Amanda Berlin

Amanda Berlin has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. While working the the healthcare sector Amanda has been involved in creating a secure method of Payment Card Industries (PCI) and Health Insurance Portability and Accountability Act (HIPAA) compliance and building a comprehensive phishing and awards based user education program.
Amanda is an avid volunteer and has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, CircleCityCon, GrrCon, and DEFCON. She is currently a co-author of a Blue Team best practices book as well working as part of a team on an open sourced phishing and user education software package. While she doesn't have the credentials or notoriety that others might have, she hopes to make up for it with her wit, sense of humor, and knack for catching on quick to new technologies.


Andrew Bindner

Andrew has over 15 years of experience in the security field. He started working with RF analysis in the US Navy as a cryptologist and then migrated to cyber security, supporting world-wide engagements for various three-letter organizations and performing information assurance and penetration testing. Currently, Andrew is a Senior Security Consultant with Rapid7 and performs security testing of physical and wireless networks, along with web applications, mobile devices, IoT, physical security, and social engineering. Andrew is the co-author, "Hacking with Kali." While at home, Andrew loves tearing apart old electronics, children's toys, and vehicles to make them exciting again with new features; once, he tricked out an older riding lawn mower with flames and neon running lights because.. why not.

SDR & RF Hacking Primer (Class)
Discover the world of Software Defined Radio (SDR) and Radio Frequency (RF) analysis. Students will learn the basics of radio waves theory and how to analyze RF communications for the purpose of exploitation. Hands on labs will guide students through use of an SDR and the GNU Radio Companion(GRC). Other labs include capturing automotive key fobs and exploitation of a Bluetooth Low Energy (BLE) enabled device.

Josh Brunty

Intro to WireShark
Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and displays them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets.

This class will get you up to speed with the basics of capturing packets with WireShark, filtering them, and inspecting them. You can use Wireshark to inspect a suspicious program’s network traffic, analyze the traffic flow on your network, or troubleshoot network problems.

Network Forensics using Kali Linux and/or SANS Sift

A former digital forensics laboratory manager and examiner, Josh Brunty has over a decade of experience in the field of digital forensics & investigations. Josh is currently an Assistant Professor of Digital Forensics for the Department of Integrated Science & Technology and Forensic Science Departments at Marshall University in Huntington, WV.

Prior to joining Marshall, Josh was an examiner and technical leader of digital forensics with the West Virginia State Police’s Digital Forensic Laboratory. Josh holds numerous certifications within the digital forensics discipline including: AccessData Certified Examiner (ACE), AccessData Mobile Examiner (AME), Computer Hacking Forensic Examiner (CHFI), Seized Computer Evidence Recovery Specialist (SCERS), Certified Malware Investigator, Certified Steganography Examiner, and is certified by the National Security Agency in Information Assurance Methodology (NSA-IAM).

Josh has authored numerous articles on the subject of digital forensics and investigations, many appearing in publications such as Digital Forensic Investigator (DFI) News. Most recently, he co-authored the book “Social Media Investigation for Law Enforcement” published by Elsevier/Anderson, which outlines the ever-increasing popularity of social media and its potential value as a source of evidence within an investigation.

He has developed a variety of digital forensic training sessions and curriculum; including past recertification scenarios/exams for the International Association of Computer Investigative Specialists (IACIS). Josh is a member of the Mid-Atlantic Association of the High Technology Crime Investigation Association (HTCIA), the Digital-Multimedia Sciences section of the American Academy of Forensic Sciences (AAFS), the Appalachian Institute of Digital Evidence (AIDE) the West Virginia Cyber Crimes Task Force, and the West Virginia Chapter of FBI INFRAGARD.

Adam Compton

Adam Compton has been a programmer, researcher, professional pentester, father, husband, and farmer. Adam has over 20 years of programming, network security, incident response, security assessment, and penetration testing experience. Throughout Adam's career, he has worked for both federal and international government agencies as well as within various aspects of the private sector.

