BSides Harrisburg 2025

Operationalizing MITRE ATT&CK requires a structured approach to mapping cyber threat intelligence to
adversary tactics, techniques, and procedures. This session will focus on translating threat intelligence
reports, indicators of compromise, and behavioral data into actionable MITRE ATT&CK mappings, and
different implementation planning to proactively defend against real-world threats. Additionally, we will
explore how to enrich detection engineering based on ATT&CK mapping, in the context of developing a
detection engineering program at enterprise level. Attendees will do hands-on exercises for CRI reports
mapping and detection development, learning to extract key insights from cyber threat intelligence,
correlate them with ATT&CK techniques, and use this mapping to develop detections that align with
adversary behaviors, discussing how to develop, manage and validate detections. Based on first hand
experience Juan will share his path to convince executives and peers to implement an proactive defence in
depth in an organization.

Add to Calendar

From SOC Analyst to SOC Manager, I joined Boscov's to start their first in-house Security Operations Team.
The things I learned, the types of people I hired, and what I would have done better if I could do it again.

Add to Calendar

Embark on your Hero’s Journey, regardless of your current “level.” Let’s map out a journey for you (the hero) that will take you from a simple moisture farmer to become one of the most powerful cybersecurity pros ever (metaphorically speaking). In this session we’ll look at the paths that lay ahead and how to better train, prepare and plan for the next steps to get you from Padawan to Master without going to the dark side, no matter where you are today.

We’ll cover the technical and leadership skills to develop, and you’ll understand how each will help you on your specific journey. This helps you to understand when it’s time to take the path to the left, right or straight ahead. We’ll discuss technical, generalist and leadership paths, and how to leverage your own Obi-Wan (Mentor(s)). Most importantly you’ll gain the knowledge of how to proactively prepare for your journey, so you are prepared for the obstacles and opportunities ahead. Having a map to where you want to go is always preferrable to wandering around in the darkness.

Add to Calendar

Backed by real numbers and success stories, this presentation dives into the exciting potential of citizen
development while addressing its inherent security challenges. In a world where citizen development
platforms empower everyone—from power users to business professionals—to build everything from
simple automations to full-blown applications and AI agents, the rise of these citizen developers offers a
ground breaking opportunity for the security community to get it right.
For years, the security community has struggled to embed secure development practices into traditional
software development, often facing resistance, competing priorities, and gaps in education. These
challenges leave vulnerabilities unchecked and risks unresolved. With citizen development, we have a
chance to learn from these shortcomings and establish a proactive, security-first foundation and practice
from the outset.
We’ll explore who these new builders are, what they’re creating, and how they’re doing it, highlighting the

unique risks inherent in citizen development platforms. With practical insights, we’ll contrast remediation
strategies for citizen developers versus traditional coders and share how to instill a secure mindset in these
new creators while keeping the process lighthearted and engaging.
Join us as we unlock the immense potential of citizen development while ensuring it doesn’t unlock new
vulnerabilities—and seize this opportunity to build a more secure future from the ground up.

Add to Calendar

With hybrid work now the norm, Identity and Access Management (IAM) has become the backbone of
enterprise security. But managing access across distributed systems, VPNs, and cloud environments
comes with complex challenges. Employees are working from home, coffee shops, airports, hotels,
everywhere. This talk will explore the challenges of managing remote access in modern enterprises,
addressing critical topics such as VPN security, role-based access control (RBAC), and just-in-time (JIT)
access provisioning. We will discuss the importance of enforcing least privilege access through ticketing

systems, multi-factor authentication (MFA), and automated verification mechanisms for cloud and on-
premise environments.

People who attend will gain insights into:
* No Ticket, No Access - Implementing IAM policies that balance security with employee productivity.
* Cloud’s Greatest Weakness – How IAM misconfigurations in distributed systems become hacker
playgrounds.
* The Role of Ticketing Systems: Why structured access request workflows are critical for security and

compliance.
* Zero Trust or Zero Chance – Why traditional VPNs aren’t enough and how to enforce strict identity
verification.
* Enforcing Zero Trust principles for cloud-based and distributed infrastructure.
* The Future of Hybrid IAM: Mitigating risks associated with user provisioning and deprovisioning in remote
work environments.
* Battling the AI request overload for your IT/Security departments

Add to Calendar

Pentesting is meant to uncover security weaknesses, but sometimes the process itself becomes an
exercise in frustration. From unclear scopes and unresponsive clients to network misconfigurations and
unexpected legal roadblocks, every pentester has war stories of engagements gone wrong. This talk dives
into real-world pentesting pain points, sharing firsthand experiences of what makes assessments more
difficult than they need to be—and how to avoid these pitfalls.
Whether you’re a seasoned pentester, a blue teamer trying to prepare for a test, or a purple teamer bridging

the gap, understanding these challenges can help ensure your next engagement is smoother and more
effective. We’ll cover the most common mistakes from all sides of the table, such as poor scoping, lack of
communication, ineffective remediation, and unrealistic expectations.
Beyond just the horror stories, this session provides actionable lessons to help security teams and
consultants work together more efficiently. Learn how to avoid common traps, improve collaboration, and
turn painful experiences into opportunities for a more productive outcome.

Add to Calendar

Lunch is provided by BSidesHBG - Price covered in General Admission tickets already.

