BSidesOK 2019

BSidesOK 2019

Training: Wed-Thur, April 10-11th

Conference: Friday, April 12th

Glenpool, OK

About BSidesOK

BSides Oklahoma is a free information security conference focused on practical, hands-on training for improving security. Our featured keynote speaker will be Tim Medin of Red Siege.


Registration is free and includes lunch and a t-shirt!

Walk-ins are welcome, but lunch and shirts are reserved for registed attendees first.

Click Here to Register!

Conference Schedule (Friday, April 13)

Click on any schedule item to see details about the talk.


Welcome & Announcements


Tim Medin

I Upped My Security Game. Now Up Yours

I Upped My Security Game. Now Up Yours

Tim Medin Bio

Example Speaker
Blue Track

How you CAN detect PowerShell exploitation and malicous use.

Michael Gough

How you CAN detect PowerShell exploitation This talk will show a few examples of PowerShell exploitation that can be caught, what and why it can be detected, what you need to configure, what kind of queries you will need to build to capture malicious activity, and of course some examples queries you can use to build your own reports and alerts to detect and hunt for malicious PowerShell.

Michael Gough Michael has 20 years experience in IT and Information Security. Michael focuses his talents as a Blue Team Defender, malarian fighter and malware archeologist, known to many as the Windows log kung fu master.

Example Speaker
Misc Track

How I Bought a House with Bitcoin

Bobby Simpson

How I Bought a House with Bitcoin Learn how Bitcoin and blockchain came about and how it works in the real world. Then, hear the real story of my harrowing journey of buying a house with Bitcoin. Learn how to keep your Bitcoin safe, and hear from our bonus co-speaker, who is a CPA, how to stay square with the IRS and other Feds.

Bobby Simpson "Bob Simpson is the creator of GhostSentry, an access control and compliance firewall and CIO for Finley & Cook, PLLC, a private accounting firm where he has served for 11 years. Before that, he was Security Architect for the Oklahoma Department of Human Services. Mr. Simpson holds the CISSP, GCIH, GCIA, and GPEN, as well as MCSE and CCNA Security certifications. He is a member of the SANS Advisory board and InfraGard.

Example Speaker
Dev Track

OOM OOM Pow! (Deserialization)

Jason Gillam

OOM OOM Pow! (Deserialization) Do you still find object deserialization flaws to be some kind of inexplicable magic that mysteriously results in remote code execution? This talk traces the path of how popular features in Object Oriented languages resulted in these flaws with simplified demonstrations and sample code.

Jason Gillam The man, the myth, the legend!

Example Speaker
Blue Track

How to Build a Security Awareness Escape Room

Erin Vance

How to Build a Security Awareness Escape Room How do you reach a wide audience and make security awareness fun? On a tight budget? Without much governance and management support? You build a Security Awareness Escape Room and have the entire organization (or local campus) compete to win bragging rights.

Erin Vance Erin started her career in Network Security in September of 1999 with ExxonMobil. After leading the Network Security and Remote Access team for five years at Exxon, she left to travel the world, gaining a 'different' kind of education in 22 different countries. She landed in South Korea and opened her own Business English academy where she thrived for seven years. Erin came back to the States in 2012 and after a few years working at a United Way Agency in IT, Security and Resource Management, she started at QuikTrip in their Security Engineering department. Erin took the role as Cyber Security Operations Lead in May of 2017.

Example Speaker
Misc Track

Cryptology: It's a Scalpel, not a Hammer

Mikhail Sudakov

Cryptology: It's a Scalpel, not a Hammer We live in a world today where most security analyst only respond to the blinking lights or the RED pie charts on a dashboard. What if you really wanted to find some real silent actors? Where would look and what would it even look like and what tools are available? During this presentation, we will go through a few scenarios of different attacks, what they look like and what you can do to stop, track and intellectual crush attacker!

Mikhail Sudakov Mikhail is Cyber Security Architect and Analyst for LEO Cyber Security. He taught cryptology at St. Bonaventure University in NY, USA and had previously served the university as a programmer and information security specialist. Not being afraid to try his hand at offense, he holds an OSCP certification from Offensive Security. Mikhail is a cybersecurity professional with an enormous passion for mathematics and cryptology.

Example Speaker
Dev Track

How to run your code on the dark web (and why you should)

Luke Crouch

How to run your code on the dark web (and why you should) Tor is an anonymous network and browser. Millions use Tor every day. Is your code ready for them? This talk introduces Tor, provides an overview of how it works and the adversaries and attacks its designed to stop, and shows that coding for Tor is practical, and improves your code for everyone.

Luke Crouch I'm a Privacy & Security Engineer for Mozilla Firefox helping the Tor Uplift team bring Tor anonymity protections into Firefox. I've also been a web developer for 15 years and I enjoy learning and presenting about new and "exotic" web technologies.

