CactusCon

CactusCon13
February 14-15, 2025
Mesa, AZ

Filtering by Category: 2019-talks

How To Write Like It's Your Job

November 03, 2019  /  Jessica Solper

You know how to hack all the things, and you do it well, but if you don’t write up your findings coherently, you’re not gonna get paid. If you accidentally insult or confuse your clients, you’ll have to spend time cleaning up messes instead of increasing your skills and advancing your career.

The consultants at Bishop Fox have the Editorial Department to back them up, but most security professionals don’t have an editor on call. So how can you take control of your writing without a dedicated person checking your work? After you write it, you must become the editor.

This talk will equip you with practical skills to clean up your emails today and level up your writing for the long term. Learn how to recognize your strengths and weaknesses as a technical writer, how to start and finish reports on time, and how to fix common typos that spell check won’t catch.

It’s frustrating to redo work. Check yourself before you wreck yourself so you can go home happy.

Brianne Hughes

As a former technical editor and now technical marketing writer for Bishop Fox, Brianne Hughes works with consultants to shape their findings and share their research. She compiled the style guide available at cybersecuritystyleguide.com and hosted SpellCheck: The Hacker Spelling Bee at DEF CON 26 and 27. She is Associate Executive Secretary for the DSNA, an Odd Salon Fellow, and she is on the board of directors at Wordnik.

categories / 2019-talks
tags / Brianne Hughes

Worst-of Cybersecurity Reporting 2019

November 03, 2019  /  Jessica Solper

In this session, two tech writers share the worst tech reporting of 2019 and wildly speculate on what went wrong before these articles went to print. Aside from an excessive use of the word cyber, we’ll also talk about what journalists should do when vetting their sources and fact-checking their scoop to make sure it matches reality.

Yael Grauer and David Huerta

Yael Grauer is an investigative tech reporter covering online privacy and security, digital freedom and mass surveillance. She’s written for Ars Technica, The Intercept, WIRED, Motherboard, Slate, Wirecutter, OneZero and other publications. She’s co-organized events and spoken on panels about digital security, source protection, ethics, and more. She holds a Master of Mass Communication degree from ASU, which was an interesting way to kill time between DEF CONs.

David Huerta is a Digital Security Trainer at the Freedom of the Press Foundation, where he’s working on methods to train journalists to take advantage of privacy-enhancing technology to empower a free press. He’s co-organized hundreds of trainings across the US, including one at the Whitney Museum of American Art as part of Laura Poitras’s Astro Noise exhibition in 2016. He’s also spoken on the subject of usable privacy technology at DEF CON, Radical Networks, Rightscon and random cocktail bars.

categories / 2019-talks
tags / Yael Grauer, David Huerta

Effective Phishing with GoPhish

November 03, 2019  /  Jessica Solper

Social Engineering is one of the most common attack vectors out there. Your users are frequently targeted by convincing campaigns, urging them to enter creds, open files, or otherwise perform an action that can ruin their day. One of the most effective defenses we have is user awareness training - but how do you start a phishing program with little or no budget? In this talk, we'll solve this problem with GoPhish, a popular phishing framework available for free. For blueteamers, we will discuss building and monitoring an effective internal phishing campaign. For redteamers, we'll talk about how to use GoPhish to get creds, send payloads, and pwn your targets. This talk is intended for beginners, but a solid technical background will be helpful.

Jayme Hancock

Jayme is a Senior Network Penetration Tester with BSI AppSec, with a heavy background in systems administration. His interests and experience includes black box penetration testing, social engineering, physical security, open source intelligence gathering, and security control evasion. Jayme entered the security field by building out and implementing a security program in the healthcare space, including user awareness training, internal security control auditing and compliance, and vulnerability management. He has spoken at B-Sides DC, HackWest, Cascadia IT Conference, and teaches the 4-day course "Full Scope Social Engineering and Physical Security Testing" at BlackHat. He holds the GXPN, OSCP, CISSP, and other certifications. Originally from Southern California, Jayme resides in Washington, DC and enjoys astronomy, astrophotography, and good coffee. Twitter: @highmeh

categories / 2019-talks
tags / Jayme Hancock