Join Bishop Fox AVP of Consulting, Tom Eston, and Security Consultant, Yael Basurto at the 13th BSides Las Vegas. After a two-year hiatus, BSides Las Vegas is back in real life where you can attend a variety of technical and academic presentations and learn from skilled security practitioners. In BSides tradition, there will be a variety of other activities including a Lock Pick Village, Happy Hour, and evening entertainment.
Title: Management Hacking 101: Leading High Performance Teams
Presenter: Tom Eston
Date: August 10, 2022
Time: 10:30 a.m.
Location: Hire Ground
Have you been recently promoted (willingly or unwillingly) into a leadership role within your organization? Are you someone that has been a technical “individual contributor” and now you’ve made a career change into management? If so, this talk is for you!
Tom will share his 17 year career journey from IT professional to penetration tester, making the leap into management, and now as an executive overseeing multiple teams. Throughout his career he’s learned many lessons on how to be a better manager and leader. In this talk he'll share his real-world experiences to help you be a great manager and leader. Topics include:
- What makes a great team
- How to hire great people
- Understanding emotional intelligence
- What motivates team members
- Goal setting and evaluating performance
- The importance of communication, feedback, and coaching
After this talk you will be able to immediately apply these concepts to yourself and the teams you manage.
Title: ICS Security Assessments 101 or How da Fox I Test Dis?
Presenter: Yael Basurto
Date: August 10, 2022
Time: 2 p.m.
Location: I Am The Cavalry
We have seen many ICS attacks both in the news and in several talks at security conferences. They show how ICS protocols are insecure by default and how we can mess with control components so easily. However, from a consulting point of view, are we really asking our ICS clients to let us mess with their critical infrastructure just to show what we already know?
In this talk, I’ll show how we can scope and address an ICS security engagement aligned with the industry’s needs. I’ll talk about real-world planning, attack surface identification, exploitation, and reporting from the understanding of what is giving value to our ICS clients. To keep things spicy, I’ll also include short demos to better show what we can do for each assessment type and yea some exploitation as well.