Breaking into cybersecurity can feel overwhelming for beginners. Between choosing certifications, figuring out what skills actually matter, applying to jobs that require “3–5 years of experience,” and navigating an industry full of advice, many aspiring professionals feel like they’ve hit a wall (a firewall, if you will.)
This talk takes a different approach to explaining the early cybersecurity journey, through the lens of teenage-style diary entries from my own experience entering the field. Throughout the session, I’ll share moments from my teenage years in the field, providing attendees with a different perspective of the field.
Each “diary moment” will highlight a lesson learned along the way and translate it into practical advice for beginners. The goal is to demystify the early stages of a cybersecurity career and show that many of the challenges beginners face are shared experiences.
By the end of the session, attendees will gain a clearer understanding of how to start their cybersecurity journey, including how to build hands-on skills, leverage community and mentorship, and use their existing interests and abilities to find their place in the field. This talk is designed for students, career changers, and anyone who has ever wondered if they’re “good enough” to break into cybersecurity.
In November 2025, I set up a DNS Server in DigitalOcean to demonstrate how to gain experience, even without traditional "homelab" equipment. Everything was going well until my DNS Server started receiving 1,500 requests a minute, all targeting a regional bank's TXT records.
As a technical trainer and security researcher, it is my goal to spread awareness and knowledge. Experience includes: lecturing about cybersecurity, moderating open discussions about vulnerabilities, and building hacking labs for students. Like many others, I often delve too deep... Read More →
Friday May 22, 2026 10:00am - 10:45am EDT Track2 (Regas Square Events)333 W Depot Ave, Suite 120, Knoxville, TN 37917
Want to get started in game hacking without getting overwhelmed? Have you already dabbled in the subject and hit a wall? This talk offers a practical introduction for cybersecurity professionals and enthusiasts, mixing hands-on demos, theory, and a learning roadmap designed to keep the curve manageable. Along the way you'll see how game hacking builds real skills in reverse engineering, binary exploitation, and malware detection and evasion using games you already own and want to play. You'll leave with the tools, concepts, and a concrete roadmap to start hacking real games today.
Password Reset Is Not Incident Response: Hunting OAuth Persistence in Microsoft 365
When a Microsoft 365 account is compromised, most organizations follow a familiar script: disable the account, reset the password, enforce MFA, and move on.
That playbook is incomplete.
Modern attackers do not rely solely on stolen credentials. They establish persistence using OAuth applications, delegated Graph permissions, refresh tokens, mailbox rules, and hidden forwarding mechanisms. In many cases, access survives password resets and MFA enforcement because the real foothold is not the password. It is delegated trust.
This session walks through a practical, technical approach to Microsoft 365 compromise cleanup with a focus on OAuth abuse and token persistence. Attendees will see: • How malicious OAuth apps maintain access after credential resets • What refresh tokens and offline_access actually enable • Where to look in Entra ID and audit logs for non-interactive persistence • How to revoke sessions and consent properly • How to reduce tenant-wide exposure through consent policies and governance
The session includes two demonstrations. First, we'll show off the mechanics of a token theft AitM attack, followed by a demo of gaining OAuth persistence using a controlled lab tenant, showing how an attacker can read mailbox data even after a password reset, and how defenders can fully remove that access. I don't trust live demos, so I will pre-record these and narrate as we walk through screen recordings of the attacks.
If your incident response process ends at password reset, you are likely leaving the door open.
The Common Vulnerability and Exposures standard system is broken and I was part of the problem. I'll go through where we started documenting and correlating vulnerabilities across the industry, and where we went wrong. Oh, and why the US Government is only part of the problem.
Initial access is often portrayed as complex exploitation and zero-day vulnerabilities, but in the real world attackers usually gain entry through much simpler methods such as social engineering, credential harvesting, and the abuse of common misconfigurations.
This talk walks through real world techniques used during red team engagements to gain initial access to enterprise environments. We will explore social engineering attacks, physical access scenarios, external attack surface opportunities, and internal network techniques used to establish an initial foothold.
This is not a talk about hypothetical attacks or theoretical vulnerabilities. It focuses on the techniques that consistently work during real world red team engagements and what defenders can do to better detect and prevent them.
David Boyd is a Senior Security Consultant at TrustedSec with over 15 years of experience in network, physical, and social engineering penetration testing. A U.S. Army veteran with a deployment to Iraq, David brings the same operational discipline to offensive security engagements... Read More →
Friday May 22, 2026 4:00pm - 4:45pm EDT Track2 (Regas Square Events)333 W Depot Ave, Suite 120, Knoxville, TN 37917