Hillbilly Storytime - Pentest Fails
Whether or not you are just starting in InfoSec, it is always important to remember that mistakes happen, even to the best and most seasoned of analysts. The key is to learn from your mistakes and keep going. So, if you have a few minutes and want to talk a load off for a bit, come and join in as a hillbilly spins a yarn about a group unfortunate pentesters and their misadventures. All stores and events are true (but the names have been be changed to prevent embarrassment).

Mick Douglas

Even when his job title indicated otherwise, Mick Douglas has been doing information security work for over ten years. He received a bachelor's degree in Communications from the Ohio State University and holds the CISSP, GCIH, GPEN, GCUX, GWEB, and GSNA certifications. He currently works at Binary Defense Systems as the DFIR Practice Lead.
He is always excited for the opportunity to share with others so they do not have to learn the hard way! Please join in; security professionals of all abilities will gain useful tools and skills that should make their jobs easier. When he's not "geeking out" you'll likely find him indulging in one of his numerous hobbies; photography, scuba diving, or hanging around in the great outdoors.

PowerShell (Class)

PowerShell for IR

Daniel Efaw


911 DDOS
This talk is built on the little-known vulnerabilities of the public service alerting system.

Victor Gevers

Victor Gevers (also known as 0xDUDE) is a senior security specialist, specialized in network, mobile, and web application security. He performs research on state-of-the-art attack and defense mechanisms, hacking techniques and OSINT. In his free time, he is a vulnerability researcher and hunts down weak security implementations. In several occasions, he has been pointed out to be a truly responsible disclosure evangelist, practicing the art over 19 years and has made over five thousand responsible disclosures world-wide." - I am know for finding and exposing serious vulnerabilities in critical platforms and services. From playing with Voting machines and finding big data leaks in the world and getting them fixed with responsible disclosures.

Repairing the internet with Responsible Disclosures
In 2016 a non-profit organisation, operated by volunteers started reporting vulnerabilities as responsible disclosures (coordinated vulnerability disclosures) and helping victims of ransom attacks worldwide under the name PROJECT366. As chairman & co-founder of that organisation, I would like to share the experiences and challenges they have faced so far. In the last 19 years, Victor Gevers (@0xDUDE) has made over 5,250 security reports without getting in trouble with the law. In this talk, you’ll be taken through the experiences of the last 19 years in “how you could report ‘bad news’ and show our attempts to report as many vulnerabilities as humanly possible and how to deal with those on the other side, the organizations who receive these reports and the challenges each side faces.

Scott Keener

Scott’s been a techy and computer guy since he was at least 8, and has been doing scripting, programming, general nerding out and other such things since Scott is primarily a blue team guy, and thus, is used to saying “no, but" and generally making friends most days. He has 10 years professional security experience and is continuing to learn and trying to keep the "bad guys" out.

SCAP: A Primer and Customization

Branden Miller & Audrey Miller

Branden Miller retired from the US Navy in 2011 after 20 years of service. He has held many positions such as system administrator, network engineer, digital network exploitation analyst, and finally, adjunct faculty for the National Cryptologic School. In his spare time, he starts many projects he never finishes and assists his extended family with prepping.
Audrey Miller is a 14 year old who has life figured out. “Just do what your dad tells you and everything will work out!” She is currently valedictorian of her 9th grade class. Audrey is homeschooled but occasionally attends classes at Bluegrass United Academic Center. (Disclaimer - Bio may have been written by dad)

From junk to jewels: Destruction is the key to building
Have you ever driven past a neighbor’s house the morning of trash collection and thought “I wonder if that works?” Me too! The difference is I don’t care if it works. I take it and break it. This talk is meant to get those creative juices flowing. You will learn how to take junk and create masterpieces with your kids. Don’t have kids? Borrow some! That is how good this talk is!

Kashish Mittal

Kashish Mittal is a Security Engineer at Duo Labs, the advanced research center part of Duo Security.He has 3+ years of experience in the Security industry and has worked for companies such as Bank of America, Deutsche Bank etc. By choice, he is an ethical hacker and an addicted CTF player. He is a member of PPP (CMU's elite CTF group) that won DefCon 24 and 23 CTF competitions. Prior to joining Duo, he did Security Research at Cylab, Pittsburgh. He has a BS and a MS from Carnegie Mellon University majoring in ECE with a focus on Security. He is passionate about delivering Security awareness and training for employees, college students and high schoolers etc.

