Summercon 2023

Day 2 is underway, so if you missed the tweet, check out the live stream here:

Hi all! You can connect to the YouTube Live webinar here:

The traditional Summercon pre-registration is once again at Canal Bar, Thursday night from 7pm-10pm.

Get your wristbands, T-shirts, and swag; see your friends, throw a shoe; whatever. We’ll see you at Canal – 270 3rd Ave # A, Brooklyn, NY 11215.

Most of our speaker biographies are now posted here. Some of our speaker biographies are either state secrets or will become available shortly. We’ll update this post when we’ve got ’em all.

We posted a schedule a few days ago, but people couldn’t find the link, up there, where it says “Schedule.” Anyway, here’s the schedule.

With the opening of the Summercon 2023 CFP, here are a few friendly tips for what makes a great Summercon presentation. These seven points represent the kinds of things that we are evaluating when we look at CFP proposals.

1. Technical
   • While we occasionally incorporate talks of a non-technical nature, almost every presentation that shows up at Summercon is deeply technical. They’re not sales pitches, and they’re not about righting societal wrongs. So if you’re planning on submitting a talk about why people should buy your company’s particular security snake oil, or why your company has the best culture (and you can too!), you’ll have more success somewhere else.
2. Novel
   • From time to time, in the interest of getting important content in front of the best audience in the world, we let people present something they’ve already shown at events of lesser stature. But we prefer totally new presentations instead of rehashed talks. New content has a better chance of getting shown on the Summercon stage.
3. Irreverent
   • While the presentations are technical, successful Summercon presentations get their point across is through non-traditional means. This is not the place to read slides. One memorable presentation used an Android-shaped piñata as a prop. Another invited participation through an AA-meeting style format. The sky’s the limit (within the limits of our code of conduct, of course).
4. Revels in the Journey
   • If you like talking about the trials and tribulations of research, we are all ears. Even though your final results may be super polished and look effortless, everyone knows you had at least three major setbacks and went down two totally worthless paths before you arrived at a good solution. Share those. People love that, especially our speaker selection committee.
5. Sticks it to The Man
   • Despite all the sponsorships, corporate attendance, and more buttoned-up nature of Summercon (see our Code of Conduct, which is totally reasonable, by the way), we are still, at heart, a hacker conference. Challenge authority. Show you’re not a patsy for The Man. Fight the Power.
6. Engages the Audience
   • Summercon speakers are a special breed, because Summercon attendees are a special breed. Prepare to have people call out your mistakes, heckle if you’re less than prepared, and generally push your buttons. Successful presentations channel this misplaced audience enthusiasm. We still fondly recall a choose-your-own-adventure presentation, where randomly selected audience members got to dictate the direction of the talk. Engage your audience, and they won’t turn on you. (This can be good life advice, too.)
7. Fits into the Allocated Time
   • We cannot overstate this: fill the time, generally 45 minutes of speaking with 10 minutes of Q&A. Our speaker selection committee has been around the block, so if you’re going to try to pretend that a six hour seminar fits into 55 minutes of speaking slot, it’s probably not going to get selected.

We look forward to your submission!

We have a few speakers lined up already, but we’re always looking for more!

Please submit your proposals using our Google Form.

Summercon 2023 will take place once again at Littlefield in Brooklyn. Registration opens on March 1: get your tickets here!

Ang Cui

Dr. Ang Cui is the Founder and Chief Scientist of Red Balloon Security, a leading cybersecurity provider and research firm that specializes in the protection of embedded devices across all industries. Ang received his PhD in Computer Science from Columbia University in 2015 and was part of the Intrusion Detection Systems Lab. His doctoral dissertation, titled “Embedded System Security: A Software-based Approach”, focused exclusively on scientific inquiries concerning the exploitation and defense of embedded systems.

Ang is the creator of Firmware Reverse Analysis Konsole (FRAK) and the inventor of Software Symbiote technology, both of which enable pioneering firmware analysis and defense for embedded devices. Since founding Red Balloon Security, backed by Bain Capital Ventures, Ang continues to research and develop new technologies to defend embedded systems against exploitation. He has led development of a portfolio of embedded security solutions to harden device firmware and provide continuous runtime protection and monitoring of device firmware.

