• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Whenever you search in PBworks or on the Web, Dokkio Sidebar (from the makers of PBworks) will run the same search in your Drive, Dropbox, OneDrive, Gmail, Slack, and browsed web pages. Now you can find what you're looking for wherever it lives. Try Dokkio Sidebar for free.


BSides NOLA 2023 Runbook

GET Tickets Here





Track Details

Track 1 Upstairs in Atrium – Tracks 2 and 3 Downstairs

8 AM

Registration Starts

Main Hall

9-10 AM


10-11 AM


11-11:15 AM


Track 1

Track 2

Track 3






Noon Lunch and Talk


Track 1 “30 min Quick Tracks”

Track 2

Track 3

1-1:25 PM




1-1:55 PM


2-2:25 PM






2:30-2:55 PM


3 PM

Ask Me Anything with Jack and Winn

4 PM

CISO Series Live Podcast Recording


5 PM

Happy Hour – Sponsored By Polyswarm / Avexon Security / Obsidian

Presentation Summaries 

Main Hall Sessions

What a lovely handbasket, I wonder where we're going? – Jack Daniel

Back to Program Guide

To understand where we're going, we need to understand where we've been. In this presentation Jack will look back at some of the people and ideas which launched and accelerated the field of information and cyber security, with a brief detour to look back at the history of Security BSides. From there, Jack will discuss the current state of the universe, and venture some wild guesses as to what we can expect in the future. (Hint: objects in the mirror are closer than they appear).


Security and Privacy in the Metaverse – Winn Schwartau

Back to Program Guide 

A long time ago, on June 27, 1991, I testified before the US Congress and warned that the then-emerging internet was ripe for Cyberterrorism, Cyberwar, Cybercrime, the loss of privacy, and a potential Electronic Pearl Harbor. I called it Information Warfare.

A Congressman asked me that day, “Mr. Schwartau, why would the bad guys ever want to use the internet?” Today, “Mr. Schwartau, why would the bad guys ever want to use the metaverse?”


Tens of billions of dollars and euros are being spent by global technology giants to digitally terraform the first generation of simulations; multi-user interactive virtual worlds with varying degrees of immersion, meant to captivate hundreds of millions of people. Meant to influence them with new realities. Meant to create virtual worlds that addicts its citizens through compelling reward-based realism. The metaverse is the greatest reality distortion machine ever conceived; just a vastly more sophisticated form of information warfare.


And how do those massive capabilities affect the Security & Privacy of those who choose to enter the metaverse? Advanced yet-to-be-developed technologies, highly enhanced surveillance capitalism, behavioral monitoring, reality influence?  What content is acceptable or not? Some folks are going to be very uncomfortable.


Technologists and Policy-makers and citizens alike need to be aware of and seriously address these complex and potentially divisive issues sooner than later:


What has Schwartau come up with this time, 30 some years later?


It’s called Metawar:


Be prepared to be VERY AFRAID

Achieving SOC-cess: Metrics and How to Communicate Them – Ben Smith

Back to Program Guide

Almost all security operations centers (SOCs) leverage security-focused metrics as a means to measure and improve on existing processes and workflows. These metrics may also be used, directly or indirectly, as part of any future budgetary discussions which might impact you and your extended team. So, when it comes to information security, it’s important to measure the right things, and to effectively communicate those things to the right audience(s).


But what many of us don't realize is that some metrics are appropriate for managing the day-to-day responsibilities of an operational team, and other (completely different!) metrics are more appropriate for consumption by your internal sponsor or upstream executive.

Understanding the needs and goals of your metrics audience can be even more important than the metrics themselves!


Join this session for advice and ideas not only about which metrics tend to be effective in strengthening your team, but also how to communicate those metrics properly for maximum beneficial effect within your organization. The session will close with three book recommendations as well.


Talk Tracks (Alphabetical)

5 Critical Controls - A Roadmap for Improving Industrial Cybersecurity – Miriam Lorbert

Back to Program Guide

The Cybersecurity and Infrastructure Security Agency (CISA) has defined “16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” These sectors span our drinking water, the gas we put in our vehicles, and the electricity we use.


