackled the amplified noise of the imposter syndrome, how I sifted through the truth from the myths, how I handled the rolling of the eyes and ridicule from the “techies”, and how I was able to use my previous career background, understanding of cultures and human behaviour to “think like a hacker”. In fact, having a diverse perspective helped me solve challenging security problems and bring unique and valuable contributions to the field.
Speakers
avatar for Charu Bansal

Charu Bansal

Information Systems Security Officer, riskCanvas
Charu(@BeeCharu) is currently working as the Information Systems Security Officer for an anti Financial Crime Technology business. She leads product information security and the compliance program and is responsible for designing and implementing the strategic security framework for... Read More →

Friday July 16, 2021 11:00am - 11:30am PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

11:00am PDT

CTF4Noobz
Interested in cyber competitions but don’t know where to start? Or have you tried one or two or ten and want more practice? In this hands-on session, we will discuss the different types of competitions, from capture-the-flag to offense/defense and everything in between. Then, we will walkthrough some CTF challenges together to get you started. Are you already excited? We are  … and we are looking forward to having you in this session.
Speakers
avatar for Ahmed Ibrahim

Ahmed Ibrahim

Teaching Associate Professor, University Of Pittsburgh

Friday July 16, 2021 11:00am - 12:00pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

11:00am PDT

Capture The Flags @ MongoDB Booth
Bite-sized cybersecurity puzzles and challenges designed for information security practitioners to hone their skills with categories such as binary exploitation, web exploitation, reverse engineering, forensic analysis, and more. 
Speakers
VZ

Vincent Zhen

Information Security Engineer, Systems Security, MongoDB

Friday July 16, 2021 11:00am - 12:00pm PDT
Expo Hall - MongoDB booth https://app.hopin.com/events/2021-diana-initative/expo/480088
  Games & Raffles

11:00am PDT

Live Chat with TryHackMe Content Engineers
Friday July 16, 2021 11:00am - 12:00pm PDT
Expo Hall - TryHackMe https://app.hopin.com/events/2021-diana-initative/expo/481887
  Partner Booth

11:00am PDT

Bobbing for Apples: Developing alerts for macOS
Feedback Survey
Knowing what malicious activity looks like in macOS and developing viable detection in an enterprise environment are separate challenges. Detections that seem simple at first glance, like applications spawning shell commands, are often frustrated by shortcuts used by legitimate software products. Other detections, like identifying malicious cron jobs, are complicated by user behavior. Additionally, enterprise endpoint detection tools are not always macOS-aware. Just because your EDR runs on a macOS machine doesn’t mean the EDR understands the internals of macOS, and what artifacts are significant.



This presentation will focus on strategies for developing macOS alerts within enterprise environments, and what lessons can be carried forward if you already familiar with detection on Windows endpoints.
Speakers
avatar for Megan Carney

Megan Carney

Detection Engineer, Target
Megan Carney has been an analyst/bad news giver in several different environments over the past ten years or so. She spends most of her time searching for all the places badness might hide. Can often be found staring into the abyss. It's true the abyss stares back.

Friday July 16, 2021 11:00am - 12:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

11:00am PDT

Building Security Champions
Feedback Survey
With security teams being vastly outnumbered many organizations have responded to this challenge with different program scaling methods, including building security champions programs. Which leads us to questions; How does a security champions program work? How do you select your champions? And once you have them, what do you DO with them?



This session will teach you;

  • How to attract the right people to your program

  • What and how to train them

  • How to engage them, and turn them into security advocates

  • What do delegate and what NOT to delegate

  • What to communicate, how often and to who

  • How to motivate them

  • How to build an AMAZING security champion program



Recipe for success; recruit, engage, teach, recognize, reward, don’t stop.
Speakers
avatar for Tanya Janca

Tanya Janca

CEO and Founder, We Hack Purple
Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning community that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty five years, won countless awards, and has been everywhere from public service to tech... Read More →

Friday July 16, 2021 11:00am - 12:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

11:30am PDT

Spark a Journey: Inspiring Girls to Find Pathways to the Cybersecurity Pipeline
Feedback Survey
Spark a Journey: Inspiring young women and non-binary people to pursue careers in cybersecurity. This initiative requires an adaptive, complex, richly stimulating and layered approach. In my home in the US Virgin Islands, those who are intrigued by cybersecurity careers face cultural and systemic barriers. My students do not see many people who look like them in this field. We can overcome this disconnect through offering targeted experiences, resources, and community involvement. This talk will present techniques and approaches with cross-cultural success in recruiting, highlight the work of Caribbean influencers supporting women in this field, and suggest pathways for current practitioners to help nurture female and non-binary learners from the Caribbean islands in their interest in cybersecurity.
Speakers
avatar for Rebecca Hoffart

Rebecca Hoffart

CS Teacher, Coach, Peter Gruber International Academy
2017, 2021 NCWIT Educator Award Winner, Puerto Rico/Virgin Islands Affiliate. CS educator in the U.S. Virgin Islands. Coach, female only CyberPatriot, Girls Go CyberStart and InteGirls competitions.Certified Cyber Teacher, presenter National Initiative for Cybersecurity Education... Read More →

Friday July 16, 2021 11:30am - 12:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

11:30am PDT

AMA with Kim @ Google Expo Booth
Friday July 16, 2021 11:30am - 12:30pm PDT
Expo Hall - Google Booth https://app.hopin.com/events/2021-diana-initative/expo/481743
  Partner Booth

11:30am PDT

Leviathan Security live chat
Friday July 16, 2021 11:30am - 2:00pm PDT
Expo Hall - Leviathan Booth https://app.hopin.com/events/2021-diana-initative/expo/481834
  Partner Booth

12:00pm PDT

DJ Chillout
Music/chillout from our DJ Aaron
Friday July 16, 2021 12:00pm - 12:30pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

12:00pm PDT

Live Bridgecrew Demo and Q&A
Sponsors
avatar for Angela Gizzi

Angela Gizzi

Technical Marketing, Prisma Cloud by PANW
Angela is passionate about developer-first solutions and automation. She builds content and communities to bring technical practitioners the knowledge, open source tools, and products that best serve them.Outside of work, Angela spends her days rescuing and caring for animals. She... Read More →

Friday July 16, 2021 12:00pm - 12:45pm PDT
Expo Hall - Bridgecrew Booth https://app.hopin.com/events/2021-diana-initative/expo/518861
  Live Demo

12:00pm PDT

MHH Intro
Friday July 16, 2021 12:00pm - 12:45pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

12:00pm PDT

Open Question Hour
Speakers
avatar for @TechGirlMN

Friday July 16, 2021 12:00pm - 1:00pm PDT
Session - Maker Village (Soldering Village) https://tdi.mobi/JoinSoldering
  Maker Village

12:00pm PDT

IT Security @ MongoDB Booth
Phishing, Email security, startup to enterprise Security challenges. MDM/DEP/Fleet management from scratch. 
Speakers
JH

Jen Holland

IT Security Engineer, Mong

Friday July 16, 2021 12:00pm - 1:00pm PDT
Expo Hall - MongoDB booth https://app.hopin.com/events/2021-diana-initative/expo/480088
  Partner Booth

12:00pm PDT

Let's Crack Passwords
Feedback Survey
Have you ever wondered how a hacker can crack your password? Learn from Penetration Testers as they demonstrate password cracking. During this talk you will learn: how to crack a password yourself, what are common mistakes us humans make, and how to protect yourself from becoming an easy target.

If you'd like to follow along on your own machine, download  Kali Linux VM (note this is not required).
Speakers
avatar for Marisa Midler

Marisa Midler

Cybersecurity Engineer, Software Engineering Institute, Carnegie Mellon University
Marisa is a Cybersecurity Engineer for the Software Engineering Institute. She has a varied background which includes software development, cybersecurity research, penetration testing, as well as some other unrelated topics. In her off time, she enjoys being outside and hiking with... Read More →
avatar for Destiney Plaza

Destiney Plaza

Cybersecurity Engineer, Software Engineering Institute, Carnegie Mellon University
Destiney loves inspiring people to join the tech field. She has given workshops to audiences ranging from elementary school to graduate school, and a current WiCyS mentor. Her experience ranges from cybersecurity (e.g. mobile security), software development, and STEM education. She... Read More →
avatar for Chesleah Kribs

Chesleah Kribs

Penetration Tester, Software Engineering Institute, Carnegie Mellon University
Chesleah is a breaker, which fits well with her passion for red teaming and for penetration testing. She aspires to inspire the next great generation of women hackers and lift up others in the field. She is also known by another name, Hedera, where you can find her in cybersecurity... Read More →

Friday July 16, 2021 12:00pm - 1:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

12:00pm PDT

Making It Real: Turning an Attack Chain Into a CTF
Feedback Survey
Capture The Flag (CTF) is a staple at cybersecurity conferences and an effective way to teach practical skills. At the beginner levels, publicly available CTFs tend to have challenges that are mostly unrelated to each other, which may not represent real-life attack scenarios and provide less value in raising your team's security awareness. In this talk, we will tell our story of building an in-house, jeopardy-style CTF that recreates a realistic adversarial attack chain and is 100% customized to the way our Red team and business partners do things using our actual TTPs (Tactics, Techniques, and Procedures). We put our CTF attendees into the shoes of attackers who already have some basic access and now try to perform internal recon, webapp code review, build pipeline compromises, and Active Directory lateral movements and attacks. We will discuss what the intended attack chain looks like, the infrastructure setup, the making of challenges, and things to watch out for. This talk aims to share our learnings and perspectives with other security professionals who are passionate about cybersecurity education and want to include CTFs as part of the security training experience for their organizations.
Speakers
avatar for Khoa Nguyen

Khoa Nguyen

Security Software Engineer 2, Microsoft
Khoa Nguyen is a Security Software Engineer 2 on the SERPENT Red Team at Microsoft in EDG Security (Edge + Platform, Devices, and Gaming). As a Red teamer, she performs Red/Purple team assessments against software products and services in scope, as well as helps driving a few security... Read More →
avatar for Scott Riese

Scott Riese

Principal Security Engineer, Microsoft
Scott Riese is a Principal Security Engineer at Microsoft and a member of the SERPENT Red Team with a background in Active Directory and Azure Operations. Prior to joining Microsoft, Scott served in the United States Marine Corps and the Department of Defense

TDI2021 KhoaNguyen ScottRiese MakingItRealAttackChainToCTF pdf
Friday July 16, 2021 12:00pm - 1:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

12:00pm PDT

Punk Compliance: DIY Security Audit Readiness for Everyone
Feedback Survey
Nothing is certain for today's and tomorrow's CISOs, except death, taxes, and several annual security audits. Luckily, compliance doesn't have to be costly, boring, or painful. Rising security leaders can create a vibrant compliance culture with a little inspiration from punk ideologies, including DIY, bootstrapping, and solid ethics. Current and aspiring security leaders will learn direct action tactics for creating a vibrant, company-wide culture of security audit readiness.
Speakers
avatar for Jasmine Henry

Jasmine Henry

Director of Cybersecurity, Esper.io
Jasmine (she/her) is Director of Cybersecurity at Esper.io, a midsized Seattle startup in the Android DevOps space. She's recently completed a successful PCI DSS, SOC 2, and ISO 27001 security audit cycle with a fully DIY / inner-sourced approach. Jasmine is passionate about compliance... Read More →

