Workshop #1:
Practical Intrusion Analysis:
Investigating Real-World Intrusions with Kostas

This workshop provides an in-depth exploration of Digital Forensics and Incident Response (DFIR) through interactive, cloud-based labs. Participants will have access to a wide array of logs, including system, network, and memory data, to explore and investigate. The session emphasizes practical skills in analyzing and responding to cybersecurity threats using tools like Elasticsearch and Kibana. Attendees will experience the power of interactive dashboards and visualizations, along with the ability to search through raw data in Elasticsearch. This hands-on approach ensures a comprehensive understanding of digital forensics, equipping participants to tackle real-world security challenges effectively.

Workshop participants will require a laptop that can support a modern web browser. Tools utilized as part of the workshop will be cloud-based and accessed through the browser. 

May 26, 10:30-5:00

Room 2200

Sign up for the waitlist here:


Kostas is a security researcher with over 7 years of experience in threat identification, research, and threat intelligence. With a strong foundation in incident response, he is skilled in intrusion analysis and threat hunting. Beyond his professional role, Kostas dedicates his time to the information security community, producing free threat intelligence reports, where he offers insights into real-world intrusion cases.

Twitter/ X @kostastsale


Workshop #2:
Cloud Access Control with Colin and Brad

If your workload already lives on AWS, then there is a high chance that some temporary AWS credentials have been securely distributed to perform needed tasks. But what happens when your workload is on premises? In this workshop, learn how to use AWS Identity and Access Management (IAM) Roles Anywhere. Start from the basics and create the necessary steps to learn how to use your applications outside of AWS in a safe way using IAM Roles Anywhere in practice.

May 26, 10:00-12:00

Room 2245

Colin Igbokwe

Sr. Security Solution Architect

Colin's background is in Offensive Cybersecurity. He is passionate about spending time with his three kids and helping customers with security strategies, ransomware mitigation tactics and assessments, and designing secure architectures using best practices and various security services available at AWS.


Brad Burnett

Brad is a Security Specialist Solutions Architect focused on Identity. Before AWS, he worked as a Linux Systems Administrator and Incident Responder. When he isn’t helping customers design robust and secure Identity solutions, Brad can be found sharpening his offensive security skills or playing card games.



Workshop #3:
Unveiling Cyber-Criminal Actions:
The Art of Battlefield Forensics and Incident Response with Anna and Neumann

The course "Unveiling cyber-criminal actions: The Art of Battlefield Forensics and Incident Response" covers essential topics in digital forensics, emphasizing the importance of understanding intake/collection processes and their impact on case outcomes. It highlights the significance of acquiring memory and detecting encryption. Specialization options and methods for diving deeper into the field are discussed.

Students learn about file systems, metadata, evidence formats, and scene management for effective evidence acquisition. Acquisition hardware and software, including live response and dead box methods, are explored. Various acquisition methodologies, such as accessing devices and interacting with data, are covered. Hands-on labs demonstrate live response, dead box acquisition, and triage collection.

Further topics include memory acquisition, encryption checking, host-based live acquisition, dead box acquisition, rapid triage with tools like KAPE, file and stream recovery, advanced data carving, and OSINT for threat intelligence gathering. Throughout the course, students gain practical skills in evidence acquisition and analysis critical for digital forensic investigations.

May 26, 12:45-5:00

Room 2245

Sign up for the waitlist here:

Anna Truss

Anna Truss is a highly skilled and respected professional in the field of digital forensics. With extensive experience as a forensic practitioner and trainer, Anna has made significant contributions to the examination and analysis of digital data. Anna has over 2 decades of IT experience and over 15 years of experience in digital forensics and cybersecurity. Anna is also a Founder and CEO of DefSec LLC, which offers cyber incident response and digital forensics services. Anna’s meticulous approach to digital forensics allows her to uncover crucial evidence that can be instrumental in criminal investigations, fraud cases, and cybersecurity incidents. She possesses a deep understanding of forensic tools and methodologies, staying abreast of the latest advancements in technology and digital forensic practices. In addition to her work as an examiner, Anna is also a dedicated trainer, sharing her knowledge and expertise with aspiring forensic professionals. Through workshops, seminars, and training programs, she imparts valuable skills in digital investigation, evidence preservation, and the interpretation of digital artifacts. Anna is a volunteer and trainer for IACIS, where she is a chair/developer/trainer for the Applied Scripting Forensics Techniques course and a developer/trainer for the Mobile Device Forensics course. She also teaches cyber security, web development and scripting courses at several colleges in the USA and serves as a senior course developer and trainer for Spyder Forensics. Anna Truss’s commitment to her field, her unwavering attention to detail, and her passion for training others make her a prominent figure in the realm of digital forensics. Her contributions continue to have a significant impact on the field, enhancing the capabilities of investigators and ensuring justice in the digital age.


