Pre Conference Workshop June 16 & 17
This course takes you through advanced online investigation techniques inspired by hacking methods, to take your skills to the next level.
Whether you’re performing background checks, researching competitors, hunting missing persons or criminals, getting leverage on lawsuits, or becoming a better ethical hacker, this course will enhance your OSINT skills beyond your expectations. Examples of offline search techniques and how to think outside the box will be discussed as well. Every technique is explained extensively with live examples! We go full circle and help you create polished reports, mind maps and have a better understanding of business requirements. Mishaal Kahn
RMCS Conference June 18-20
General Sessions
Revolutionizing Decision-Making: Empowering Critical Thinking in World of Manipulation
Description:
In today’s hyper-connected world, we are constantly bombarded by persuasive messaging across various channels—emails, texts, social media, phone calls, and even face-to-face interactions. Fraudsters, scammers, and other malicious actors are keenly aware of our psychological vulnerabilities, leveraging psychological principles like authority, fear, likeability, scarcity, and reciprocity to manipulate us into making decisions that can be harmful. Whether we are clicking on a suspicious link, falling for a false sense of urgency, or trusting a seemingly friendly figure, the result can be catastrophic: identity theft, financial loss, or even the erosion of personal privacy.
The root of this problem lies in our innate tendency to trust, often without question. This keynote will explore the crucial need for transformation in how we approach decision-making in an age where deceptive techniques are commonplace. Attendees will learn how to identify manipulation tactics, develop critical thinking skills, and adopt a “verify, then trust” mindset to make more informed and empowered decisions. Through real-world examples and expert insights, this session will demonstrate how enhancing our decision-making process is not only necessary to combat digital threats but also essential for personal and professional empowerment.
Learning Objectives:
Target Audience:
This keynote is ideal for professionals across various sectors—business leaders, educators, security professionals, and individuals interested in enhancing their decision-making ability in a
world filled with persuasive messaging and manipulative tactics. Attendees should have a general understanding of digital communication methods and social influence principles and a desire to improve their personal or organizational decision-making processes.
Prerequisites:
Attendees should have a foundational understanding of basic psychological principles related to persuasion, decision-making, and influence. Familiarity with common types of scams and fraud techniques will enhance the learning experience, but prior technical or security knowledge is not necessary. – Peter Warmka
The Fraud Crisis in the US
In this session, learn about the scope and evolving nature of fraud, and its impact on older adults. You will hear about transnational organized crime rings behind these crimes, the technological revolution that generative artificial intelligence has presented to the criminals, and you will learn about some of the most concerning types of scams targeting Americans. You will also walk away with concrete actions each of us can take to shore up our defenses against fraud criminals. – Kathy Stokes, Director, Fraud Prevention Programs AARP Fraud Watch Network
Technical Breakout Sessions
GeoINT Mastery: A pixel is worth a thousand words – After this interactive talk, you will never see images the same way again. This enlightening session explores the dynamic realm of GEOINT (Geospatial Intelligence), a captivating subset of OSINT (Open Source Intelligence) that unlocks a wealth of hidden insights within images and videos. From identifying objects, landscapes, and aircraft to interpreting symbols, shadows, and reflections, we’ll go deep into the art of imagery analysis. Learn how to decode the language of trees, signs, text and logos, and uncover the strategic implications behind seemingly mundane details using common browser tools. This talk promises to equip you with mind-blowing skills that you can easily learn as I take you through multiple demos. – Mishaal Kahn
Unmasking the Digital Doppelgänger: How Generative AI Can be used to Hijack Your Identity – Explore the unsettling reality of generative AI tools capable of mimicking voices, faces, and identities. Learn how free and inexpensive tools can be used to create convincing digital doppelgängers, posing security risks and ethical challenges. This presentation delves into these emerging threats, raising awareness about protecting personal information and understanding the implications for privacy. Kent Brooks and Brian Clark Casper College
Guarding the Gates Wrong: A Real-World Tale of Ransomware and Human Error – Business and their cybersecurity professionals face an ongoing battle against evolving threats, but what happens when the very tools designed to protect an organization fail, not because of the technology itself, but because of misconfiguration and lack of training. I will provide a real-world scenario of how a major manufacturing institution suffered a catastrophic ransomware attack despite investing in a cutting-edge endpoint security solution. –Noelle Keller, Palo Alto Networks
Unmasking AI-Powered Fraud Tools on the Dark Web: Threats and Countermeasures – Professionals in anti-fraud fields must stay informed about these evolving threats. In this session, attendees will examine the increasing threat of AI-powered tools offered on the dark web that facilitate various types of fraud. Through real-world examples and expert insights, they will explore how these tools are used to conduct fraud at unprecedented scales. Additionally, they will discover actionable solutions, highlighting both AI-driven countermeasures and the indispensable role of human intelligence and intervention in combating these digital risks.