Lunch Break

Example Speaker
Blue Track

Securing Azure, Azure Secured

Stephen Nelson

Securing Azure, Azure Secured Ten things you should be doing to secure your Microsoft Cloud. I love all the clouds, but often for better or worse as security professionals our cloud is chosen for us. If you are a security professional charged with protecting Microsoft Azure then this talk is for you.

Stephen Nelson Stephen Nelson Well traveled homebody. Technology enthusiast, security journeyman, ManUtd fan, and Energy FC supporter. Securing clouds everywhere.

Example Speaker
Misc Track

The Forgotten Fruit: Repairing the Misconception Honeypots Only Produce Statistics and Stale Data Instead of Actionable Intelligence

Ramece Cave

The Forgotten Fruit: Repairing the Misconception Honeypots Only Produce Statistics and Stale Data Instead of Actionable Intelligence Honeypots have a mixed reputation in the industry, feelings aside, they are needed. Have you ever heard these words Honeypots are only good for stats or Honeypots capture nothing new? Perhaps things are happening we don't know about, because we never knew to look. This is the Forgotten Fruit.

Ramece Cave Ramece Cave is a Security Researcher. His core areas of focus are distributed threats, which encompass but are not limited to: identification, remediation, and analysis of denial of service (DOS) attacks, covert channels, botnets, the obscure and unusual, and C2 protocols, in malware and other network communication.

Example Speaker
Dev Track

Panel: Infosec Professionals Ask Me Anything

Speakers TBA

Panel: Description

Speaker Bio

Example Speaker
Blue Track

The Stick, the Sting, & the Squirm: How to Get The Board to Focus on Cyber

Seth Jaffe

The Stick, the Sting, & the Squirm: How to Get The Board to Focus on Cyber Boards of Directors are finally taking note of cybersecurity risks. This session will arm attendees with legal opinions, authority recommendations, legislation, and proposed regulations to make the case for a strong information security program. The alternative may be to squirm in front of Congress.

Seth Jaffe Seth Jaffe, JD, CBCP is General Counsel and VP of Incident Response at LEO Cyber Security, assisting clients in the preparation, maturation, testing, and training of all things incident response. Prior to LEO, Seth was a tech attorney at a U.S. airline, where he handled data protection, privacy, and cybersecurity matters. A member of the Incident Response Team, Seth developed incident response procedures and policies, facilitated effective emergency communication with other members, and responded to actual incidents. He also sat on an executive steering committee charged with making strategic cybersecurity decisions. Certified on both the Space Station and Shuttle, Seth spent 14 years at NASA, honing his emergency management skills and taking part in over 100 simulations."

Example Speaker
Misc Track

Web Pentesting With Modern Authentication Protocols

Michael Oglesby

Web Pentesting With Modern Authentication Protocols SAML, OAuth, JWT, OpenID. If these acronyms excite you then this is the talk for you! Did I also mention a new tool release!

Michael Oglesby Pentesting for as long as I can remember

Example Speaker
Dev Track

What Could It Hurt: How Framework and Library Dependence is Weakening our Development

Kevin Johnson

What Could It Hurt: How Framework and Library Dependence is Weakening our Development In this presentation, Kevin Johnsonwill discuss how security works, why we do the things we do and where platforms and libraries can be both good and badwith a series of real world examples directly from his testing and assessment of modern applications and the SDLC.

Kevin Johnson Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.

Example Speaker
Blue Track

You Don't Need a Pen Test: Ten things you should be doing first.

Nathan Sweaney

You Don't Need a Pen Test: Ten things you should be doing first. Stuff?

Nathan Sweaney Nathan is the man! But a godly man, husband and father to 18 kids. People also call him Sir Hax-a-l0t and you may have seen him walking the sandy beaches of Oklahoma playing a mean trumpet.

Example Speaker
Misc Track

FBI: Cybercrime Case Briefings

Rich Lay

I will discuss a money mule undercover operation, and the investigation and prosecution of a DDoS matter. Both of these investigations were conducted by the FBI in Oklahoma.

Rich Lay became a Special Agent with the FBI in July 1997. After attending the FBI Academy, he was assigned to the Houston Division of the FBI, where he worked White Collar Crime and Cyber Crime. In 2003 he transferred to the FBI's Engineering Research Facility in Quantico, where he managed a variety of technical support programs. In 2007 he transferred to his home state of Oklahoma. He served as the supervisor of the Cyber Squad in the Oklahoma City Division of the FBI for 5 1/2 years. In 2013 he returned to investigative duties as a Cyber Agent, focusing on computer intrusion investigations.

