SmileyCon Agenda

Thursday, April 10, 2025

8:00 - 9:00am
Registration Check-In Begins

9:00 - 10:00am
Breakfast
Location: Basement

10:00am - 11:50am
Tabletop Exercise
Location: Basement
Presented by Olivia Cate, TrustedSec IR Security Consultant
The TrustedSec Incident Response Team has conducted a multitude of tabletop exercises. Through this extensive experience, we've gained valuable insights into the effective setup and execution of these exercises, as well as crucial lessons on what to avoid. Join us as we share strategies to ensure the effectiveness of your organization's tabletop exercise, essential considerations for setting up these exercises and the common issues encountered during their implementation.

12:00 - 1:00pm
CISO Panel Discussion
Location: Basement
Moderated by Martin Bos, TrustedSec CSO & VP of Consulting Services
Step beyond the typical CISO conversation and into a session designed for cybersecurity leaders who need real, actionable strategies that won't break the bank. Our panel of experts will tackle technical challenges head-on, with discussions on preparing for unknown threats, aligning security strategies with business objectives, and innovating even with constrained resources.

Unlike other CISO panels, this session goes deeper into the technical side of cybersecurity leadership, providing practical solutions and insights you can apply immediately. To wrap up, the panel will engage in a collaborative brainstorming session, offering cutting-edge tactics and peer-driven approaches to enhance your organization's security posture in today’s dynamic threat environment.

1:00 - 2:00pm
Lunch
Location: Basement

2:00 - 5:00pm
Deception-Driven Defense
Location: Basement
Presented by Ben Mauch, TrustedSec Director of Organizational Training
In this interactive training session, participants will explore the strategic art of using deception to protect their organizations from potential adversaries. By implementing deception controls within their environment, defenders can identify security threats early in the attack chain. Drawing on methods used in military operations, this workshop will cover how psychological, cyber, technical, and physical deception tactics can serve as effective tools for early detection and response to both internal and external threats. Attendees will learn practical, low-cost techniques and tools that can be integrated into their defense strategies. The session focuses on easy-to-implement solutions designed to deceive, detect, and deflect adversaries while creating opportunities to strengthen organizational security posture.

2:00 - 5:00pm
NIST CSF 2.0
Location: Main Floor; Up Staircase
Presented by Chris Camejo, TrustedSec Director of Advisory Services
& Steph Saunders, TrustedSec Senior Security Consultant
This comprehensive training session provides a concise and practical overview of the latest updates to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and offers actionable insights for enhancing your organization's Information Security program. This session will guide participants through the key changes and improvements in NIST CSF 2.0, explaining how these updates impact cybersecurity practices and align with evolving industry needs. Attendees will learn how to effectively implement the new framework to bolster their security posture, streamline compliance, and better manage cybersecurity risks.

5:00 - 6:00pm
Cocktail Hour
Location: Basement
Enjoy drinks and hors d'oeuvre as we wrap up the first day of SmileyCon!
But don't let the good times end, meet us after 6:00pm at Brighten Brew located just around the corner if you're looking to grab some dinner or enjoy a few more drinks for the evening. Located at 1374 S. Cleve-Mass Rd, Copley, OH 44321.

Friday, April 11, 2025

9:00 - 10:00am
Breakfast
Location: Basement

10:00 - 10:50am
Opening Keynote: Mind & Body Wellness With Diamond Dallas Page
Location: Basement
Presented by WWE Hall of Famer, Diamond Dallas Page
This is one of his signature keynotes which is centered on maximizing productivity through innovative health and wellness strategies. DDP dives into achieving work-life balance, stress reduction, and overall fitness, highlighting how a healthier workforce leads to fewer sick days, enhanced retention, sustainability, and improved team dynamics. Attendees will leave feeling empowered and equipped to embark on their personal journey towards mind and body wellness, driving them towards professional excellence. 

