Welcome to the DEFCON 201 guide to Hybrid Hacker Summer Camp! This is part of a series where we are going to cover all the various hacker conventions and shenanigans in August. As more blog posts are uploaded, you will be able to jump through the guide via these links:
HYBRID HACKER SUMMER CAMP — Part One: Surviving Physical + Virtual Vegas
HYBRID HACKER SUMMER CAMP — Part Two: BSides Las Vegas
HYBRID HACKER SUMMER CAMP — Part Three: Ring Zer0
HYBRID HACKER SUMMER CAMP — Part Four: Black Hat USA
HYBRID HACKER SUMMER CAMP — Part Five: FuzzCON
HYBRID HACKER SUMMER CAMP — Part Six: DEFCON 29
HYBRID HACKER SUMMER CAMP — Part Seven: USENIX
HYBRID HACKER SUMMER CAMP — Part Eight: SIGS, EVENTS AND PARTIES
FuzzCon@ Las Vegas 2021 Hybrid Conference
Date: Thursday, April 5th (4:00 PM PST/7:00 PM EST)
Location: The Industrial (2330 S Industrial Rd, Las Vegas, NV 89102)
Website: https://fuzzcon.forallsecure.com/
Platform(s): Unknown Virtual Event Platform
Scheduel: https://fuzzcon.forallsecure.com/#schedule
Live Streams:
TBA
Chat: TBA
Accessibility: FUZZCON is FREE this year for Virtually Online, it’s UNKNOWN if it’s paid for in person. Registration Online give you all access to the talks in real time as well as the interactive platform.
Code Of Conduct: N/A
FuzzCon brings together software security experts and industry leaders from various sectors to share the benefits of fuzzing, a proven and accepted security testing technique. Through education, community building, and networking, FuzzCon aims to make this advanced technique accessible and help organizations realize the value of this emerging trend in continuous software testing.
This premier event will feature actionable advice and best practices on autonomous security, the state of application security and the role fuzzing plays in securing code from some of the most well-known companies in information security.
In the wake of the blockbuster breaches over the last year, software security has never been more important. In looking at the state of application security, 83% of apps have at least one security flaw at initial vulnerability scan and 61% of tested apps had at least one high- or critical-severity vulnerability not listed in the OWASP Top 10. Emceed by Dr. Jared DeMott, FuzzCon will bring together developers, security experts, and decision makers to learn why fuzzing is a critical security testing technique to incorporate in the software development lifecycle.
FuzzCon 2021 will be a hybrid event, both in-person in Las Vegas, NV** and streaming online through a virtual event platform.
This is a newer element to the Hacker Summer Camp family and reminds us of the old days of one or two day cons that covered one specific concentrated area of tech. (RIP PasswordCon). Ironically this is sandwiched on the last day of Black Hat USA but the first day of DEF CON because that is the best way to describe this event: Supported by a Big InfoSec Company but Relaxed & Casual. We hope whether you are there social distancing in-person or checking it out online with us that you enjoy the future of AI and Security via Fuzzing.
Just don’t touch Fuzzy…you’ll get Dizzy.
SCHEDULE (PST)
Registration
4:00PM-5:00PM
Welcome to FuzzCon 2021
4:30PM-4:45PM
Welcome to FuzzCon 2021 with David Brumley, ForAllSecure CEO & Co-founder, & Dr. Jared DeMott, FuzzCon Master of Ceremonies!
Can AppSec be Fixed?
4:45PM-5:15PM
It’s no secret that “Hacker Summer Camp” is a lot of fun. But, security conferences remain a long way from celebrations of victory. The breaches just keep rolling in, while the cadence of compromise increases. Fingers get pointed; blamestorming ensues. And yet, we keep applying the same, tired, often simplistic solutions to this thorny, complex, multi-dimensional problem that we call, “AppSec” or software security. Are our assumptions flawed? Is what “everybody knows” i.e., industry folklore, holding us back? And what part do testing techniques like fuzzing play in creating challenges, while at the same time offering us potential solutions? Please join author, security architect, and technical leader, Brook S.E. Schoenfield, to explore these questions and their possible answers.