Example Speaker
Dev Track

A Token Walks Into a SPA...

Ado Kukic

A Token Walks Into a SPA... Between Angular, React, & Vue it can be hard NOT to build SPAs these days. But having to deal with cookies, tokens, auth, & resource access - you may even feel like you need a second page (gasp!) for security! Fear not, for the technology to create truly secure SPAs is there and I'll show you how.

Ado Kukic Ado is a full-stack developer, advocate, and technical writer at Auth0. Mixing his passion of programming and education, he creates tutorials, courses, and other educational content focusing on security, authentication, and much more. On the front-end, he prefers Angular, while on the backend he flip-flops between Node.js and Golang.

Example Speaker
Blue Track

Attacker vs. Defender: Observations on the Human Side of Security

Todd O'Boyle

Attacker vs. Defender: Observations on the Human Side of Security Security operators always take the same approach when responding to an attack - find the attacker and get them out. Not only does this never work, you've cut off the one thing you know about the attacker. By changing your mindset on incident response, you can better protect and respond to attack.

Todd O'Boyle Todd O'Boyle is a co-founder and CTO at Strongarm. Prior to Strongarm, Todd spent 15 years at The MITRE Corporation, providing cyber security support to the Department of Defense and the Intelligence Community. He served as principal investigator for a research project to improve how defenders respond to attackers. Todd also researched software protections used by adversaries, approaches to discover malicious insiders, profiling network flow data to identify adversary activity, and computer forensics. Todd has a Bachelor of Science degree in computer science from Purdue University.

Example Speaker
Misc Track

An inside look at Cyber Crime

Ramiro Pozzani

An inside look at Cyber Crime "Hey, I just ""hacked"" a lot of servers that were used by criminals, want to see what I found? Also, while I show you some prints, let me tell you some cool stories about cyber criminals, how they operate, how they make money, the mistakes they made."

Ramiro Pozzani Ramiro first started working for Accenture doing Business Intelligence tasks, then I move on to RSA where I was on the first Latin America team devoted to fight online fraud and others criminals activities. We created some really interesting stuff (our Boleto Malware report was something that our Minister of Justice had to give a statement about). There I had the idea to create this talk, I was trying to answer "how many people are really scammed by phishing", and eventually this evolved to a more complete understand of the cyber crime area.

Example Speaker
Dev Track

Micro-segmentation: Practice makes perfect

Mike Mattice

Micro-segmentation: Practice makes perfect Lateral movement is what your adversaries want. Limit what can talk to each other and you're ahead of the game.

Mike Mattice Mike is a long-time developer and sysadmin. In each of his roles over the years he's been responsible for both. Over the years, he's become a specialist in balancing and integrating these two roles and is currently employed as a DevOps Consultant. In his previous role, he spent 10 years in a Payment Card Industry environment, encrypting and blue-teaming all the things.

Closing & Door Prizes


Other Events

Technical Demos


My Unstructured Data is Fully Under Control – Said No One Ever


Privilege – The New Cyber Battleground


Netwitness Platform: Practical application at Black Hat


College of Lockpicking

Come learn the basics of lockpicking and how locks work.

Located in the interactive room.

User Awareness Escape Room

Is your corporate user awareness training getting boring? Experience how one company built-out a custom escape room designed to train participants on the corporate security policies. Can you get out?

Located outside toward the back of the con and the beer.

Capture the Flag

Are you the best of the best? Or just a noob wanting to learn the basics? Come join the capture-the-flag and practice your skills.

Located in the interactive room.

The World Championship of Social Engineering Poker

Come one, come all!! Display and test your social engineering chops!

Located in the interactive room.

First Lego League Demonstrations

Interested in robotics? Come see elementary students demonstrate their First Lego League competition robot.

Located in the interactive room.

Where it’s at

Located at theGlenpool Conference Center in Glenpool, OK (Just southwest of Tulsa).

Official Conference Hotel - Holiday Inn Express Glenpool
For a 10% discount on room prices, use the Corporate ID of "786825735".
Book Rooms Today!

We ♥ Our Sponsors


Interested in Sponsoring BSidesOK? View ourSponsorship Kit..

If you have any questions, please contact us viaemailor@BSidesOKon twitter.

Code of Conduct

Everyone deserves to attend a learning, community or professional event with a reasonable expectation of good behavior. As members of the Techlahoma community, the Techlahoma CoCapplies to all attendees, speakers, volunteers, and vendors.Contact usif you have questions.


This conference wouldn't happen without our great organizers and volunteers. Many thanks to: Nathan Sweaney, Nathan Keltner, John Robertson, Carrie Randolph, Aaron Moss, James Lawlz, Devon Greene, Donovan Farrow, and Wes DeVault

If you'd like to volunteer, please contactour team.