SecDSM Monthly Meeting
Details
##### 7:00PM
##### Speaker: Caitlin Navratil
##### Title: FBI Threat Briefing and an Overview of Intelligence Analysis
Abstract: Join for a threat briefing from FBI Intelligence Analyst Caitlin Navratil on latest trends impacting Iowa, a discussion of the FBI’s intelligence program, and an overview of intelligence sharing programs such as InfraGard and IC3.gov.
About the Speaker: Caitlin Navratil is an Intelligence Analyst with FBI Omaha, Des Moines Resident Agency. IA Navratil provides intelligence and operational support for National Security matters across Iowa and Nebraska. She has written intelligence products and provided threat briefings to inform FBI decision makers, the US Intelligence Community, law enforcement, and the private sector.
##### 7:40PM
##### Speaker: Tom Pohl
##### Title: Zero-Day in the Wild: A SCADA Case Study from a Routine Pen Test
Abstract: What happens when a penetration test exposes a vulnerability not just in one environment—but in hundreds?
During an external engagement, Tom Pohl identified an internet-facing SCADA/HMI system and traced it back to a widely deployed vendor product. By acquiring and analyzing the software, he uncovered a zero-day: an unauthenticated interface capable of issuing commands directly to backend control systems.
This session walks through the technical path from discovery to validation—service identification, vendor attribution, software analysis, and exploitation of the flaw.
With a vulnerability of this severity, you would expect a rapid and coordinated response. The vendor said they would fix it—but did they? We'll examine what actually happened: partial remediation, inconsistent patching, and systems that remained exposed.
If a single penetration test can uncover a flaw like this, what happens as AI systems begin finding vulnerabilities—and generating working exploits—at scale? As tools like Project Glasswing emerge, the pressure on vendors to respond quickly and completely is only increasing.
About the Speaker: Senior Cybersecurity Consultant by day; CTF dream crusher by night
## Sponsored by
## Snyk
Hosted by: SecDSM
About SecDSM: a monthly meetup group to network with other InfoSec pros and listen to short tech talks presented by your fellow members (or give a presentation yourself!) while enjoying some beer/drinks/food. No vendors, no sales pitches, no BS. The idea is to provide you actionable knowledge for you to take back to your $dayjob while building a top tier InfoSec community in the Des Moines area. If you have the desire to learn about real world InfoSec scenarios - get out of your comfort zone - and join us in a relaxed vendor free environment. No registration is required.