Learning Objectives:
Prerequisites:
Attendees should have a foundational knowledge of traditional fraud detection methodologies and basic cybersecurity concepts. Familiarity with common types of fraud (e.g., identity theft, phishing, financial fraud) and how they are typically prevented or mitigated will help participants better understand the advanced AI-driven tools discussed in the presentation. –Peter Warmka
Awareness Track
Hunter Method: Fusing cyberpsychology and real life cybercrime stories to enhance enterprise awareness training -Traditional cybersecurity training often falls flat—but what if it could captivate and truly resonate with employees? The Hunter Method transforms awareness training by blending cyberpsychology with real-world cybercrime stories, making lessons memorable, engaging, and actionable. Join Allie Hunter as she demonstrates how storytelling can bridge the gap between human behavior and security best practices, empowering employees to protect themselves, their families, and their organizations. Allie Hunter 30 minutes SavvyCyberKids.org
Implementing a cybersecurity focused employee community volunteer engagement program for youth – Did you know that doing good for others is scientifically proven to boost happiness? Savvy Cyber Kids has a community volunteer engagement program focused on educating young children (starting at 3 years old!). Join us to learn step-by-step how to get your upper elementary, middle school, high school, and college students out into their local elementary school’s Pre-K, Kindergarten, and 1st grade classroom using the volunteer materials from Savvy Cyber Kids. Allie Hunter and Ben Halpert SavvyCyberKids.org 30 minutes
Digital Native or Digital Naïve? Raising a Savvy Cyber Generation- Today’s youth are growing up in a world that encourages a deep involvement with technology. Yet these same children are oftentimes unsupervised and unprepared to play safely on the digital playground—where they can very easily make bad and potentially dangerous decisions. The adults in young people’s lives have a responsibility to guide young people, who are spending a large part of their lives immersed in the digital realm, with a comprehensive cyber safety and cyber ethics education. Learn what you can do as an educator, parent, grandparent, and member of the community to drive generational change as we work to reduce the harms with giving children unfettered online access. Ben Halpert SavvyCyberKids.org 1 hour
Cybersecurity Jeopardy: Test Your Knowledge & Win! – Think you know cybersecurity? Put your knowledge to the test in this interactive, high-energy Jeopardy-style game! Challenge yourself and your peers on key topics like threats, password management, incident response, and emerging technologies while having fun and competing for bragging rights. Designed for IT professionals, security teams, and technology enthusiasts, this session is a dynamic and engaging way to reinforce cybersecurity best practices and sharpen your skills. Whether you’re a cyber expert or just getting started, there’s something for everyone! Join us for an exciting game, expand your cybersecurity awareness, and see if you have what it takes to be the ultimate Cyber Jeopardy champion! – Brian Erickson – Critical Infrastructure Program Analyst, Wyoming Homeland Security; Anthony Ramirez – Critical Infrastructure Program Analyst, CyberSecurity Specialist, Wyoming Homeland Security
Protecting Wyoming’s Critical Infrastructure: Cyber Assistance Response Effort (CARE) Team
Join us for an insightful session on Wyoming’s Cyber Assistance Response Effort (CARE) Team, dedicated to protecting the state’s critical infrastructure from cyber threats. Learn how state emergency management, law enforcement, and IT professionals collaborate with federal, local, tribal, and private sector partners to prevent, respond to, and recover from cyber incidents. Discover best practices in preventative monitoring, threat intelligence sharing, and scalable mitigation strategies that keep Wyoming’s institutions secure. This is a must-attend session for cybersecurity professionals, IT leaders, and emergency response teams looking to enhance resilience against cyber threats. Don’t miss this opportunity to engage with experts from WOHS, WIAT, ETS, CISA, and more as they discuss real-world strategies for cybersecurity preparedness and response. – Brian Erickson – Critical Infrastructure Program Analyst, Wyoming Homeland Security; Anthony Ramirez – Critical Infrastructure Program Analyst, CyberSecurity Specialist, Wyoming Homeland Security, Tim Walsh, Cybersecurity State Coordinator, Wyoming CISA – Cybersecurity and Infrastructure Security Agency; Mikki Munson Cybersecurity Advisor, Wyoming CISA-Cybersecurity and Infrastructure Security