No one left behind : Security Defense through Gamification including CTFs
For an outsider, the world of cybersecurity and hacking can be complex and mystifying. People are intrigued and terrified by the “400 lb hacker.” With phishing and other forms of social engineering still being one of the most common root cause of breach, there is a need to empower a company’s employees, especially the non-technical ones, to be able to defend and not fall prey to such attacks. Similarly, the increase in the amount of code being written along with the shortage of cybersecurity professionals calls for a need to train software developers in Security. Traditional methods of awareness including lectures, videos etc. have been ineffective in achieving this adequately. I claim this based on reports by organizations such as Experian, Ponemon etc. and the extensive internal research done at my current company. I present a novel system for cybersecurity training and awareness : Security Gamification including CTF ( Capture The Flags). The training emphasizes on a ‘no one left behind’ principle in which all the employees at a company get trained in CyberSecurity defense.

CTFs are online cybersecurity competitions that involve practical hands on training through Security puzzle solving. They are mostly played by current or aspiring Security professionals and have proven to be one of the best ways to learn about Security and defense. My training method is novel in that this is the first publicly released use of CTFs and Security puzzles to train developers and non-technical people. CTFs rely on the interactive ‘learning by doing’ methodology which has proven to be more successful than the one-way incoming lecture style. We use this methodology to gamify the Security training for technical as well as nontechnical employees by varying the scopes and level of challenges. The idea is to help the participants learn how to defend by making them break or hack things in controlled environment. It helps the participants defend better by getting into the attacker mindset, thereby de-mystifying the hacking world. Additionally, the healthy competition amongst employees, the fun puzzle based format and the chance to work in teams all provides exceptional learning opportunities.

In my presentation, I will also delve into the key take-aways for people interested in building a similar system at their respective companies. This detailed interaction will contain discussions about the reconnaissance of Security awareness at a company needed as step one of building this system. Then, it will go on to demo some example challenges for both developers as well as non-technical employees. I also plan to include a brief section about how to present it such that the employees and leadership are excited about it rather than seeing it as a burden.

One of the many appealing things about this system is its ability to effectively track and quantifiably measure the increase in Security awareness and defense capabilities over time. Starting from the reconnaissance phase, all the way to successfully completing the implementation and even after that, the system provides functionality of number of challenges solved, time taken, number of attempts etc. for each employee which can also be combined per team, per department or the whole company etc.

Matt Perry

Old School Computer Guy, Just a simple man trying to make my way in the univerise

I survived Ransomeware.... Twice
I will tell my experiences about Ransomeware and how I recovered from it.

Michelle Pirtle

Michelle Pirtle, Special Agent Federal Bureau of Investigation - SA Pirtle has been with the FBI for 11 years and is currently based out of the Pittsburgh field office. Her experience has focused on cyber investigations, to include criminal and national security matters. SA Pirtle is now on the Human Intelligence and Public Outreach Squad; she is the FBI Coordinator for both the Pittsburgh InfraGard Members Alliance and the West Virginia InfraGard Members Alliance, and she is the local FBI control systems point of contact for Western Pennsylvania.


John Sammons

John Sammons is an Associate Professor and the Interim Chair of the Department of Forensic Sciences. He is also the Director of the Digital Forensics and Information Assurance Program.

John is the author, co-author, and contributor of several books including the best-selling “The Basics of Digital Forensics” published by Syngress. In 2013, “The Basics” was nominated for Digital Forensics Book of the Year by Forensic 4 Cast. This book is currently in its second edition and has been translated into Korean.

His other books include “Digital Forensics: Threatscape and Best Practices,” and “The Basics of Cyber Safety: Computer and Mobile Device Safety Made Easy.” John co-authored the digital forensics chapter in Douglas Ubelaker’s book “Forensic Science: Current Issues, Future Directions.” The book is co-published with the American Academy of Forensic Sciences. John also authored the digital forensics chapter in the book “Information Security: A Strategic-Based Approach.”

