Talks

Presentation proposals, resources and recordings

2023 Conference Talks for Charles Herring

Charles Herring 11 December 2022

The following abstracts are available for delivery at security meetings and conferences.

Read more about 2023 Conference Talks for Charles Herring

BSidesSPFD - SECOPS Driving Prosecution via a Global CyberGrid

Charles Herring 8 May 2023

In a 2021 DarkReading article titled Handcuffs over AI, I describe the importance focusing on the outcome of increasing deterence in cybercrime. The presentation can be downloaded here.

Read more about BSidesSPFD - SECOPS Driving Prosecution via a Global CyberGrid

GrrCon 2021: Machine Learning Driven Social Engineering

Charles Herring 15 September 2021

Machine Learning Driven Social Engineering talk will be given at GrrCon on 9/16/2021 at 4:30pm.

Abstract

Machine learning (ML) is arguably the most potent advancement in technology since atomic fission with similar benefit and risk extremes. The outcome driven nature of machine learning allows computers to rapidly test theories to find pathways to support specific goals. These approaches applied to social engineering can be used to manipulate human factors for purposes including cybersecurity breach. This session will cover the philosophies, strategies and tactics used to accomplish a successful campaign to recruit human assets to a cause. Factors to mitigate risk in these advanced social engineering attacks will also be examined.

The presentation can be downloaded here.

Read more about GrrCon 2021: Machine Learning Driven Social Engineering

ExploitCON West 2020 Slides – Metric Driven SECDEVOPS

Charles Herring 29 July 2020

Slides of our talk can be downloaded here.

Details on the session are available here: https://exploitcon.com/#/west

Read more about ExploitCON West 2020 Slides – Metric Driven SECDEVOPS

Secure360 2020 Slides – Metric Driven SECDEVOPS

Charles Herring 5 May 2020

Slides for our talk at Secure360 2020 can be downloaded here.

Details on the session are posted here: https://secure360.org/session/charles-herring-metric-driven-secdevops/?conference=11809&date=20200505

Read more about Secure360 2020 Slides – Metric Driven SECDEVOPS

Metric Driven Development Presentations

Charles Herring 29 October 2019

From IIA/ISACA IT Hacking Conference : Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are thousands of variables that need to be constantly addressed to find the balance that delivers sustainable and secure success. In this session, WitFoo’s chief engineers will outline an innovative approach to secure devops called Metric Driven Development.

Read more about Metric Driven Development Presentations

Breaking NBAD & UEBA Talk

Charles Herring 23 October 2019

From DEFCON & GrrCON: Network Behavior Anomaly Detection (NBAD) and User and Entity Behavior Analytics (UEBA) are heralded as machine learning fueled messiahs for finding advanced attacks. The data collection and processing methodologies of these approaches create a series of new exploitable vectors that can allow attackers to navigate network and systems undetected. In this session, methods for poisoning data, transforming calculations and preventing alerts will be examined. Proof of concept code will be demonstrated and made available. Approaches to harden against these attacks will also be discussed as well as outlining needed changes in detection standards.