BSidesOK is an information security conference focused on practical knowledge that is widely available to the community. Our goal is to improve information security skills and awareness through sharing, with inexpensive training classes and a conference for attendees. The conference includes hands-on challenges, talks, food and drinks(grownup and otherwise). All would not be possible without our Sponsors and our amazing Volunteers!

• The main BSidesOK conference will be on Friday, April 8th. The conference schedule will be published at bsidesok.com.
• Affordable security training classes will be offered Thursday, April 7th.
• Check-in will open at 8:00 AM each day. Classes will go from 9AM-4PM.

Thales & Fortinet are hosting a Happy Hour on Thursday evening before the conference. Signup for a ticket here: https://www.eventbrite.com/e/bsides-conference-happy-hour-tickets-300819779057

We look forward to seeing you there!

---

Training Classes

---

Vendor and Contract Management for IT Management and Auditors taught by Jonathan Kimmitt (University of Tulsa) - 1-day training class on April 7 - $250

In this one-day session the class will cover the review process for contracts and service agreements. Students will learn how to perform a high-level review of contracts, and then do a deep dive as it relates to IT related items. This is a highly interactive discussion-based class. We will be reviewing contracts and building a checklist for understanding the contract terms. This class will help you provide valuable input to your General Counsel and contract managers, while helping your IT department protect your data and systems.

---

Red Team Fundamentals for Active Directory taught by Eric Kuehn (Secure Ideas) - 1-day training class on April 7 - $250

Focused on explaining the fundamentals of Active Directory and how different aspects can be exploited during penetration tests, this course covers different attacks and explains the details of why they work. We also explore how an environment can be made resilient to attacks or detect malicious activity. The course includes hands-on exercises exploring common misconfigurations which are commonly seen in Active Directory. We then exploit these issues to pivot and escalate our access, ultimately gaining full control of an AD Forest.

---

Threat Hunting Workshop with Cybereason taught by Larci Robertson (Cybereason)- 1/2 day training class on April 7 (Afternoon-only) - $20

Whether the process is called threat hunting, cyber hunting or cyber threat hunting, each term essentially means the same thing: security professionals look for threats that are already in their organization’s IT environment. This differs from penetration or pen testing, which looks for vulnerabilities that an attacker could use to get inside a network.

Threat hunting isn’t based on flashy technology that will become irrelevant in a few months. It’s a return to one of the basic tenets of information security: reviewing your IT environment for signs of malicious activity and operational deficiencies. With hunting, you can answer the question, “Am I under attack?”

Want to learn about how to create an effective hypothesis for a threat hunt? This workshop will guide you through How to Generate a Hypothesis for a Threat Hunt and provide use cases you can take home to your current organizations tools as well as get hands-on experience with the Cybereason platform.