BSides Oklahoma 2023

BSidesOK is an information security conference focused on education and practical skills development for the entire community. Our goal is to improve information security and awareness through sharing, with inexpensive training classes and the best conference in the area. The conference includes hands-on challenges, great presentations, food and drinks, and great swag.

The BSidesOK conference will be on Friday, April 7th. The schedule will be published at https://bsidesok.com.

Affordable security training classes are offered Wed, April 5th - Thur, April 6th.

---

A Happy Hour event is being organized on Thursday evening before the conference. Signups for that will be published as soon as it is ready.

---

Training Classes

---

Responding to an Incident and Beyond: IR Training - taught by Donovan Farrow (CEO) and Tanner Shinn (Security Team Lead) of Alias Infosec

1-day training class on Wednesday, April 5 - $250

Don’t get caught by surprise - join the Alias IR team and learn how to respond to a cyber-attack. Understand how to walk through an incident response situation and become familiar with the various tools our team utilizes during an engagement. You’ll learn the best ways to respond to different types of IR situations (ransomware, business email compromise, data breach, etc.) in the event your business is compromised. Bring your laptop as this will be a hands-on-keyboard, interactive learning environment.

A few key takeaways include:

• A comprehensive break down of how to respond to a cyber incident.
• The tools our team utilize while working an incident.
• The do's and don'ts of negotiating with a hacker.
• How to rebuild your business so you don’t get hit again.

---

How to review contracts for IT Security Professionals - taught by Jonathan Kimmitt of Alias Infosec

1-day training class on Thursday, April 6 - $250

In this one-day session the class will cover the review process for contracts and service agreements. Students will learn how to perform a high-level review of contracts, and then do a deep dive as it relates to IT related items. This is a highly interactive discussion-based class. We will be reviewing contracts and building a checklist for understanding the contract terms. This class will help you provide valuable input to your General Counsel and contract managers, while helping your IT department protect your data and systems.

Whether it is a software as a service, a software license, sales contract, or a user agreement, we deal with contracts daily. At the organizational level, there may be several contracts executed every single day, and many times there are IT requirements either directly in the contract, or in the underlying support of the contract terms.

Additionally, with new laws about data privacy and new liability requirements for decisions makers, it is important that IT professionals understand and be involved in the entire ‘Contract Life Cycle’ for their organization.

---

Professionally Evil Network Testing - Aaron Moss & Nathan Sweaney of Secure Ideas

2-day training class Wednesday, April 5 and Thursday, April 6 - $500

This hands-on course will teach attendees a basic methodology for network penetration testing and an introduction to the processes used. Students will walk through the phases of Reconnaissance, Mapping, Discovery, Exploitation, and Post-Exploitation with demonstrations of various tools and tactics used in each phase. The course is heavily focused on hands-on labs so that attendees have the opportunity to actually use common tools and techniques. By the end of training, students will understand the structure of a penetration test and have the experience necessary to begin practicing the demonstrated toolsets.

Students are expected to have some prior knowledge of network principles (i.e. be familiar with network troubleshooting, TCP/IP protocols, etc), and some general IT experience. Familiarity with command line interfaces and a basic understanding of security concepts are also useful. This is not an advanced course, however, students with little IT experience may struggle to keep up.

---

BASH’n PowerShell - taught by James Lawler & John Robertson

1/2-day training class on Thursday morning, April 6 - $125

This course will go over and attempt to train the student in everything they need to know about BASH and PowerShell in hopes to get more people comfortable with command line interfaces and display the power and speed in doing so. We will go over ways to use these shells for anything from system administration to information security. This course will have instructor led instruction, but will be mostly practical based and very hands on for the students' learning benefit.

---

Blue Team Operations - taught by James Lawler & John Robertson

1/2-day training class on Thursday afternoon, April 6 - $125

This course will attempt to get the student more familiar with some ‘Blue Team’ concepts with a focus on log gathering from various sources, and loading them into a central location to conduct analysis. We will use open source and built-in system techniques to do that today, and ways you can implement the concepts we display as well as give some hands-on lessons to get dirty yourself in log parsing and analytics. Like the BASH’n PowerShell class, which is not a prerequisite but may help, this course will be as hands-on as possible.

---

Save the Data - Vendor-provided event sponsored by Rubrik

1/2-day class on Wednesday afternoon, April 5 - $20

Ever witnessed a ransomware attack firsthand? Get all of the experience with none of the risk in this fully immersive experience.

It’s the middle of the night. Your phone rings. Your heart sinks as the person on the other end reads you the ransom note. All your data is encrypted—even your backups—and they want $1 million. Luckily, it’s all part of the live, role-playing experience.

Join Rubrik in partnership with Microsoft for this in-person event to see what happens behind the scenes during a ransomware attack and run through what you might do if faced with a similar situation.

---

Palo Alto Ultimate Test Drive - Vendor-provided event sponsored by Palo Alto

1-day class on Thursday, April 6 - $20

This is your chance to get behind the driver’s seat of the industry’s leading network security solutions. It’s a guided, hands-on experience that’s designed for every experience level. Each workshop is customized to enhance your understanding of how our products work and how they can improve your organization’s security posture. We’ll take you step-by-step through each of our solutions, with an expert instructor to guide you.

This is way more than a demo. With Ultimate Test Drives, you’re running the show. Get access to our solutions in a virtual lab environment to discover exactly how they perform in the real world. You’ll work through an array of common enterprise security problems and see firsthand how you can use our security technologies to solve them.

---