Hybrid Identity Protection Tech Day: Raleigh NC

Event Information

Share this event

Date and Time



Frontier Campus at RTP - Building 800

800 Park Offices Drive

Research Triangle, NC 27709

View Map

Refund Policy

Refund Policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Event description
Premier educational event for identity-centric IT and cybersecurity practitioners. Followed by networking happy hour 4-6 pm. [8 CPE credits]

About this Event

With the disappearance of the network perimeter, identity has become the last line of defense from cyberattacks. At Hybrid Identity Protection Tech Day, join the world’s foremost identity and access management experts, Microsoft MVPs, and industry peers working to solve complex infrastructure and cybersecurity challenges. This one-day regional event fosters a community of knowledge-sharing – with topics ranging from multi-factor authentication, identity governance, privileged access management, and more!

Your ticket includes:

  • Entrance into Educational Speaker Sessions
  • Entrance into Exhibit Area
  • Catered Breakfast and Lunch
  • Entrance into Networking Happy Hour
  • Conference Materials
  • Up to 8 CPE Credits

Who should attend

This event is for IAM, IT infrastructure, and cybersecurity professionals.

Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. And with radical transformation come new business risks. Hybrid Identity Protection Tech Day is for IT and InfoSec professionals charged with supporting hybrid, multi-cloud environments and defending against emerging threats. Participants discover innovative approaches and real-world solutions to safeguard directory services on-premises and in the cloud.

What to expect

  • Learn key insights and trends in today’s evolving hybrid identity landscape [8 CPE credits]
  • Discover proven practices that you can apply to your unique environment
  • Network with IT professionals facing similar infrastructure and security challenges


9:30 am – 10:00 am: Registration, Breakfast, Networking

10:00 am – 10:15 am: Opening Remarks & Welcome

10:15 am – 11:00 am: Speaking Session

[Attack]tive Directory: Compromising a Network in 20 Minutes Through Active Directory

Ryan Hausknecht | Adversary Simulation Consultant at SpecterOps

Abstract: As a red teamer and penetration tester, I've compromised several networks from small/medium businesses to enterprises in a very short time via Active Directory exploits that take advantage of default policy settings or common misconfigurations. Often times, businesses will focus on a vulnerability scan to gauge their vulnerability posture when in reality, 90% of engagements are done purely through exploiting Active Directory default settings, things that vulnerability scanners miss. This presentation highlights some of the most common and recent attacks I've conducted in an AD environment, both from a technical dive to live demonstrations. In addition, mitigations for these attacks are given and can be accomplished without needing any paid tools. This talk is targeted to both red teamers and blue teamers

Speaker Bio: Ryan Hausknecht is a Consultant specializing in adversary simulation at SpecterOps while also helping teach their Red Team Operations course. He is the current instructor at the University of North Carolina, Charlotte for Cyber Security and one of the organizers & instructors for the FBI/InfraGard Cybercamp in Charlotte. Ryan graduated Summa Cum Laude from Norwich University and is a current GPEN, GWAPT, and OSCP holder. He maintains a blog at https://www.hausec.com

11:00 am – 11:15 am: Break Time

11:15 am – 12:00 pm: Speaking Session

Securing Devices and Data with Microsoft Endpoint Manager - Intune

Kevin Sullivan | Program Manager at Microsoft | Customer Acceleration Team

Abstract: Microsoft Endpoint Manager brings together Microsoft Intune and System Center Configuration Manager to provide consistent secure and intelligent controls to streamline your device management environment in a flexible way to maximize your investment... and other marketing words that sound good. At the end of the day a modern and intuitive experience is evolving here to allow you to manage your current environment along with a more modern and inclusive experience. It makes things easier and provides a more consolidated experience for IT Pros. In this session we will cover the core of Intune focusing on security elements around Conditional Access, Application Protection Policy, Device Compliance and Configuration and more. In a demo rich session (all hail the demo gods!) we will walk through practical experience to explore what you can do with the newly branded Microsoft Endpoint Manager.

Speaker Bio: Kevin has been working in the IT industry for too long to remember. Working in consulting, training, software development has encompassed the majority of his experience. The majority of experience in IT has evolved around systems management and Identity Management primarily in the Microsoft. Kevin's first trip around the Microsoft sun was after DesktopStandard was acquired which brought Group Policy Preferences and Advanced Group Policy Management into the Microsoft world. After contributing to the initial scoping and first couple of releases of Microsoft Intune Kevin left Microsoft to join other Group Policy experts as Specops Software and SDM Software. After a few years returning to Microsoft to continue what began with Microsoft Intune Kevin now works directly with some of the largest Microsoft Customers focused on gathering insights and helping accelerate deployments with Microsoft Endpoint Manager. Kevin and his wife have three amazing kids, two cats and a fish! As a recovering musician Kevin still plays as much guitar as possible to keep the balance!