Technical Workshops
Attack/Defense Techniques and Tools with Security Onion – Two part hands on session: First part learn how attackers are discovering vulnerable systems to attack, this first session will teach how to use common hacking tools/techniques. Part Two: Learn to use Security Onion to detect and analyze threat vectors, perform Incident response, and harden your environment. Keaden Wagner, Casper College student, Brian Clark, Casper College
Awareness Workshops
Rethinking Fraud
Attend this workshop to grow your understanding of the crime of fraud, why scams are successful, and the importance of evolving the way we talk about and think about fraud victimization. Learn about AARP’s efforts in changing the victim blaming narrative in our society, and on seeking solutions for a more meaningful law enforcement response to fraud in the United States. Finally, learn about a potential new way to educate consumers about how to recognize and avoid fraud attacks.
Scammers use countless tactics to steal your money and personal information. They may contact you by phone, mail, or email, posing as government officials, well-known companies, or even loved ones. Some demand fake fines or fees, while others impersonate online friends or romantic partners in urgent need of financial help. Others lure victims with fraudulent job offers that require upfront payments. No matter the approach, one thing remains constant—scammers thrive on deception. Learn how to recognize their tricks and protect yourself from falling victim.
Scammers use countless tactics to steal your money and personal information. They may contact you by phone, mail, or email, posing as government officials, well-known companies, or even loved ones. Some demand fake fines or fees, while others impersonate online friends or romantic partners in urgent need of financial help. Others lure victims with fraudulent job offers that require upfront payments. No matter the approach, one thing remains constant—scammers thrive on deception. Learn how to recognize their tricks and protect yourself from falling victim. – Kathy Stokes, Director, Fraud Prevention Programs AARP Fraud Watch Network
Session Descriptions Coming Soon for:
RMCS Symposium Tuesday June 11, 2024 | |||
7:15-8:00 Breakfast | |||
8:00- 8:10am Welcome and Event Logistics | |||
8:10- 9:00 Trending Scams Targeting Older Adults- Learn about the top scams Older Adults are reporting to the AARP Fraud Watch Network Helpline, so you can avoid becoming the next scam victim and protect your personal/financial information. Mark Fetterhoff Senior Advisor on the Fraud Victim Support team at AARP 9:00-9:05 Presenter Switch 9:05-9:55 How My Mother Outsmarted Hackers! Embracing Our Innate Cyber Knowhow to Be Safer – We all have skills right now that can help us become cybersecurity stars! If you don’t believe me, just ask my mother. In 2018, my mother outsmarted cybercriminals running the “Can I ask for a favor” gift card scam. She isn’t a hacker, a computer science major, or a cybersecurity professional. However, a retired kindergarten teacher did not fall for a scam that has cost companies and Americans millions of dollars each year. Each year, Americans lose Billions of dollars from online scams, and thousands of companies fall victim to cyber-attacks. To address this, we should focus not just on technical solutions but on our innate skills. This presentation will explore the nontechnical skills that translate to cybersecurity and ways to not only embrace but grow these skills. Along the way, we will learn about how Momma Hendricks sidesteps scammers and what we can learn from her experience. Anthony Hendricks- Cyber Security Attorney 9:55-10:00 Presenter Switch 10:00-10:55 CONFESSIONS OF A CIA SPY – THE ART OF HUMAN HACKING Most successful data breaches are initiated by human hacking. Threat actors carefully select, assess, and manipulate key employees within a target organization who in turn become the “insider threat.” Advanced social engineering techniques are employed to effectively circumvent the policies, procedures and technological controls put in place to safeguard proprietary information, client data and sensitive personnel records. For over 20 years of his career with the Central Intelligence Agency, Peter developed expertise in the identification, assessment, and manipulation of insiders to breach the security of target organizations in pursuit of high value foreign intelligence. He now shares his insight to help protect organizations and employees against external threats. Peter Warmka Former CIA Spy 10:55-11:10 Presenter Switch and break | |||