Neumann Lim

Neumann Lim is a manager at Odlum Brown where he leads the defense against criminals and state sponsored actors targeting the financial industry. Prior to this role, Neumann spent several years working with large enterprises and governments specializing in digital forensics and incident response investigating some of Canada’s largest data breaches from 2018-2023.

With more than 15 years of infosec experience, he has delivered numerous cyber risk assessments, coordinated national incident responses across multiple industries. Neumann has been invited to share his research and thought leadership at many security conferences such as Grayhat Con, DefCon BlueTeam Village, HTCIA, BSides, Toronto CISO Summit and CCTX.


Workshop #4:
CodeQL  with Chanel

CodeQL is an open-source static analysis tool that can be used to find vulnerabilities, anti-patterns, code smells, and other interesting patterns in your codebases. Code patterns are abstracted into language specific queries that can be used to scan across many repositories for QA, research, and variant hunt purposes with the option to integrate as part of your CI/CD pipeline. CodeQL is powerful and extensible, with many included queries as well as a query language that allows a query author to write their own. In this workshop we’ll write queries for three C# vulnerabilities: BinaryFormatter deserialization of untrusted data, use of the weak hash SHA1, and creation of a Weak RSA Key. This workshop focuses on C# but the concepts are applicable to any other language that CodeQL supports. 

By the end of this presentation, participants will be able to author their own queries, become familiar with the features of the CodeQL VSCode extension, and understand how to model dataflow in CodeQL. 

May 26, 11:00-1:00

Room 2250

Chanel young

Chanel Young is a software engineer on the CodeQL team at Microsoft Security. In this role she writes and maintains rules to hunt for anti-patterns and vulnerabilities, and helps teams across the company adopt and use CodeQL to its full potential. 



Workshop #5:

The Art of OSINT: Techniques and Tools Revealed with Ritu

* Introduction to OSINT: Understand its importance and considerations.

* Search Techniques: Learn methods for gathering data efficiently.

* Geolocation and Image Analysis: Explore extracting intelligence from images and geolocation data.

* Saving Online Content: Discover tools and techniques for archiving and organizing online information.

* OSINT Resources: Explore valuable online tools for OSINT.

May 26, 2:00-4:00

Room 2250

Sign up for the waitlist here:

ritu gill

Ritu Gill is an Intelligence Analyst with over 16 years of experience working in open-source intelligence (OSINT). After a 12-year career with the Royal Canadian Mounted Police (RCMP), Ritu set up a consulting business providing OSINT training and research to law enforcement and related entities across North America. In 2023 Ritu Co-founded, Forensic OSINT, a screen capture tool.

Ritu holds a Bachelor’s Degree in Criminology from Kwantlen Polytechnic University, and is actively involved in the OSINT community.




Workshop #6:
Practical Threat Modelling with Amiran

Threat modelling is considered to be a critical component of Secure Software Development Lifecycle (S-SDLC) as evidenced by the fact that it’s included in most S-SDLC methodologies (see Microsoft SDL or OWASP Secure Software Development Lifecycle Project, for example). There’s a ton of information available on threat modelling, though most of it seems to be focused on explaining the importance of it, or where it should fit within S-SDLC, not so much on practical aspects of how it can be done. This workshop presents a practical collaborative approach to threat modelling with focus on applicability to Agile teams of various scales. We’ll spend a bit of time on threat modelling overview, but the majority of the workshop will be dedicated to going through an example threat modelling session and creating a sample threat model. You might be interested in this workshop if you are a security engineer, software engineer, engineering manager, or product manager. There are no prerequisites, but you are expected to actively participate.

