Firetalks is an evening event that tests the skills of those who stand on the stage. Six people are given 15 minutes to dive right into the core of their content and present their ideas.

Several judges will be on hand, American Idol-style, to listen to and critique the presentation on both style and content. This is done in both a serious and humorous manner in front of the audience. After the event the judges will vote on the best presentations–with the top three being awarded some cool prizes to be handed out at ShmooCon closing ceremonies.

Firetalks is a ShmooCon event and contestants and attendees must already have a ShmooCon Barcode to participate.

Questions can be sent to firetalks@shmoocon.org.


Friday, January 12, 2024
Time Firetalks

Firetalks Opening

2010 Looking Into The Past: How Reflecting Helped Me Grow as a New Professional

Maddie Bright

2030 Inter-App Collusion: Exploiting the Improper Export of Android Application Components for Privilege Elevation & Credential Theft

Edward Warren

2050 Why I Run an Internal Conference (And Why You Might Want To Too)

Joe Schottman

2110 Metabolism Hacking for Fun and Longevity

Ray [Redacted]

2130 NIST 800-53 is AWESOME!

Gary Rimar

2150 The Cookie Dough Model of Cybersecurity

Amanda Draeger


Firetalks Closing


Looking Into The Past: How Reflecting Helped Me Grow as a New Professional

Maddie Bright

I want to discuss my final internship at the MITRE Corporation where I worked on the largest project I’d encountered up to that point, and the three ways reflecting helped me learn. First, I learned that knowing what a tool does and how a tool works are two entirely different things. This demonstrates the need to continue to analyze and build upon past experiences. Second, I became comfortable with looking back over my immediate work to answer research questions more thoroughly, which made me realize I had to shift my expectations about what “completion” meant in a professional setting. Finally, I found that reflecting on the perspectives my peers and mentors took when solving problems equipped me to apply those to my own work. Ultimately, I want to share this talk so other new professionals might see the value of being able to reflect upon their own work.

Maddie Bright is a cybersecurity engineer at the MITRE Corporation in their Cyber New Professionals program, where she has had the opportunity to work on ATT&CK, among other projects. She graduated from Drexel University in 2023 with a B.S. in Computer Science as a part of the CyberCorps Scholarship for Service program. During her time at Drexel, Maddie completed internships with the University of Pennsylvania, the Susquehanna International Group, and MITRE. Outside of the office, you can find Maddie playing video games, listening to history podcasts, or knitting giant blankets.

Inter-App Collusion: Exploiting the Improper Export of Android Application Components for Privilege Elevation & Credential Theft

Edward Warren

This talk delves into how benign Android applications can be leveraged by Threat Actors to remotely perform malicious actions & aims to shed light on an ubiquitous security vector in Android user space applications. A first hand account of the bug discovery process of Android will be demonstrated, alongside mitigation strategies for developers & users.

Edward Warren has worked in Information Technology over 5 years & currently serves as a Security Analyst at Sedara. In 2023, Edward found critical flaws in Wi-Fi Internet Modems and Android user space applications & has a passion for researching threats to user privacy

Why I Run an Internal Conference (And Why You Might Want To Too)

Joe Schottman

Internal security conferences offer an opportunity to bring hacker culture into companies. Come hear some lessons learned on running them and tips on why you might want to create one at your own company.

Internal conferences offer some specific advantages. It increases diversity in education–many people don’t have the luxury of being able to travel to events such as ShmooCon. It allows new speakers to practice in front of a friendly audience. And they allow speakers to discuss internal matters that can’t be disclosed publicly but that other employees might benefit.

I’ve been running internal conferences for years (as well as staffing public ones). Come get some lessons learned and spin up your own conference.

Joe Schottman has been in IT for over two decades, plays the part of board game sommelier and infosec roadie for Shmoocon, is on the core team for BSides RDU, helped run multiple internal conferences, and helped put on thousands of events during a career doing concert sound.

Metabolism Hacking for Fun and Longevity

Ray [Redacted]

For the past 8 months, I have been “metabolism hacking” in order to improve my health and longevity. Since then, I have lost over 100 pounds.

In this presentation, I am going to present some major tricks and pitfalls that I have learned as I improved my metabolic health using DME technology: Including, but not limited to: Continuous Glucose Monitors, Sleep Monitors, Bluetooth Pulse Oxidation Monitoring, Smart Scales, and even Continuous Ketone Monitoring.

Ray [Redacted] (@RayRedacted) is a Technologist & researcher for a Fortune 50 corporation and Associate Producer Emeritus of Jack Rhysider’s critically acclaimed hacker podcast “Darknet Diaries.”

NIST 800-53 is AWESOME!

Gary Rimar

The words that scare most people (and rightly so) are “we’re here from the government and we’re here to help.” At the same time, your tax dollars created NIST Special Publication 800-53, which is a comprehensive security controls catalog. There are multiple volumes of 800-53, including not only the security controls catalog, but also assessment methods, control baselines, and other related documents (not 800-53) that help all of us whether we are blue team, red team, purple team, security managers, or even executives and board members? How can it be THAT helpful? Come to my talk and find out! One time Jake Williams (MalwareJake) heard me give a talk about this topic and said about that talk “you did great–it’s hard to make 800-53 sound fun, and you did.”

Since 1980, Gary Rimar went from concert pianist to TV producer to corporate educator to system administrator to IT director to cybersecurity professional. As a cybersecurity professional, Gary is currently working as a security control assessor, which has helped him become an evangelist for NIST 800-53. Come see why this professional entertainer-turned-professional educator-turned cybersecurity professional can take potentially dull topics and make them interesting and fun.

The Cookie Dough Model of Cybersecurity

Amanda Draeger

Cookie dough can be both delicious and dangerous. So can computers. What can we learn from the delectable dessert?

Amanda Draeger enjoys telling stories about things that don’t seem to have anything to do with each other, but she makes it work somehow. Also: yarn.