Fuzzing Real Talks
5:30PM-6:50PM
Join experienced leaders of application and product security, Anmol Misra of Autodesk, Larry Maccherone of Contrast Security, Damilare D. Fagbemi of Resilient Software Security, and Jeff Costlow of Extrahop Networks, to learn the ins and outs of a successful security testing program. From tooling selection, to value justification, to organizational buy-in, to strategy building, these experts reference their 50+ years of collective industry experience to reveal their personal tips, tricks, and cautionary tales, so your security testing program is successful at its launch and throughout its lifetime. The Fuzzing Real Talks panel will be moderated by veteran CISO, CSO, & CPSO, James Ransome.
The Hacker Mind Feud
7:00PM-8:00PM
Join host of The Hacker Mind Podcast, Robert Vamosi, as he quizzes guests of the podcast on hacker trivia — Family Feud style. Contestants will be playing to raise money for the non-profit BlackGirlsHack!
Contestants include:
- David Brumley of ForAllSecure
- John Hammond of Huntress Labs
- Tennisha Martin of Black Girls Hack
- Ned Williamson of Google
Networking | Social
8:00PM-9:30PM
After the main event, stay to network with security professionals, experts, and leaders while enjoying food, drinks, and games for the first time in over a year!
SPEAKERS/MODERATORS
Anmol Misra
Director of Security, Autodesk
Anmol is an accomplished leader and researcher with over 15 years of experience in security. His engineering, security, and consulting background makes him uniquely suited to drive the adoption of disruptive technologies. Anmol is a team builder focused on mentoring and nurturing high-potential leaders, fostering excellence, and building industry partnerships. At Autodesk, Anmol is responsible for cloud and information security. Before Autodesk, he managed security & compliance for Collaboration Cloud & SaaS applications at Cisco. As part of EY’s Risk Advisory Services, before Cisco, Anmol managed service delivery and consulting engagements for the Fortune 500 in the finance, healthcare, technology, retail, utility, consumer, entertainment, and e-commerce sectors. Anmol is the co-author of two books: Android Security: Attacks and Defenses, Core Software Security: Security at the source. He is also a contributing author of Defending the Cloud: Waging Warfare in Cyberspace. His books are used by leading universities worldwide to teach application and mobile security courses. He has taught security to students and professionals alike, and his work has been cited by research papers in prestigious journals, including ACM and IEEE.
Brook S.E. Schoenfield
Author, Passionate Security Architect, & Curious Questioner of Assumptions
Brook S.E. Schoenfield is the author of Secrets Of A Cyber Security Architect (Auerbach, 2019) and Securing Systems: Applied Security Architecture and Threat Models (CRC Press, 2015). His latest, Building In Security At Agile Speed (with Dr. James Ransome, Auerbach, 2021), focuses on software security for continuous development practices and DevOps. Brook helps clients with their software security and secure design practices. He mentors technical leaders to effectively deliver security strategies. He consults as a technical leader for IOActive Inc. and SEC Consult America’s holistic security architecture services. Previously, he led product security architecture at McAfee (Intel), Cisco Engineering, IT Security Architecture at Autodesk, and Web and Application Security for Cisco Infosec. He is a founding member of IEEE’s Center for Secure Design and is a featured Security Architect at the Bletchley Park Museum of Computing. He is the originator of Baseline Application Vulnerability Assessment (BAVA), Just Good Enough Risk Rating (JGERR), Architecture, Threats, Attack Surfaces and Mitigations (ATASM), and developer-centric security. He contributed to Core Software Security (CRC Press, 2014), and co-authored Avoiding the Top 10 Security Design Flaws (IEEE, 2014) and Tactical Threat Modeling (SAFECode, 2017).
Damilare D. Fagbemi
Founder, Resilient Software Security
Damilare is a software security leader and architect who has the pleasure of helping companies and organizations to design, build and deploy secure Internet of Things (IoT), cloud, and mobile solutions. He has taught secure software design across three continents ― North America, Africa, and Europe. He’s the founder of Resilient Software Security, a cybersecurity firm that provides security strategy, design, and operations services to businesses. He is also a co-author of the book, “The IoT Architect’s Guide to Attainable Security & Privacy”.
