Johnny Xmas
"I don't seek to be well-known, I seek to be worth knowing"
Chicago, Illinois, United States
Actions
Johnny Xmas, a prominent figure in the Information Security community since 2002, has been a dedicated contributor to public forums, sharing his extensive research and knowledge. Most notably recognized for his pivotal role in exposing the American TSA Master Key leaks (2014-2018), uncovering Venmo stalking vulnerabilities (2018), and being an overall nuisance.
Past experience includes being: Director of Cyber Training at security research firm GRIMM, defending against the automated abuse of web infrastructure with Kasada, and as the Lead Researcher on Uptake's Industrial Cybersecurity Platform. Before this, he spent many years in the field as a penetration tester, security engineer for a global Fortune 500 retail corporation, and Mainframe auditor and Systems Engineer for several IT asset recovery firms.
Today, Johnny continues to shape and elevate the Information Security landscape with his expertise and contributions as the President of the Burbsec Information Security Network and the Head of Offensive Security for a massive, global manufacturing and agriculture corporation.
Links
Area of Expertise
Topics
Infosecs and the City
The BurbSec Framework: Exploring the Midwest's Social InfoSec Scene
The US "Midwest" region has long been recognized for its industrious spirit, tight-knit communities, and growing technological influence. Within this evolving landscape, a particularly dynamic and engaging social InfoSec scene has emerged, exemplified by the ever-expanding network of BurbSec meetups. This talk will be presented by a current showrunner of BurbSec meetups, offering attendees a unique and insightful exploration of how grassroots initiatives have successfully fostered a vibrant information security community across the region.
This session will delve deep into the intricacies of the Midwest’s InfoSec social fabric, highlighting the journey of BurbSec from its inception to its current status as a cornerstone of the local security community. Attendees will hear firsthand experiences from the speaker, who has played an instrumental role in organizing and growing these meetups. By sharing stories of both challenges and triumphs, the speaker will paint a comprehensive picture of what it takes to build and sustain successful CitySec frameworks in the Midwest.
Participants can expect an in-depth analysis of the key components that have contributed to the success of BurbSec and similar CitySec initiatives. The talk will cover essential elements such as effective event organization, community engagement strategies, and the importance of fostering an inclusive environment that welcomes InfoSec professionals of all experience levels. Attendees will gain insights into how these meetups have become more than just networking events; they are platforms for professional development, knowledge sharing, and the cultivation of lasting connections within the industry.
One of the highlights of this session will be the exploration of notable success stories from various CitySec groups in the Midwest. These stories will illustrate the tangible benefits that arise from active participation in the InfoSec community, including career advancement opportunities, collaborative projects, and the creation of supportive networks that extend beyond the meetups themselves. The speaker will also discuss the evolving landscape of InfoSec in the Midwest, highlighting emerging trends and the growing importance of regional collaboration in the field.
In addition to sharing experiences and success stories, the talk will provide practical guidance for attendees interested in starting their own CitySec meetup or revitalizing an existing one. The speaker will offer a step-by-step guide to planning and executing successful meetups, covering topics such as venue selection, agenda setting, speaker recruitment, and effective promotion. Attendees will also learn about common pitfalls to avoid and strategies for maintaining momentum and engagement over time.
By the end of the session, participants will leave with a comprehensive understanding of the Midwest’s social InfoSec scene and the tools needed to contribute to its growth. Whether you are a seasoned InfoSec professional looking to expand your network or a newcomer eager to find your place in the community, this talk will equip you with the knowledge and inspiration to build and sustain a thriving local security community. Join us at the BurbSec Meetup to discover how you can make meaningful connections and drive the success of your own CitySec initiative in the ever-evolving world of information security.
Poisoning Pidgins in the Park
A Great Talk for Aspiring Security Professionals!
If you’ve ever found yourself stuck in the frustrating loop of “How can I get a job if I have no experience because I can’t get a job?”, this session is for you. The journey into cybersecurity can be daunting, especially when most positions seem to demand years of experience, even for entry-level roles. However, this talk serves as a beacon of hope for those feeling trapped in this paradox. It highlights how curiosity, persistence, and self-driven learning can open doors to a fulfilling career in security, even without formal experience.
The session recounts the inspiring story of a hobbyist who, armed only with curiosity and spare time, tackled a significant and complex security threat: an active supply-chain attack against the popular Free and Open Source Software (FOSS) communication tool, Pidgin. This case study not only underscores the importance of vigilance in the open-source community but also demonstrates that impactful contributions to cybersecurity are not limited to seasoned professionals.
During the talk, attendees will be guided through the step-by-step incident response process that the hobbyist followed. This process began with the identification of red flags in Pidgin's codebase. The speaker meticulously outlines how subtle anomalies in the code were identified and investigated, emphasizing the importance of attention to detail and a keen eye for inconsistencies. This phase is particularly enlightening for beginners, as it shows that foundational programming and analytical skills can be leveraged to uncover serious security threats.
