TRISS 2022 Presenters

Scott Bowman

Assessing Adversarial Cyber Activity in Operational Technology Environments Using Bayesian Networks

Scott Bowman is a Control System Cyber Security Analyst in Cybercore's Analysis Department at Idaho National Laboratory. Prior to working at INL he was an Information System Security Manager for the Air Force Education and Training Command at Randolph Air Force Base in Texas. He served eight years in the United States Army as an Active Duty Infantry Officer and two years as an Information Systems Engineer in the Reserves. Prior to joining the Army, he spent three years as a Project Manger at the South Texas Project Nuclear Operating Company. Scott is a graduate of SANS Technology Institute's Industrial Control System Cybersecurity Graduate Program, Syracuse University's Master of Science in Information Management and Security program, and the University of Oklahoma's International Relations and Russian language programs.


David Carmona

Addressing TSA Pipeline Directives: Best Practices Learned from the Electric Sector & Emerging Threats: The Evolution of OT Malware

Passionate about OT/ICS Cybersecurity, protecting our critical infrastructure from bad actors, and helping the local community with enhancing their security posture through frameworks, layered defenses, and resources. With years of experience in working in the chemical, transportation, and energy industries, I have detailed understanding of the various challenges that industrial control environments face and how to protect them.


Nathan Cross

CMMC: A Significant Hurdle for Small Businesses

Nathan is a graduate student at Carnegie Mellon University, where he is pursuing his Master's in Information Security Policy & Management. He also works as a Cybersecurity Engineer for a small business DoD contractor, where he has experience assisting small businesses with CMMC compliance and helping them build robust defense-in-depth cybersecurity programs at little cost.


Brad Dixon

Why Security Scanners Fail and What You Can Do About It

Brad Dixon is a principal consultant with Carve Systems, an iVision company. His primary practice areas are IoT, embedded, Linux systems, threat modeling, and web applications. As a secondary focus he is a software developer responsible for creating REST API test automation tools and production tools used on all Carve engagements. He is a two time DEF CON presenter (2016, 2019) most recently for his work on how to cheat at the Zwift virtual cycling application using a custom-built USB peripheral attack proxy. Brad received his BS in Computer Engineering from Georgia Tech and jumped into embedded software engineering. During his career he worked on embedded system hardware design and embedded system architecture. He also worked for many years helping developers to design embedded Linux into telecom, network, and mobile products as a technical applications engineer.


Ahmed Ibrahim

What can we do to have more career-ready cybersecurity workforce?

Ahmed Ibrahim is a Teaching Assistant Professor in the Department of Informatics and Networked Systems at the University of Pittsburgh. Ahmed currently teaches undergraduate and graduate courses with a focus on Cybersecurity. He is passionate about enhancing and improving cybersecurity education and is actively developing hands-on cybersecurity content. He received alumni gifts to offer research assistant positions in cybersecurity, has served as a panelist for the National Science Foundation (NSF) multiple times, and continues to serve as a reviewer and program committee member for multiple conferences (e.g., NICE, WiCyS). Ahmed published several papers in IEEE & ACM conferences, is a Certified Ethical Hacker (CEH), attended several technical workshops on hacking techniques, and has offered workshops on ethical hacking topics to students and faculty nationwide. In addition, he hosts events in collaboration with non-profit organizations to attract individuals from underrepresented groups in cybersecurity. More information about Ahmed can be found here: https://www.ahmed.ai/about .


Hsin Li (Cindy) Kan

Stay brave – How does a non-technical guy start a cybersecurity adventure?

Hsin Li (Cindy) Kan is currently pursuing a Master of Science degree in Information Security at Carnegie Mellon University. She is a forward-looking security and privacy professional who can design and develop a compliance strategy and drive through to execution. Before studying at Carnegie Mellon University, Cindy gained hands-on experiences through working for a Big Four accounting firm, big data startups, and a Fortune 500 company focused on IoT devices and mobile phones.


