Speaker Gallery
Explore our speakers' insights and expertise for BSides DSM 2025! Please see the Schedule page for details on the event and when everyone is speaking!
Nate Subra
Nate Subra is a Security Engineer and deeply passionate all things Cyber Security and Red Team. He specializes in Red Teaming and Adversary Simulation.
Talk details: iCal Render Bender: Can you trust your inbox? - I've identified a few novel approaches to phishing that take advantage of Outlook rendering. Don't always trust what you see. Come learn about some unique phishing angles that Microsoft has deemed "not serviceable".
Jake Knowlton and Andrew Quill
Jake Knowlton is a Principal Security Consultant for Mandiant (Google). He specializes in leading incident response and forensic investigations. Past experience includes private sector security analyst work, active duty flying operations out of Offutt Air Force Base, and working on the board of directors for a 501c3 non-profit called VetSec.
Andrew Quill is an independent cybersecurity researcher with over 15 years of federal service. He is an active participant in the research community and eternal tinkerer.
Talk details: BadKeeb: When Keyboards Go Bad - Using off the shelf hardware, this research will present a novel implementation of a single board computer (SBC) as an intelligent and bidirectional command and control capability. By taking advantage of multiple SBC capabilities, the man-in-the-middle device can assume control of the host system at the most opportune time, establish bi-directional communication, and carry out additional actions. Alongside this discovery, we have developed enhanced detections to enable defenders to detect and mitigate these attack vectors.
Reanna Schultz is a cybersecurity leader and community builder, best known as the founder of CyberSpeak Labs, a platform dedicated to advancing collaboration, mentorship, and innovation in the security space. With a passion for empowering the next generation of defenders, Reanna blends technical expertise with a human-first approach to security education and awareness. She is the host of the Defenders in Lab Coats podcast, where she spotlights voices from across the industry, breaking down complex topics and sharing real-world insights. Reanna’s commitment to the community has earned her a nomination for WomenTech Mentor of the Year and the Cybersecurity Achievement Award, recognizing her for mentorship, impact, and thought leadership in the field in addition to her awards in Kansas' Gen Under 30 and Cybersecurity Leader of the Year. When she's not leading conversations on cybersecurity or mentoring emerging professionals, Reanna can be found speaking at industry conferences, creating content, and advocating for diversity and inclusion in tech.
Talk Details: What We Detect In The Shadows - This talk is design to give insight to those who want to bring their cyber defense program to THAT next level of maturity. Attendees will gain insight as to why a security stack will not always be 100% accurate due to forever evolving threats. The concept of Detection Engineering will be focused around a concept called Pyramid of Pain. This will give insight for attendees to learn more about how to detect behaviors of attack chains or threat actors rather than focusing on IOCs and specific signatures. This is important due to the forever evolving malware families and threats, thus causing IOCs and signatures to quickly become outdated. To assist attendees to take this talk and deliver it back to the business, free tools and resources will be provided along with a high-level on how to automate free threat intelligence to provide security awareness to these emerging threats that are hidden in the shadows.
SOC Essentials: Developing Your Security Operations Center - The Security Operations Center (SOC) is an organization’s first eyes and ears to security threats and risks. For the SOC to support being an organization’s first response team, the team must have the proper resources for continuous growth and monitoring to keep an organization secure. This discussion focuses on key foundational elements for developing and maturing a SOC. Attendees will learn how to establish processes, procedures, and data-driven growth plans for their SOC.
Jeff Krakenberg
As a technical trainer and security researcher, it is my goal to spread awareness and knowledge. Experience includes: lecturing about cybersecurity, moderating open discussions about vulnerabilities, and building hacking labs for students. Like many others, I often delve too deep into the weeds of the internet.
Talk details: Digital Certificates: Fails and Flounders - “The Digital Certificate is like your Driver’s License.” Well, I wouldn’t want my driver’s license posted publicly. What’s a better way to think about it? This short talk goes into some common misconfigurations of Digital Certificates found in the wild. And maybe, just maybe, a better way to describe these to non-technical folks. This talk holds a quick overview into how digital certificates are used to validate the identity of the holder, a historical review of why that is important, and the danger of pushing too much information in your digital certificate. Quick Examples: - Exposed Mail Servers on novelty sites. - HTTP redirects when simply viewing the certificate over HTTPS - Untrusted Firewall due to Linux vs Windows formatting. The best part of this session is that it’s ‘non-technical’ in the sense that it’s built for everyone. The technical concepts are quickly explained and the ‘in the weeds’ things are not unique to any particular IT or Cyber role. This is really just a high level, fun look at how people mess up their digital certificates and expose their own resources.