As the investigation progressed, the hobbyist faced a series of advanced social engineering ploys orchestrated by a cunning threat actor. The attacker exploited multiple platforms to obfuscate their identity and intentions, presenting a formidable challenge. The talk delves into the tactics employed by the threat actor, including deceptive communications, impersonation, and psychological manipulation. This segment serves as a crucial learning opportunity for aspiring security professionals, illustrating the sophisticated methods used in modern cyber threats and the importance of resilience and critical thinking in countering them.
One of the most compelling aspects of this story is that the hobbyist, despite having no professional background in cybersecurity, successfully countered the attack. This achievement underscores the accessibility of the field to self-taught individuals. It highlights that with the right mindset, resources, and community support, anyone can contribute to and excel in cybersecurity.
The talk also emphasizes the value of continuous learning and community engagement. The hobbyist's journey was fueled by participation in open-source communities, collaboration with other enthusiasts, and relentless self-improvement. Attendees will leave the session with practical tips on how to build their own skills, contribute to open-source projects, and gain recognition in the cybersecurity field.
In essence, this session is a testament to the power of passion and perseverance. It offers a roadmap for aspiring security professionals to break into the industry, showcasing that even the most challenging barriers can be overcome with dedication and ingenuity. Whether you're a student, a career changer, or a software developer, this talk will help to better understand the supply-chain attack landscape and what can be done in defense of social engineering attacks.
Artificial Intelligence, Real Threats
Artificial Intelligence, Real Threats
Artificial Intelligence (AI) has transcended buzzword status, emerging as a potent and accessible tool. However, this power cuts both ways. In this presentation, we delve into the darker side of AI and its role in sophisticated information security attacks. How can adversaries harness AI, and what defensive strategies can we employ to stay ahead? Join us as we explore the evolving landscape of AI-driven threats and arm ourselves with knowledge to defend against them.
Agenda
1. Layout
Setting the Stage for the Unseen Threats
Get ready to embark on a journey through the shadowy realm of AI-powered attacks. We’ll outline the structure of our talk, providing a roadmap for the deep dive into AI’s role in information security.
2. History
From Novelty to Nefarious: The Evolution of AI in Cybersecurity
Explore the historical trajectory that brought us to the current intersection of AI and security challenges. Understand the pivotal moments that transformed AI from a novelty to a potent weapon in the hands of malicious actors.
3. Backend/Text/Code
Social Engineering 2.0: AI in Text-Based Attacks, AI automation
4. Video
Seeing is Believing: AI in Visual Attack Strategies
Dive into the realm of video AI technology. Uncover real-world attack examples where visuals are exploited for nefarious purposes. Learn how to leverage this technology defensively, preparing for the evolving landscape of visual attacks.
5. Audio
The Power of Voice: AI in Audio Attacks
Explore the auditory dimension of AI with a focus on voice technology. Delve into real-world examples of how audio AI is exploited in attacks. Discover proactive measures to harness this technology defensively and protect against audio-driven threats. LIVE DEMO of an INTERACTIVE ATTACK AGENT included!
Examine the role of text AI in social engineering attacks and development efforts. Understand how adversaries manipulate language and code to infiltrate systems. Equip yourself with strategies to counteract the influence of text AI in cyber threats.
6. Recap
Key Takeaways: Navigating the AI Security Landscape
Summarize the critical insights gained throughout the presentation. Reinforce key takeaways to ensure that attendees leave with a comprehensive understanding of AI’s impact on information security and the tools to combat it.
7. Thanks + A Fun Q&A
Gratitude and Engagement
Express gratitude for the audience’s participation and curiosity. Conclude the presentation with an engaging and informative Q&A session, where participants can pose questions and contribute to the collective understanding of AI in information security.
Saving Ryan's Privates
The Illusion of Privacy: When Your Intimate Photos End Up Online
You did everything right:
* A long and hard password
* The thing that sends a code to your phone
* You even used a VPN even though you don’t know what it does but YouTube said it keeps hackers away
* Everything, and yet…
There they are: those full frontals you sent to your SO 3 years ago, now splayed across some website with a weird name like “Coomer.party.”
How Did This Happen?
You don’t know, but Johnny does. Come sit in as he discusses:
* The nonexistence of privacy in the digital age
* The most common methods of theft of the most private of photos
* What you can do to protect yourself
Despite strong passwords and MFA use, we'll discover how the world’s most private digital assets are still being stolen and leaked. Join Johnny as he exposes privacy myths, common theft methods, and actionable steps to reclaim control.
Johnny Xmas
"I don't seek to be well-known, I seek to be worth knowing"
Chicago, Illinois, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top