Dan Klinedinst

Adversarial Machine Learning

Dan Klinedinst is an information security engineer focused on emerging technologies such as artificial intelligence, autonomous robots, and augmented/virtual reality. He recently published the book "Shall We Play A Game? Analyzing Threats to Artificial Intelligence". He is a former security engineer and researcher at Lawrence Berkeley National Laboratory, Carnegie Mellon University's Software Engineering Institute, and the CERT Coordination Center. He currently works as a Distinguished Member of Technical Staff at General Dynamics Mission Systems, designing security architectures for large systems in the aerospace and defense industries.


Steve Lampo

Does a Cyclops Blink, or Wink? The Takedown of a Russian GRU Botnet

Supervisory Special Agent (SSA) Steve Lampo worked for nearly ten years as a software developer in the financial services industry before joining the FBI as a Special Agent in 2004. He worked in the Newark field office, the Criminal Justice Information Services division, and the Pittsburgh field office where he led investigations which dismantled large Cyber-criminal enterprises, primarily focused on banking malware and botnets. In 2017 he was promoted to a supervisory position in the Cyber Division’s Global Operations and Targeting Unit, where he ran large-scale undercover operations targeting criminal organizations and services within the Cyber underground. In 2020, he returned to the Pittsburgh field office as the supervisor of the Russian National Security squad. SSA Lampo holds a Bachelor of Science in Computer Systems from Grove City College and a Master of Business Administration from the University of Pittsburgh.


Lee Maccarone

Assessing Adversarial Cyber Activity in Operational Technology Environments Using Bayesian Networks

Lee Maccarone is an R&D Cybersecurity Engineer in the Energy Security organization at Sandia National Laboratories. Lee earned his Ph.D. in Mechanical Engineering, Graduate Certificate in Nuclear Engineering, and B.S. in Mechanical Engineering from the University of Pittsburgh. His doctoral research applied game theory, control theory, and machine learning to the cybersecurity of industrial control systems. His current research interests include the development of methods to evaluate the security of industrial control systems and analytical tools to enhance decision-making for security applications.


James Ringold

Modern Security Strategy using Zero Trust

Development and Strategic Ventures (BDSV) team. At Microsoft, BDSV works to identify and help to capture opportunities that will deliver growth not just today but three, five, even ten years out. BDSV leans on the knowledge of the past and the technology of today to anticipate and shape the future of technology and security. Prior to joining BSDV, James was a Chief Security Advisor for Microsoft Security Solutions. In this role, he helped organizations across North America understand the evolving threat landscape, adjust their security posture to protect against threats, and get value from the security and data protection technologies native to Microsoft products and services. James has been in information security for more than 20 years. He has a successful record of helping large companies in retail, wholesale, aerospace, defense, and nuclear energy sectors recover and rebuild information security programs after significant security events. A former CISO, security architect, security operations manager and incident responder, James has focused on helping companies mature their security programs through development of threat, vulnerability, and risk management practices.


Brett Tucker

Striking the Balance: Measuring and Managing the Complexity of Cyber Environments

Brett Tucker is the Technical Manager of Cyber Risk Management within the Cyber Risk and Resilience Assurance directorate in the CERT Division of the Carnegie Mellon University Software Engineering Institute (CMU SEI). Tucker is responsible for a research and development portfolio focused on improving the security and resilience of the nation’s critical infrastructure and assets. He also teaches executive and graduate level courses as a CERT adjunct professor at the CMU Heinz College and serves as the Technical Sponsor for the Executive Chief Risk Officer training program. Tucker has 20 years of experience in engineering, risk management, and technical management within the public and private sectors. He has served as an intelligence officer at the Central Intelligence Agency and is a veteran of the United States Navy. Tucker earned a BS degree from the University of Notre Dame, an MS degree from Old Dominion University, and an MBA degree from the Pennsylvania State University. He is a PMI certified Project Management Professional (PMP), an ASQ Certified Six Sigma Black Belt (CSSBB), a Certified Information Security Systems Professional (CISSP), and Certified Authorization Professional through ISC^2.


Jon Zeolla

IaC Security

Jon Zeolla is the co-founder and CTO of Seiso, an information security company and recipient of the 2021 Innovator of the Year award. Jon is responsible for the research and refinement of cloud native security solutions, including contributing to open source projects and industry standards focused on Zero Trust, DevSecOps, and Cloud Security. He is also a SANS instructor for SEC540: Cloud Security and DevSecOps, and a member of the IANS Faculty.