$10 – $500

BSides Oklahoma 2021 - Information Security Conference

Actions and Detail Panel

$10 – $500

Event Information

Share this event

Date and Time

Location

Location

Online Event

Refund Policy

Refund Policy

Refunds up to 7 days before event

Event description
Pay If You Can! *** If you can cover $10 to help, please do. If not, use coupon code FREESWAG. ***

About this Event

Pay If You Can! What?!?! - Swag is expensive, but we still want to include everyone. Because of Covid, sponsors aren't as eager to chip in, so if you can cover $10 to help, please do. If not, use coupon code FREESWAG. No judgement either way. We're all in this together!

BSidesOK is an information security conference focused on practical knowledge that is widely available to the community. Our goal is to improve information security skills and awareness through sharing, with inexpensive training classes and a conference for attendees. The conference includes hands-on challenges, talks, food and drinks(grownup and otherwise). All would not be possible without our Sponsors and our amazing Volunteers!

  • The main BSidesOK conference will be on April 30th. The conference schedule will be published at bsidesok.com.
  • 1-day and 2-day training classes will be offered April 28th & 29th.
  • Check-in will open at 7:30 AM each day. Classes will go from 8AM-5PM.

We look forward to seeing you there!

---

Training Classes

---

Cyber-attacks against the organization. A primer for Management, Auditors, and non-technical staff taught by Jonathan Kimmitt (University of Tulsa)- 1-day training class on April 28

In this one day session the class will be covering the primary methods that an attacker might use against an organization. I will be performing live attacks against a mock environment and we will discuss what they are, how they work, and how to defend from a non-technical point of view. The class attendees will see the attack and the results, and they will have opportunities to discuss the risk, management decisions, and security controls.

---

Vendor and Contract Management for IT Management and Auditors taught by Jonathan Kimmitt (University of Tulsa) - 1-day training class on April 29

In this one-day session the class will cover the review process for contracts and service agreements. Students will learn how to perform a high-level review of contracts, and then do a deep dive as it relates to IT related items. This is a highly interactive discussion-based class. We will be reviewing contracts and building a checklist for understanding the contract terms. This class will help you provide valuable input to your General Counsel and contract managers, while helping your IT department protect your data and systems.

---

Incident Response with Digital Forensics taught by Donovan Farrow (Alias Forensics) - April 28 - 29

Ransomware, phishing attacks, insider threats, business email compromise. All these and more are attack vectors you need to know how to handle as information security professionals. Knowing how to soundly handle devices and what to do with them forensically can make or break your recovery process. In this class, we’ll be taking an in-depth look at digital forensics and how it applies towards various incident response situations. You’ll get hands-on experience with a few different forensic tools and as well as learn the do’s and don’ts of forensic incident response.

---

Application Security & Web / API Penetration Testing taught by Kris Wall (Stinnett & Associates)- April 28 - 29

This course is designed to quickly familiarize students with basic and advanced methodologies of application security testing and give hands-on experience exploiting applications. Students will learn the common weaknesses that web developers introduce to applications by learning to exploit:

1) web applications

2) APIs

3) single page apps

4) code reviews

Students will learn about chaining these vulnerabilities into a full fledged attack chain and their underlying infrastructure. This is a hands on course and a laptop will be required. We’ll go from the basics and into advanced detection methods using commonly available tool sets. To be clear, this is much, much more in depth than the OWASP Top 10.

---

Red Team Fundamentals for Active Directory taught by Eric Kuehn (Secure Ideas) - 1-day training class on April 29

Focused on explaining the fundamentals of Active Directory and how different aspects can be exploited during penetration tests, this course covers different attacks and explains the details of why they work. We also explore how an environment can be made resilient to attacks or detect malicious activity. The course includes hands-on exercises exploring common misconfigurations which are commonly seen in Active Directory. We then exploit these issues to pivot and escalate our access, ultimately gaining full control of an AD Forest.

---

Professionally Evil Container Security taught by Cory Sabol (Secure Ideas)- 1-day training class on April 28

Learn the ins and outs of container security. We start with some foundational lessons on containers and container orchestration. This is followed with container security concerns, configuration issues, and how to abuse them. The lessons include hardening tips and guidelines. This class is focused primarily on Docker and Kubernetes but can be applied to other container technologies.

---

Audit Analytics Anyone Can Do taught by Trent Russell (The Audit Podcast)- 4-hour training class on April 29

Audit analytics can be overwhelming and fearful. Some might spend more time developing excuses on why not to use analytics than trying to learn the basics. In this seminar, Trent will take us through multiple analytics techniques so you too can learn not only the basics but advanced techniques as well. This course isn’t about concepts. This course is about how to actually do an analysis. We’ll also walk through not only how to develop analytics, but how to develop analytics competencies within your own team. Trent will also walk us through using analytics for IT General Controls testing and how best to use analytics for SOX procedures. Additionally, Trent will provide real-world use cases for using predictive analytics, text-based analytics, and fraud analytics techniques within the audit function.

---

IT Fraud and Countermeasures taught by Richard Cascarino (Integrated Decision Engineering Analysis, Inc.)- April 28 - 29

With the increasing growth of fraudulent activities within the business world it has become essential that auditors are able to:

1) Examine data and records to detect and trace fraudulent transactions

2) Interview suspects to obtain information and confessions

3) Write investigation reports, advise clients as to their findings and testify at trial

4) Be well-versed in the law as it relates to fraud and fraud investigations

5) Understand the underlying factors that motivate individuals to commit fraud

Fraud prevention and investigation, in particular IT fraud, have become an everyday part of corporate life and the auditor must gain expertise in this area. The workshop covers such issues as the tasks of the forensic auditor, computer fraud and control, abilities required of the fraud auditor, the type and nature of common frauds, and the auditor in court.


		BSides Oklahoma 2021 - Information Security Conference image
Share with friends

Date and Time

Location

Online Event

Refund Policy

Refunds up to 7 days before event

Save This Event

Event Saved