The Inaugural BSides South Florida Conference

Registration opens

Opening Remarks

Speaker: Barrett Lyon

Live Oak Pavilion - Opening Keynote

How a 20-year-old trust assumption in Apple’s networking stack enables denial-of-service across entire device fleets.

Over the past 6 months, Barrett worked with Apple’s Product Security team on a vulnerability I discovered in mDNSResponder, a core service used by most Apple platforms for AirDrop, AirPlay, Safari, and Bonjour-based networking.

The issue? A class-defining multicast DNS DoS (mDoS) which exploits Apple mDNS service to cause system-wide degradation across Apple devices on a shared LAN. Safari freezes, AirPlay disappears, CPUs spike, and devices become unresponsive, all without any authentication or direct targeting.

Join Barrett as he details his experience, Apples response, and demos bombdrop, the just released Apple mDNS exploit utility.

Speaker: Danay Fernandez

Building software that works is one thing, but building software that lasts under pressure and resists abuse is another. In this session, we explore how developers can adopt a secure software development lifecycle (SDLC) mindset without needing a dedicated security team.

Using a simple Bookstore API as a case study, we walk through common threats such as brute force login attempts, scraping, and denial of service spikes. Instead of coding from scratch, we review the security controls already built into the app including rate limiting, JSON Web Tokens, input validation, and safe update patterns. We then put the app through its paces with automated testing, performance stress tests using k6, and a dynamic scan using OWASP ZAP. Along the way, we discuss where developer-written protections end and where cloud-native defenses like WAFs or DDoS protection pick up.

This session is designed to be practical and approachable. You will see security and resilience concepts applied step by step on a working API, with clear takeaways you can apply to your own projects. Whether you are new to security or looking for a refresher on secure SDLC practices, you will leave with a roadmap for making your apps not just functional, but resilient.

Speaker: Felicita Sandoval

This session explores how to move beyond the “department of no” mentality and embed security as an enabler of innovation. We’ll introduce a practical Awareness–Ownership–Resilience (A-O-R) model for strengthening security culture, showing how organizations can progress from baseline awareness to true resilience. Along the way, we’ll highlight how workforce readiness directly supports technical strategies like Zero Trust, secure development, and incident response.

As AI reshapes the threat landscape with deepfakes, AI-driven phishing, and automated exploits, the urgency of workforce resilience has never been greater. At the same time, AI offers powerful opportunities for defense, detection, and productivity but only if employees are trained and prepared to use it safely. This session will share concrete strategies for embedding emerging technology training into the organization, from annual security refreshers to an “Emerging Tech Week” model that keeps teams ahead of fast-changing risks.

Speakers: Jairo Diaz and Ana Marinez

With modern development cycles relying heavily on automation, the CI/CD pipeline has become a prime target for attackers. In this session, we’ll dive deep into how to secure your GitHub CI/CD pipelines, both proactively and reactively, against the growing threat landscape.

The session is divided into two focused segments. In the first half, we’ll explore preventive strategies to strengthen your pipelines from the ground up. Topics include threat modeling and segmenting your GitHub CI/CD environment, reducing your attack surface through proven techniques for hardening and isolating self-hosted runners, governance controls for third-party actions and external dependencies and enforcing trust boundaries in repository access and contributions.

In the second half, we’ll shift to offense-informed defense — examining real-world attack techniques against CI/CD pipelines. From supply chain attacks through compromised GitHub Actions, to command injection in misconfigured runners, to secret exfiltration via malicious workflows. We’ll walk through how these threats unfold and the indicators they leave behind. The session concludes with actionable methods to implement detection logic, integrate security telemetry, and monitor pipelines for suspicious behavior.

Speaker:  Kavia Venkatesh

The rise of autonomous coding agents demands a new kind of application security leadership. This talk is for CISOs and security leaders ready to move beyond traditional code scanning and vulnerability checks. We'll explore how to strategically build and structure an AppSec team that governs the agentic development pipeline, establishes a risk framework for AI-generated code, and rethinks budgeting for a future where security is embedded in the very fabric of an organization's AI strategy.

Speaker: John Dilgen

This talk will explore advanced strategies for identifying and mitigating cyber threats through proactive threat actor and malicious infrastructure hunting. Attendees will learn how to track the actions of threat actors on the dark web, gaining insights into illicit forums and marketplaces to uncover emerging tactics and affiliations. The session will also cover techniques for monitoring ransomware-as-a-service (RaaS) group activity, including shifts in membership and operational changes following disbandment.

