VIRTUAL NCC Group NYC Open Forum, sponsored by Better Mortgage

Hello New York!! We are excited to bring back our NYC Open Forums, and work with Better Mortgage in putting on our next VIRTUAL meet-up. Anyone is welcome to join, virtually mingle mingle with fellow NYC InfoSec pros, and learn a thing or two from our guest speakers in the NYC InfoSec community!

Since we're virtual, the talks begin at 6:00pm. Join the session, bring your preferred beverage, and learn from your fellow security pros.

The registration link for the session:
https://attendee.gotowebinar.com/register/2591608689478178059

Our Speakers:

1. Mike Murray, Co-founder, Scope Security
   Talk Title: Challenges in Securing Healthcare
   Abstract: It seems like we should just be able to perform the same kind of risk management in a healthcare environment as any normal IT environment. But if that's true, why has healthcare traditionally proven so difficult to secure? In this talk, Scope Security founder Mike Murray will discuss the unique security challenges across the increasingly complex healthcare environment, and present some directions for the industry going forward.

Bio: Mike Murray is the founder and CEO of Scope Security, the healthcare security company. At Scope, Murray builds on his nearly two decades of experience to solve critical security problems in healthcare. Prior to founding Scope, Murray served as the Chief Security Officer at Lookout, co-founded The Hacker Academy and MAD Security, and has held leadership positions at companies including nCircle Network Security, Liberty Mutual Insurance and Neohapsis.

2. Ali Khan - CISO at Better Mortgage
   Talk Title: Title: Let's talk real incidents
   Abstract: Many talks and presentations talk about best-practices and why you should do them, but rarely do they touch on actual consequences on not doing them. In this talk, Ali will open the kimono to reveal real incidents he has experienced across his career and the mitigation techniques employed. This talk will walk through several actual incidents that led to potential compromises. We will explore how they were allowed in the first place and then how teams prevented them from recurring. Expect to hear some interesting stories that include a mix of technical and general security theories and practical advice based on real world incidents

Speaker Ali has worked at several unicorn start-ups including Warby Parker and Rent The Runway in both an engineering and security capacity. In his role, Ali sets the strategic visions of the company's security team as well as staying hands on, directly working on incidents and threat mitigations.

3. Speaker: Jon Szymaniak, Principal Consultant, NCC Group
   Talk Title: Sinking U-Boots with Depthcharge: Effective Exploitation of Boot-Time Security Debt
   Abstract: A hardware hacker’s journey toward a rooted device typically includes only a brief sojourn within the U-Boot bootloader environment, which is often left unprotected and trivially abused. However, devices that attempt to bolt vendor-specific security mechanisms onto U-Boot offer exciting opportunities to pursue creative bypasses and explore under-appreciated U-Boot functionality. This talk details how clever abuses of various aspects of U-Boot, including commonly overlooked memory access primitives and exported data structures, can be leveraged to analyze and attack devices. We will explore these in the context of NCC Group’s recently released “Depthcharge” toolkit, complete with an example of its use in a tethered root of a smart speaker that leverages secure boot functionality.

Speaker Bio: Jon Szymaniak is Principal Security Consultant in NCC Group’s Hardware & Embedded Systems Services practice and a former embedded systems software engineer. Since joining NCC Group in 2016, Jon has conducted security assessments for a plethora of targets, including automotive ECUs, Android devices, “smart home” products, and boot ROMs. His areas of focus include U-Boot, Linux, Yocto, and firmware reverse engineering.