11:00am - 11:50am
Adventures in Cloud Hacking: A Look at Modern Cloud Adversary Operations
Location: Basement
Presented by Edwin David, TrustedSec Security Consultant
This session offers a deep dive into the phases of Cloud Penetration Testing, with a focus on real-world attack paths within Azure cloud environments. Participants will explore critical cloud attack techniques, such as reconnaissance, password spraying, device code phishing, data theft in Entra ID, public storage blob exploitation, lateral movement through unsecured Azure applications, pivoting from cloud to internal networks, and seamless SSO impersonation abuses. By dissecting each of these attack paths, attendees will gain an understanding of how adversaries can infiltrate and compromise cloud infrastructures.

The presentation will also provide defensive strategies, including threat-hunting techniques using KQL to detect malicious behavior. Practical demonstrations will highlight the tools and methods used during cloud testing phases, such as AADInternals, TeamFiltration, SpiderFoot, and AzureHound. From gaining initial access to achieving full cloud takeover, this session equips attendees with the insights needed to recognize, mitigate, and defend against complex cloud threats.

12:00 - 12:50pm
I Will Survive: Protecting Backup and Recovery in the Age of Ransomware
Location: Basement
Presented by Mike Owens, TrustedSec Senior Security Consultant
Ransomware attackers often target backups and recovery systems to force victims into paying ransoms, which makes robust protection strategies essential for organizations. Led by a remediation expert, this session outlines four(4) critical steps to safeguard backups, harden systems, and maintain recovery capabilities during worst-case data corruption or ransomware incidents. Participants will explore effective backup design and management, technical hardening measures, and the role of immutable backups to prevent tampering. Drawing on real-world attack and recovery scenarios, the session will guide attendees through practical recovery planning, self-assessment, prioritizing key investments, and the value of regular testing. With additional insights on integrating these strategies into broader organizational risk management, attendees will gain tools and techniques to become true ransomware survivors.

1:00 - 2:00pm
Lunch
Location: Basement

2:00 - 2:50pm
Why You May Not Need a Security Team
Location: Basement
Presented by Alex Hamerstone, TrustedSec Advisory Solutions Director
This session challenges traditional notions of cybersecurity by proposing a decentralized approach where security responsibilities are embedded across various roles rather than being confined to a specialized team. By empowering staff such as developers and network administrators to integrate security practices into their work, supported by a governance and advisory framework, companies can foster greater security-mindedness and improve resilience. This shift requires rethinking the role of security, emphasizing oversight, risk management, and integration with broader business functions, while also acknowledging the changing landscape of privacy, legal, and audit responsibilities. The result is a more adaptive and effective security strategy, where all staff contribute to a proactive defense.

3:00 - 3:50pm
Decrypting the Chaos: An Attacker's Guide to Understanding Modern-Day Threats
Location: Basement
Presented by Travis Kahn, TrustedSec Senior Security Consultant
In today’s cyber landscape, separating genuine threats from hype can be challenging. This session offers a critical insider's view to help organizations focus their cybersecurity defenses on the most pressing threats. Drawing on Red Team expertise, the session will reveal how attackers exploit weaknesses, highlighting key threats and common blind spots in security defenses. Attendees will gain actionable insights for enhancing logging, monitoring, and overall defensive strategies, learning how to prioritize resources and fine-tune detection methods to outpace adversaries. This session cuts through the noise and provides practical steps to build a clear and effective threat mitigation strategy.

4:00 - 4:50pm
Exploiting AI: A Case Study on Voice Biometric Penetration Testing
Location: Basement
Presented by Skyler Tuter, TrustedSec Senior Security Consultant
This session will offer an in-depth case study on how AI voice cloning can compromise voice biometric authentication systems. Drawing from a recent engagement with a major financial institution, the presentation will showcase how advanced AI voice synthesis techniques were used to manipulate voice-based identity verification through Interactive Voice Response (IVR) systems. Attendees will gain a detailed understanding of the methodologies employed during penetration testing, the obstacles encountered, and key insights from successfully bypassing security measures with cloned voices. This talk will shed light on the vulnerabilities inherent in current voice authentication systems and provide practical recommendations for enhancing security.

5:00 - 6:00pm
Closing Keynote
Location: Basement
Presented by David Kennedy, TrustedSec Founder & CEO