Friday July 16, 2021 12:00pm - 1:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

12:15pm PDT

The Realities of APTs
Speakers
JA

Friday July 16, 2021 12:15pm - 1:30pm PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

12:30pm PDT

Heading Ones Own Advice: Burning out when talking about burn out
Even mental health advocates are not immune from burnout, anxiety, and depression. Simply talking about the issues and being allies will not make it go away. Recently, I redlined and redlined some more. This is an introspective look at the past few weeks and how I took on too much, good and bad, and am limping into TDI. 
Speakers
avatar for Douglas Brush

Douglas Brush

Global Advisory CISO / Co-chair, Neurodiversity ERG Community Engagement, Splunk
Douglas is an information security executive with over 27 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading... Read More →

Friday July 16, 2021 12:30pm - 1:00pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

12:30pm PDT

How to Start Your Web App Pentesting Journey
Feedback Survey
For ladies and gentlemen interested in starting the journey of web penetration testing, this talk covers three key areas:
1. Tools
2. Disciplines
3. Aptitude
Each area explores commonly used practices in the subject as well as required aptitude for approaching the subject. The purpose of this talk is to spark new interest in the area of Web Application Penetration Testing in hopes of attracting more white hat hackers to the industry.
Speakers
SW
D

Friday July 16, 2021 12:30pm - 1:30pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

1:00pm PDT

Live from the Green Room - Intel interview with Alyssa Miller
Speakers
avatar for Alyssa Miller

Alyssa Miller

Chief Information Security Officer, Epiq Global
Alyssa Miller is a life-long hacker, programmer, and security executive. She’s always had a passion for computers. She bought her first PC at age 12 and taught herself BASIC programming. Her career began as a software developer and later pivoted to security as a penetration tester... Read More →

Friday July 16, 2021 1:00pm - 1:30pm PDT
Expo Hall - Intel Booth https://app.hopin.com/events/2021-diana-initative/expo/481875
  Partner Booth

1:00pm PDT

We Used To Be Giants
It was hard enough thinking I was broken before the world caught flu and fire but, funny enough, I'm healthier than I was before the masks. Let's talk about it. Maybe I figured some things out that might help you along.









Speakers
DR

Friday July 16, 2021 1:00pm - 1:45pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

1:00pm PDT

Cyberpuffs at 40+ - Navigating career changes at 40+
Feedback Survey
We teach girls to code, capture the flag, applaud their interest in STEM and offer them scholarships to specialize in cyber/privacy fields. We teach our young girls to be the superheroes they can be, powerpuff girls and use their smarts, logic and grace to save the day in a field where the female presence is still scarce. We encourage them to be cyberpuffs and shape our future. But while there are growing learning, mentorship, and scholarship opportunities available for youth, there is a contrasting lack of them for women over 35. It is much harder for seasoned female professionals with transferable skills to find retraining, learning and advancement opportunities in the cyber field. Are we too old to use our feminine logic and organizational skills to protect our changing world? Can we become cyberpuffs at 40 plus? This presentation will discuss the state of workforce development and provide strategies for seasoned female professionals who want to find new career opportunities and advancement in cybersecurity.
Speakers
avatar for Diana Nores

Diana Nores

Director, Testing Center, UHCL
Diana Nores, M.Ed, is a passionate advocate for cyber/privacy awareness in k12 and higher ed institutions. She works with schools, colleges and education technology companies to mediate understanding of privacy/cybersecurity needs in education, as well as to facilitate technical safeguards... Read More →

Friday July 16, 2021 1:00pm - 2:00pm PDT
Stage 4 - Career Village Talks https://tdi.mobi/stage4
  Career Village

1:00pm PDT

General Security @ MongoDB Booth
AppSec, Product, IR, Detect Response, Cloud Infra
Speakers
MH

Michael Hanchak

Lead Engineer, MongoDB

Friday July 16, 2021 1:00pm - 2:00pm PDT
Expo Hall - MongoDB booth https://app.hopin.com/events/2021-diana-initative/expo/480088
  Partner Booth

1:00pm PDT

Information Session with CMU Information Networking Institute
Friday July 16, 2021 1:00pm - 2:00pm PDT
Expo Hall - CMU Booth https://app.hopin.com/events/2021-diana-initative/expo/481749
  Partner Booth

1:30pm PDT

DJ Chillout
Music/chillout from our DJ Aaron
Friday July 16, 2021 1:30pm - 2:00pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

1:30pm PDT

Live from the Green Room - Intel interview with Suchi Pahi
Speakers
avatar for Suchismita Pahi

Suchismita Pahi

Acting Chief Privacy Officer, Rally Health, Inc.
Suchi Pahi is a data privacy and cybersecurity attorney with a passion for tech. Her goal at conferences is to make privacy and cybersecurity law more accessible and transparent for people who are directly impacted by these legal frameworks, and to explore new developments on the... Read More →

Friday July 16, 2021 1:30pm - 2:00pm PDT
Expo Hall - Intel Booth https://app.hopin.com/events/2021-diana-initative/expo/481875
  Partner Booth

1:30pm PDT

Cybersecurity Multi-Adventure Story Time
 This session is a lighthearted, fun cybersecurity adventure where the audience chooses the action. This session is led by the Game Master John Stoner who’ll set the stage at Avalanche, the biggest name in video games, with titles like Mages of Warcraft, Candy Smash and Seal Team 7. But things aren’t well at Avalanche today, as Twitter is pointing out and players are unhappy. Come join the fun session that is approachable for all ages.
Speakers
avatar for John Stoner

John Stoner

Cybersecurity Strategist, Booz Allen Hamilton
John Stoner served for just over 10 years in the U.S. Army as a SIGINT analyst, receiving an honorable discharge in 2010. He has over 21 years of experience in the national security, intelligence industry, and defense sector in a variety of roles, with 11 focused in cybersecurity... Read More →

Friday July 16, 2021 1:30pm - 2:15pm PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

2:00pm PDT

Seismic shift from Executive Assistant to Security Specialist
Feedback Survey
How does an auto-didact become CISO at a tech company with a market cap of $20bn?


How does a personal fitness trainer become an Executive Assistant to a CISO, who sees the potential in this person and asks them to move into the Security world full time?


Cybersecurity is a hard nut to crack. All those qualifications and special classes you have to take to become a l33t hacker. But what if we told you that hard work and a determination to succeed can be just as important and as effective in making that job change? Having a ton of qualifications is great, but we brought something else to the table - a desire to learn and a desire to share our knowledge.
Speakers
avatar for Dawn Charles

Dawn Charles

Business Specialist, Security, MongoDB
Dawn Charles is MongoDB's Business Specialist for the Global Security Department. She works alongside the CISO and her globally distributed team. Dawn joined MongoDB 6 years ago after making a big career change, and is relatively new to the security industry.
avatar for Lena Smart

Lena Smart

CISO, MongoDB
Lena Smart is the Chief Information Security Officer at MongoDB, a cross platform document oriented database platform. Lena joined MongoDB with more than 20 years of cyber security experience. Before joining MongoDB, she was the Global Chief Information Security Officer for the international... Read More →

Friday July 16, 2021 2:00pm - 2:30pm PDT
Stage 4 - Career Village Talks https://tdi.mobi/stage4
  Career Village

2:00pm PDT

What They Don't Teach You in School: 5 Things We Wish We Knew Before Starting Our Careers in Cybersecurity
From classrooms to whiteboard sessions and teachers to layers of management—a career in cybersecurity is vastly different than where traditional education has led us. In 2018, we transitioned from being computer science students to working full-time in cybersecurity. During this talk, we'll be sharing what worked for us, what didn't, and what we learned along the way. In this collaborative presentation, we want to showcase multiple paths for breaking into this industry, and audience participation is highly encouraged. You will walk away with lessons learned including: methods for learning about up-and-coming tech trends, productivity tips, steps for increasing your professional network, and more.
Speakers
avatar for Bailey Bercik

Bailey Bercik

Program Manager, Microsoft
Bailey Bercik (@baileybercik on Twitter) is a Program Manager in the customer facing arm of the Identity Engineering division at Microsoft. As part of the “Get-To-Production” team, she acts as a trusted advisor to Fortune 500 enterprises deploying Azure Active Directory. She's previously spoken about Azure AD customer stories and security recommendations at Microsoft Ready & Ignite, Blue Team Con, The Diana Initiative, and BSides Portland. Prior to this rol... Read More →
avatar for Maggie Marxen

Maggie Marxen

Software Developer, Microsoft
Maggie Marxen currently works as a Software Engineer for Microsoft within the Commercial Software Engineering organization, where she engages directly with Fortune 500 customers to find cutting-edge ways to solve their most difficult problems. Specializing in cybersecurity, she is... Read More →

Friday July 16, 2021 2:00pm - 2:30pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

2:00pm PDT

An Introduction to CTFs. Why You Should Hone Your Capture The Flag Skills!
Feedback Survey
"Start playing CTFs now!" is something I wish someone had told me a few years back! I missed out on a dream role simply because I wasn’t prepared for a CTF. That’s a mistake I am not planning to repeat! Most qualified cybersecurity professionals miss out on great opportunities for this reason. How can you upskill your CTF skills to get that dream job and ultimately advance in your career? In this talk I will present 7 reasons why it is important to hone your CTF skills and further breakdown the misconception that CTFs don’t reflect real world scenarios. I will share insights on my first CTF experience at DEFCON28, the different hacking platforms, how each one is best suited for your skill-level and a beginner level demonstration on how to get started on Hack the Box.
Speakers
avatar for John Kuria

John Kuria

Network Security Engineer, Nouveta Limited
John Kuria is a Network Security Engineer at Nouveta Limited. He has 2+ years in Information Security specializing in Web Application Penetration Testing, Digital Forensics and Incident Response.He enjoys creating awareness and knowledge in exploiting web application vulnerabilities... Read More →

Friday July 16, 2021 2:00pm - 3:00pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

2:00pm PDT

Supernatural six build
Speakers
avatar for @TechGirlMN

Friday July 16, 2021 2:00pm - 3:00pm PDT
Session - Maker Village (Soldering Village) https://tdi.mobi/JoinSoldering
  Maker Village

2:00pm PDT

Leveraging Application Design and Coding Patterns to Remove Risk @ MongoDB Booth
Application Design and Coding Patterns can make it impossible for engineers to introduce certain classes of vulnerabilities. Architecting for Failure. Thinking ahead to support quicker detect/response, containment, and automatically flagging attacks. Have more impactful developer training and less time doing static analysis.
Friday July 16, 2021 2:00pm - 3:00pm PDT
Expo Hall - MongoDB booth https://app.hopin.com/events/2021-diana-initative/expo/480088
  Partner Booth

2:00pm PDT

Live Chat with TryHackMe Content Engineers
Friday July 16, 2021 2:00pm - 3:00pm PDT
Expo Hall - TryHackMe https://app.hopin.com/events/2021-diana-initative/expo/481887
  Partner Booth