12:00 pm – 1:00 pm: Lunch

1:00 pm – 1:45 pm: Speaking Session

PowerShell Remoting: Don't fear the Windows Remote Shell

Mike Kanakos | Active Directory Engineer at MetLife

Abstract: It's almost 2020 and the world of Windows has changed. Microsoft loves Linux, the command line, and now makes servers without a GUI. It's time for security pros and admins to change as well and learn to love and trust the Windows remote shell. Let's walk through how PSRemoting works, how to secure it and how to keep tabs on who is using remoting on your network.

Speaker Bio: Mike Kanakos is an Active Directory Engineer and sysadmin in the RTP area of North Carolina. He specializes in Active Directory, Azure AD, Group Policy, and automation via PowerShell. Mike is also an active member of the PowerShell community. He is the director of community engagement for PowerShell.org, leader of the Research-Triangle PowerShell user's group and tech blogger. You can follow Mike's at his blog (www.networkadm.in) and on Twitter (@MikeKanakos).

1:45 pm – 2:30 pm: Speaking Session

Exploiting Windows Group Policy for Reconnaissance and Attack

Darren Mar-Elia | Head of Product at Semperis |14-time Microsoft MVP

Abstract: In this talk, Group Policy expert Darren Mar-Elia (a.k.a. the GPOGUY) looks at Active Directory Group Policy from an attacker’s perspective, illustrating techniques that can be leveraged to gain insight into an organization’s Windows security posture, privileged use and opportunities for compromise. He’ll start by explaining how GP works under the covers, then dig into tools and techniques you can use to take advantage of GP’s “readability” to map out how an organization has deployed security hardening and privileged access, including how you can specifically identify admin tiering and work around it. Then Darren will dig deep into the bowels of GP to show several approaches to exploiting Group Policy, including linking exploits, write-permission/settings abuse, GPT redirection, external paths abuse and some newly documented ideas for abusing GP processing at the client to run arbitrary code. He’ll finish up by presenting some defensive techniques that can be used to harden GP against this kind of abuse.

Speaker Bio: A 14-year Cloud and Datacenter Microsoft MVP, Darren has a wealth of experience in Identity and Access Management and was the CTO and founder of SDM software, a provider of Microsoft systems management solutions. Prior to launching SDM, Darren held senior infrastructure architecture roles in Fortune 500 companies and was also the CTO of Quest Software. As a Microsoft MVP, Darren has contributed to numerous publications on Windows networks, Active Directory and Group Policy, and was a Contributing Editor for Windows IT Pro Magazine for 20 years.

2:30 pm – 2:45 pm: Break Time

2:45 pm – 3:30 pm: Speaking Session

Azure AD Password Protection: The Cloud Security Service your Active Directory Needs Now

Sean Deuby | Director of Services at Semperis |15-time Microsoft MVP

Abstract: Microsoft has finally provided a service that secures the single most critical password-related security risk in the enterprise today: common passwords. And it's (mostly) free! In this session you'll learn about modern password policy recommendations, how Azure AD Password Protection works, and how to deploy it to protect your hybrid identity infrastructure.

Speaker Bio: Sean brings 30 years’ experience in enterprise IT and hybrid identity to his role as Director of Services at Semperis. An original architect and technical leader of Intel's Active Directory, Texas Instrument’s NT network, and 15-time MVP alumnus, Sean has been involved with Microsoft identity since its inception. Since then, his experience as an identity strategy consultant for many Fortune 500 companies gives him a broad perspective on the challenges of today's identity-centered security. Sean is an industry journalism veteran; as former technical director for Windows IT Pro, he has over 400 published articles on AD, hybrid identity, and Windows Server.

3:30 pm – 4:30 pm: Speaker Panel

Discussing Ransomware, Risk, and Recovery

Special Guest: David Vaughn | ISSA International Board Member

Join our speakers in a panel discussion as they share their insights on topics that affect today’s identity and security practitioners. For example, how is malware challenging traditional disaster recovery risk analysis? What should organizations really be preparing for? Ask our experts anything.

4:30 pm – 6:00 pm: Happy Hour

Hosted by

Date and Time


Frontier Campus at RTP - Building 800

800 Park Offices Drive

Research Triangle, NC 27709

View Map

Refund Policy

Contact the organizer to request a refund.

Eventbrite's fee is nonrefundable.

Save This Event

Event Saved