Track 1 | Track 2 Older Adults | ||
11:10 – 12:00 Noon – What is CISA Timothy Walsh and Mikki Munson Wyoming CISA Learn more about CISA and the services available. Responsibilities with CISA are to provide direct coordination, outreach, and regional support and assistance in the protection of cybersecurity for the nation’s Critical Infrastructure sectors. The goal of the CSA program is to promote cybersecurity preparedness, risk mitigation, and incident response capabilities of public and private sector owners and operators of critical infrastructure, as well as SLTT bodies, through stakeholder partnerships and direct assistance activities.Timothy Walsh and Mikki Munson Wyoming CISA 12:00 Noon LUNCH Why the long lunch? To give attendees time to talk and take a trip up the hill at Casper College to “Meet the Mammoth”. 1:15pm 2:10pm A Ransomware Playbook – This session will provide organizations with essential insights and proactive measures to counter the threat of ransomware attacks. This presentation covers the anatomy of ransomware, from initial infection to encryption and ransom demands. It offers a step-by-step approach to fortifying defenses, identifying vulnerabilities, and implementing incident response strategies. Attendees will learn best practices for network segmentation, backup management, employee training, and multi-layered security. The playbook also emphasizes the importance of cybersecurity insurance and incident reporting protocols, equipping organizations with a comprehensive action plan to minimize damage and recover swiftly from ransomware incidents. Mike Morrison Online Business Systems. 2:10-2:15-Presenter Switch and break Afternoon Hands On Tabletop Exercises Tuesday June 11th 2:15-5:00ish
| 11:10 – 12:00 Noon Unmasking the Digital Doppelgänger: How Generative AI Can be used to Hijack Your Identity: Explore the unsettling reality of generative AI tools capable of mimicking voices, faces, and identities. Learn how free and inexpensive tools can be used to create convincing digital doppelgängers, posing security risks and ethical challenges. This presentation delves into these emerging threats, raising awareness about protecting personal information and understanding the implications for privacy. Brian Clark and Kent Brooks Casper College. 12:00 Noon LUNCH Why the long lunch? To give attendees time to talk and take a trip up the hill at Casper College to “Meet the Mammoth”. 1:15pm 2:10pm How to best protect yourself at home from the threats of today? Come learn about how the Sophos Team Home Commercial Edition can be used to best protect yourself at home from the threats of today. Paul Zindell Sophos Sales Engineering Team 2:10 – 2:15 Presenter Switch 2:15-3:05 10 Things You Can Do to Protect Your IdentityLearn practical and effective ways to protect your identity by safeguarding your personal and financial information. This presentation will touch on daily practices to keep your information safe. Mark Fetterhoff, Senior Advisor on the Fraud Victim Support team at AARP 3:05 – 3:20 Presenter Switch and break 3:20 – 4:10 Social Media – Your Greatest Vulnerability – Peter Warmka Former CIA Spy 4:05 – 4:15 Presenter Switch 4:15-5:00ish Technology and Scams: Staying Safe on the Internet With increased use of the internet, email and smartphones, there are now more ways than ever for scammers to contact their victims. This presentation will equip you with information on recognizing scams on the internet, social media and email and provide you with ways of avoiding unwanted contact from scammers. Mark Fetterhoff, Senior Advisor on the Fraud Victim Support team at AARP | ||
CNFR– Casper Events Center 7:00pm (Shuttle will run from Casper College and Come On Inn) | |||
RMCS Symposium Wednesday June 12, 2024 |
7:15-8:00 Breakfast |