Over the course of his research, he has uncovered numerous, critical vulnerabilities within ubiquitous embedded devices such as Cisco routers, HP printers, and Cisco IP phones as well as led research efforts uncovering vulnerabilities on aerospace infrastructure, building automation systems, electrical grid devices, telecommunications equipment, and ATMs. Ang has received various awards on his work on reverse engineering commercial devices and is also the recipient of the Symantec Graduate Fellowship and selected as a DARPA Riser in 2015.

Ang is passionate about creating a team of outstanding researchers, engineers, and executives whose best ideas are enabled by innovation, creativity, and autonomy to solve the most pressing challenges.

According to Wikipedia, Dr. Cui is the Duke of Space!

As of 2023, he also has the longest Summercon bio.

Samantha Davison

@sam_e_davison

Sam Davison is a Security, Privacy, and Trust & Safety leader. She recently joined as the Head of Security at an E-Commerce company. Prior to her current role, Davison served as Director of Trust & Privacy Engineering at Robinhood, building and leading all consumer-facing security, privacy, and trust & safety engineering in addition to offensive security and intelligence functions. Davison has held leadership roles at the Krebs Stamos Group, Lyft, Snap Inc., and Uber where she led efforts with a particular emphasis on behavioral engineering, offensive security, and content moderation. Before working in Silicon Valley, she conducted extensive research on the efficacy of security engagement and co-led a consulting firm that built behavioral-based programs for 15+ Fortune 500 companies. Davison has volunteered throughout her career, lending her expertise to survivors of domestic abuse and election protection efforts.

Renee Dudley

Renee Dudley is a technology reporter at ProPublica. Previously, as an investigative reporter at Reuters, she was named a 2017 Pulitzer Prize finalist for her work uncovering systematic cheating on college admissions tests. She started her career at daily newspapers in South Carolina and New England, and has won numerous journalism honors, including the Eugene S. Pulliam First Amendment Award.

Brandon Edwards

You never see Brandon Edwards and Dr. Raid together. We assume those two have some beef. Weird, they’re both such nice people.

Christine Fossaceca

Christine Fossaceca is an iOS reverse engineer and cybersecurity podcaster, co-creator of HerHax Podcast. She has worked in infosec for 7 years. Christine has the unique interests in both cybersecurity and pop culture to be able to speak to the impact of botnets on consumers.

Dan Golden

Daniel Golden, a senior editor and reporter at ProPublica, has won a Pulitzer Prize and three George Polk Awards. He is the bestselling author of The Price of Admission: How America’s Ruling Class Buys Its Way into Elite Colleges—and Who Gets Left Outside the Gates and Spy Schools: How the CIA, FBI, and Foreign Intelligence Secretly Exploit America’s Universities.

Dan Guido

[REDACTED]

Harri Hursti

Harri Hursti is a world-renowned data security expert, internet visionary, and serial entrepreneur. He began his career as the prodigy behind the first commercial, public email and online forum system in Scandinavia, founded his first company at the age of 13, and went on to co-found EUnet-Finland in his mid- 20s. Today, Harri continues to innovate and find solutions to the world’s most vexing problems. He is considered an authority on uncovering critical problems in electronic voting systems worldwide, but is clearly interested in a wide scope of hacking-related topics.

Jatin Kataria

Jatin Kataria is a security researcher focusing on defensive system technologies. His main security research interests are hardware
security extensions, bootloaders, OS, system services, program and binary analyses. Playing both the role of cat and mouse, he tires of n-days easily and is always looking for new and exciting ELF shenanigans, caching complications, and the Fedex guy who lost his engagement ring.