2:00pm PDT

Honey, I'm Home! (Customizing honeypots for fun and !profit)
Honeypots AND live demos all in one place? Yes, why YES I tell you! Sure, honeypots aren’t new, but how they’re used is what makes this talk different. Presented for your viewing pleasure: customized honeypot configurations and how they are used to detect attacks against your environment.
Speakers
avatar for Kat Fitzgerald

Kat Fitzgerald

Security Engineering Mgr, Google
Based in Seattle and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral... Read More →

Friday July 16, 2021 2:00pm - 3:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

2:00pm PDT

I Knew You Were Trouble - A Lesson in Hypothesis and Threat Hunting.
Feedback Survey
Taylor Swift has dominated the music industry for more than a decade. During this time, she inspired a generation of digital detectives. Laying the groundwork when she was just 15, Taylor Swift has instilled this sense of curiosity in her fanbase in similar ways to that of Threat Hunters and Forensic Investigators. From the hilarious “Five Holes in the Fence” Lover Album Theory, to the “Cobalt Group” attribution, this talk will break down the consequences when limited knowledge of a topic becomes mainstream news. Using our Swiftie sleuthing skills, we will discuss how to develop a strong hypothesis, how to recognize poor data interpretation or conclusions, and last but certainly not least, how to use public information to better protect and hunt in our environments. Through the use of real world, relatable experiences from the Taylor Swift fanbase, this talk will help the attendees start to understand how to utilize publicly sourced information and threat briefings to explain and correlate hypothesis generation, and adapt as new data is discovered. With that mission in mind, this talk will demonstrate techniques from real hunts used to identify actors throughout various stages of their missions, leaving the audience with example actionable hunts to identify remote access abuse and ways to stack persistence mechanisms across an entire organization. *Disclaimer: Prior knowledge of Taylor Swift history or Threat Hunting not required to enjoy this talk*
Speakers
avatar for Kirstie Failey

Kirstie Failey

Senior IR Consultant, Mandiant
Kirstie currently works as a Senior Consultant at FireEye Mandiant. When not performing IR efforts, she helps clients proactively prepare for cyber security events through IR tabletop exercises, purple team exercises as well as training security engineers in the art of Incident Response... Read More →

Friday July 16, 2021 2:00pm - 3:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

2:30pm PDT

Shifting to Purple: A high-level overview on Purple Teaming
Feedback Survey
Does your organization have a Blue Team and Red Team already in place? Are you willing to take the next step and shift to Purple? Today's talk will be a high-level guide for organizations to take one step further in improving the organization's security posture. Today I will provide you with guidance on why a Purple Team will be beneficial to an organization and tips on how you can implement this in your organization.
Speakers
avatar for Harpreet Mangat

Harpreet Mangat

Red Team Specialist, Great-West Lifeco
I've been working in the IT industry for the last 10 years, focused on the financial / insurance sector. In recent years, I've shifted towards Red Teaming gaining an understanding of the adversarial role. With Red Team exercises as a great way to simulate attacks and understand the... Read More →

Friday July 16, 2021 2:30pm - 3:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

3:00pm PDT

Stored electrons and the supernatural six
Options to make the super natural 6 battery powered!
Speakers
avatar for @TechGirlMN

Friday July 16, 2021 3:00pm - 3:30pm PDT
Session - Maker Village (Soldering Village) https://tdi.mobi/JoinSoldering
  Maker Village

3:00pm PDT

Actually Autistic
Kim Crawley discusses her wild ride from homelessness to middle class, from depression to happiness, from hopelessness to a lucrative cybersecurity research and writing career. Through her dramatic socioeconomic changes and career progress, she learns to accept her autistic identity and fight for disability rights. A lot of people in the tech industry are neurodivergent, whether or not they know it. But is it fair that people like Kim get to live with dignity while others with her neurotype get conversion 'therapy' and electrocuted in institutions?
Friday July 16, 2021 3:00pm - 3:30pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

3:00pm PDT

Mentoring and Training Experts: A cognitive science approach
Feedback Survey
Mentoring usually involves training someone new to a discipline or role. However, those with advanced skills continue to learn and need guidance. This session will explore methods of mentoring those with advanced skills. Additionally, training best practices for expert practitioners will be explored to enhance and engage them in learning. Cognitive science theories will be explored to support the mentoring and training needs of experts and those with advanced skills.
Speakers
avatar for Duane Dunston

Duane Dunston

Associate Professor, Champlain College
Duane Dunston is an Associate Professor of Cybersecurity at Champlain College. He has been in Information Security for over 20 years working in both the education and government sectors. He focuses on risk management, cryptography, security education, and using technology for social... Read More →

Friday July 16, 2021 3:00pm - 3:30pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

3:00pm PDT

Intro to Windows Forensics
We hear about breaches and attacks in the news daily. Once an attack is discovered, a Digital Forensic Incident Response (DFIR) professional is normally contacted and asked to investigate the incident. During this presentation, Jacquelyn Blanchard will share some basic tools and methods you can use to forensically analyze a windows host image.
Speakers
avatar for Jacquelyn Blanchard

Jacquelyn Blanchard

Chief Cyber Architect

Friday July 16, 2021 3:00pm - 3:45pm PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

3:00pm PDT

DJ Chillout
Music/chillout from our DJ Aaron
Friday July 16, 2021 3:00pm - 4:00pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

3:00pm PDT

Security Awareness @ MongoDB Booth
How to change behavior
Speakers
AB

Amy Berman

Cyber Security Education and Advocacy Lead, MongoDB

Friday July 16, 2021 3:00pm - 4:00pm PDT
Expo Hall - MongoDB booth https://app.hopin.com/events/2021-diana-initative/expo/480088
  Partner Booth

3:00pm PDT

Burnout: Destabilizing Retention Goals and Threatening Organizational Security
Feedback Survey
Did you notice a shift in your mental health and/or your colleagues? Burnout was at an all time last year due to the surreal 2020. As we approach 2021, we recognize how critical mental health plays when accomplishing goals and productivity output. This talk dives into the factors that lead to burnout among security professionals, the clear line between burnout and failure to retain cybersecurity talent, and how to invest in your team to make sure your team is able to thrive during stressful times.
Speakers
avatar for Chloé Messdaghi

Chloé Messdaghi

CEO and Founder, Global Secure Partners
For over ten years, Chloé Messdaghi has advised and developed impactful solutions that have driven growth and innovation while transforming security teams to become resilient. Her work has helped businesses unlock opportunities to enhance trust, mitigate risk, and become purpose-driven... Read More →

Friday July 16, 2021 3:00pm - 4:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

3:00pm PDT

OPSEC & OSINT to HACK your JOB HUNT
Feedback Survey
Mastering job hunting is a key step in the journey of your career. Yet looking for a job can feel like navigating smoke and mirrors, fraught with challenges. In this talk, we will leverage our common lexicon and tools to identify how you can take back control in your search, so you can hack your job hunt. By applying a system, we can empower ourselves past our inner critics and methodically address even challenging tasks like networking. We will discuss the four primary attack vectors of this hack, and how to apply OPSEC and OSINT to hack the box and land your dream job.
Speakers
avatar for Rachel Harpley

Rachel Harpley

Talent Advisor in InfoSec
Rachel Harpley builds a more secure world one bit at a time by empowering others in their cybersecurity careers across several vectors. Professionally she solves the immediate needs of her clients as the Founder of Recruit Bit Security and while also giving significantly through pro-bono... Read More →

Friday July 16, 2021 3:00pm - 4:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

3:00pm PDT

Live Chat @ No Starch press Foundation
Friday July 16, 2021 3:00pm - 4:30pm PDT
Expo Hall - No Starch Press Foundation Booth https://app.hopin.com/events/2021-diana-initative/expo/553319
  Partner Booth

3:30pm PDT

Talk 3
Talk 3 by anonymous
Friday July 16, 2021 3:30pm - 4:00pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

3:30pm PDT

Leviathan Security live chat
Friday July 16, 2021 3:30pm - 4:00pm PDT
Expo Hall - Leviathan Booth https://app.hopin.com/events/2021-diana-initative/expo/481834
  Partner Booth

3:30pm PDT

The System Call Is Coming from Inside the House: Appsec Horror Stories
Feedback Survey
Finding security vulnerabilities like being a paranormal investigator, only with better tools. You enter a structure made by someone else under conditions you don’t know, and it’s your job to find the omissions, mistakes, and accidental problems left by other devs. In reviewing web apps, Chrome extensions, and other software, you’re bound to find some apparitions, if not outright poltergeists. Instead of orbs and ectoplasm, though, the evidence is in token problems, wild permissions, and the use of libraries so old they might as well be zombies. This talk will cover the kinds of haunts you’re likely to find (or inadvertently put into place, if you're creating the app), match familiar and new vulnerabilities to their scary counterparts, teach ways to recognize them, and provide some strategies on exorcising them with accurate reports and compassionate communication with the teams that brought them into our realm in the first place.
Speakers
avatar for Breanne Boland

Breanne Boland

Product security engineer - security partner, Gusto
Breanne Boland is a product security engineer with the Security Partnerships team at Gusto. Before moving into security, she was a site reliability engineer and an infrastructure engineer, working in healthcare and govtech. Prior to that, she was a professional writer, and she still... Read More →

Friday July 16, 2021 3:30pm - 4:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

3:45pm PDT

OSINT - Unintentionally Insightful
The boring way to learn some of the most interesting things that people, companies, and countries want to keep secret. Join timmytimj as he shares tools, techniques, and shenanigans that you can use to learn more about the world around you.
Speakers
TJ

Friday July 16, 2021 3:45pm - 4:30pm PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

4:00pm PDT

Demystifying/Destigmatizing Counseling
Everyone faces mental struggles at some point in their lives, some more than others. Counseling can be a fantastic way to work through these challenges. Though the introduction of some personal stories, Investigatorchic will discuss what therapy actually entails and what it does not, in order to dispel commonly held myths. In addition, information will be provided about different kinds of counseling and how to select a counselor that can be most helpful for a particular situation/concern.
Speakers
avatar for Catherine Ullman

Catherine Ullman

Sr. Information Security Forensic Analyst, University at Buffalo
Dr. Catherine J. Ullman is a security researcher, speaker, and Senior Information Security Analyst at University at Buffalo with over 20 years of highly technical experience She also recently became certified in Mental Health First Aid. In her current job, Cathy is responsible for... Read More →

Friday July 16, 2021 4:00pm - 4:50pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

4:00pm PDT

Tropical Spy: Tricks and tales of a Brazilian social engineer
Feedback Survey
Once upon a time, in a Physical Pentest... Actually, in a lot of Physical Pentests. Marina Ciavatta is a young and innocent looking little girl who's specialized in breaking and entering and social engineering her way into huge companies, back in Brazil. Her goal is to steal anything she can put her hands in. Chemical formulas, project plans, secret labs, the server room - or just chill for a bit on the President's chair. This talk is about her tricks and stories as she is still learning a lot about Human Hacking - and sharing along the way.
Speakers
avatar for Marina Ciavatta

Marina Ciavatta

Social Engineer, Hekate, Inc.
Marina Ciavatta is a Brazilian social engineer, physical pentester and information security awareness instructor. Marina is also DEFCON Groups São Paulo staff, Ultimate Hacking Championship CTF Host on Twitch and podcaster. Founder and CEO of Hekate, Inc. She's an international... Read More →

Friday July 16, 2021 4:00pm - 5:00pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

4:00pm PDT

How to Spark Your Journey into Cybersecurity as a Software Engineer.
Feedback Survey
Are you a software engineer interested in pursuing a career in cybersecurity? As software engineers ourselves, we know how challenging starting a career in security can be. Security classes at the undergraduate level and networking opportunities with security professionals are rare, thus perpetuating the inaccurate perception that being in security requires a lot of background knowledge and expertise.