Additionally, we’ll discuss leveraging investigation telemetry to detect and analyze evolving tactics, techniques, and procedures (TTPs), enabling organizations to stay ahead of sophisticated cyber campaigns and strengthen their defenses.

Speaker: Steven Laino

Generative AI is rapidly transforming how organizations operate, yet most executives underestimate the security, compliance, and business risks tied to adoption. From employees experimenting with ChatGPT to enterprises building custom models on platforms like Amazon

Bedrock, the journey from consuming to customizing to creating, AI introduces escalating risk. Without governance, these tools can expose sensitive data, amplify compliance liabilities, and erode customer trust. In this session, Steven Laino, Principal Consultant and Founder of

Expert InfoSec, will present Securing the AI Journey: a C-level guide to responsible adoption.

A facilitated forum that brings together senior leaders and decision-makers from across industries to exchange ideas, share experiences, and discuss challenges in a collaborative setting. 

Topics announced soon.

Speakers: Kris Rides, Margarita Rivera, Johann Balaguer

Live Oak Pavilion

Curious about how to break into cybersecurity or take the leap into leadership. and maybe even the CISO seat? Join us for “Root to CISO – Let’s Talk Career Paths”, an interactive Q&A session hosted by Kris Rides, an SME in cybersecurity workforce development and staffing. Kris will be joined by two senior executive leaders to share their real-world journeys and answer your questions. This session is designed for everyone—from those looking to enter the industry to professionals aiming for executive roles. Expect candid advice, actionable insights, and practical strategies to

help you navigate your next career move.

Speaker: Craig Birch

AI doesn't break in. It logs in. As Microsoft Copilot and other AI tools are rolled out across the enterprise, attackers are already adapting. They are using AI to map out identity systems, escalate privileges, and take advantage of misconfigurations in Active Directory and Entra ID—at a speed that defenders are struggling to match. Identity is the new attack surface, and if it's not secured, AI will make existing gaps much worse.

This session looks at how AI is changing identity attacks. We’ll explore real techniques like prompt injection, permission abuse, model manipulation, and automated Graph API scanning that allow attackers to quietly gather intelligence and move laterally. Real-world incidents, including the tactics seen in the Midnight Blizzard breach, will show how this is already happening inside organizations.

Speaker: Dr. Natalie Johnson and Kendrick Washington

As cyber threats escalate and vulnerabilities multiply, the U.S. faces an unprecedented shortage of professionals trained to identify and remediate weaknesses before they are exploited. A bridge to addressing this paramount issue is the redesign of the status quo in the remediation of vulnerabilities, and the creation of something new that addresses vulnerability management as a discipline;the VOC is born. The Vulnerability Operations Center (VOC) at Palm Beach State College (PBSC) is the nation’s first academic program dedicated to closing this gap. This paper explores the pressing need to integrate vulnerability management education into academia as a strategic response to workforce demands and national cyber resilience. It presents the case for establishing a first-of-its-kind Vulnerability Operations Center (VOC) at Palm Beach State College (PBSC), which combines traditional cyber range capabilities with focused instruction on the vulnerability lifecycle. The initiative addresses skill gaps, supports specific protections geared to vulnerability management, aligns with established industry standards for enterprise vulnerability management, and aligns with industry frameworks such as NIST, NICE, and MITRE ATT&CK.

Speaker: Alejandro Herrera

Security teams are often expected to deliver results the moment issues surface in production. The reality is that confidence in production comes from preparation;doing the work in advance, testing, breaking, and fixing in an environment where the stakes are low. In other words, security success starts in the lab. 

This session explores how labs can serve as a proving ground for kubernetes, cloud, and DevOps security strategies. By taking ownership of the preparation phase, teams can safely replicate misconfigurations, test defenses, and validate what really works before it matters most. The lab becomes the place to practice, refine, and even fail so that production environments benefit from stronger, battle-tested professionals. Rather than overwhelming teams with theoretical best practices, this talk focuses on building a repeatable “lab-to-live” mindset. Attendees will learn how to turn lab insights into scalable workflows, reduce risk without slowing down delivery, and show up to production challenges already prepared.

Key Takeaways:

• Why preparation in the lab leads to confidence in production.
• How to design experiments that translate into real-world security improvements.
• The value of practicing and failing safely before prime time.
• A framework for turning lab insights into scalable, production-ready workflows.

Speakers: Claudia Martinez and Cynthia Carrasquillo

Cybersecurity maturity is often measured by the number of tools deployed, but the real differentiator is the quality of the processes that orchestrate people, data, and technology. Without engineered workflows, teams remain stuck in reactive firefighting, overwhelmed by alerts, compliance demands, and fragmented handoffs. To shift toward proactive, resilient security, organizations must embrace process engineering and align their practices with established frameworks. 