Add to Calendar

As new Artificial Intelligence (AI) models are released seemingly every day, cybersecurity experts are
growing increasingly concerned with the data used to train these models. As the pace to develop new
models quickens, many are turning to AI-generated, synthetic data to increase efficiency. The use of
synthetic data significantly reduces the time spent on data collection and cleaning, allowing for faster
creation of new models. However, emerging research suggests that these techniques may be creating
insecure, unstable models. To address this growing concern, we created two separate AI models, one
trained on synthetic data, the other trained using real-world data and conducted data poising campaigns
against each model. Our real-world data collection process focused on movie reviews published in

newspapers from 1970-1999. The use of movie reviews allowed us to establish a baseline of truth from

which to develop our poisoning campaign, and the period helped ensure each article was human-
generated. The synthetic data was generated using GPT-3.5. By training two models trained on the same

topic, we were able to directly compare the results of data poisoning in synthetic and real-world data. Our
findings revealed the synthetic model was more susceptible to data poisoning than the real-world model,
demonstrating a need for further research in this area.

Add to Calendar

As our industry has embraced the transition from an "Artificial Intelligence and Machine Learning are
buzzwords," mentality to a "leverage the resources available to you," mentality, a critical gap has emerged
in understanding how to properly secure and govern the systems.. This talk is designed to address those
who are leveraging emerging AI tools and capabilities and are asking the right questions pertaining to
securing AI/ML technologies, but have yet to find the answers.

Drawing from extensive experience implementing major compliance frameworks including FedRAMP,
CMMC, and SOC 2, and building upon previous BSIDES presentations, this session will provide attendees

with a structured approach to evaluating and securing their AI/ML technologies. Nathalie will share real-
world examples and provide practical precautions that security professionals should pay attention to.

Attendees will leave with concrete methodologies for ensuring their organizations stay ahead of the curve as
compliance standards continue to adapt to the increasing prevalence of AI/ML technologies in enterprise
environments.

Add to Calendar

Your Network is your networth. In this session, I talk about the power of shaking hands both in person and
virtually and how build your core network to open up doorways and opportunities.

Add to Calendar

Cyber threats are evolving and understanding the difference between ethical and unethical hacking is more
important than ever. TARGETED explores the modern cyber threat landscape through real-world accounts.
From the exploitation of high-profile targets to personal experiences navigating cybersecurity risks, this talk
sheds light on how attacks happen and what we can learn from them. Most importantly, it offers practical
ways to protect yourself in an increasingly digital world. Whether you're a security professional or simply
interested in staying safe online, this session provides valuable insights into the realities of cybersecurity
today.

Add to Calendar

In the realm of web security, CRLF injection is frequently dismissed as a low-impact vulnerability. However, when paired with innovative exploitation techniques, it can unlock devastating outcomes such as complete account takeovers. This presentation uncovers the mechanics of CRLF vulnerabilities and demonstrates how their impact can be amplified through different methods. Drawing from real-world bug bounty experiences, we will explore compelling case studies: a CRLF flaw on an isolated subdomain leads XSS on the main domain, an ESI tag exploit stealing cookies, and a Unicode normalization trick leveraging browser quirks to trigger XSS—all culminating in account takeovers. We will also dissect how HTML encoding can be bypassed in the right scenario. Join us to discover how to transform a seemingly minor vulnerability into a critical exploit and learn the importance of rigorous quality assurance in securing systems.

Add to Calendar

The rapid adoption of Generative AI (GenAI) presents unique security challenges that organizations must
address while maintaining development velocity. This presentation provides practical strategies for building
secure GenAI applications, with a focus on AWS services like Bedrock and Amazon Q. We introduce a
comprehensive security framework that addresses three critical areas: threat modeling for GenAI systems,
secure integration patterns, and robust output validation mechanisms.

Through real-world case studies, we'll demonstrate how to identify and mitigate GenAI-specific
vulnerabilities, including prompt injection attacks and data leakage risks. Attendees will learn concrete
techniques for securing their entire GenAI pipeline, from input validation to output verification, with an
emphasis on protecting sensitive information and preventing model hallucinations with an emphasis on
speed and efficiency of the SDLC.
The presentation includes hands-on examples of implementing security controls in GenAI applications,
featuring code samples and architecture patterns that can be immediately applied. Security professionals
and developers will gain practical knowledge about automated security testing for GenAI systems, session
isolation techniques, and effective output validation strategies.
By the end of this session, attendees will have actionable insights for accelerating their GenAI initiatives
while maintaining enterprise-grade security standards.

Add to Calendar

For those incidents that are publicly reported, we see things like "this cost $X million dollars". Where do
those costs come from? This talk will look at data from insurance claims to explain where the costs of an
incident come from.

Add to Calendar

This presentation is a novel way to look at the “open windows” that job listings provide to cyber criminals to
profile a business from an attack perspective. From open windows to creaky back doors, a conversation
needs to be had about the do’s and don’ts of what our teams include as we search for new talent to join our
teams.
I have spent enough time using companies job postings to do my own version of OSINT, to create a cyber
blueprint that reveals where there might be gaps or vulnerabilities in a company’s tech stack, where there
are resource gaps, & how your program might be immature and primed for someone to slip past your
defenses and take up residency in your systems.
In my presentation we will look at job postings across US businesses, examine the doors, windows, and
disabled security systems (do they have a dog? is it a Chihuahua or a Doberman) that the data suggests,
and use it to profile the company and the level of risk that the posting reveals. We will also open the
conversation to "how we do better" without loosing the technical hiring requirements.

Add to Calendar

Pushing down on you, pressing down on me! Cybersecurity is a high-stakes, high-pressure game where
split-second decisions can mean the difference between disaster and defense. This session dives into how
to stay cool when the heat is on, manage high-pressure incidents without cracking, and give yourself and
your team the tools to rise above the noise. No terror of knowing what this world is about—just actionable
strategies to handle the chaos like a pro.

Add to Calendar