Annas Mirza
“Starting a SOC From Scratch – What I Learned My First 4 Years”
Building a Security Operations Center (SOC) from the ground up is a rare opportunity, and a massive challenge. At Boscov’s, I led the creation of our first in-house SOC, transitioning away from an outsourced model to a dedicated 24/7 operation built on passion, documentation, and local talent. This presentation will walk through the full lifecycle of that process, from business alignment and executive buy-in to hiring analysts with zero experience, designing shift coverage, and choosing tools on a budget. I’ll share what worked, what didn’t, and the unexpected lessons I learned along the way as a former USAF crew chief and cybersecurity lead.
Attendees will learn how to foster a strong security culture, document effectively, and train junior analysts into critical thinkers who take ownership of their work. Topics include playbook development, tool integration (Splunk, XDR, Rapid7, Recorded Future), and how to scale processes without sacrificing team morale. Whether you’re building a SOC, inheriting one, or simply looking to improve analyst performance, this talk offers practical, real-world insights from someone who’s been through it all.
about the speaker:
Annas Mirza is a seasoned cybersecurity leader with over a decade of experience building and managing Security Operations Centers (SOCs), leading incident response teams, and driving enterprise security initiatives. As SOC Manager at Boscov’s Inc., he leads a 24/7 virtual SOC, manages budgets, develops analyst talent, and implements scalable detection and response strategies tailored to both retail and corporate environments.
His past roles include securing enterprise networks at Universal Health Services and enhancing security architecture at Johnson Matthey, where he implemented access controls, led infrastructure projects, and conducted company-wide cybersecurity training. He began his career in the U.S. Air Force, where he developed a disciplined, operations-first mindset that continues to shape his leadership approach.
Annas holds a CISSP certification, an MBA from West Chester University, and a Master’s in Cybersecurity from the University of Maryland. He is an active member of the ISC2 Philadelphia Chapter and a frequent speaker at industry events, presenting on SOC strategy, threat response, and career development in cybersecurity.
Multilingual and adaptable, Annas brings a strategic yet hands-on perspective to security leadership, bridging technical teams and business stakeholders to align security with organizational goals.
Smit Nayak
“Exploring Digital Forensics for Drone Data Recovery Beyond What Is Immediately Visible”
The rapid advancement of drone technology has opened up new opportunities across a wide range of sectors, including agriculture, surveillance, and delivery services. Specifically, the accessibility and affordability of drones suggest a surge in their prevalence in the coming years. Nonetheless, this growth opened new doors for bad actors to use drones for nefarious activities; thereby, raising safety and security concerns attributed to the unmanned aerial vehicles (UAVs). In this paper, we focus on systematically investigating the data recovery mechanisms for confiscated drones. First, we discuss the potential security threats associated with the drones and different detection methods to spot drones. Then, we propose a structured data recovery framework to effectively retrieve crucial data from a malicious drone. In particular, we analyze the popular DJI Mini 2 SE drone and show how our proposed framework can facilitate forensic investigators to uncover crucial data beyond the drone’s metadata. Our experiments show that investigators can effectively recover sensitive historical data that was even deleted from the drone’s external secure digital (SD) card.
about the speaker:
I am a seasoned cyber security engineer with over six years of experience in digital forensics, cybersecurity, and networking, demonstrated through my impactful tenure at Sypram Software LLC. At Sypram, I identified and resolved internal security control issues, led root cause investigations, and enhanced security posture by aligning controls with industry best practices. I conducted comprehensive security assessments across user access management (IAM), digital forensics, network security, firewalls, VPNs, IDS/IPS, OS and application security, patch management, vulnerability scanning, encryption, backup management, disaster recovery, and physical security. I unified security tools like AWS, Azure, SIEM, and vulnerability management platforms to perform detailed control assessments and implemented cloud security best practices for AWS and Azure to meet compliance needs. I also developed and delivered risk management and security planning training to over 100 team members, creating valuable training materials. Additionally, my research contributions include publications in IEEE AIIOT 2025 on weaponizing search engines for XSS discovery and IEEE UEMCON 2023 on drone data recovery, earning Best Paper and Best Presenter Awards, alongside multiple IEEE CCWC 2023 papers on ransomware attacks and data recovery using Autopsy Digital Forensics.
Lee McWhorter
“OSINT for Hackers”
In this session, attendees will learn some of the most impactful techniques and tools to increase the value of OSINT to their organizations. A guided learning experience, instructor(s) will immerse attendees in hands-on exercises.
about the speaker:
Lee McWhorter, Owner & Chief Geek at McWhorter Technologies, has been involved in IT since its early days and has over 30 years of experience. He is a highly sought after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using a modem. Lee holds an MBA and more than 20 industry certifications in such areas as System Admin, Networking, Programming, Linux, IoT, and Cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, commercial trainers, and nonprofits. Lee works closely with the Dark Arts Village at RSA, Red Team Village at DEFCON, Texas Cyber Summit, Pacific Hackers Association, CompTIA, and the CompTIA Instructor Network as a Speaker, SME, and Instructor.
https://www.linkedin.com/in/lee-mcwhorter
@tleemcjr
Olivia Gallucci
“The Anatomy of a Mach-O: A Structured Guide to macOS Internals”
Mach-O is Apple’s native executable format, used for everything from kernel extensions to user applications—and it is rich with metadata. This is a tour of Mach-Os, pointer authentication codes, and code signing. This talk is designed for those new to macOS reversing, although a basic understanding of reversing topics would be helpful.