Attendees will learn the importance of maturing security processes as the foundation for building scalable, proactive programs. Aligning these processes with frameworks like the NIST Cybersecurity Framework and CIS Controls provides both structure and benchmarks for measuring governance and progress. These frameworks act as anchors, guiding process design while helping organizations track their maturity journey consistently. With well-engineered processes aligned to these frameworks, organizations can shift from activity-based metrics (like ticket counts or scan volume) to outcome-driven indicators such as time to contain, vulnerability remediation rates, and automation adoption, metrics that reveal inefficiencies, demonstrate risk reduction, and link security improvements directly to resilience and business value.

Speaker: Anshu Gupta

As AI systems become more powerful and context-aware, ensuring secure and reliable interaction with Large Language Models (LLMs) is paramount. Model Context Protocol (MCP) introduces a standardized interface that governs how models are prompted, contextualized, and deployed in real-world applications. This session explores the emerging security landscape of MCP, covering the potential risks introduced by context injection, prompt leakage, prompt chaining abuse, and data exfiltration through contextual inputs. Attendees will learn best practices for hardening MCP implementations across enterprise LLM stacks—whether proprietary or using API-based access like OpenAI, Anthropic, or Cohere.

From input validation and sandboxing to contextual trust boundaries, this session offers a strategic and technical roadmap to secure LLM interactions using MCP.

Key Takeaways:

• Understand the structure and components of the Model Context Protocol (MCP)
• Explore key threat vectors in context-driven LLM workflows
• Learn security best practices for MCP usage, including prompt hygiene, red teaming, and audit logging
• Dive into real-world attack scenarios such as indirect prompt injection and model manipulation via context chaining
• Recommendations for integrating MCP with existing AppSec and SOC workflows

Speaker: Scott Schwartz

Cybersecurity is no longer just a technical problem. It is a boardroom priority that impacts financial stability, regulatory compliance, and organizational resilience. Yet many security leaders still struggle to translate complex technical threats into meaningful business language that drives informed decision-making. This session will explore practical strategies for bridging the communication gap between cybersecurity professionals and executive boards. Drawing on two decades of legal, governance, and cybersecurity experience, I will share proven frameworks for reframing technical risks into business outcomes, regulatory obligations, and strategic priorities that resonate with directors and senior executives. 

Key discussion points include:

• Why boards care about cyber in terms of fiduciary duty, liability, and reputation.
• How to craft risk narratives that link vulnerabilities and incidents to business impact.
• Using regulatory drivers (SEC rules, GDPR, NIS2) as opportunities to strengthen board engagement.
• Leveraging real-world examples where clear communication helped secure funding, alignment, and resilience.

Speaker: Joe DiNicola

Using technical case examples, this talk highlights techniques attackers use to manipulate GenAI tools such as chatbots into revealing sensitive information. These include appeals to GenAI’s human-like desire to “get along” and “help” and its propensity to become “distracted” or “intimidated” if competing or forceful requests occur. Then, this talk will then showcase how these techniques are used to supercharge common intrusion tactics such as prompt injection, command injection and privilege escalation during the initial access and exploitation phase of an adversary’s attack path.

Attendees will take away a clear understanding of common methods used by adversaries to manipulate GenAI tools and bypass existing controls, with tactical guidance on how to identify and prevent these issues throughout the AI lifecycle.

Speaker: Kurtis Minder

Does paying cyber ransoms have a geo-political impact? We have long believed that ransomware attacks have had an impact on U.S. national security from a data theft, operational impact, and financial perspective. However, what if paying the ransom also fueled war crimes? In this session, renowned crypto intelligence expert Paul Marrinan and respected ransomware responder Kurtis Minder show crypto-tracing evidence to support the possibility that foreign countries are using ransoms to fund wars and terrorist activities.

Speakers: Sanjay Deo

Join Sanjay Deo, Board Member of the InfraGard South Florida Members Alliance, in conversation with a Special Agent from the FBI as they discuss today's perspectives on Cyber Resilience.

• Current and emerging trends in the cyber threat landscape
• The role of collaboration across industries and sectors in strengthening defenses
• FBI perspectives regarding cyber-related threats and how the FBI can/should be part of an organization’s cyber incident response and what to expect from them during its investigation of a cyber incident.
• Insights on The FBI’s private sector partnership program, such as InfraGard, and it’s benefits
• Practical approaches organizations can apply to improve cyber resilience

Evening networking reception.