It’s ok if you weren’t hacking as a toddler, there is room for you in the industry. In fact, cybersecurity entails much more than hacking! Unfortunately, it’s not commonly talked about how many security roles require engineering skills and that the skills you build as a software engineer are completely transferable to those needed as a security professional.

In attending this presentation, you will hear firsthand accounts of how two security engineers transitioned their careers from software development to cybersecurity. The discussion will include actionable advice and resources on how to enter security, and cover other topics such as conferences, educational researches, and hands-on experiences. By dispelling the myth that security is hard to get into, participants will leave feeling empowered in pursuing a career in cybersecurity.
Speakers
avatar for Aditi Chaudhry

Aditi Chaudhry

Cloud Security Engineer, Two Sigma Investments, LP
Aditi is a Cloud Security Engineer at Two Sigma. She started her career as a software engineer at a financial company and then transitioned into cybersecurity and has worked in the field for five years. In security, Aditi started as an application security engineer automating application... Read More →
avatar for Madelyn Torres

Madelyn Torres

Security Engineer, Two Sigma Investments, LP
Madelyn began her journey into cybersecurity in middle school when she tried to understand how her computer’s antivirus program worked. After learning how to program and exploring her interest in security, she started her career by interning as a software engineer at various... Read More →

Friday July 16, 2021 4:00pm - 5:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

4:00pm PDT

Security Dilemma: When Migrating to Cloud
Feedback Survey
Nine out of ten organisations have adopted cloud services to enable their core and support business operations. It implies other than completely cloud-based start-ups, organisations are either transitioning their workloads to the cloud or trying to bridge their business processes, applications and workflows between their local network and one or more public network and infrastructures. In such a scenario, security is often challenged with maintaining the consistency of the security controls across varied infrastructures and environment when the business decides to shift its workloads to a public network. In this talk, the speaker aims to shed light on one such migration strategy (lift and shift), the security challenges encountered, and mechanisms that were adopted to embed security by design using the cloud-native capabilities and technologies. The talk will offer crucial takeaways for security professionals working to embed security controls across similar lift and shift cloud migration scenarios within their organisation.
Speakers
avatar for Archana Puri

Archana Puri

Information Security Assurance Manager, Retail
Archana is a cybersecurity enthusiast, with more than 9 years of experience translating security risks into business risks to enable the business to make informed decisions. She has assisted organizations across various sectors including customer service, petrochemical, banking and... Read More →

Friday July 16, 2021 4:00pm - 5:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

4:00pm PDT

You Don't Have to Be Crazy to Work Here: An honest talk about mental health
Feedback Survey
Cybersecurity professionals spend most of their day focused on the health and wellbeing of the environments in their care. However, the cost of reducing risk and keeping our networks safe often comes at the price of our professionals' mental health. Many InfoSec professionals burn out, suffer from anxiety and depression, and turn to unhealthy coping mechanisms, which further exacerbate underlying psychological and physical health issues.

This talk will alleviate the stigma around mental health and stress the importance of open and frank dialogs about this critical issue impacting our community. I will share my journey, reverse engineer the stigma of mental health in business, and look at ways to hack mental health in productive and meaningful ways.
Speakers
avatar for Douglas Brush

Douglas Brush

Global Advisory CISO / Co-chair, Neurodiversity ERG Community Engagement, Splunk
Douglas is an information security executive with over 27 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading... Read More →

Friday July 16, 2021 4:00pm - 5:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

5:00pm PDT

Talk 5
Talk 5 by anonymous
Friday July 16, 2021 5:00pm - 5:30pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

5:00pm PDT

DJ Chillout
Music/chillout from our DJ Aaron
Friday July 16, 2021 5:00pm - 6:00pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

5:00pm PDT

Leaders Lower the Ladder
Feedback Survey
You have created, built, or advanced to a point in your career where you are managing others, or industry peers recognize your name or work. Or perhaps, you are an expert in your field. And whatever odds you have faced to get to this point, you have succeeded in facing those odds. So. What should you do next?



Drawing from existing research and her life experiences, Suchi Pahi makes the case for leaders, like you, to lower the ladder after them and lift people up beside them. Her keynote address will enable leaders to spark a journey immediately by focusing on sponsorship, community education, and empathy.
Speakers
avatar for Suchismita Pahi

Suchismita Pahi

Acting Chief Privacy Officer, Rally Health, Inc.
Suchi Pahi is a data privacy and cybersecurity attorney with a passion for tech. Her goal at conferences is to make privacy and cybersecurity law more accessible and transparent for people who are directly impacted by these legal frameworks, and to explore new developments on the... Read More →

Friday July 16, 2021 5:00pm - 6:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Keynote track1
 
Saturday, July 17
 

7:30am PDT

Social Hour
We all love learning things, but we want to hang out too!

You are always welcome to join the “Networking” area of Hopin, if others have joined it will pair you up for a quick chat.

We have also set two times aside specifically to encourage you to meet fellow attendees (and volunteers and staff and speakers!)

7:30am-8:30am Saturday
6:00pm (after closing keynote) to 7:00pm Saturday

https://www.dianainitiative.org/social-hour/
Saturday July 17, 2021 7:30am - 8:30am PDT
Networking Area
  Social

8:30am PDT

DJ Chillout
Music/chillout from our DJ Aaron
Saturday July 17, 2021 8:30am - 10:00am PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

8:30am PDT

You Are the Prize: How to Hire the Right Boss & Employer for a More Fulfilling Career
Feedback Survey
You know how job interviews go. Your palms are sweaty, knees weak, arms are heavy...and all you've got on your mind is: am I good enough? Will they pick me? Am I technical enough? So often, we go into job interviews eager to present the best version of ourselves with a goal of getting an offer, ready to list all the ways we're the best choice and why we deserve that coveted "employed" spot. But what happens when you're on the job and you realize one month later that everything you need to be your best self is not available to you? Or you find out your boss is a living nightmare? Or you figure out that the promotion path they talked about briefly during your interview was nothing more than a pay raise and a title change? Steph's talk will walk you through why operating in a "pick me" mindset may end in tragedy and how to avoid wasting time with a company that is not a fit. Be prepared to receive the inspiration and confidence to politely, but firmly, interview your interviewer the next time you're job hunting.
Speakers
avatar for Stephanie

Stephanie

Information Security Analyst II, Cisco/Duo
For her day job, Stephanie serves as a L2 security analyst for Duo. Outside of work, however, Stephanie has filled her life with all kinds of cool activities. She speaks at conferences and already has one keynote under her belt. She co-hosts a "happy hour" inspired podcast called... Read More →

Saturday July 17, 2021 8:30am - 10:00am PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Keynote track1

9:00am PDT

Live chat with the admissions staff at CMU Information Networking Institute
Saturday July 17, 2021 9:00am - 4:00pm PDT
Expo Hall - CMU Booth https://app.hopin.com/events/2021-diana-initative/expo/481749
  Partner Booth

9:30am PDT

Information Session with CMU Information Networking Institute
Saturday July 17, 2021 9:30am - 10:30am PDT
Expo Hall - CMU Booth https://app.hopin.com/events/2021-diana-initative/expo/481749
  Partner Booth

10:00am PDT

Day Two Welcome for CTF Village - Breaking into OT/ICS
Day Two Welcome from Jai, follow by  - Breaking into OT/ICS
Speakers
avatar for ABU SAFIAN BLAY

ABU SAFIAN BLAY

Founder, Inveteck Global
Blay Abu Safian is the founder of Inveteck Global. He has spoken at world renowned cybersecurity conferences such as Bsides Maharashtra, BIC Winter Conference, EOCON, HACON, OWASP, Internet Society. He has conducted workshops for both government and private institutions in (USA, INDIA... Read More →

Saturday July 17, 2021 10:00am - 10:30am PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

10:00am PDT

Startup Life: Being a Woman in a Man's World
Startup culture is covered extensively by Hollywood, but what’s it really like to work for a startup? Come peek behind the curtain and see what it’s like to work for a startup and be a woman in the very male-dominated tech industry. Join our panelists as we discuss pathways to various careers in cybersecurity, what to look for in a company’s culture as you are job hunting, and advice we wish we had at the start of our tech journey.
Speakers
AN
JZ
VZ
JD

Saturday July 17, 2021 10:00am - 10:45am PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

10:00am PDT

SN6 code review
Speakers
avatar for @TechGirlMN

Saturday July 17, 2021 10:00am - 11:00am PDT
Session - Maker Village (Soldering Village) https://tdi.mobi/JoinSoldering
  Maker Village

10:00am PDT

Open session with TryHackMe
Saturday July 17, 2021 10:00am - 11:00am PDT
Expo Hall - TryHackMe https://app.hopin.com/events/2021-diana-initative/expo/481887
  Partner Booth

10:00am PDT

Security Awareness @ MongoDB Booth
How to change behavior
Speakers
AB

Amy Berman

Cyber Security Education and Advocacy Lead, MongoDB

Saturday July 17, 2021 10:00am - 11:00am PDT
Expo Hall - MongoDB booth https://app.hopin.com/events/2021-diana-initative/expo/480088
  Partner Booth

10:00am PDT

Understanding and Attacking Delegations in Active Directory
Feedback Survey
Seemingly all-pervasive, Active Directory is used by more than 90% of Fortune 1000 companies and is the focal point for adversaries. The Kerberos delegation feature in Active Directory (AD) is an impersonation type present since AD was introduced in Windows 2000. This talk would demonstrate a set of attack scenarios for each type of delegations feature of Active Directory.
**Takeaways**: Participants will gain hands-on experience abusing delegations in a red team engagement. This talk would also help the participants in lateral movement phase of a red team engagement. Participants would also get access to the VMs and their configuration used, so that they would be able to replicate the abuse cases and understand the concept better.
Speakers
avatar for Venkatraman Kumar

Venkatraman Kumar

Lead, OWASP Chennai Chapter
My name is Venkatraman K (goes by r3dw0lf_sec handle ), a passionate Information Security enthusiast from India. I am currently working as Security Analyst in a Cyber Security Startup. With over 3 years of working in the different subdomains of cybersecurity. I have constantly engaged... Read More →

Saturday July 17, 2021 10:00am - 11:00am PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

10:00am PDT

What Machine Learning Can and Can't Do for Security
Feedback Survey
Most of us have heard vendors promoting products that use “machine learning.” But what does that mean? This is a general introduction to machine learning concepts and a discussion of applications to security. We begin by talking about commonly used terminology – what are artificial intelligence, neural networks, machine learning, and deep learning? How do they work?