The network architecture for these critical sectors was built rudimentarily and requires a bolt-on cybersecurity approach many years later. Most policies, processes, and procedures for the cybersecurity of our critical infrastructure are still being developed. Throughout this session, I will introduce industrial environments and their cybersecurity risks and provide 5 critical areas as a roadmap to improve operational resiliency.


Corporate America Vs Cyber Criminal organization…is it that much of a different between the two? – Tasha Holloway

Back to Program Guide

Come travel down the rabbit hole as we challenge your perception of a how cybercrime organizations operate vs how they actually look. You would be surprised of how comparable it is to your typical organization in corporate America.


Defending Against Secret Sprawl Across the Cloud – Rohan Sathe

Back to Program Guide

Increasingly, companies are using tools such as Snyk and GitHub Advanced Security to ensure they are not committing Secrets and Keys in their repos. However, a recent analysis of Nightfall’s customers across millions of items of data found that credentials such as Active AWS Keys are 5x more likely to be found exposed in cloud apps such as Jira than in GitHub, highlighting the growing need to protect data outside of Dev Ops tools. In this talk Rohan Sathe, Nightfall’s CTO, will show attendees where Secrets are most likely exposed, how to build a data protection program to effectively identify these secrets (whilst minimizing false positives), and how to best protect these secrets without impacting employee productivity.



Back to Program Guide

In today’s world, data has become one of the most valuable assets that a business has. Safeguarding that sensitive data is every security team’s top priority, but changes in the perimeter have challenged teams to evolve their approaches to enterprise security. Today, the widespread adoption of cloud-based infrastructure and applications has once again changed the perimeter. The proliferation of software as a service (SaaS) solutions presents a particularly pronounced challenge for security teams, as the number of discrete applications containing business-critical data continues to grow. In this presentation you will learn about the approach to SaaS security necessary and the reasons you need it.

Going from Surviving to Thriving in This Unforgiving Industry – Kayley Melton

Back to Program Guide

The Infosec world is certainly easier to break into nowadays than it used to be, yet it can still prove daunting and ruthless. This is especially true for those of us facing additional challenges which can serve as further barriers to entry. In this talk, Kayley will discuss their experience escaping generational poverty with an executive career in cybersecurity, overcoming many pitfalls (including discrimination and disabilities) along the way. You’ll walk away with resources and inspiration to forge your own path in spite of any odds standing in the way!

Industrial Operations Need a Cyber-physical Risk-based Approach - Michelle Balderson and Eric Bell

Back to Program Guide

As our world becomes increasingly digitized, we are relying more and more on operational technology (OT) control systems to keep critical infrastructure running. However, as these systems become more connected, the attack surface grows exponentially.

We security ninjas monitor these environments, but often find ourself drowning in logs and alerts. We need a Security Information and Event Management (SIEM) specifically tailored to our domain that focuses on risk.

In this talk, we will explore the benefits of implementing a risk management platform with multiple data ingestion points to improve visibility into network activity, and provide operational context. Resulting in faster response times to potential security incidents, and the ability to meet compliance requirements.

Finally, we will discuss the challenges that organizations may face when implementing such a system, and the complexity of the technology.

 “More tales from the Crypt….Analyst” – JeFF MaN

Back to Program Guide

We are so sorry that Tasha was not able to make the trip this year and hope to have her down soon. Jeff Mann has agreed to step in with some tales from the NSA ….”The Pit”. Thanks Jeff

Navigating Your Career by Pirogue – Jim Schneider and Tristan Roberts

 Back to Program Guide

As you skim across the shallow swamps in South Louisiana, are you wondering, “What is the state of tech jobs in 2023?” Need ideas on how to think about launching your career? What direction should you take and what should you expect along the way? Let’s discuss practical ideas for your career success!


