WORKSHOP! You are likely to be eaten by a grue – Cybertabletops, some D20 dice and a few of you!

Presenters: James Beal, John Notch

Beal Bio
I am an IT Security Engineer at FHLB Des Moines, currently focusing on endpoint protection, network security monitoring, vulnerability management and threat Intelligence. I am also the lead for incident response and with John, run our quarterly internal tabletop scenarios. I was one of the original members of SecDSM, and you can catch me there every month during the 101, discussing the monthly Hacker news and anything fun from our hobbies channel on Slack.

Notch Bio
Notch is an Information Security Engineer at FHLB Des Moines. He has seven years experience as an Information Security professional serving the healthcare and financial service sectors in the Midwest. Prior to moving to Information Security, he served as an IT Infrastructure Engineer serving legal, public, and financial service sectors in Des Moines for thirteen years. He taught IT and Network Security classes as an adjunct instructor at Kaplan University and ITT in Des Moines. His passions for InfoSec include incident response/digital forensics, vulnerability testing, and governance/risk. He attained his CISSP in 2018 and holds an Master’s degree in Organizational Leadership (2012) and a Bachelor’s degree in Computer Information Systems (1999) from Grand View University.

Talk Abstract:

We would like to present a one-two hour workshop and presentation in the style of a DnD / RPG cyber incident response tabletop exercise. This will be loosely based on Lesley Carhart’s “Gamemaster’s Guide to Incident Response”

The objective is to:
1) Introduce incident responders to the benefits of tabletop exercises with IT and management stakeholders.
2) Simulate for incident handlers how to manage the IR process and test out the process or plans inside their own organizations in a demonstrable way.
3) Plan to have mini-CTF challenges for the technical responders, hoping to tie the challenges into the conference CTF.
4) Conduct a debrief and lessons learned exercise – using the results for a later public presentation at Drake, Grand View, or SecDSM.
5) Have fun and gamify the entire process itself.

Reviewing pcaps with Security OnionLLDP Fuzzing

Presenter: Nicholas Starke

Nicholas Starke is a Threat Researcher at Aruba Networks (An HPE Company) as well as a proud member of SecDSM ( He enjoys anything and everything IoT and networking gear. When not hacking all the things, Nick enjoys the finer things in life, like trolling Tom Pohl.

Talk Abstract:

LLDP is the Link-Layer Discovery Protocol, and most enterprise-grade switches support it. We’ll look at what LLDP is, how it can be abused, and what kind of tools are generally necessary for working with LLDP. There will be a live demonstration featuring a small security tool I wrote for fuzzing LLDP where we will look at real work LLDP vulnerabilities!

Hacking to Save Christmas

Presenter: Jen York

Jen is a former astrophysicist who found her home with the wonderful geeks and nerds in IT and cybersecurity. She is currently the CEO of an MSP in the Des Moines area and a full-stack developer with a passion for security.

Talk Abstract:

A recap of how hackers came to together to help Santa save Christmas and got much more than they bargined for. Jen will walk through some of the challenges set forth by Kringlecon with bad puns, amazing memes and wonderful hacker humor.

When A.I. Goes Wrong- Dangers of A.I. In Cyber Security

Presenter: Jason Moulder

Jason is a Penetration Tester with over 10 years of technology and security experience. He has extensive experience with network and web application penetration testing, social engineering, secure security architecture, forensics, incident response, governance and compliance. Jason has worked as a consultant for many types of industries to include government (federal/state/local), financial, oil and gas, education and private sectors. Jason currently works as a penetration tester with the Managed Security Services division at Pratum, which includes managed SIEM, IDS, vulnerability scanning, and penetration testing services.

Talk Abstract:

Artificial Intelligence (A.I.) is all around us and most of us don’t realize it or take much notice. Many products utilize this technology to make our lives simpler. Some companies utilize A.I. to predict system/component failure, predict changes in the environment, predict the stock markets, predict cyber threats and other countless possible applications. All is good when A.I. does the anticipated actions it is programmed to do. However, it doesn’t always go as planned.
What happens when A.I. goes wrong? Several times we have seen this in the recent years. Microsoft and Facebook tried to use chatbots and had to pull them offline after only a few days because they became corrupted by user input or developed their own way of communicating. What happens when this type of data is manipulated by adversaries? Can adversaries utilize public data that is siphoned by A.I. to weaponize it? The IBM team proved that is the case with DeepLocker.
Is it possible, in the near future, that cyber warfare will be fought machine vs. machine? Could that machine learn that in order to survive against its attacker, it needs to propagate itself outside of its network? I’ll let you be the decider of that.