about the speaker:
Olivia Gallucci is a Security Engineer at Datadog and a blogger: oliviagallucci.com. She is the founder of two companies—Offensive Services (security consulting) and OG Health & Fitness (personal training). Graduating at the top of her university, Olivia is passionate about free(dom) and open-source software, assembly, and security research. She previously worked in offensive security at Apple, SECUINFRA GmbH, the US Government, and Deloitte. Outside of cybersecurity, Olivia enjoys competitive sailing, cooking, and reading about famous computer nerds.
https://oliviagallucci.com
https://linkedin.com/in/olivia-gallucci
https://github.com/oliviagallucci
https://x.com/oliviagalluccii
Juan Giarrizzo
“Operationalizing ATT&CK as Segway to Developing a Detection Engineering Program”
Operationalizing MITRE ATT&CK requires a structured approach to mapping cyber threat intelligence (TI) to adversary tactics, techniques, and procedures. This session will focus on translating threat intelligence reports, Incident reports, indicators of compromise, and behavioral data into actionable MITRE ATT&CK mappings, and different implementation planning to proactively defend against real-world threats. Additionally, we will explore how to enrich detection engineering based on ATT&CK mapping, in the context of developing a detection engineering program at enterprise level. Attendees will do hands-on exercises for CTI reports mapping and detection development, comparing gen AI and traditional methods, learning to extract key insights from cyber threat intelligence reports, and correlate them with ATT&CK techniques, and use this mapping to develop detections that align with adversary behaviors, discussing how to develop, manage and validate detections. Based on first hand experience on developing and non-existing detection engineering program, managing detection development and how to convince executives and peers to implement a proactive defence in depth in an organization.
about the speaker:
Juan Giarrizzo is a Senior Security Engineer working in the financial industry, with over 10 years of experience in cloud security, incident response, and threat detection. He’s all about finding fast, creative solutions to real-world security problems, from building cloud defenses to automating security workflows. Juan’s especially passionate about helping others break into the field, sharing what he’s learned, and demystifying complex topics. When he’s not hunting threats or building tools, you’ll find him on the mat training jiujitsu, reading up on the latest cyber trends, or mentoring aspiring hackers.
Cory Wolff
“Inside Ransomware: Facts and Findings from the Blackbasta and Lockbit Leaks”
When an anonymous actor calling themselves “ExploitWhispers” posted nearly a year’s worth of BlackBasta’s internal Matrix chats in February 2025, the industry received an unfiltered window into the criminal enterprise behind dozens of high-profile intrusions.
Twelve weeks later, a separate breach dumped the entire MySQL backend of LockBit’s affiliate panel. 20 tables covering build pipelines, negotiation transcripts, and cryptocurrency payout data were released onto public code-sharing sites with a Tor-site defacement confirming the compromise. Together these disclosures offer something incident responders rarely get: the attackers own words, workflows, and source artifacts.
In this talk we will take a deep dive into those data sets—walking through the process of parsing thousands of lines of attacker conversations, configuration files, and build logs to surface the tactics, techniques, and procedures (TTPs) that drive day-to-day ransomware operations.
This talk will focus on the approach for processing these large data sets, how affiliate recruitment, initial access, payload testing, negotiation, and cash-out weave together into a repeatable playbook, and the CI/CD build pipelines which allow for rapid development and deployment of malicious payloads.
about the speaker:
Director of Offensive Security at risk3sixty / Director of Training at Red Team Village
With over 20 years of experience in IT, security, and development, Cory Wolff leads the offensive security practice at risk3sixty, a consulting firm based in Atlanta, GA. He holds multiple certifications, including the Offensive Security Certified Professional (OSCP) and the Certified Information Systems Security Professional (CISSP), and has a proven track record of building and breaking various technologies since his first computer in 1988.
Cory also contributes to the cybersecurity community as a core team member of Red Team Village, a platform that fosters collaboration, learning, and innovation among red teamers and security professionals.
Yu-Jye Tung
“Standing on the Shoulders of Giants: Static Application Security Testing Edition”
Every great invention stands on the shoulders of giants. For many Static Application Security Testing (SAST) tools (e.g., Semgrep, CodeQL), that giant is data-flow analysis—a framework to automatically reason and understand code statically or without running it. One reason behind the popularity of data-flow analysis is that it is memory efficient, fast to execute, and most importantly, can detect the so-called taint-style vulnerabilities that many vulnerability types fall under. Null-pointer dereference, OS command injection, and buffer overflow vulnerabilities are all examples of taint-style vulnerabilities. This talk will be divided into the three parts: (1) an introduction to taint-style vulnerabilities and the encompassing vulnerability types; (2) a demonstration of how data-flow analysis works using an example taint-style vulnerability; and (3) a discussion on current limitations of SAST tools.
about the speaker:
I am a PhD researcher at The Pennsylvania State University. My interest lies in static program analysis or SAST. I have worked with constraint-based approaches (e.g., with SMT solvers) and data-flow analysis (e.g., with monotone framework, IFDS/IDE). I may like coffee a little too much and also like a nice bike ride.
Mary Perry
“Watching the Watchers”
What do types, tests and monitoring provide insight in to your application throughout the development lifecycle. Monitoring in production provides an opportunity to identify and improve problems in the design/architecture of the application and build an understanding or normal, desired behavior. This familiarity can serve as a first line of defense when a threat or abnormal traffic affects a system.
about the speaker:
Mary is a self taught integrations developer who struggles to discern what tech not to be excited about. She especially loves databases, reference books, libraries and puzzles.
https://pinkary.com/@sifrious