What can machine learning do for security? A number of things. One major challenge is determining what’s normal and what’s malicious. Machine learning can help with this. For example, ML techniques are used in spam filtering scan email. Large email providers, e.g., Google and Yahoo, have intelligent systems that can create new spam filtering rules based on automated learning.

Machine learning is also being applied to other areas like network traffic monitoring and malware analysis. Traditional network intrusion detection (NIDS) and malware identification involve rules and signatures, where behavior associated with known threats is identified. But what about new threats, such as zero-day exploits? Anomaly-based detection compares traffic to normal behavior, and has the potential to detect previously unknown attacks with no established signature.
We present some examples of freely available machine learning software and walk through some simple use cases.
Speakers
avatar for Wendy Edwards

Wendy Edwards

Programmer, ASPCA
Wendy is a software developer interested in the intersection of cybersecurity and data science. She’s involved in the NASA Datanauts program and participated in the SANS Women’s Academy, earning GIAC GSEC, GCIH, and GCIA certifications. She has masters degrees in computer... Read More →

WEdwards Diana2021 pdf
WEdwards Diana2021 pptx
Saturday July 17, 2021 10:00am - 11:00am PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

10:00am PDT

Work SMTer Not Harder - Concolic Execution for CTF
Feedback Survey
Advanced binary analysis tools are gaining in popularity among CTF players, however there can be a steep learning curve to incorporating them into use. In this introduction to the power of concolic execution and satisfiability modulo theories (SMT) solvers, we will cover angr, an open-source binary analysis framework, and Z3, an SMT solver. This talk will give background on these tools and how they can each be applied to easy and advanced reverse engineering CTF problems. Audience members will walk away with an understanding of the technology behind these tools, how they can be applied to CTF problems as well as the foundation to continue their knowledge growth in this area.
Speakers
avatar for Christina Johns

Christina Johns

Lead Cybersecurity Engineer, MITRE
Christina Johns is a Cybersecurity Engineer at MITRE with over 10 years of experience. She has worked in a variety of areas including web application assessment, android forensics, incident response and most recently reverse engineering. Her research interests lie at the intersection... Read More →

Saturday July 17, 2021 10:00am - 11:00am PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

10:00am PDT

Kubernetes Primer with OWASP DevSlop
Kubernetes Primer with OWASP DevSlop is a hands-on, interactive workshop and mini-CTF that was designed to give you a thorough understanding of the fundamentals of Kubernetes. Through a mix of lectures and mini-challenges, you’ll learn how Kubernetes works.  We will hack and break our clusters and then learn how to fix the underlying security issues.

This 1-day workshop includes overviews of:
  • Docker/Containers
  • Container Orchestration
  • Kubernetes Architecture
  • Kubernetes Objects & Organization
  • Kubernetes AuthN / AuthZ overview
  • Kubernetes Security Principles
  • K8 Security - OPA 
Speakers
NB
avatar for Nancy Gariché

Nancy Gariché

Volunteer, OWASP
In the early 2000's, this speaker joined the Canadian federal government as a computer science CO-OP student and never left. In 2009, she moved to Ottawa from Montreal, his/her beloved hometown, to land her first IT security job as a security analyst. This multi-hatted role gave her... Read More →

Saturday July 17, 2021 10:00am - 4:00pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

10:30am PDT

AMA with Alison @ Google Expo Booth
Saturday July 17, 2021 10:30am - 11:30am PDT
Expo Hall - Google Booth https://app.hopin.com/events/2021-diana-initative/expo/481743
  Partner Booth

10:30am PDT

Tunes
Music/chillout from our DJ Aaron
Saturday July 17, 2021 10:30am - 2:00pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

11:00am PDT

Why non-technicals matter
Feedback Survey
The absence of diversity in security roles makes progress harder, from addressing threats to innovating with partners. How can the cybersecurity community avoid biases, decisions we make often unconsciously and without awareness, and develop teams that understand the full security landscape? If we believe in layered security as an industry best practice, we should equally prioritize the voices of non-engineers in building security strategies.

Every assumption developers make about a system's design or user behavior leaves a crack for attacker break-ins. If everyone on the security team shares similar experiences and working methodologies, attack vectors will be missed. There is more to understand about security than the technology behind it. How might a user's culture and environment impact security? Biases and assumptions about how individuals and organizations deploy and use technology can increase risk.

Cybersecurity encompasses a variety of functions, from pen testing to incident response to training & awareness. The mindset of security is what unifies different functions and allows for collective success. Participants will learn how prioritizing technical and non-technical voices can help close security gaps. This talk will particularly benefit those who develop security teams and talent, empowering attendees with frameworks and tactics for your team.
Speakers
avatar for Vidya Murthy

Vidya Murthy

Vice President of Operations, MedCrypt
Vidya began her career in consulting when she realized her passion for healthcare and joined global medical device manufacturer Becton Dickinson. She has since joined MedCrypt, a company focused on bringing cybersecurity leading practices to medical device manufacturers. Vidya holds... Read More →

Saturday July 17, 2021 11:00am - 11:30am PDT
Stage 4 - Career Village Talks https://tdi.mobi/stage4
  Career Village

11:00am PDT

TURNING BAD JOB ADS INTO OPPORTUNITIES!
Feedback Survey
I'm mostly kidding, about descriptions not mattering - but not really... Similarly, bad resumes don't mean the candidate isn't qualified, so how do we meet in the middle?

I have taught managers for years how to write better descriptions and candidates how to write better resumes, and I will continue to do that. I even spoke at multiple conferences over the last few years for that purpose. But the key is to have a way of getting around and through bad descriptions, because I don't think we can ever really fix that problem completely. In other words, even though those obstacles exist and likely always will, there are ways to get through it, and that is what I will be presenting.

This presentation isn’t going to offer a solution to making employers do a better job advertising for and determining the best fits for their openings. It will however tell you how to make it through bad descriptions, less than effective interviewers and maybe it will even help them see the light!

Looking for a job is an engineering problem.
The solution is - Gather the requirements (what do you need, want, prefer), do some research and QA, launch (apply, communicate) and keep updating (learn, grow, practice and find new avenues)!

Speakers
avatar for Kirsten Sireci Renner

Kirsten Sireci Renner

National Security Recruiting Lead, Accenture Federal Services - Previously Novetta
Possibly best known as the co-organizer of Car Hacking Village and serial volunteer across our community, Kirsten has been in the recruiting space in InfoSec since 2010.For the last decade Kirsten has been on a mission to build a better candidate experience for everyone through strategic... Read More →

Saturday July 17, 2021 11:00am - 11:30am PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

11:00am PDT

General Security @ MongoDB Booth
AppSec, Product, IR, Detect Response, Cloud Infra
Speakers
MH

Michael Hanchak

Lead Engineer, MongoDB

Saturday July 17, 2021 11:00am - 12:00pm PDT
Expo Hall - MongoDB booth https://app.hopin.com/events/2021-diana-initative/expo/480088
  Partner Booth

11:00am PDT

Eww You are Leaking: A Formal Introduction to Information Leakage
Feedback Survey
As security practitioners, we often hear terms like “leaks” and “leakage” and while some of us have a general notion about what leakage is, there is an established academic framework dedicated to studying information leakage called quantitative information flow (QIF). QIF can help us develop a better understanding of what leakage is, how we can measure it, and how we can build systems with leakage in mind. In this talk, I will introduce the formal concept of information leakage using examples from password checkers to specialized cryptography. What do we mean by leakage and how can we improve security by thinking about it?
Speakers
avatar for Mireya Jurado

Mireya Jurado

Graduate Researcher, Florida International University
Mireya Jurado is a Computer Science PhD candidate at Florida International University. She has a Master of Science in Computer Science from FIU and is an active cybersecurity researcher focusing on analyzing information leakage through the quantitative information flow (QIF) framework... Read More →

Jurado Eww You're Leaking Slides TDI2021 pdf
Saturday July 17, 2021 11:00am - 12:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

11:00am PDT

If we do not have it we should build it
Feedback Survey
This talk focuses on the five philosophies of logging for future breaches. I have dealt with teams who have suffered a compromise and had sensitive data disclosures. In my experience I have almost always used the logs, they can contain so much information or they can contain equal amounts of noise. I am on a crusade, to turn developers into ninja forensic coding logging forces of nature. I would like to deal with breaches in which care has been taken with the logs they produce, and not always mumble to my “It would have been nice to have better logs or any logs for that matter”. It is easy to ask yourself the question as a developer. Do you take into account that your application will be breached, do you have enough information to determine what happened?” If you answered “I do not know” or “No”. This talk focuses on five simple things developers can potentially do better to deal with future breaches. It also discusses the concept of log debt and how having this can be the downfall of your breach investigation.
Speakers
avatar for Veronica Schmitt

Veronica Schmitt

Assistant Professor, Noroff University
Veronica started her forensic career in 2008. She is the Director of Incident Response within DFIRLABS. Veronica is also an Assistant Professor at Noroff University. Veronica holds a Master in Science at Rhodes University in Information Security with specialization in the forensic... Read More →

Saturday July 17, 2021 11:00am - 12:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

11:30am PDT

On the Hunt for the Unknown Unknowns
Feedback Survey
Cybersecurity is a difficult business problem. A business doesn’t gain any additional income by having good security (compared to developing new features), but if a security incident occurs it could cause a business to permanently close. Over the last few years, the industry has made great strides in promoting cyber security and increasing cyber resiliency by adding cyber into the initial budget and scheduling estimates, beginning to test earlier in the development process, employing bug bounty programs, and so on. However, one common solution to cyber is to collect as much data as possible. Based on an example in a Solar Winds whitepaper, a 1,000-employee company with a standard IT setup (computer for every employee, a few firewalls, one VPN server, a few domain servers, etc.), stores anywhere from 3GB to 113GB per day of log files . To make matters worse, many companies have a non-functional requirement to keep the logs files anywhere from one to seven years. Even on the low end, 3GB per day stored for one year is still 1.1 terabytes that get stored over the course of the year. This is an excellent idea in theory, however, 68% of data available to a company doesn't get used whether it's due to time and budget constraints, lack of education in big data and data analytics, or lack of tools. Thankfully, in the last few years more tools are getting released that help automate data ingestion and allow searching. However, searching implies that you know what you are looking for: whether it’s a certain packet, a certain IP, users working at an odd time of day, and so on. That is beneficial for finding common cybersecurity telltale signs of an exploit but how would a cyber analyst find attackers using cutting-edge strategies?



Data visualization provides the user the opportunity to look at millions of records in one place to see outliers and patterns. The goal of this presentation is to provide the audience with a better understanding of data visualization and how it can be used to increase cyber resiliency by finding correlations and outliers in mass amounts of data. This presentation will include different state-of-the-art methodologies, common tools used in industry, and a technical walk-through of data visualization applied to log data.



Keywords: Threat Hunting, Big Data, Data Analytics, Data Visualization, Log Analysis, Cybersecurity, Known Knowns vs Known Unknowns vs Unknown Unknowns



1 Hale, B. (n.d.). Estimating Log Generation for Security Information Event and Log

Management [PDF]. SolarWinds.