His next book, “Digital Forensics Trial Graphics: Teaching the Jury through Effective Use of Visuals” is due to be published in the Spring of 2017 by Academic Press.

He is a former Huntington Police officer. John spent the majority of his career as a detective investigating drug trafficking in and around the Huntington area. John’s investigative work was recognized by the United States Department of Justice when he received their award for public service. While at HPD, John was one of the lead firearms and tactics instructors. In addition to his teaching duties at HPD, he regularly taught patrol tactics at the West Virginia State Police Academy.

As a part-time investigator for the Cabell County (WV) Prosecutor’s Office, John works as a part-time examiner in the West Virginia State Police Digital Forensics laboratory. John is a member of the West Virginia Internet Crimes Against Children Task Force. He also serves as a Fusion Center Liaison Officer for the West Virginia Intelligence Fusion Center.

Prior to joining the faculty at Marshall, John co-founded Second Creek Technologies, a digital forensics and electronic discovery firm located in Barboursville, West Virginia. While at Second Creek, John served as the Managing Partner and CEO.

John is an adjunct instructor at the Marshall University Forensic Science Center where he teaches advanced digital forensics and firearms to graduate students. John routinely provides training for the legal and law enforcement communities in the areas of digital forensics, investigations, and electronic discovery.

He is the founder and President of the Appalachian Institute of Digital Evidence. AIDE is a non-profit organization that provides research and training for digital evidence professionals including attorneys, judges, law enforcement, and information security practitioners in the private sector.

John holds multiple certifications including the AccessData Certified Examiner (ACE), the Cellebrite Certified Logical Operator (CCLO), and the Cellebrite Certified Physical Analyst (CCPA).

He is a Member of the American Academy of Forensic Sciences, the High Technology Crime Investigation Association, and Infragard.

John served 11 years as an officer in the U.S. Army Reserve and the West Virginia Army National Guard.

Evidence Collection
Evidence handling is clearly one of the most important aspects in the expanding field of digital forensics. The never-ending innovation in technologies tends to keep best practices in constant flux in effort to meet industry needs. This class will cover the proper ways to collect evidence and various techniques.

Incidence Response
In the fields of computer security and information technology, computer security incident response involves the monitoring and detection of security events on a computer or computer network, and the execution of proper responses to those events. Computer security incident response is a specialized form of incident management, the primary purpose of which is the development of a well understood and predictable response to damaging events and computer intrusions.

Tess Schrodinger

Tess is a security engineer and researcher with over twenty years of experience in security and counterintelligence. Her areas of interest are Insider Threat, Quantum Computing, Security Awareness, Cryptography, and Triathlons.

Total Recall: Using Implicit Memory as a Cryptographic Primitive
What is cognitive memory? How can you “implant” a password into it? Is this truly secure? Curiosity around these questions prompted exploration of the research and concepts surrounding the idea of making the authentication process more secure by implanting passwords into an individual’s memory. The result? The idea is that you are not able to reveal your credentials under duress but you are still able to authenticate to a system. This talk will go over current research in the field and their related vulnerabilities and limitations.


Value of threat intelligence
We will be discussing the value of threat intelligence and what important criteria an organization needs to review when researching a threat intelligence provider. We will also highlight some of the important features of Zero | Day | Live.

Lucas Truax

I have worked in IT/IT security for nearly 10 years first starting as a database developer and most recently as a security consultant performing pen tests and assessments. Lived in the best state in the country (WV of course) for 29 of my 32 years on earth.

Your Home Network is the Next Hacker Highway; Secure it!
As enterprise security processes mature and include things like mult-factor authentication, attackers can shift their focus to the often vulnerable and least thought out of the company endpoints - the home network. Via OSINT and/or searching credential dumps, attackers can obtain and correlate publicly facing IP address information for IT and security staff, making the home network a viable option. In complex environments such as ICS, the industry has already seen attackers shift attacks towards supply chain vectors, the shift from attacking enterprise networks to attacking the home networks used to authenticate to enterprise networks is a logical one. Securing our assets is a responsibility we have as security professionals.