Abbie Williams(SecLlama)
Abbie is a cybersecurity professional with degrees in networking, cybersecurity, and cybersecurity engineering. She is passionate about social engineering and security awareness but likes to keep things light while exploring the human side of security.
Talk details: Don’t be a Bass: Phishing with a Purpose - Who doesn't love a good fish story? (The fish, probably) But what if this one has a happy ending for everyone? In this talk, we'll take a deep dive into phishing - why it's worth doing and how to get a phishing program out of the pond and into the lake. We'll wrap up with broader security awareness strategies that not only strengthen your defenses but also boost your organization's overall cyber resilience. In this story, everybody wins.
John Notch
John Notch is currently the Principal Security Architect for a Des Moines-based insurance company. There he leads the Security Architecture practice supporting the enterprise business unit and IT capabilities. Additionally, he is an Adjunct Instructor of Cybersecurity at Drake University. He holds his bachelor’s degree in Computer Information Systems and master’s degree in Innovative Organizational Leadership. John also holds his CISSP, CRISC, CISA, and CISM certifications. John has given talks on Incident Response and tabletop exercises at BsidesIowa and SecDSM, and is the President of the InfraGard Iowa Members Alliance.
Talk details: The Cybersecurity Innovator’s Dilemma: From Checkbox to Outcomes - As the role of the CISO evolves from risk manager to business executive, how does the cybersecurity organization (operations, IAM, architects, GRC, etc.) keep pace? Security professionals are charged with protecting the company’s secrets and are often aware of the company’s vulnerabilities; how do we balance the need for change and innovation with maintaining an acceptable risk posture? This talk attempts to answer these questions with anecdotal research and lessons learned from conducting tabletop exercises and risk assessments across different sectors.
Ryan Bonner(Roll4Combat)
Ryan 'Roll4Combat' Bonner is a Senior Penetration Tester known for his reconnaissance skills. His success is built on the powerful combination of a relentless work ethic and a creative, non-traditional approach that allows him to uncover what others miss. A trusted teaching assistant for The Bug Hunter's Methodology, and a contributor to the Critical Thinking Podcast, he is inspired by the invaluable support of friends in the industry and aims to pay it forward by helping others begin their own learning journey.
Talk details: Beyond the Perimeter: Recon (An Intro) - Operate 'Beyond the Perimeter'. This intro equips ethical hackers and defenders with crucial recon skills. We cut straight to the chase: real-world examples of exposing forgotten assets and critical data and the processes used to find them. Master foundational tactics, explore discovery methods (like Certificate Transparency), and learn to find the invisible. This is Recon. (An Intro).
Russ Staiger
Born and raised as an 80s hacker kid starting on a TRS-80 in 1979, Russ carries decades of systems integration experience including DICOM engineering in advanced medical imaging. His focus is centered around metrics to measure twice and cut once. 26 years in IT and 13 years in Cyber Security including a strong background in: PCI-DSS, Healthcare security strategy, SOC design strategy/management, Observability, Applied threat intelligence, Pen testing, Security hiring and retention, Security budget planning and Security metrics. In 2017 his client-side experience caught the attention of the VAR/integrator scene where he’s been an enterprise cyber security architect for more than 8 years and now serves as Evolving Solutions’ Principal Security Solutions Architect. His hobbies include music production and performance, muscle cars (drives a Shelby Cobra), philanthropy, and mentorship.
Talk details: SOC Capability Evolution - Traditional SOC capabilities, focus and training have long been centered on monitoring and alerting. This presentation explains and demonstrates the evolution likely required to transcend reactive organizational visibility and mature into a proactive, observability-centric state where risk is expressed more accurately and its cost to the organization is framed in true financial impact.
Nathan Mulbrook
Talk details: Fuzzing Complex Network Servers - This talk will give a brief introduction to fuzzing and some of its limitations when used in the traditional fashion . How code level coverage guided fuzzing can be used to test large complex network protocol servers will then be discussed.