2 Seagate. (n.d.). Rethink Data: Put More of Your Business Data to Work— From Edge to Cloud

[PDF]. Seagate.
Speakers
avatar for Addy Moran

Addy Moran

Software Engineer, Pacific Northwest National Laboratory
Addy Moran is a Software Engineer at Pacific Northwest National Laboratory (PNNL) where she specializes in automation, data analytics and visualization, and cyber security. Addy has more than four years of experience in research and development, where she has focused primarily on... Read More →

Saturday July 17, 2021 11:30am - 12:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

11:30am PDT

Career Quest (Exploring Opportunies in DFIR & Cybersecurity)
Speakers
DP
CS
AB
MD

Saturday July 17, 2021 11:30am - 12:15pm PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

11:30am PDT

AMA with Kim @ Google Expo Booth
Saturday July 17, 2021 11:30am - 12:30pm PDT
Expo Hall - Google Booth https://app.hopin.com/events/2021-diana-initative/expo/481743
  Partner Booth

11:30am PDT

Leviathan Security live chat
Saturday July 17, 2021 11:30am - 2:00pm PDT
Expo Hall - Leviathan Booth https://app.hopin.com/events/2021-diana-initative/expo/481834
  Partner Booth

12:00pm PDT

Recorded Mindfulness Session
Saturday July 17, 2021 12:00pm - 12:30pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

12:00pm PDT

Surface mount demo
Saturday July 17, 2021 12:00pm - 1:00pm PDT
Session - Maker Village (Soldering Village) https://tdi.mobi/JoinSoldering
  Maker Village

12:00pm PDT

Breaking into AppSec/Product Security @ MongoDB Booth
Opportunities for new Engineers, Advantages of Consulting vs. In-House, Building Experience without a Job in Security.
Speakers
MH

Michael Hanchak

Lead Engineer, MongoDB

Saturday July 17, 2021 12:00pm - 1:00pm PDT
Expo Hall - MongoDB booth https://app.hopin.com/events/2021-diana-initative/expo/480088
  Partner Booth

12:00pm PDT

Consilience + Culture: The Connectivity Between Cyber Defense & DEI
Feedback Survey
Advancing DEI seems fraught and full of friction, but what if we already have the playbook? Consider diversity in the same way we consider security: we focus on detection capabilities and awareness first, then inventory assets, and build readiness to respond to difficult incidents. We think about protection, defense, and recovery in light of threats and impacts.



In both security and diversity, many organizations lack these capabilities and struggle to build capacity in them. Some key concepts and practices are easily adaptable from security to diversity: tabletop exercises, vulnerability scans, privilege escalation, and collective defense. Once we start to examine the problems through a similar frame, even the cliches are congruent: FUD is unhelpful, response is enough, it can’t be bolted on after the fact, etc.



Many of us are in cybersecurity because we are the type of people who take action - to mitigate the threat and reduce the risk. As history unfolds in these days, we challenge ourselves to write the next chapter with compassion, courage, and accountability. With our experience as security professionals, we are equipped with the tools and training to defend diversity the same way we defend technology.



This talk explains how.
Speakers
avatar for Munish Walther-Puri

Munish Walther-Puri

Cyber Security & Risk Professional, Public Sector
Munish Walther-Puri (he/him) is a Public Sector Cyber Security & Risk ProfessionalPrior to working in the Public Sector, he led research, analysis, and reporting for a dark web intelligence company, advised startups in corporate investigations, encrypted communications, and political... Read More →

Saturday July 17, 2021 12:00pm - 1:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

12:00pm PDT

Do Your Developers Write SUPER Secure Code?
Feedback Survey
Do your projects discuss secure coding through all phases of the SDLC? Are your developers SUPER Secure? Do they have all the tools that they need to be SUPER? This talk will go over the Secure Coding Standards, Best Practices, and Checklists that your projects could use to help make your code and Team more secure. We will be discussing the use of Secure Coding in Agile team processes. Training and certifications that are available for secure coding will also be discussed.
Speakers
avatar for Mary Waddick

Mary Waddick

Senior Cyber Engineer II, Raytheon
Mary Anne is a Senior Cyber Engineer II at Raytheon in Indianapolis. She has a MSIA in Cybersecurity, and 2 Certificates in Secure Coding. Mary Anne is currently working on the CSSLP certification. She has worked at Raytheon for 30 years in Engineering. She helps programs setup automated... Read More →

Saturday July 17, 2021 12:00pm - 1:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

12:00pm PDT

Let's Simplify NIST 800-53: Turning Everyone's Favorite Publication into Digestible Bits and Bytes
Feedback Survey
Everyone loves NIST 800-53 and compliance talk right? Of course! But let’s be honest, it’s a pretty dry read for anyone who’s worked with it before and can be even harder to try to translate if you’re talking to someone who’s not in an engineering or security specific role. Example: access controls are cool and all but how do you explain authorization versus authentication easily? How about with that one time the maintenance person, who is authenticated to have keys to every apartment, enters without proper authorization. Do we have logs for that? I hope so. My goal is to each of the control families and break them down into something quick and digestible so anyone, not just an engineer, can understand the impact and some easily relatable risk management.
Speakers
avatar for Terra Cooke

Terra Cooke

Engineer, Gusto
I'm just your friendly, local, regular, degular security engineer of 10+ years. I'm here for security + technology + intersectional equality.

Saturday July 17, 2021 12:00pm - 1:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

1:00pm PDT

Making the Mountain: Creating Vulnerable Virtual Machines
Feedback Survey
This talk covers the creation of vulnerable virtual machines such as those found on TryHackMe, HackTheBox, and similar sites. While the general focus of the presentation is on the methodology behind creating these activities, the talk also touches on the learning aspect of having a homelab/working with vulnerable software. This is primarily a red-team talk but there are smidges of blue.
Speakers
avatar for Jon Peters

Jon Peters

Content Director and Community Manager, TryHackMe
Jon Peters has been in cyber security for roughly three years. Previously having worked in a hybrid “purple team” role, Jon now works as a penetration tester for State Farm. In addition to this, he also works as the Community Manager and Content Director for TryHackMe as well as the director for the InfoSec Library non-profit... Read More →

Saturday July 17, 2021 1:00pm - 1:30pm PDT
Hopin https://tickets.dianainitiative.org
  CTF Village

1:00pm PDT

Live from the Green Room - Intel interview with Stephanie
Speakers
avatar for Stephanie

Stephanie

Information Security Analyst II, Cisco/Duo
For her day job, Stephanie serves as a L2 security analyst for Duo. Outside of work, however, Stephanie has filled her life with all kinds of cool activities. She speaks at conferences and already has one keynote under her belt. She co-hosts a "happy hour" inspired podcast called... Read More →

Saturday July 17, 2021 1:00pm - 1:30pm PDT
Expo Hall - Intel Booth https://app.hopin.com/events/2021-diana-initative/expo/481875
  Partner Booth

1:00pm PDT

Manifesting and Mastering the art of Executive Presence
Feedback Survey
The fact that we all look forward to climbing up the ladder in our corporate journey is a given.But what distinguishes a Leader from another co-workers is his/her executive presence.Mastering the same is worth ones time specially when one faces a high stake communication situation, it is the art of executive presence that comes to ones rescue. Although one might not be born with it yet the good news is that one can coach ones brain and body to signal to others that one is competent and trustworthy with this skill.I will be highlighting about the examples and the misconceptions,about the right attitude for manifesting the same and also about the 7 most important observable behaviours in details which are: Posture,Gesture,Movement,Language,Voice,Facial Expression and Dress.I will be illustrating how with the help of executive presence one can make big impact in small scenarios and contribute to the community at large along with the business.
Speakers
avatar for Bishakha Jain

Bishakha Jain

Senior Cybersecurity Consultant, IBM
Bishakha is an active Information Security evangelist and is a Diversity and Inclusion Ambassador for IBM's community for women in Security called WISE (Women in Security Excelling) from IBM India Chapter. She is an active speaker & moderator at IBM WISE’s events. She has also... Read More →

Saturday July 17, 2021 1:00pm - 2:00pm PDT
Stage 4 - Career Village Talks https://tdi.mobi/stage4
  Career Village

1:30pm PDT

Optimism wins, every time
Talk 2 by anonymous
Saturday July 17, 2021 1:30pm - 2:00pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

1:30pm PDT

Live from the Green Room - Intel interview with Rin Oliver
Speakers
avatar for Kiran Oliver

Kiran Oliver

Technical Community Builder, Camunda
Rin is a Technical Community Builder at Camunda. Previously, they were a Platform Evangelist at the Seattle startup Esper, a podcast producer at The New Stack, and more. They enjoy discussing all things open source, with a particular focus on improving hiring pipelines in the technology... Read More →

Saturday July 17, 2021 1:30pm - 2:00pm PDT
Expo Hall - Intel Booth https://app.hopin.com/events/2021-diana-initative/expo/481875
  Partner Booth

1:30pm PDT

Cyber Sleuth Science Lab Digital Forensics Workshop - "Uncovering Hidden Data"
Speakers
DP
CS
AB
MD

Saturday July 17, 2021 1:30pm - 2:15pm PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

2:00pm PDT

Soft Skills in a Hard World: Why Your Innate Strengths Should Be a Competitive Advantage
Feedback Survey
Technical skills have long been the focus of training and development programs within cybersecurity, largely because they’ve always been the metric by which candidates and employees are evaluated. Non-technical skills are all but overlooked during the hiring process, simply glossed over in the job description and hardly mentioned during interviews. Despite all this, I’d like to suggest that it’s the non-technical skills that set employees apart and that it’s in this arena that women especially have the opportunity to shine.

As a byproduct of growing up in modern society, women develop many skills that men simply aren’t required to. We become naturally better communicators and collaborators, tend to be better at maintaining objectivity, and more easily understand the connections between teams, individuals, and projects. It’s time we’re all encouraged to be proud of these skill sets, and that training and development in these areas become a normal part of career progression for all employees.

To bring some anecdotal evidence along, I’ve never been willing to describe myself as a technical person, even when colleagues have ascribed that adjective – I’m simply not here for the tech. I’m not a hardware collector, I don’t mess with software or networking in my free time, I’ve never done a techy competition on my off days. Tech is not my hobby, but when I first started college, I got the impression that it had to be. All my confident peers seemed to be into that part of things, and the fact that I was consistently top in our classes didn’t spare me from feeling foolish when they’d bring up some new gadget I’d never heard of. I considered quitting several times, crying on the phone to my mom more times than I could count.

