Jump to navigation Jump to content

Speaker

Johnny Xmas

Johnny Xmas

"I don't seek to be well-known, I seek to be worth knowing"

Chicago, Illinois, United States

Actions

Johnny Xmas, a prominent figure in the Information Security community since 2002, has been a dedicated contributor to public forums, sharing his extensive research and knowledge. Most notably recognized for his pivotal role in exposing the American TSA Master Key leaks (2014-2018), uncovering Venmo stalking vulnerabilities (2018), and being an overall nuisance.

Past experience includes being: Director of Cyber Training at security research firm GRIMM, defending against the automated abuse of web infrastructure with Kasada, and as the Lead Researcher on Uptake's Industrial Cybersecurity Platform. Before this, he spent many years in the field as a penetration tester, security engineer for a global Fortune 500 retail corporation, and Mainframe auditor and Systems Engineer for several IT asset recovery firms.

Today, Johnny continues to shape and elevate the Information Security landscape with his expertise and contributions as the President of the Burbsec Information Security Network and the Head of Offensive Security for a massive, global manufacturing and agriculture corporation.

Links

Area of Expertise

  • Agriculture, Food & Forestry
  • Consumer Goods & Services
  • Energy & Basic Resources
  • Information & Communications Technology
  • Media & Information

Topics

  • Information Security
  • security awerness
  • awesomeness
  • Information Security Governance and Risk
  • chief information security officer
  • OT Security
  • IoT Security and Data Management
  • OT & IoT Security
  • Industrial Control Systems Cybersecurity
  • Industrial Control Systems

Sessions

Infosecs and the City

The BurbSec Framework: Exploring the Midwest's Social InfoSec Scene

The US "Midwest" region has long been recognized for its industrious spirit, tight-knit communities, and growing technological influence. Within this evolving landscape, a particularly dynamic and engaging social InfoSec scene has emerged, exemplified by the ever-expanding network of BurbSec meetups. This talk will be presented by a current showrunner of BurbSec meetups, offering attendees a unique and insightful exploration of how grassroots initiatives have successfully fostered a vibrant information security community across the region.

This session will delve deep into the intricacies of the Midwest’s InfoSec social fabric, highlighting the journey of BurbSec from its inception to its current status as a cornerstone of the local security community. Attendees will hear firsthand experiences from the speaker, who has played an instrumental role in organizing and growing these meetups. By sharing stories of both challenges and triumphs, the speaker will paint a comprehensive picture of what it takes to build and sustain successful CitySec frameworks in the Midwest.

Participants can expect an in-depth analysis of the key components that have contributed to the success of BurbSec and similar CitySec initiatives. The talk will cover essential elements such as effective event organization, community engagement strategies, and the importance of fostering an inclusive environment that welcomes InfoSec professionals of all experience levels. Attendees will gain insights into how these meetups have become more than just networking events; they are platforms for professional development, knowledge sharing, and the cultivation of lasting connections within the industry.

One of the highlights of this session will be the exploration of notable success stories from various CitySec groups in the Midwest. These stories will illustrate the tangible benefits that arise from active participation in the InfoSec community, including career advancement opportunities, collaborative projects, and the creation of supportive networks that extend beyond the meetups themselves. The speaker will also discuss the evolving landscape of InfoSec in the Midwest, highlighting emerging trends and the growing importance of regional collaboration in the field.

In addition to sharing experiences and success stories, the talk will provide practical guidance for attendees interested in starting their own CitySec meetup or revitalizing an existing one. The speaker will offer a step-by-step guide to planning and executing successful meetups, covering topics such as venue selection, agenda setting, speaker recruitment, and effective promotion. Attendees will also learn about common pitfalls to avoid and strategies for maintaining momentum and engagement over time.