Josh Mason
Josh Mason is a Solutions Architect at Synack, founder of Noob Village, and a cybersecurity consultant. With a background as a U.S. Air Force pilot and cyber warfare officer, he has developed training programs, advised organizations on security strategies, and mentored individuals entering the field. Josh is passionate about helping newcomers in cybersecurity and regularly speaks at industry conferences while supporting education through community and non-profit initiatives.
Talk details: Pentest, Pivot, Escalate - More Than Vulnerabilities - Nobody is reading your pentest reports because all we discuss is vulnerabilities. In this talk, we will discuss how to do more to speak to the business so that the CEO and CFO want to read your report.
Alexis Diediker
Alexis Diediker is an OCO Consultant and Penetration Tester with ProCircular of Iowa. Alexis holds a range of prestigious certifications, including Security+, PenTest+, PNPT, CRTO, GCIH, and more, showcasing a deep commitment to and expertise in the field. She began her academic journey with an Associate's degree in IT/Cybersecurity from Eastern Iowa Community College. Eager to expand her knowledge and skills, Alexis is currently pursuing both a Bachelor's and a Master's degree in IT/Cybersecurity from Western Governors University. Her dedication to the field has been recognized through the SANS Institute Women of Cyber scholarship award, underscoring her status as an emerging leader in cybersecurity. Alexis brings a wealth of knowledge, practical experience, and a passion for security that makes her an invaluable resource in the fight against cyber threats.
Talk details: Breaking In: My Journey from Bartender to Penetration Tester - This presentation will take you through my transformative journey from the bustling world of the bar industry to the high-stakes realm of cybersecurity. I will share the story of how I made an abrupt career shift to become a penetration tester, detailing the steps I took to break into the field, the obstacles I encountered, and the invaluable lessons I learned during my first year. Whether you're considering a career change, are new to penetration testing, or are simply interested in personal growth within the cybersecurity sector, this talk will provide insights and practical advice. I'll also reflect on what I would do differently if I had the chance to start over, offering guidance for those aspiring to follow a similar path.
Tom Pohl
Tom Pohl is a Principal Consultant and Penetration Testing Team Manager at LMG Security. Prior to LMG, he has spent most of his career on the blue team building and securing systems used by millions of people. And by night, he is a competitive CTF player and has won several black/gold badges including THOTCON, Circle City Con, Wild West Hackin’ Fest and DEF CON. He is good at what he does because he’s already made many of the mistakes that he encounters in client environments on a daily basis.
Talk details: I Have the Power: Adventures in Hacking Smart Outlets - Five years ago, a woot.com ad for WiFi-controlled power outlets kicked off a long-delayed but eye-opening investigation into IoT security. Curious about the manufacturer, Meross, I stumbled across an open Amazon S3 bucket that looked... juicy. And where there’s smoke, there’s fire—I knew I had to dig deeper. This talk follows the research journey from poking around exposed cloud storage and analyzing existing firmware and mobile app artifacts to performing original testing on the devices themselves. The findings include default credentials, insecure data transmission, and indicators of broader systemic issues that could put more than just your own outlet at risk. How secure are your smart plugs, and what could an attacker really do? Join us for a blend of technical exploration, practical hacking techniques, and cautionary tales from the wild world of smart devices. It turns out, flipping a switch might be the least of your worries.
Isaiah Davis-Stober(CodeNeko)
Isaiah Davis-Stober is bad at writing about himself. Isaiah got started doing security for fun about 6 years ago, loves cats, terrible Bash scripts, automating things in ways that should have never happened, lock picking/bypassing, and tearing apart white labeled IoT devices.
Talk details: Extracting Secrets from IoT Devices - Have you ever wondered what kind of secrets are floating around in IoT devices in your life? As "smart" IoT devices become more and more ubiquitous you might have some concerns about the amount of effort these companies are putting into the "security" of these devices and their infrastructure, as well as what kind of data they are picking up and sharing, and the possible consequences of this. I'm going to explain and demonstrate some methods for extracting the firmware from "smart" sensors, cameras, routers, and various other IoT devices, then explain and demonstrate how to find various secrets that are floating around in the firmware. In addition, I will also explain (and try and demonstrate) ways of finding secrets in network traffic.