OSINT -  How to use it in our favor – Nathalia Soares

Back to Program Guide 

Many daily activities, such as sales transactions, job searching, and work meetings, occur online and via phone. This occurrence is all thanks to the popularization of remote working and social media. Technology has improved and made our lives easier, but this convenience also has a dark side. For example, individuals can hide behind fake/anonymous/pseudonymous profiles on social networks, create scams, steal identities, and much more. This issue can lead to fake news, data leaks, or stolen identity theft. The list goes on. Open-Source Intelligence Techniques (OSINT) intend to aid the reconnaissance of a target, whether for penetration tests or post-mortem cases. Knowing your target will make your attack or mitigation against malicious authors much more effective. This lecture presents what OSINT is, why it is important, and how it can be used to conduct an investigation using open-source information.


Policy, Governance and Compliance: How Cyber Attacks are Driving Change - Burton Maben

Back to Program Guide

Statutory compliance driven by government mandates, insurance regulations or a combination of both will be forcing SMB's to not only update current EUP policies, but to also rethink technology purchases that are designed to enforce and audit policy compliance. Our discussion will center around how SMB's can successfully navigate these changes though the use of automation without breaking the bank and/or disrupting their business operations.


Sifting through Memory for Game Assets - Adam Pridgen

 Back to Program Guide

As parents and consumers, we love games. Online games have exploded over the last two decades, because they offer a casual or competitive way to be social doing the things we love. But what's going on in there? What does this portal to entertainment hold under the covers? Is there any relevant value for forensics or other activities? The answer is yes, probably. This talk will provide an overview of online gaming platforms, and it will provide opportunities for further research when we want to take our gaming skills to the next level. This research is still a work in progress.


Vibing with Vulnerabilities – Nivi Murthy

 Back to Program Guide

There is always stress around a vulnerability’s discovery. How did it occur? What is the vulnerability? How do I fix it? How can I avoid it?  Application teams need to scramble to patch or, more importantly get it out of the way. Security teams must understand its impact and specific pain points. In this session the speaker will guide though a vulnerability’s lifecycle, starting from Discovery to Post Remediation RCA.


Jack Daniel

 Back to Program Guide

Jack Daniel is a storyteller, blacksmith, luthier, woodcarver, comic, bartender, and motorcyclist. In other words, Jack is retired. Jack is also a community builder and historian, he is a co-founder of Security BSides and the creator of the Shoulders of InfoSec Project. In a past life, he added things like technologist, security professional, admin, podcaster, and blogger to his bio, but no longer. Jack also used to list things like jobs, such as the many he held at Tenable before retiring. He has over 20 years' experience in network and system administration and security, and has worked in a variety of practitioner and management positions. Jack used to put letters after his name, but he doesn't anymore; some fell off, others were pushed. Now he just worries about people putting the letters “deceased” after his name.

Winn Schwartau

 Back to Program Guide

Winn Schwartau has lived cybersecurity since 1983 and his predictions about the Internet and security have been scarily spot on. He coined “Electronic Pearl Harbor” before Congress in 1991. His 1993 seminal book “Information Warfare” described cyberwar and cyber-terrorism as we see it today. In 1996 he was dubbed the “Civilian Architect of Information Warfare” by Commodore Pat Tyrrell OBE Royal Navy, UK. His last book, “Analogue Network Security” hybridizes analog and digital security. “The Best Cybersecurity Book of All Time,” Cyber Defense Magazine. His newest book “The Art & Science of Metawar” addresses conflict in the metaverse. Winn is a Fellow at the Royal Society of the Arts, a Distinguished Fellow at the Ponemon Institute, and an inductee at the ISSA Int’l Security Hall of Fame.

Ben Smith

 Back to Program Guide

Ben Smith is Field Chief Technology Officer with NetWitness. He brings more than 25 years’ experience in the information security, risk management, networking and telecommunications industries; his prior employers include RSA Security, UUNET, and the US Government, along with several technology startups. Smith holds industry certifications in information security (CCISO, CISSP), risk management (CRISC), and privacy (CIPT); he is an acknowledged contributor to NIST SP 1800-1, -3, and -7 and he chairs the Cybersecurity Canon Project. He is a patent holder, a published contributor of four of the “97 Things Every Information Security Professional Should Know” [O'Reilly, 2021] and previously served as a corporate representative to the National Cybersecurity Center of Excellence (NCCoE). Smith has presented internationally at cybersecurity events sponsored by Gartner, FS-ISAC, SANS, IANS, CERT/SEI, RSA Conference, ISSA, (ISC)2, ISACA, Infosecurity, BSides, ASIS, InfraGard, HTCIA, SecureWorld, ISMG, SC Media, SIRA, RMA, IIA, MWCA, ICI and other organizations.