May 26, 10:00-12:00

Room 2270

Workshop #7:
Docker for Security Use Cases Workshop with Amiran

Docker has gained immense popularity among development and SRE teams for allowing consistency across development/test/prod environments, and enabling immutable infrastructure and higher compute density. As security professionals, it helps to understand how Docker works to be able to secure our workloads. At the same time, there are a number of use cases where Docker makes our lives easier as well.

In this workshop we'll get our feet wet with Docker:

- Explore the basics of Docker and how it works

- Work through  a number of security-relevant use cases: exploring different OS distros, running containerized security tools, building custom images, scanning Docker images for CVEs and secrets, image structure and manual introspection.


- Laptop with Docker installed. Docker Desktop recommended, but Docker Engine should work too.

May 26, 12:45-5:00

Room 2270

Amiran Alavidze

Amiran is currently Director of Security Engineering at Zello, an Austin, TX based SaaS company making popular push-to-talk app. With over 20 years in information security in roles ranging from system engineering and security operations to governance, risk and compliance, Amiran is advocating a pragmatic, business-focused approach to security.

Security is not just a job, it’s a passion.

Workshop #8:
Threat Modeling 101 - Burn Risks, Not Hope
with Jeevan and Bhawandeep

Threat Modeling is the best way to discover and remediate threats in your system before they are even created. If done correctly, it is one of the most impactful security programs that you can run within your organization.

In the Security Industry, threat modeling has been misunderstood and many security folks are afraid to carry out a threat model. While it is commonly performed by Application Security or Cloud Security professionals, threat modeling can be done by anyone.

This hands-on workshop will cover the threat modeling workflow and common classes of vulnerabilities in a way that is easy to understand. You will also walk through many hands-on threat modeling examples to ensure that you will be empowered to discover threats in your systems.

May 26, 10:00-2:15

Room 2945

Jeevan Singh

Jeevan Singh is the Director of Security Engineering at Rippling, where he is embedding security into all aspects of the software development process. Jeevan enjoys building security culture within organizations and educating staff on security best practices. Jeevan is responsible for a wide variety of tasks including architecting security solutions, working with development teams to resolve security vulnerabilities and building out security features. Before life in the security space, Jeevan had a wide variety of development and leadership roles over the past 15 years.

Bhawandeep Kambo

Bhawandeep is a Product Security Engineer at Twilio and is responsible for initiatives like Security Tooling, Security Metrics and Security Architectural Reviews. Bhawandeep builds security products and has embedded with engineering teams to get their functionality in a good secure space. Before his time on the Security Engineering team, Bhawandeep had a number of roles within the Development space. When Bhawandeep is not working, you can find him outdoors, either hiking, camping or cycling.


Workshop #9:
Precision Threat Hunting:
Unveiling Adversary Infrastructure using Free and Open Source Tools with Greg

This workshop is designed to teach participants techniques and methodologies for discovering and analyzing digital infrastructure utilized by cyber adversaries. It will focus on leveraging publicly available, open-source intelligence (OSINT) tools and resources to systematically uncover and map the network assets of potential cyber threats.

We will start with a brief discussion of the types of digital assets (such as servers, domains and IP addresses) commonly used by adversaries and their purposes in cyber operations. We will then introduce some of the free and open source tools that are readily available to conduct tactical threat hunting. We’ll conclude with several exercises using multiple tools for participants to gain proficiency discovering active adversary infrastructure and turning it into actionable intelligence.

The workshop will include hands-on exercises using free and open source tools such as Shodan, Censys, and to identify and analyze malicious infrastructure linked to a range of malware (stealer, botnet, RAT, etc.) families and command-and-control (C2) frameworks such as Cobalt Strike.

May 26, 2:30-4:30

Room 2945

greg leah

Greg Leah is the Founder of PrecisionSec, a Threat Intelligence startup based in Victoria, British Columbia. Drawing on over 15 years of experience in the security industry, Greg has gained a wide range of expertise ranging from reverse engineering and creating complex malware detections for several top-tier antivirus vendors to leading a professional services team that offered highly-targeted intelligence reporting.

At PrecisionSec, Greg designs and builds automated systems for threat hunting and threat intelligence collections, leveraging his extensive experience with large-scale malware analysis pipelines and malicious infrastructure monitoring.