Kat Sweet

Now with a catchy tagline!

Guest Writings

"The Only Winning Move Is to Hack: Playing Capture the Flag to Learn Security", The Recompiler, Issue 3

"We're Not Second-Class Students", Medium on behalf of the Anita Borg Institute

WebinarS

How to Build, Measure, and Scale Your Security Engagement Program, on behalf of Duo Security

Infosec Unlocked panel on CFPs

Podcasts and interviewS

Working on a Corporate Security Team at Duo, CyberSecJobs

7 Surprising Ways People Became Infosec Professionals, Hacker Noon

CFP Success (Episode 30), Advanced Persistent Security podcast

"Women in Information Security: Kat Sweet", The State of Security (Tripwire)

The Recompiler podcast, episode 6

Conference Presentations

"Rethinking Role-Based Security Education" 

LASCON, October 25, 2018

DEF CON Packet Hacking Village, August 10, 2018

Abstract:

How do we scale a deeper level of security awareness training without sacrificing efficacy? This talk will explore strategies and tactics for developing security education based on employees’ roles, access, and attack surface while designing not only for efficiency but also for effectiveness. By prioritizing the highest-risk teams, pooling teams to collaboratively threat-model, and contextualizing universal truths of security hygiene to those threat models, we can deliver training that leverages employees’ roles, fosters retention via active participation, and eases the burden on trainers within the security team. Attendees will walk away with a roadmap for building scalable, contextual, and collaborative role-based employee security education within their organizations.

 

"Using Lockpicking to Teach Authentication Concepts" 

BSidesLV, August 8, 2018

Abstract:

When we teach security, we often face challenges in conveying our knowledge to a non-security audience. Ideas such as authentication bypass, password uniqueness and complexity, and defense-in-depth are abstract and can be difficult to grasp for those who aren’t already well-versed in the language of security. We need novel approaches to teaching security that go beyond language.

Driven by the educational theory of embodied cognition — using hands-on, concrete metaphors to build a better understanding of abstract concepts — I explore teaching lockpicking alongside teaching authentication and security concepts. As security professionals, we deal largely in abstractions, but experiencing physical representations of those abstractions helps solidify understanding of them, both for us and for end users.


 "Intro to CFP Writing" 

HOPE, July 20, 2018: Unrecorded

Abstract:

For those who have never applied to speak at a security or hacker conference, the CFP process may seem nebulous and overwhelming, so let’s combat that fear by breaking down what the CFP process entails and getting words onto paper. We will brainstorm and fine-tune presentation ideas, walk through how to structure and deliver content, and write drafts of talk abstracts and outlines. Bring an open mind and a desire to transform your talk ideas into viable conference proposals. Be prepared to deliver constructive peer feedback!

 "Talky Horror Picture Show: Overcoming CFP Fears" 

CircleCityCon, June 10, 2017

Abstract:

I see you shiver with anticipation. For those who have never submitted a talk to an infosec conference, the process can seem nebulous and overwhelming. Fear is driven by uncertainty, so let's combat that fear with facts. Come hear a reviewer break down what the CFP process actually entails, including what goes on behind the scenes once you've hit "submit". You'll also learn about resources to help you along the way. Performing a risk analysis of every step of the CFP lifecycle - from developing your initial idea, to writing and submitting a talk proposal, to preparing to speak once you've been accepted - we'll see that the downsides are minimal and the benefits are numerous.

As a certain mad scientist put it: "Don't dream it. Be it."

 

"Parlaying Education and Experience into an Infosec Career" (Panel)

BSides NoVA, February 25, 2017

Abstract:

A group of former students, current students, educators and seasoned infosec professionals discuss how to bridge the educational gaps whether starting out in infosec or pivoting into a new infosec specialization. We will touch on resources that current students can leverage, the transition into working in infosec, and ways that the infosec industry can help foster new practitioners. Additionally, we will shortly explain the paths we took and how we dealt with the obstacles we faced. We then evaluate these problems to find room for improvement in the industry and give our perspective on what either side could do to make the transition more seamless.

 

"Hacking Our Way Into Hacking"

CircleCityCon, June 12, 2016

CypherCon, March 11, 2016: Unrecorded

BSides Las Vegas, August 4, 2015: Unrecorded

Abstract:

It may seem like everyone in infosec has always been a hacker. However, many of us have come to hacking from other industries, and as we make our way through the infosec community it’s often hard to find others like us. This is a conversation for every hacker who started as a mechanic, a kindergarten teacher, or a gender studies major: let’s talk about where we came from, how we got here, how we leverage the skills from our previous careers, and some of the unique challenges we’ve come across as hackers with “past lives”.

 

"I Amateur Radio (And So Can You!)"

DEF CON Wireless Village, August 5, 2016

BSides Las Vegas, August 4, 2015

CircleCityCon, June 13, 2015

BSides Indy, February 21, 2015: Unrecorded

Abstract:

Ham radio: it’s the 100 year-old technology that refuses to die. Whether you’re a wireless enthusiast, electronics tinkerer, or just someone who wants to be able to communicate during the zombie apocalypse, having a ham radio license can open a new world of possibilities for any hacker. Come learn how and where to get your license, what you can expect to study, how you can work radio into your everyday hacking, and anything else you ever wanted to know about ham radio but were afraid to ask.