0Day to HeroDay: Bringing a company from scorched earth to a modern security organization

Presenter: Ryan Wisniewski

Information security professional focused on security program implementation and transformation for both small and large scale organizations

Talk Abstract:

This talk will outline how a company was brought down to its knees from a ransomware attack, how it rose from the ashes, and how it now has a full security organization. Ryan will take you through the thrilling adventure of building incident response, system architecture, disaster recovery, and system operations on the fly while the business was down – and how the group ensured the business could come back online without risk of reinfection. Then, he will discuss how he started a security organization from scratch and talk through the challenges of maturing an organization that was on the brink of destruction just a few months ago.

– Surviving a Ransomware Attack on ALL SYSTEMS
– Building Incident Response and Disaster Recovery on the fly
– Cleaning the environment from the attack
– Ensuring no possibility of re-infection
– Building a Security Organization from Scratch
– Create a framework based on industry standards
– Assess current maturity of your environment
– Assess desired maturity of your environment
– Define how to close the maturity gaps
– Prioritize your work based on risk framework
– GO!

Red Team Rumpelstiltskin

Presenter: Zach Zaffis

Zach Zaffis takes his passion & career seriously, though not himself. A California burnout and current Security Engineer, Penetration Tester & Cyber Security Expert at ProCircular (an Information Security & Privacy firm in Iowa), as well as Co-Creator & current President of SecIC (an educational not-for-profit organization focusing on the Information & Network Security community in Iowa City), he’s spent nearly two decades working in IT & InfoSec. Mr. Zaffis is a Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA), Multiple Black Badge holder, & Certified Information Systems Security Professional (CISSP), as well as a full member of the FBI/DHS InfraGard partnership. Mr. Zaffis spent time as an adjunct professor at a national technical college, & enjoys engaging in the Information Security community. Any moment not dedicated to Cyber Security is spent with his family. Analogue pastimes include fishing, with an F.

Talk Abstract: 

How a centuries old Grimm’s tale helps me keep oriented in our industry.
The story of Rumpelstiltskin can be a great way to help those coming into our industry understand some of the important ideas around ‘our’ world. If knowing is half the battle, this talk will give those looking to break into, or sharpen their skill sets in the red team a 50% chance at survival. A talk about the importance of curating the media you ingest in our field to better reflect and guide the knowledge and understanding that you can gain in relation to tool-sets, scripts, kits, and skills, along with some suggestions on where to start. – A Super Serial Story

Presenter: Jared McLaren

Jared is a Managing Principal with Secureworks Adversary Group, and Technical Lead for the application security testing practice. He has spent over 17 years working in the security industry with extensive experience in both defensive and offensive tools, techniques, and procedures. Certifications include GSE, GSEC, GCIA, GPPA, GCIH, GCWN, GCPM, GMOB, GWEB, GXPN, CISSP, OSCP, and OSCE. Outside of work, Jared is a dedicated family man, competitive duathlete and cyclist, and enjoys a good Belgian beer.

Talk Abstract: 

While there have been many advances in .NET deserialization, it still lacks the exposure and the limelight of it’s distant cousin Java. This presentation will take a brief moment to review .NET deserialization attack vectors and past research, and then take a deep dive into a modern technique that results in remote code execution within the .NET framework. Be ready to be one of the first to see a previously undisclosed technique that results in exploitation of fully-patched Microsoft IIS web servers!


Presenter: Christine Stevenson

Christine Stevenson has over two decades of experience in Corporate IT and Security. She has held a variety of roles over the years with a primary focus on CSIRT and Digital Forensics. She is currently a Security Engineer at Verodin, a security instrumentation start-up out of Washington D.C.

Talk Abstract: 

This presentation is based on 20+ years in cybersecurity working across 50+ countries. It will explore the real-life history and use cases of hackers, hooligans, and heists. From mechanical computers to the Internet, acts of sabotage, fraud, theft, and other nefarious undertakings have been conducted with low risk, minimal hurdles, and high reward. In some cases, attackers even receive safe harbor from prosecution. Bad actors ranging from insiders and hacktivists to cybercriminals and nation-states are motivated by money, politics, revenge, and ideology.