8:00-8:50 “DEEPFAKE TECHNOLOGY – $$$FRAUDSTER’S PARADISE$$$” Technology is neither good nor evil. Its impact on society depends upon the intentions of the beholder. Since its inception in 2017, the use of synthetic media to create Deepfakes is evolving at an explosive rate. While proponents of such technology enthusiastically embrace numerous applications for the benefit of humankind, its use by fraudsters has already resulted in several successful multimillion dollar fraud schemes. Peter Warmka Former CIA Spy 8:50 – 9:00 Presenter Switch 9:00-9:50 Learning from Failure: Tales of Incident Response Gone Wrong 45 minute talk that walks through three real cyber attacks where I was involved that all went horribly wrong, things we can learn from them, and more importantly teaching the importance of “zero blame” retrospectives and learning from past mistakes. Nick Leghorn CISO Bluecore 9:50 – 10:05 Presenter Switch and break 10:05-10:55 I Vant To Suck Your Google Storage — Through standard institutional application processes many institutions open a door to international parties which modern technology security tools won’t detect. End User training is paramount. In a tale of international intrigue, learn how end user training at Casper College and a functional users awareness of modern pop culture help identify and resolve an “intruder’s” fraudulent misappropriation of institutional resources via an unconventional use of social engineering. We will discuss the impact of end user training and our Awareness Training partner of choice INFOSEC & Nick Mesecher System Admin, Casper College; Olivia Wickman, Financial Aid Specialist, Casper College. 10:55 – 11:00 Presenter Switch 11:00-11:50:AI Threats – The AP Risks that Cybersecurity Leaders are Overlooking Accounts Payable is a critical team within every organization. From setting up vendors, changing remit information, and handling inquiries – they are consistently susceptible to being targeted by cybercriminals for payment fraud. Outlining risks not controlled by systems and what cybersecurity leaders should recommend to the AP team to prevent fraudulent payments. Debra Richardson 11:50-1:10:LUNCH Why the long lunch? To give attendees time to talk and take a trip up the hill at Casper College to “Meet the Mammoth”. 1:10-2:00 The Ultramodern Art of War Sun Tzu never envisioned a war waged in whispers and invisible strikes. But in today’s world, governments clash on a hidden digital battlefield, with billions at stake. Plausible deniability is the name of the game, with the most sophisticated tools ever wielded deployed in the shadows. This session rips back the curtain on the history and future of electronic warfare and espionage, the unseen forces shaping the landscape of modern conflict. Micheal Stute, Casper College 2:00 – 2:05 Presenter Switch and break 2:05-2:55 Safeguarding Organizations: When you get more than expected from your vendor Explore the proactive approach of Sophos EDR (Endpoint Detection and Response) that empowers organizations to detect and respond to cyber threats swiftly. Learn about rapid incident response strategies, including real-world insights into receiving an unexpected cybersecurity alert and how this sets critical actions into motion. Understand the importance of timely detection and response, even during off-hours, to minimize damage and maintain operational resilience. A Panel Cooperative between Casper College and Sophos 2:00 – 3:05 Presenter Switch and break 3:05-3:55 Google Security for the Enterprise: Tales from the Trenches. Casper College is a long time Google Suite user. Currently called Google Workspace provides secure Online Productivity & Collaboration Tools, but with the onslaught of security issues the workspace tools are no longer enough to secure your institution. Learn About Casper Colleges real life experience in battling phishing campaigns before the rollout of the Advanced Google Security toolkit now available in the Google Workspace fo Education Plus offering before and after the rollout. Nick Mesecher System Admin, Casper College; Donielle Williams, Desktop Support Coordinator, Casper College. 4:00 – 4:10 Presenter Switch and break 4:10 CyberLaw and the World:Going after online schemers, fraudsters and crooks (would cover the ‘simple things’ like romance, crypto, and tech support scams, as well as exposing various groups like Black Axe their illicit activities. and court cases. Eric Salveggio |
CNFR– Casper Events Center 7:00pm (Shuttle will run from Casper College and Come On Inn) |
© Rocky Mountain Cyber Security Symposium 2024