David Brumley
CEO & Co-founder, ForAllSecure
ForAllSecure CEO, David Brumley, received his Ph.D. in Computer Science from Carnegie Mellon University, MS in Computer Science from Stanford University, and a BA in Mathematics from the University of Northern Colorado. Brumley became a tenured Professor of Electrical & Computer Engineering at Carnegie Mellon University in 2016 and went on to become the Director of CyLab Security & Privacy Institute. With over 20 years of cybersecurity experience in academia and practice, Brumley is the author of over 50 publications in computer security and has received numerous awards, including the US PECASE award from President Obama, the highest award in the US for early-career scientists and engineers. In 2012, Brumley, along with his graduate students Athanasios Avgerinos and Alexandre Rebert, co-founded ForAllSecure with the mission to secure the world’s critical software. In 2016, ForAllSecure went on to win the DARPA Cyber Grand Challenge with Mayhem, ForAllSecure’s autonomous cyber security system.
Jeff Costlow
Deputy CISO, ExtraHop Networks
As a security technologist and leader for over 20 years, Jeff’s deep experience securing information and technology assets as well as years of successful engineering leadership have resulted in secure product deployments to thousands of customers. As the Deputy CISO at ExtraHop Networks, Jeff leads the ExtraHop team towards groundbreaking security and privacy services in ExtraHop’s best-of-breed network detection and response tool.
Larry Maccherone
DevSecOps Transformation, Contrast Security
Larry is a thought leader on DevSecOps. At Comcast, he launched and scaled the DevSecOps Transformation program over five years, and is now at Contrast helping organizations empower development teams to take ownership of security. Larry was a founding Director at Carnegie Mellon’s CyLab and co-led the launch of Build-Security-In initiative. Contact Larry on his LinkedIn page: https://www.linkedin.com/in/LarryMaccherone
Moderators
Dr. Jared DeMott
Masters of Ceremonies
Dr. DeMott enjoys securing code and data in big tech after leading a successful startup. Jared has been passionate about fuzzing, since the early days of his career with the NSA. He holds a Ph.D. from Michigan State University and has often spoken on cyber matters at popular conferences. He was a finalist in Microsoft’s BlueHat security architecting contest and has been on three winning Defcon capture-the-flag teams. DeMott has authored books, blogs, and online courses on fuzzing and application security.
James Ransome
Veteran CISO, CSO, CPSO, & Author
Dr. James Ransome is the Chief Scientist for CyberPhos, an early-stage startup, and continues to do ad hoc cybersecurity consulting. He is on the Board of Directors for the Bay Area CSO Council. Most recently, Dr. Ransome was the Senior Director, Security Development Lifecycle (SDL) Engineering in the Intel Product Security and Assurance (IPAS) — Governance and Operations (IPAS GO) Group. His career is marked by leadership positions in the private and public industries, having served in three chief information security officer (CISO) and four chief security officer (CSO) roles at Applied Materials, Autodesk, Qwest Communications, Pilot Network Services, Exodus Communications, Exodus Communications-Cable, and Wireless Company, and Cisco. Dr. Ransome holds a Ph.D. in Information Systems specializing in Information Security, a Master of Science Degree in Information Systems, and graduate certificates in International Business and International Affairs. He received the 2005 Nova Southeastern University Distinguished Alumni Achievement Award. He is a member of Upsilon Pi Epsilon, the International Honor Society for the Computing and Information Disciplines, Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), and a Ponemon Institute Distinguished Fellow. Dr. Ransome is the author of several published books, including Wireless Operational Security; VoIP Security; Instant Messaging (IM) Security; Business Continuity Planning and Disaster Recovery Guide for Information Security Managers; Wireless Security: Know It All; Cloud Computing: Implementation, Management, and Security; Defending the Cloud: Waging Warfare in Cyberspace, Core Software Security — Security at the Source, and is currently working on a new book titled Building In Security at Agile Speed.
Robert Vamosi
CISSP, Host of The Hacker Mind podcast
Robert Vamosi is a CISSP and award-winning infosec journalist. He is the author of two books — When Gadgets Betray Us [Basic Books: 2011] and The Art of Invisibility (with Kevin Mitnick) [Little, Brown & Co.: 2017] ‐‐ and is featured in Code 2600 , a feature-length documentary on the history of computer hacking. In its first year, the bi-weekly The Hacker Mind podcast has already amassed over 20K downloads with infosec guests such as LiveOverflow, Stok, and Jack Daniel.
FUZZCON TV
ForAllSecure presents FuzzCon TV, a virtual fireside chat with industry experts and leaders sharing their insight on everything fuzzing. Each episode will dive into a multitude of fuzzing topics and answer burning questions from our viewers!