Jennifer Leggio

@mediaphyter

Jennifer Leggio is a marketing, operational strategy, and communications leader, and a board and VC advisor, with over 23 years of leading high-performing, creative, and data-driven teams. She has held leadership roles at some of the world’s most impactful cybersecurity companies, notably Fortinet, Sourcefire, Flashpoint, and Claroty. She is currently Chief Marketing Officer at Netography. Jennifer has been a frequent speaker, including DEF CON, RSA Conference, Gartner Security Summit, Hack in the Box, and SXSW Interactive, and formerly wrote for ZDNet and Forbes. In her personal time, she immerses herself in creative writing, comedy, and, of all things, horror movies. Jennifer was recognized in 2019 by SC Media as a fierce advocate of ethical marketing programs that focus on facts rather than fear to protect security researchers. She continues to speak out boldly against marketers who use fear, uncertainty, and doubt to try to advance business in the security industry

Mudge

It will probably save you a lot of time to just read this.

Dan “AltF4” Petro

By day, Dan is a Senior Security Engineer at Bishop Fox, focusing on capability development in attack surface discovery. By night, Dan helps out with security at Project Slippi and is the mad scientist of the Melee world, hunting cheaters and banning them.

Nick Sullivan

Nick Sullivan is a technologist known for his expertise in security and cryptography. He has spent time at Apple Inc., making significant contributions to security technologies used in the iPhone and other core systems. Later, as Head of Research at Cloudflare, he played a crucial role in enhancing the company’s encryption and secure network protocols while helping the company publish dozens of peer-reviewed papers and RFCs. Nick is not only a frequent speaker at global tech and security conferences but also volunteers his time on internet standards committees and as a reviewer for academic security conferences, underscoring his commitment to knowledge sharing and collaboration.

Christopher Surage

Christopher Surage is an application security engineer currently working in the financial industry. He has been working in application security for the last 10 years in a variety of industries (finance, consulting, technology). He enjoys learning about different technologies and the potential security implications of their usage. He also enjoys learning how things work.

Claudiu-Vlad Ursache

Claudiu-Vlad a core developer on the code analysis platform Joern, author of kotlin2cpg. he has been an engineer for 15 years, switched to security three years ago focusing on static analysis. When it comes to research work – he’s managed to break into consumer-grade routers (and spoke about it at No Hat Conference 2021), and more recently found vulnerabilities in Android apps of prominent publications.

Julien Vanegue

Julien Vanegue is a security researcher living in New York City who enjoys applying his logic knowledge to offense and defense.

John Viega

John Viega has done a bunch of things that people either loved or hated. He co-developed the most common cipher mode (AES-GCM), wrote the first book for developers on security, did the first two static analysis tools for security, and, before he discovered security, wrote the Mailman mailing list manager. He is co-founder and CEO of Crash Override, and was co-founder and CEO of Capsule8 prior to that.

Emily Wicki

Emily is a prominent member of the NYC digital forensics community, works for a very famous financial institution, and, in her spare time, helps Summercon wrangle sponsors.

Here’s what we have cooking!

Friday, July 14

Saturday, July 15

Time	Speaker	Presentation
10:00am		DOORS OPEN
10:45pm	John Terrill & Mark Trumpbour	Welcome back:, Recap, Apology, and Police Blotter.
11:00am	Christopher Surage	Why can’t we be friends? Solving the social challenges of application security
11:30am	Claudiu-Vlad Ursache	Code Property Graphs & joern – simple, precise static code analysis
12:00pm	Christine Fossaceca	Race Against the Machine: Consumers vs. Bots
12:30pm	Jatin Kataria	The Debugging Uncertainty Principle
1:00pm		LUNCH
2:00pm	Dan Guido	The title of this presentation is [REDACTED], and it’s gonna be awesome
3:00pm	Harri Hursti	Sub 1 Ghz and other radio/side channel attacks
4:00pm	Samantha Davison & Jennifer Leggio	Protect Yourself Before You Wreck Yourself
5:00pm	John Viega	Grab Bag with wrappers, cookies, ELFs and injections
5:30pm	The Summercon Family	In Memoriam – A VIDEO PRESENTATION
6:00pm		HAPPY HOUR / CLOSING CEREMONIES / FLIP CUP (The usual shenanigans)