By the end of the session, participants will leave with a comprehensive understanding of the Midwest’s social InfoSec scene and the tools needed to contribute to its growth. Whether you are a seasoned InfoSec professional looking to expand your network or a newcomer eager to find your place in the community, this talk will equip you with the knowledge and inspiration to build and sustain a thriving local security community. Join us at the BurbSec Meetup to discover how you can make meaningful connections and drive the success of your own CitySec initiative in the ever-evolving world of information security.

Poisoning Pidgins in the Park

A Great Talk for Aspiring Security Professionals!

If you’ve ever found yourself stuck in the frustrating loop of “How can I get a job if I have no experience because I can’t get a job?”, this session is for you. The journey into cybersecurity can be daunting, especially when most positions seem to demand years of experience, even for entry-level roles. However, this talk serves as a beacon of hope for those feeling trapped in this paradox. It highlights how curiosity, persistence, and self-driven learning can open doors to a fulfilling career in security, even without formal experience.

The session recounts the inspiring story of a hobbyist who, armed only with curiosity and spare time, tackled a significant and complex security threat: an active supply-chain attack against the popular Free and Open Source Software (FOSS) communication tool, Pidgin. This case study not only underscores the importance of vigilance in the open-source community but also demonstrates that impactful contributions to cybersecurity are not limited to seasoned professionals.

During the talk, attendees will be guided through the step-by-step incident response process that the hobbyist followed. This process began with the identification of red flags in Pidgin's codebase. The speaker meticulously outlines how subtle anomalies in the code were identified and investigated, emphasizing the importance of attention to detail and a keen eye for inconsistencies. This phase is particularly enlightening for beginners, as it shows that foundational programming and analytical skills can be leveraged to uncover serious security threats.

As the investigation progressed, the hobbyist faced a series of advanced social engineering ploys orchestrated by a cunning threat actor. The attacker exploited multiple platforms to obfuscate their identity and intentions, presenting a formidable challenge. The talk delves into the tactics employed by the threat actor, including deceptive communications, impersonation, and psychological manipulation. This segment serves as a crucial learning opportunity for aspiring security professionals, illustrating the sophisticated methods used in modern cyber threats and the importance of resilience and critical thinking in countering them.

One of the most compelling aspects of this story is that the hobbyist, despite having no professional background in cybersecurity, successfully countered the attack. This achievement underscores the accessibility of the field to self-taught individuals. It highlights that with the right mindset, resources, and community support, anyone can contribute to and excel in cybersecurity.

The talk also emphasizes the value of continuous learning and community engagement. The hobbyist's journey was fueled by participation in open-source communities, collaboration with other enthusiasts, and relentless self-improvement. Attendees will leave the session with practical tips on how to build their own skills, contribute to open-source projects, and gain recognition in the cybersecurity field.

In essence, this session is a testament to the power of passion and perseverance. It offers a roadmap for aspiring security professionals to break into the industry, showcasing that even the most challenging barriers can be overcome with dedication and ingenuity. Whether you're a student, a career changer, or a software developer, this talk will help to better understand the supply-chain attack landscape and what can be done in defense of social engineering attacks.

Saving Ryan's Privates

The Illusion of Privacy: When Your Intimate Photos End Up Online

You did everything right:

* A long and hard password
* The thing that sends a code to your phone
* You even used a VPN even though you don’t know what it does but YouTube said it keeps hackers away
* Everything, and yet…

There they are: those full frontals you sent to your SO 3 years ago, now splayed across some website with a weird name like “Coomer.party.”

How Did This Happen?

You don’t know, but Johnny does. Come sit in as he discusses:

* The nonexistence of privacy in the digital age
* The most common methods of theft of the most private of photos
* What you can do to protect yourself

Despite strong passwords and MFA use, we'll discover how the world’s most private digital assets are still being stolen and leaked. Join Johnny as he exposes privacy myths, common theft methods, and actionable steps to reclaim control.

Events

DefCamp 2025 Sessionize Event

November 2025 Bucharest, Romania

Johnny Xmas

"I don't seek to be well-known, I seek to be worth knowing"

Chicago, Illinois, United States

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top