We will translate the “who, how, and why” of cyberattacks. We will identify multiple “old school” and modern-day threat vectors and organize attacks by motives like sabotage and espionage. Each threat actor type will be explored in detail with real-life use cases and personal accountants. The examples used will illustrate the diversity in threats, methods, motivations, and organizational responses.

Car Hacking 101: The CAN Bus

Presenter: Daniel Limanowski

Daniel is a Senior in Computer Engineering at Iowa State University. He currently works for the ISEAGE research lab putting on cyber defense competitions as well as for Iowa State’s IT Security team. Daniel is passionate about red teaming, web application development, and notably, car/vehicle technologies.

Talk Abstract:

Cars are becoming more computer-controlled, connected, and autonomous, making them excellent targets for malicious actors. This talk focuses on explaining and exploiting the primary functional network in almost every modern vehicle: the Controller-Area-Network (CAN). Since CAN is a bus, we can see and interact with every frame on it – this means we can potentially control warning lights, acceleration, braking, and steering, among others. We’ll explore how the CAN bus works, understand techniques for reverse engineering the proprietary data sent on the bus, look at how you can begin CAN hacking both on a simulator and your actual car, and finally wrap up with a discussion on remote exploitation possibilities for CAN.

Reviewing pcaps with Security Onion

Presenter: Brad Duncan

Based in Texas, Brad Duncan specializes in traffic analysis of malware and suspicious network activity. After more than 21 years in the US Air Force, Brad transitioned to cyber security in 2010. He is currently a Threat Intelligence Analyst for Palo Alto Networks Unit 42. Brad is also a volunteer handler for the Internet Storm Center (ISC) and has posted more than 140 diaries at He routinely blogs technical details and analysis of infection traffic at, where he’s provided over 1,600 malware and pcap samples to a growing community of information security professionals. Brad is also active as @malware_traffic on Twitter. This will be his third consecutive year presenting at BSides Iowa.

Talk Abstract: 

In this presentation, Brad reviews recent examples of infection activity caused by malicious spam (malspam) or bad web traffic. Brad covers how to set up the Security Onion Linux distro and playback pcaps to generate alerts on malicious activity. He reviews using the Emerging Threats Open ruleset with Suricata as an intrusion detection system (IDS), and he covers using the Snort registered ruleset with Snort as an IDS. These are all free tools that anyone can use. This presentation offers tips and tricks for those interested in detecting and analyzing malicious network traffic.

DevSecOps: Key Controls For Modern Security Success

Presenter: Eric Johnson

Eric Johnson is a co-founder and principal security engineer at Puma Security focusing on modern static analysis product development and DevSecOps automation. Eric’s extensive experience includes application security automation, cloud security reviews, static source code analysis, penetration testing, SDLC consulting, and secure code review assessments.

Previously, Eric spent 5 years as a principal security consultant at an information security consulting firm helping companies deliver secure products to their customers, and another 10 years as an information security engineer at a large US financial institution performing source code audits. As a Certified Instructor with the SANS Institute, Eric authors information security courses on DevSecOps, cloud security, secure coding, and defending mobile apps. He serves on the advisory board for the SANS Security Awareness Developer training program, delivers security training around the world, and presents security research at conferences including SANS, BlackHat, OWASP, BSides, JavaOne, UberConf, and ISSA.

Eric completed a bachelor’s degree in computer engineering and a masters degree in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications.

Talk Abstract

Modern development teams deliver features at a rapid pace using new technologies such as containers, microservices, and serverless functions. Operations and infrastructure teams support these rapid delivery cycles using Infrastructure as Code, Test Driven Infrastructure (TDI), and cloud automation. However, security teams are using traditional security approaches that don’t keep up with the rate of accelerated change. Security must be reinvented in a DevOps world by taking advantage of the opportunities provided by continuous integration and delivery pipelines.

This talk will introduce attendees to 5 key phases of DevOps: pre-commit, commit, acceptance, production, and operations. In each phase, we identify the key security controls and discuss several open source tools for implementing the controls. Attendees will walk away with a practical and modern approach for building a successful DevSecOps program.