Given the threat, what are some ways that we as cyber security and information technology professionals can protect our personal information? Thankfully, there are a large number of open-source tools that provide us with the capability to quickly stand up security at home that provides near-enterprise level capabilities. Snort, OSSEC, and SolarWinds can be utilized at home to build a secure working environment.

Is YOUR home network secure?

Steve Truax

Been working in IT professionally for 20 years, but has been working on computers since his parents purchased him a vic 20. He is a Navy veteran, that has worked for companies that range from major computer companies, to companies that make milking equipment for cows. His current position is a blue teamer, but his heart and mind has always been as a red teamer.

Pi's, Pi's and wifi
This will be a two part talk discussing the DeAuth Tool and the Pi-Hole and how you can use both to keep your network safer.

Adam Vincent

Data Analyst by day, Security Enthusiast by night. I have a Computer Engineering degree from WVU Tech, where I discovered my curiosity for cryptography. My personal motto is "Automate Everything.

Security Through Ansible Automation
Ansible is a powerful tool that can be used to configure settings and security for your environment, whether that is a personal network, cloud-scale distributed application, or anything in between. This class provides an introduction to Ansible, taking you from no experience to writing and running your own playbooks. Special attention will be given to the security options within Ansible. We will also discuss version controlling your configurations using git.

Aaron West/Rob West


FLDigi - E-mail over Packet Radio

Ira Winkler

Ira Winkler, CISSP is President of Secure Mentem, author ofAdvanced Persistent Security, and co-host of The Irari Report( He is consideredone of the world’s most influential security professionals, and has been nameda “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically andtechnically “broke into” some of the largest companies in the World andinvestigating crimes against them, and telling them how to cost effectivelyprotect their information and computer infrastructure. He continues to perform these espionagesimulations, as well as assisting organizations in developing cost effectivesecurity programs. Ira also won the Hallof Fame award from the Information Systems Security Association, as well asseveral other prestigious industry awards. Most recently, CSO Magazine named Ira a CSO Compass Award winner as The AwarenessCrusader.

Fighting Advanced Persistent Threats with Advanced Persistent Security
It appears that any successful attack these days is labeled, Sophisticated, and perpetrated by Advanced Persistent Threats. The implication is that the attacks were unpreventable. The reality is very different. We dissect recent attacks, and then go through how they could have been prevented. Advanced Persistent Security principles are applied to demonstrate how even successful breaches can be contained to significantly reduce loss.

Learning From Failure
When there is a security incident, everyone believes that all is lost. However, if handled properly, it can lead to strengthening the current security program. This presentation discusses a systematic methodology to accomplish this.Recent case studies will be analyzed to demonstrate the process.

Ernest Wong

Ernest "Cozy Panda" Wong is the Chief of Staff at the Army Cyber Institute and teaches Systems Engineering at West Point. He holds a Master of Military Science from Kuwait's Mubarak al-Abdullah Staff College and earned a MS in management science & engineering and a MA in education from Stanford. He was a NASA Summer Faculty Fellow and has served in Iraq, Kuwait, and the Republic of Korea. He enjoys researching disruptive innovations and cyber resiliency.

Coming Up with the Next Wave of Cyber Innovations-Start by Thinking 1ns1d3 th3 B0x
Ever since the origins of the Republic, the American people have demonstrated a strong speculative knack and a high degree of optimism that have led to innovative solutions for resolving tough problems. From the first American colonists who made do with limited resources, to astronauts who boldly explored space with minimal supplies in order to break free of gravity, Americans have a proud history of developing new concepts, processes, and material for getting the mission accomplished. However, the rapid growth of the Internet in a globally connected world has meant that the tools for operating in cyberspace are constantly changing. In such a fluid environment, does America still have the capacity to gain the strategic advantage necessary to effectively out-hack those who attack us in the cyber domain? To address these perplexing issues, this presentation analyzes what innovation really means and highlights differences between four distinct types of innovation: disruptive, breakthrough, sustaining, and incremental innovations. By using this innovation framework (to get us thinking 1ns1d3 th3 b0x), this presentation offers unique insights for promoting how our nation can continue to develop successful innovations for the cyber domain.