Adam Pridgen

 Back to Program Guide

Adam Pridgen is a security professional. He has worked in a number of different roles and verticals. He has also contributed ideas and code to a variety of projects

Burton Maben

 Back to Program Guide

Burton Maben is the CEO and Founder of Creative Cyber Management, a Louisiana based cyber security consulting firm that specializes in comprehensive cyber security solutions for small and medium sized businesses including non-profits. Burton's business operations have been based out of Belle Chasse, Louisiana since 2001 and include the software development company Quickattend, LLC as well as, New Orleans Karate Institute, Inc. Burton has a Master's Degree in Political Economics from the University of Rochester and is the former Director of Development for the Housing Authority of New Orleans, Senior Economist at the City of Detroit and Program Director for New York City's Housing Preservation and Development.

Eric Bell

 Back to Program Guide

Eric Bell is a modern day McGuyver ('80s kids will get that, everyone else... use Google) with decades of hands-on experience. His knowledge and experience ranges from POTS and packet wrangling to Sales Engineering. He is a friendly guy with a beard and quirky sense of humor.

You'll like him

Jeff Man

Back to Program Guide

The speaker was a founding member of NSA's first Red Team, known as "the Pit". Learn about the formation of the team, engagement methodologies, and how we learned to navigate the politics, bureaucracy, and reticence of NSA. Hear war stories from the early days of vulnerability & threat assessment at NSA and see how this industry and the practice of penetration testing has evolved over the past 30 years.

Jim Schneider

 Back to Program Guide

Jim Schneider, CPA, CIA serves as the President & Managing Partner at The Personnel Consulting Group. Prior to his 6 years as a recruiter at PCG, Jim served as an auditor with Big 4 and regional firms, in addition to years of industry accounting as a controller. Jim is responsible for supervising the accounting & technology recruitment divisions of PCG while also being responsible for the day-to-day management of the firm.

Jim is currently President-Elect of the New Orleans Chapter of the La Society of CPAs, serves on the advisory board for the LSU Department of Accounting, the board of the New Orleans Chapter of the Inst. of Internal Auditors, and is on the membership committee of the Construction Finance Management Association.

Kayley Melton

 Back to Program Guide

Kaley Melton, SACP has been part of the cybersecurity awareness industry for more than a decade, spending most of those years creating effective, best-in-class training programs on a global scale. Currently an executive for KnowBe4, they are known for their exemplary leadership, visionary strategy, and vital initiatives such as educational gaming. In addition to their professional career, Melton leads a double life as an artist, and is a published illustrator in esteemed books by infosec industry legend Winn Schwartau.

Larci Robertson

 Back to Program Guide

Larci has over 20 years in Threat Intelligence and Information Technology/Cybersecurity roles.

She started her career at NSA as a Navy Cryptologic Technician (CTR) doing signals Intelligence (SIGINT) collection on ships as well as the working at the Navy Cyber Defense Operations Command. Her Navy career led her to other technology roles in the defense sector before landing in corporate America. She held roles as a CTI analyst for PepsiCo, CTI Sr Manager at Epsilon and as a GRC Sr Project Manager at McKesson before jumping to the dark side of sales as an Sales Engineer at Cybereason and now Obsidian Security. She is the Board President of the of Security (WoSEC) Organization and the Dallas Chapter Lead.

Michelle Balderson

 Back to Program Guide

Michelle is a force to be reckoned with, her expertise has helped deploy cybersecurity solutions for IT and OT organizations globally. As a seasoned professional with unmatched technical acumen, she's shaking up the Corporate standard for what an executive should be.