But eventually – and recently – I’ve begun to see that technical skills are not what have made me an effective or appreciated employee. Every job I’ve held has required me to learn a new set of technical skills, hopping from digital forensics, to network security analysis, to content development, to coding, to cybersecurity consulting. Rather, my almost annoyingly analytical and critical mind allows me to ask the questions others don’t see. My extracurricular experience with writing and public speaking allows me to communicate with anyone regardless of their technical knowhow. My innate self-awareness that sometimes still simmers over into self-doubt allows me to appreciate and leverage the brilliance of my colleagues. Who I am inside - who I am despite years of technical training - is what makes me successful.
Speakers
avatar for Megan Daudelin

Megan Daudelin

Cybersecurity Instructor, INE
Megg Daudelin is currently a cybersecurity instructor at INE, living and working full-time on the road in an Airstream with her husband and two dogs. Megg started her career as a defense contractor performing digital forensic analysis in the DC metro area after completing her Bachelors... Read More →

Saturday July 17, 2021 2:00pm - 2:30pm PDT
Stage 4 - Career Village Talks https://tdi.mobi/stage4
  Career Village

2:00pm PDT

SN6 code review
Speakers
avatar for @TechGirlMN

Saturday July 17, 2021 2:00pm - 3:00pm PDT
Session - Maker Village (Soldering Village) https://tdi.mobi/JoinSoldering
  Maker Village

2:00pm PDT

A N00bHacker's Guide to the Infosec Galaxy
Feedback Survey
**Abstract:**

It is sometimes hard to know where to start learning with so many free resources out there. Moreover, it’s sometimes hard to get started on that learning in a world filled with Animal Crossing and Netflix. What’s an infosec learner to do? Play games, that’s what. No, put down your Nintendo! I mean gamified learning materials. Whether you are a Jill of All Trades who can’t focus on one topic for long because they are all so interesting, or an Alice down her rabbit hole who focuses on one thing to the exclusion of all else, these resources and project ideas will keep you learning in your preferred style for hours on end. Because they’re fun. Did I mention they’re fun? After all, convincing yourself to put down the controller and get online to learn every day is half the battle. And if you end up spending too much time hacking and away from your family--well, I offer tips on how to get young people into this stuff, too. Imagine: sharing an interest with your teenager while learning how to do SQL injections. Live the dream! Learn to hack, and have fun doing it.
Speakers
avatar for Julie Carres

Julie Carres

Lead Mathematics Teacher, Cornerstone Learning Community
Julie uses her Art History degree to teach math. By a twist of fate, she found herself at DefCon 26 (And The Diana Initiative!), and picked up a whole slew of new obsessions. In her spare time, she enjoys learning to code in Java, C++, and JavaScript, hurling herself at TryHackMe... Read More →

Saturday July 17, 2021 2:00pm - 3:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

2:00pm PDT

Beyond the Office: WFH and the long-tail of Zero Trust
Feedback Survey
After surviving a nation-state attack in 2009, Google realized our approach to security had to evolve. More firewalls wouldn't solve the problem. So we ditched the fortress model for a zero-trust model. It accounted for devices and cloud services in our threat model and cut down on lateral movement. When a global pandemic struck, it enabled our employees to securely work from home.

Learn why zero trust movement is the future of enterprise security. Learn what you need to implement at your company and some potential gotchas along the way.
Speakers
avatar for Connie Lin

Connie Lin

Security Engineer, Google
Connie is a Security Engineer working on automated vulnerability management. She also worked on BeyondCorp-ing Google internal infrastructure. Before Google, she worked in fintech on security monitoring and automation for threat intel and firewall change management. In these quarantine... Read More →
avatar for Antara Sargam

Antara Sargam

Security Engineer, Google
Antara is a Security Engineer at Google, focusing on securing Access Control. Prior to joining Google, she completed her Masters in Information Security from Johns Hopkins University. In her free time, she loves exploring new music, jamming with her friends, and volunteering to educate... Read More →

Saturday July 17, 2021 2:00pm - 3:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

2:00pm PDT

Just a Small Town Girl, Livin' in a Lonely World: Using OSINT Tools to Find Yourself
Feedback Survey
Everyone has Googled themselves before and when you've applied for jobs you've been googled too, but how many of you have done OSINT or Open Source Intelligence information gathering about yourself? This talk will take you on a journey to see what information can be found through basic OSINT tools. This is often the first step in a pentest. We will also explore how to request the removal of this data in order to decrease one's attack surface. The end goals are that participants are more aware of the tools that can be used to gather data (beyond standard search engines), what data is out there about the participant, and how to request the removal of said data.
Speakers
avatar for Meghan Jacquot

Meghan Jacquot

Security Engineer, Inspectiv
Meghan Jacquot is a Security Engineer with Inspectiv and focuses on vulnerabilities and attack surface management. She is particularly interested in cloud security, threat intelligence, investigating vulnerabilities, and the ethical use of data. Meghan shares her research via conferences... Read More →

Meghan Jacquot OSINT pdf
OSINT Tools Meghan Jacquot pdf
Saturday July 17, 2021 2:00pm - 3:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

2:00pm PDT

Reverse Engineering for Capture the Flag
Interested in expanding your Capture the Flag skill set? Do you always look longingly at the
reversing category and think “next time I’ll try those”? Capture the flag competitions are a
great resource for skill building in cybersecurity. However, the category of reverse engineering
can be hard to approach as a beginner. This workshop will introduce attendees to the skills,
tools and resources needed to get started and continue improving. We will cover common
tools needed to reverse engineer Linux binaries with hands-on exercises and attendees will be
able to test their new knowledge on example challenges. Familiarity with basic Linux
command line and C programming recommended.
If you want to follow along with the exercises you will need:
Linux machine or vm with GDB installed (we recommend Remnux: https://remnux.org/)
Ida Free for linux installed on your vm (https://hex-rays.com/ida-free/)
Speakers
avatar for Christina Johns

Christina Johns

Lead Cybersecurity Engineer, MITRE
Christina Johns is a Cybersecurity Engineer at MITRE with over 10 years of experience. She has worked in a variety of areas including web application assessment, android forensics, incident response and most recently reverse engineering. Her research interests lie at the intersection... Read More →
CF

Christine Fossaceca

Christine Fossaceca is a senior mobile security researcher and reverse engineer at The MITRE Corporation. She has experience with Android and iOS. Christine is an IDA Pro afficionado, but is learning to like Ghidra, too. She also enjoys using Frida to aid her in dynamic analysis... Read More →
SK

Sarah K

Senior Security Researcher, CrowdStrike

Saturday July 17, 2021 2:00pm - 4:30pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

2:30pm PDT

Neurodiversity as an Asset: The Upside to Thinking Just a Bit Differently
A single story of one neurodivergent person navigating their way in the world, sharing obstacles, failures, triumphs, and hopefully some inspiration for others facing similar challenges.
Speakers
avatar for Chad Calease

Saturday July 17, 2021 2:30pm - 3:00pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

3:00pm PDT

Beyond Burnout: Hacking Your Way to a Healthier Work-Life Balance
Feedback Survey
In the past year, the lines between security professionals' work lives and home lives have become blurred. Many of us have struggled to make sense of competing work obligations, family commitments, and a news cycle which constantly drains our energy. How can we navigate these demands successfully and remain competent, healthy, and able to react to security threats?

Participants will learn lessons and strategies for psychological resilience informed by speakers' experiences conducting OSINT on social media to uncover election influence operations and defend against harmful propaganda on social media. Speakers will share our best tips for handling a constant stream of sensitive online content while confined to an apartment.

Attendees will be introduced to empirical research on psychosocial resilience and the elements of vicarious trauma, then learn tips for (1) physical and mental boundary-setting, (2) repeatedly viewing sensitive online content, (3) sorting through work and news alerts, and (4) connecting back to your organization's mission and values. We'll also lead demos of short relaxation exercises which can be done throughout the workday.

Each participant will leave with a toolbox of practical strategies and links to additional resources for hacking stress and burnout, and creating a healthier work-life balance.
Speakers
avatar for Lili Siri Spira

Lili Siri Spira

Co-Founder, TechEquity Collab / ILPF Fellow
Lili Siri Spira currently works as the social media manager for OnlineSOS, connecting people with information and tools to take action in the face of online harassment. Previously, she worked as a consultant for an NGO, combating misinformation around the election on social media... Read More →
avatar for Rachael Cornejo

Rachael Cornejo

Co-Founder, Rated R
Rachael Cornejo is passionate about helping individuals and communities understand and actively participate in their own security. She is currently a cybersecurity research fellow at the Global Cyber Alliance, where she primarily works on IoT and routing security. Previously, Rachael... Read More →

Saturday July 17, 2021 3:00pm - 3:30pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

3:00pm PDT

Careers in CI/CD, AppSec & DevOps
Speakers
avatar for Breanne Boland

Breanne Boland

Product security engineer - security partner, Gusto
Breanne Boland is a product security engineer with the Security Partnerships team at Gusto. Before moving into security, she was a site reliability engineer and an infrastructure engineer, working in healthcare and govtech. Prior to that, she was a professional writer, and she still... Read More →
avatar for Jasmine Henry

Jasmine Henry

Director of Cybersecurity, Esper.io
Jasmine (she/her) is Director of Cybersecurity at Esper.io, a midsized Seattle startup in the Android DevOps space. She's recently completed a successful PCI DSS, SOC 2, and ISO 27001 security audit cycle with a fully DIY / inner-sourced approach. Jasmine is passionate about compliance... Read More →
SR
avatar for Ken Nichols

Saturday July 17, 2021 3:00pm - 3:45pm PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

3:00pm PDT

Building Your Personal Brand in Information Security
Feedback Survey
It is human nature to form an opinion and according to research, it takes 7 seconds to make a first impression. Did you know that with every interaction you have with your network, whether this is through a conversation or through social media or through your project work, you’re building your personal brand?

Brands are used for products, businesses, celebrities or athletes, but have you ever wondered what impact you can have when you build your personal brand? Your brand is who you are and a great quote from Jeff Bezos, “Your brand is what people say about you when you’re not in the room”. A strong personal brand is important as you build your professional career.

In today’s world, it can be daunting to build your personal brand as people quick to form an impression of you. How do you build your brand? What is the value and impact of creating a personal brand? Use your brand to land job roles, speaker slots and industry recognition.

How can your personal brand overcome some of the traditional barriers and unconscious biases? Does your network see you the same way as you see yourself?

