Presentations and Recordings

Past Presentations and Recordings

2017

• ISSW – Outflanking the Adversary: Designing and Implementing Active Network Defense
• Black Hat USA – Industroyer/Crashoverride: Zero Things Cool About a Threat Targeting the Power Grid
• CS3STHLM – Strategic Network Defense in ICS Environments

2018

• Art Into Science, A Conference for Defense – Mind the Gap, Bro!
• Art Into Science, A Conference for Defense – Moving Beyond the Pepsi Challenge
• BSIDESCHARM – Threat Activity Attribution: Differentiating the Who from the How
• TROOPERS – Mind the Gap, Bro
• x33fcon – Aligning Threat Intelligence to Defender Needs
• Black Hat USA – Demystifying PTSD in the Cyber Security Environment
• DEFCON ICS Village – Behavior-Based Defense in ICS Environments
• DEFCON Ethics Village – Nations & Nationalism & Cybersecurity
• ToorCon XX – Anatomy of ICS Disruptive Attacks
• VirusBulletin – Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE
• CS3STHLM – Indicators vs. Anomalies vs. Behaviors: A Critical Examination for ICS Defense

2019

• SANS CTI Summit – Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
• RSA 2019 – Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
• x33fcon – Offensive Testing of ICS Security
• CONfidence – Meet Me in the Middle: Threat Indications & Warnings
• ICS Security Week – The Past and Future of Integrity Attacks in ICS Environments
• CYBERWARCON – Full-Spectrum Information Operations for Critical Infrastructure Attacks and Disruption

2020

• SANS CTI Summit – Threat Intelligence and the Limits of Malware Analysis
• SANS ICS Summit – Mission Kill: Process Targeting in Industrial Control System Attacks
• TROOPERS – Spyware Stealer Locker Wiper – LockerGoga Revisited – EVENT WAS CANCELLED! Recording of webcast here.
• CrisisCon – Cyber Operations Other Than War
• x33fcon – Cyber Consequences, Operational Dependencies, and Full-Scope Security
• Rejected BHUSA Submission! – Caught In The Middle With You
• DEFCON ICS Village – Mission Kill: Process Targeting in ICS Attacks

2021

• SANS CTI Summit – Pivoting: From Art to Science
• SANS ICS Summit – A Critical Evaluation of ICS-Focused Supply Chain Attacks
• VirusBulletin 2021 – The Baffling Berserk Bear: A Decade’s Activity Targeting Critical Infrastructure
• DEFCON ICS Village – Crippling the Grid: Examination of Dependencies and Cyber Vulnerabilities
• BruCon 0x0d – Exorcising the Ghost in the Machine: A Critical Assessment of Supply Chain Intrusion Vectors

2022

• PancakesCon3 – Threat Detection Construction And The Evolution Of LEGO
• FIRST 2022 – Formulating An Intelligence-Driven Threat Hunting Methodology
• RSA 2022 – Evaluating Indicators As Composite Objects (Top Rated Session!)
• S4x22 – Navigating International Law in Critical Infrastructure Cyber Events (panel discussion)
• S4x22 – Assessing the Balance Between Visibility and Confidentiality
• DEFCON ICS Village – Thrice Is Nice: Evaluating the Ukrainian Power Events from BlackEnergy to Industroyer2
• BlueTeamCon – Formulating An Intelligence-Driven Threat Hunting Methodology
• VirusBulletin – Zeroing In On XENOTIME: Analysis Of The Entities Responsible For The Triton Event

2023

• SANS CTI Summit – Implementing Intelligence: Formulating Detections
• Insomni’hack – Adversary Tracking And All The Lies We Tell Ourselves
• Hack The Capitol – No Going It Alone: Critical Infrastructure And Lessons Learned From Recent Conflicts
• Hague TIX – Commercial Dimensions in Cyber Conflict
• x33fcon – Signal Sequencing for Stateful Detections
• DEF CON 31 – Burrowing Through the Network: Contextualizing the Vulkan Leaks & State-Sponsored Offensive Ops
• DEF CON 31 ICS Village – I’m On The Hype Train: Bottom’s Up!
• BruCon 0x0f – Critical Evaluation & Historical Context of the Vulkan Leaks
• ONE Conference – Criminal Coverage for Cyber Disruption
• Swiss Cyber Storm – Converging Behaviors Across Threat Actors
• BSides København – Understanding Indicators: Towards an Information Security Ontology

2024

• SANS CTI Summit – Revisiting the Indicator: Towards a Threat Intelligence Ontology
• S4x24 – The Value of (and lack of) Detection at Various Stages In the Kill Chain
• FIRST CTI – The Disclosure Dilemma and Ensuring Defense
• Hack the Capitol 7.0 – Defensive Tensions in Critical Infrastructure Defense
• DEF CON 32 ICS Village – The Risk and Reward of Distributed Industrial Control
• Virus Bulletin 2024 – Reviewing the 2022 KA-SAT incident & implications for distributed communication environments
• Industrial Security Conference Copenhagen – More to Come!

Podcasts

• Secure Dyanmics – Think Like a Practitioner when Acting Like a Vendor
• Loopcast – The Past, Present, and Future of Ransomware
• Cyber Security Dispatch – The Current State of Protecting Industrial Systems and Safeguarding Civilization Today
• RecordedFuture – Protecting Critical Infrastructure
• Breaking Badness – Episode 68
• Breaking Badness – RSAC 2024
• RiskyBiz – Episode 611
• RiskyBiz – Episode 610
• RiskyBiz – Episode 609
• Loopcast – Offense and Defense in Information Security
• NoName Podcast – Discussion of Ukraine and Beyond
• Mnemonic Podcast – Digging into State Directed Cyber
• Claroty Nexus – XENOTIME, The Entity Behind the TRITON Attack
• Mnemonic Podcast – Isolate first, triage second, and the tools to help you do it
• The Security Detail – Energy featuring Joe Slowik