In fact, as a Global Security Executive at OTORIO, her approach to security is anything but standard. She's known for her savvy insights that go well beyond simple technology discussions.

Miriam Lorbert

Back to Program Guide

Miriam Lorbert is a Senior Industrial Consultant at the industrial cybersecurity company Dragos, where she leads professional services teams in conducting network and vulnerability assessments.

Before joining Dragos, Miriam started her career as an Instrumentation Electrical Engineer and then developed into the Control Systems and Network Security position in Oil & Gas. Her operational technology work inspired her to make a career shift, pursue her Master's, and focus entirely on Industrial Cybersecurity.

Miriam enjoys exploring different cities by way of food, spending time with family, Formula One, and puzzles.

Nathalia Soares

 Back to Program Guide

Master`s Student at Louisiana State University

Nivedita Murthy

 Back to Program Guide

Nivedita Murthy is an Associate Principal Consultant at Synopsys. She has been in the AppSec field for 14 years with experience in handling projects in various domains. Before helping clients with maturing their AppSec programs and driving DevSecOps implementation, she dabbled primarily in source code reviews, pen testing, vulnerability management and information security policy implementation for Synopsys customers.

Rohan Sathe

 Back to Program Guide

Rohan is the CTO and Head of R&D at Nightfall. He co-founded the company in 2018 with Isaac Madan. Nightfall is a Series B Cloud Data Leak Prevention company that has raised 60M from leading investors such as Bain Capital Ventures and Venrock. Rohan was one of the founding engineers at Uber Eats, where he designed and built software to grow the platform’s footprint. Nightfall was founded based on Rohan's personal experiences with data breaches arising from poor data security hygiene. Rohan was at Uber in 2016 when a developer committed credentials to a private code repository on GitHub, leading a hacker to extract Uber rider and driver data to a public storage service. Nightfall's platform is designed to find, classify and protect sensitive data such as credentials stored on cloud applications such as Slack and Jira. Currently working with hundreds of leading organizations such as Exabeam, Splunk, and Kandji - Nightfall is the market leader in Cloud Data Leak Prevention.

Tasha Holloway

 Back to Program Guide

Tasha is a self-proclaimed Cybersecurity Nerd on a quest to take over the world.She has a diverse background. Holding a BS in Business, she began her career primarily in Sales and E-commerce. She then transitioned into IT before falling in love with Offensive Security

She has exceptional analytical and problem-solving skills and thrived in working within a matrix structure while navigating various information technology domains. She is committed to continuous learning, constantly seeking out new knowledge and skills to improve her craft.

As an active member of multiple cybersecurity organizations (holding several Board roles), Tasha attends conferences and events regularly to stay current on the latest trends and technologies. She understands the importance of networking and branding and is dedicated to giving back to the cybersecurity community. She hosts cybersecurity discussions on LinkedIn and Clubhouse, providing a platform for others to learn and grow in the industry. She never misses an opportunity to ""nerdout"" with other tech nerds.

Through her expertise, leadership in the field, and community involvement, Tasha is helping to shape the future of cybersecurity and redefine what it means to be a professional in the industry.

Tristan Roberts

 Back to Program Guide

hails from the capital city of Baton Rouge, LA. After graduating from The Dunham School, he attended Louisiana State University where he received his Bachelor’s degree in Business Administration in 2006 with Cum Laude honors. Following his undergraduate experience, he earned his Master’s of Business Administration from the LSU Flores MBA Program also with honors.

In 2011, Tristan married his wife Molly and moved to Houston to begin his professional career in strategic analytics and management in a Fortune 500 environmental and infrastructure organization and later in multifamily real estate. In 2015, Tristan and his wife welcomed their first child and moved back to Louisiana to be closer to family. Since then, Tristan has worked in varied industry including multifamily and commercial real estate, consumer packaged goods, supply chain, manufacturing, and oil and gas. Over this time, he built his network and learned critical principles of organizational behavior and best practices in data analytics and strategic business management.

Comments (0)

You don't have permission to comment on this page.