Joey White
Enterprise Architect & Security Architect at BCBSKS
Phoenix, Arizona, United States
Actions
Relevant work experience: 20+ years enterprise security experience
Education/Work History: 15+ years at Blue Cross and Blue Shield of Kansas including network admin, incident response, threat hunting, firewall admin, third party risk, red team, appsec team, security architecture, enterprise architecture, etc.
Passions: Experience volunteering with ARIN and IETF. Playing tabletop board games.
Area of Expertise
Topics
Hack your smart home first - Finding the mobile APIs
The majority of smart home solutions begin with downloading a mobile app to manage the smart home products. The mobile apps controlling the smart homes may provide convenience to quickly manage the security camera, garage door, house alarm, etc. However, do they hold up against modern malicious actors?
We can confirm the security of these mobile apps with open source tools to guide our security testing. Just as Metasploit brought us convenience in security testing, we now have mobile security testing tools like MobSF, Genymotion, Burp Suite, Postman, JADX, APKLeaks, etc.
In this presentation, I will outline a process to utilize the various tools to evaluate smart home products. I will review the process and details discovered during my testing of the smart home products in my house.
This presentation will focus on mobile apps as well as the APIs involved. API security testing requires more custom testing. We have some automated testing features but there is plenty of hunting needed for API testing.
How D&D DMing Prepared Me for an InfoSec Manager Role
Description: This last year my role changed to a manager. I noticed the manager experience matched a lot of the skills I developed being a dungeon master for D&D games. The InfoSec team needs to be compatible and collaborative; just like a D&D party needs to become cohesive. A DM can enhance the cohesiveness of the D&D party, just like a manager can build the collaboration of the InfoSec team.
A DM can provide unique challenges to thrill and excite. An InfoSec manager can align team assignments to generate interest and enthusiasm. Both a DM and a manager have to prepare; put in extra work to ensure a clear vision leads the group.
Everyone encounters challenges and drama. InfoSec sees new vulnerabilities, determined adversaries, and a flood of IOCs. Whereas the D&D party sees nat ones and critical hits.
This talk will cover various skills useful to InfoSec in general and management. I look forward to discussing both my career and my hobby.
This will be the sixth time I presented security content at security conventions. I presented “Hack Your Smart Home First" at CactusCon. I have also presented at OzSec (Wichita, Kansas, security conference) and BSides Birmingham.
Below is an outline for my talk:
Intro to D&D and InfoSec Management
My Bio
Compelling Work
Collaborative Team
Planning
Rules
Roll the Dice
Conclusion
List of Resources and Related Websites
Joey White
Enterprise Architect & Security Architect at BCBSKS
Phoenix, Arizona, United States
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top