In this session, you will learn:

1- The Problem: Barriers, Pros and Cons of building your brand in information security.
2- Why building your brand is important and the impact on the sector
3- How your brand can break down barriers to entry and the importance of focusing on your purpose and passion
4- WHAT: 5 tips on what you can do to build your brand in the cyber sector
5- Tricks on how to prevent some of the challenges of branding while being your authentic self
6- Inspiring brand stories and tips from cyber security professionals: Keren Elazari, Alyssa Miller, Confidence Staveley, Farah Hawa and Selina Lam
Speakers
avatar for Aarti Gadhia

Aarti Gadhia

Cybersecurity Sales Manager, Bugcrowd
Aarti Gadhia is a champion for empowering women in cybersecurity and has dedicated her entire career to breaking down barriers and boundaries to achieve equality for underrepresented groups in STEM and in leadership.She founded Standout to Lead to empower women in cybersecurity to... Read More →

Saturday July 17, 2021 3:00pm - 4:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

3:00pm PDT

Section 230: The Law That Everyone Loves to Hate, And What It Means To You
Feedback Survey
It seems like everyone's talking about Section 230 these days, and keen to change it, even without really knowing what it says and does. Don't let this happen to you! Come to this crash course in Section 230 basics given by a lawyer who regularly litigates (and pontificates) about Section 230 to learn the truth about this crucial law that enables our online world. We'll talk about why we have Section 230, what it does, why it works, and how much we jeopardize if we mess with it.
Speakers
avatar for Cathy Gellis

Cathy Gellis

Attorney, Techdirt
Frustrated that people were making the law without asking her for her opinion, Cathy Gellis gave up a career as a web developer to become a lawyer so that she could help them not make it badly, especially where it came to technology. A former aspiring journalist and longtime fan of... Read More →

Saturday July 17, 2021 3:00pm - 4:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

3:30pm PDT

Leviathan Security live chat
Saturday July 17, 2021 3:30pm - 4:00pm PDT
Expo Hall - Leviathan Booth https://app.hopin.com/events/2021-diana-initative/expo/481834
  Partner Booth

3:30pm PDT

Vulnerabilities from Venus, Management from Mars: How to Navigate the Unknown
Feedback Survey
You've been hired to manage the information security program at a new company. Where do you start? It can seem like a daunting task, but you there are steps you can take to set yourself up for success. Before assessing the posture of an organization's information security program, you should invest a significant amount of time to understanding the company, its culture and identify key players. In this session, I provide important talking points that should be discussed with your new team members before defining a scope, creating realistic goals and ultimately developing the information security strategy.
Speakers
avatar for Cassandra Brunetto

Cassandra Brunetto

IT, Risk and Compliance Manager, Graylog
I currently work for Graylog as an IT, Risk and Compliance Manager. I have been working in the information security industry for four years. I graduated with a Master's degree in Information Security and Assurance. I also have the CISSP and CISM certifications. I have experience building... Read More →

Saturday July 17, 2021 3:30pm - 4:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

3:30pm PDT

When Family Is Not Your Family - Blood vs. Community
Life is hard enough, but when you get older and migrate into a profession, things may get messy, or less than ideal. This session discusses the challenges, differences and camaraderie that evolves from developing relationships that aren't blood that may be stronger than such to provide emotional and metal support.
Saturday July 17, 2021 3:30pm - 4:30pm PDT
Session - Mental Health Hacker Village https://tdi.mobi/JoinMHH
  MHH Village

3:45pm PDT

Turning Your Teenage Passions into a Cyber Security Career
AMA/Q&A with CactusCon lead and SANS author/instructor Ryan Chapman
Speakers
RC

Saturday July 17, 2021 3:45pm - 4:30pm PDT
Session - Teen Village https://tdi.mobi/JoinTV
  Teen Village

4:00pm PDT

Bridgecrew Raffle
Live AirPods Max Raffle Winner Drawing!

Also Fibbage Games [sticker swag pack prizes up for grabs]
Sponsors
avatar for Angela Gizzi

Angela Gizzi

Technical Marketing, Prisma Cloud by PANW
Angela is passionate about developer-first solutions and automation. She builds content and communities to bring technical practitioners the knowledge, open source tools, and products that best serve them.Outside of work, Angela spends her days rescuing and caring for animals. She... Read More →

Saturday July 17, 2021 4:00pm - 4:30pm PDT
Expo Hall - Bridgecrew Booth https://app.hopin.com/events/2021-diana-initative/expo/518861
  Games & Raffles

4:00pm PDT

PrOTecting the Source of Our Spark
Feedback Survey
We all have an inherent need to protect the aspects of our lives that are most important to us. The cars we drive every day to work, the medicines we take every morning, and the electricity we use without a second thought all come from Industrial Control Systems (ICS) or Operating Technology (OT) infrastructures. Exploitation of infrastructure vulnerabilities can cause power outages, shortages in vehicle manufacture, interruptions in manufacturing lines, disruptions in the availability of pharmaceuticals, and a million other possibilities, all of which can impact the health, safety, and wellbeing of our households, community, and the world.

When ICS was initially implemented, the focus was often on increased productivity, physical safety, availability, and product quality. Security controls were typically limited and layered on after the environment was designed – which increases an environment’s risk.

There isn't a single way to alleviate risk; however, there are multiple controls that, when paired together, can help strategically increase the security of OT environments, such as network segmentation, OT security monitoring, incident response, and secure remote access. Although OT devices and systems may be prone to more risk and vulnerabilities, proper strategic and tactical implementation of priorities and controls can strengthen the maturity of security in these environments. This in turn safeguards our daily lives, health, and well-being.
Speakers
avatar for Megan DeWitt

Megan DeWitt

Senior Security Consultant, Security Risk Advisors
Megan specializes in project management, incident response, program development, cloud security, governance and compliance, and industrial control system technology. Megan has substantial experience in IT and Operations and brings with her an understanding of designing, implementing... Read More →

PrOTecting the Source of Our Spark By Megan DeWitt pdf
Saturday July 17, 2021 4:00pm - 5:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee
  Talk Main stages

4:00pm PDT

Reimagining Cybersecurity Careers
Feedback Survey
The presentation will address a major issue regarding careers in the INFOSEC / cybersecurity industry based upon my observations over 11 years. There are too many open positions, too much gatekeeping, too much miss-information, and far too many junior personnel who struggle to get into the field. The current way of hiring, and developing or up-skilling is not effective. There is a lack of clear career paths that would help junior personnel plan avenues for professional growth. Companies and organizations continue to face serious burnout for a variety of reasons. Turnover is too high, and diversity is still far too low. Personnel feel pigeon-holed into specializations. We have to reimagine a better way, a sustainable method for the industry that also is more inclusive and diverse and is ready to actually incorporate diversity. For us to break old career paradigms, outdated ways of thinking, and to incorporate new ideas, we all need to be part of the solution. We can start today!
Speakers
avatar for John Stoner

John Stoner

Cybersecurity Strategist, Booz Allen Hamilton
John Stoner served for just over 10 years in the U.S. Army as a SIGINT analyst, receiving an honorable discharge in 2010. He has over 21 years of experience in the national security, intelligence industry, and defense sector in a variety of roles, with 11 focused in cybersecurity... Read More →

Saturday July 17, 2021 4:00pm - 5:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Talk Main stages

4:00pm PDT

See TI - Behind the Curtains for Cyber Threat Intelligence Careers
Feedback Survey
Cyber threat intelligence professionals have been growing in demand and significance to help organizations understand what threats matter most, when, to whom, and what actions are recommended to mitigate them. With diverse skill sets and responsibilities, from technical research to data analysis to effective writing and dissemination, CTI careers are critically important - and can leverage myriad strengths for success.

This session will introduce the basics of threat intelligence, how to get into your first role and advance a CTI career, debunk a few myths about the job, and provide additional avenues for further inspiration and research.
Speakers
avatar for Grace Chi

Grace Chi

Cofounder, Pulsedive
Grace Chi is Cofounder and COO at Pulsedive. She works closely with defensive security and CTI practitioners all over the world, ranging from local consulting teams to enterprise operations. Paired with her unconventional and highly interdisciplinary background, she has unique insights... Read More →

Saturday July 17, 2021 4:00pm - 5:00pm PDT
Stage 3 https://app.hopin.com/events/2021-diana-initative/stages/cc11b940-c664-416f-a46f-760ae587decb
  Talk Main stages

4:30pm PDT

CTFs close, winners announced
CTFs close, winners announced
Saturday July 17, 2021 4:30pm - 5:00pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

5:00pm PDT

Tunes
Music/chillout from our DJ Aaron
Saturday July 17, 2021 5:00pm - 6:00pm PDT
Session - Capture the Flag Village https://tdi.mobi/JoinCTF
  CTF Village

5:00pm PDT

Rising from the Ashes
Feedback Survey
Pitfalls happen. Some worse than others. Whether it's losing a job, a loved one, a promotion falls through, or you lost an opportunity you thought you had in the bag. Non-men in tech often experience these setbacks and feel like they'll never recover. They lay low, safe among the ashes of their scorched chances, and wait for the next thing to come along. However, they are not idle. They connect with others like them, building a group of like-minded individuals that together can take on more than one would alone. Then, when you least expect it--They rise, a glorious phoenix, set to take on the world. A challenger to the status-quo awaits, with sparks cascading off their wings, ready to meet whatever obstacles life throws at them.

In this closing keynote address, Rin Oliver will speak about how to build resilience, why you should set boundaries, and will share examples of overcoming personal career hardship and how where they've been got them to where they are now. Rin will share their tips and advice for how to psych yourself up when you've been down, offer advice for connecting with others in the cybersecurity industry, and will show you how to nurture the embers of your past to blaze a path towards a brighter future, together.
Speakers
avatar for Kiran Oliver

Kiran Oliver

Technical Community Builder, Camunda
Rin is a Technical Community Builder at Camunda. Previously, they were a Platform Evangelist at the Seattle startup Esper, a podcast producer at The New Stack, and more. They enjoy discussing all things open source, with a particular focus on improving hiring pipelines in the technology... Read More →

Rising from the Ashes TDI 2021 Closing Keynote pptx
Saturday July 17, 2021 5:00pm - 6:00pm PDT
Stage 1 https://app.hopin.com/events/2021-diana-initative/stages/ff71ae75-41d8-4546-b361-9883c22d8b13
  Keynote track1

5:00pm PDT

Leveraging Application Design and Coding Patterns to Remove Risk @ MongoDB Booth
Application Design and Coding Patterns can make it impossible for engineers to introduce certain classes of vulnerabilities. Architecting for Failure. Thinking ahead to support quicker detect/response, containment, and automatically flagging attacks. Have more impactful developer training and less time doing static analysis.
Speakers
MH

Michael Hanchak

Lead Engineer, MongoDB

Saturday July 17, 2021 5:00pm - 6:00pm PDT
Expo Hall - MongoDB booth https://app.hopin.com/events/2021-diana-initative/expo/480088
  Partner Booth

6:00pm PDT

Social Hour
We all love learning things, but we want to hang out too!

You are always welcome to join the “Networking” area of Hopin, if others have joined it will pair you up for a quick chat.

We have also set two times aside specifically to encourage you to meet fellow attendees (and volunteers and staff and speakers!)

7:30am-8:30am Saturday
6:00pm (after closing keynote) to 7:00pm Saturday

https://www.dianainitiative.org/social-hour/
Saturday July 17, 2021 6:00pm - 7:00pm PDT
Networking Area
  Social
 
  • Timezone
  • Filter By Date The Diana Initiative 2021 Jul 16 -17, 2021
  • Filter By Venue Virtual Conference
  • Filter By Type
  • Career Village
  • CISO & Leader Panel
  • CTF Village
  • Games & Raffles
  • Keynote track1
  • Live Demo
  • Maker Village
  • MHH Village
  • Partner Booth
  • Social
  • Talk Main stages
  • Teen Village
Filter sessions
Apply filters to sessions.
Friday, July 16
Saturday, July 17
Expo Hall - Axonius Booth
Expo Hall - Bridgecrew Booth
Expo Hall - CMU Booth
Expo Hall - Google Booth
Expo Hall - Intel Booth
Expo Hall - Leviathan Booth
Expo Hall - MongoDB booth
Expo Hall - No Starch Press Foundation Booth
Expo Hall - TryHackMe
Hopin
Networking Area
Session - Capture the Flag Village
Session - Maker Village (Soldering Village)
Session - Mental Health Hacker Village
Session - Teen Village
Stage 1
Stage 2
Stage 3
Stage 4 - Career Village Talks
  • Career Village
  • CISO & Leader Panel
  • CTF Village
  • Games & Raffles
  • Keynote track1
  • Live Demo
  • Maker Village
  • MHH Village
  • Partner Booth
  • Social
  • Talk Main stages
  • Teen Village