Registration & Breakfast

09:00 – 10:00

Registration & Breakfast
  • Assorted Pastries, Muffins, and Granola Bars
  • Fresh Fruit
  • Coffee & Tea
  • Fruit Juice

Morning Speakers – 10:00 – 11:45

10:00 – 10:15

Welcome and Opening Remarks – BSides Organizers

10:15 – 11:00 – Keynote

Adam McMath – Impact

Security BSides is my favorite place to be: enthusiasts and professionals unite as we explore the world of blue teams, red teams, confidentiality, integrity, and availability!

But… what’s it like for people that aren’t from our world? Why are some folks compelled to call us evil, and vilify our love for hoodies, basements, and Flipper-Zeros?

A challenging truth: how we represent our profession matters. Our ability to provide leadership in our jobs, at school, on social media, and how we talk about threats, vulnerabilities, and exposures to people who may never truly understand our viewpoints: it all matters. I believe that everyone who cares about cybersecurity wants to make a positive impact on the world; even though a lot of us feel like the world sometimes makes a negative impact on us because of the way we think.

Let’s air out our dirty laundry while celebrating our unique worldview, discuss how cybersecurity enthusiasts and professionals can drive improvements while reducing friction, and be recognized as the thinkers, problem solvers, and leaders that I believe we all are.

11:00 – 11:45

TJ Odugbesan – The Unavoidable Risk of Third-Party Partnerships: Strategies for Business Resilience 

Recent breaches of Fortune 500 companies have highlighted the devastating impact of third-party risk. It’s not a matter of if, but when, a third-party risk will materialize. This presentation will explore the unavoidable risks associated with third-party partnerships and provide actionable strategies for mitigating these threats. We will discuss real-world examples, case studies, and best practices for managing third-party risk, enabling organizations to build resilience and protect their operations, reputation, and bottom line.


Lunch

11:45 – 12:45

Lunch (Boxed Lunch)
  • Sandwiches (Selection)
  • Fresh Baked Cookies
  • Kettle Cookes Potatoe Chips
  • Chopped Salad w/ Dressing
  • Bottled Water or Soft Drink

12:00 – 12:30

Next Generation SecOps in a world with AI – Moro Arakaki

Are AI-driven cyberattacks worrying you? Are you seeing an increase in attacks? Where are the attacks coming from? What’s the target? Is it really an attack? What about the Cloud?

Join us for a conversation to find out whether modern SecOps strategies and tools are enough to keep up with the increasing prevalence of AI-enabled cybercriminals. In a world where AI has empowered novice “Hacker” to become faster and more effective than ever, it’s crucial to stay informed and prepared.


Afternoon Speakers

12:30 – 13:15

Hunting for Crits on Adventure Mode – Michelle Eggers, Security Consultant II, NetSPI 

Metasploit modules, reverse shells, complex attack chains… being a penetration tester can be very exciting and technically complicated, but the highest severity findings I’ve discovered during my career as a security consultant have been the result of regularly implementing some of the most basic checks that exist.

All critical findings I’ve uncovered have been associated with large industry clients and affected a great deal of user data, how could these security holes exist when these well-funded organizations run security audits on a regular basis? I’ll show you exactly how in this talk, by walking through the pentesting processes that led me to uncover critical and high severity findings in web applications over the past few years using Burp Suite and a handful of manual and automated techniques to push the boundaries of what we assume to be safe.

13:15 – 14:00

The state of Security – SMBs – Justin Schultenkamper, CEO, Complete Technologies 

Are you being asked to implement a SOC, SIEM, SOAR? When was the last time you verified your backups?

Is Bob in accounting still using Dodger123 as his password for everything with no MFA enabled?

Yeah, Saskatoon smb’s don’t need advanced threat protection they need security basics.


Break

14:00 – 14:15


14:15 – 15:00

Red and Blue Teaming and the Powers Gained! Adversarial Emulation – Jayson Maynard, Field CTO, Cisco

As defenders we have been to focused on lower layers of the defensive stack: IPs, domains, URLs, SHAs. We need to elevate in order to compete against the adversary. How do we do that? We climb higher into the defensive stack and understand the adversaries targeting us and test out our capabilities

In this session we will learn about adversarial emulation and how both red and blue teams can benefit from it use. We learn about the tools available to us and then build out an operation leveraging Open Source and Commercial tools without preventive capabilities. We will then review the adversarial outcomes which includes reviewing the outcomes on our passively deployed Security portfolio. The knowledge gained ensures defensive teams understand the opportunity to increase our defenses. We will then turn on our preventive capacities across a variety of security technologies and perform the test again reviewing the results. Understanding how the adversarial approaches their victim and defenders’ ability to layer defense is a recipe for success.

The tools leveraged are used as examples and attendees are encouraged to leverage their tool of choice – the examples are only to highlight the opportunity to elevate defense and nothing more.

15:00 – 15:45

Open Source Software is amazing, and risky. Let’s secure what you are using! – Nicole Schwartz 

Thanks to Open Source Software (OSS), modern software development releases new products at an amazing speed. Open Source has many benefits, but introduces risk into your products. We’ll cover the types of risks OSS brings into your environment, and ways to handle those risks.

This will cover various approaches and tools both free and paid. Importantly, you can’t secure what you can’t see. Let’s explore how to see all your OSS in your environment, all the way up the software supply chain.

As a bonus we’ll go over things you can do to help yourself and the OSS ecosystem.

15:45 – 16:00

Closing Remarks – BSides Saskatoon Organizers

Just a quick wrap up and thank you for being amazing attendees!