My name is Cheryl Biswas. My fascination with computers started with those blinking machines on the original Star Trek, and the realization that if I could learn to work those things, then I could boldly go  – anywhere!  But I didn’t learn math like everyone else and found myself struggling.  I  mistakenly believed a few key people who convinced me I couldn’t learn computers, so I didn’t take programming or comp sci. They were wrong, though. Curiosity and passion led me to technology through the back door and I taught myself computers. Along the way, I was truly fortunate to work with and learn from some terrific and talented people. They didn’t see my lack of a tech degree but rather my  keen interest and will to learn. Thanks to them (you know who you are) I strive to share my love for all things tech with those who find it overwhelming or scary.

I love Threat Intelligence, where I research, analyze, and report on what I find to help defend. Threat actors, ransomware, supply chain attacks, zeroday vulnerabilities and exploits – the learning never stops. I share my passion and knowledge by writing and speaking about threats to less-known but critical systems like ICS SCADA and mainframes, Botnets and cryptominers, the problems securing internet of things and enterprise IoT-  there is so much we need to know. I love being able to make a difference.

There’s a lot of great information out there, but what matters is relevance – threat models are not universal. I help make that intel actionable.  I hope this site can be a resource to you, and that my posts will educate, illuminate and keep you safe using the technology that’s part of everything we do.

Involved with:
The Diana Initiative, Founding Board Member
Mentoring

Publications:
Beginner’s Guide to Information Security by Peerlyst. Collaboration with members of the security community.
Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World by Marcus J. Carey and Jennifer Jin. Collaborative collection by members of the security community 2019.

Some pieces I have written:
I have posted to LinkedIn Pulse; AlienVault; and Tripwire.
“Irongate and Customized Malware for ICS: Don’t Hit the Snooze Button on this Wake-up Call”
“Errors and Omissions: How the Phineas Fisher Release Reflects our Insecurities”
“Dangerous Assumptions: How What We Know Will Hurt Us”
“A Matter of Time: Lessons from the Ukraine Power Grid Attack”
“Big Data, Big Problems”
“Embracing the Shadow: Wait! What?”

TALKS:
08/2015 BSIdes Las Vegas “What Lurks in the Shadow: Shadow IT/Shadow Data”
08/2015 TASK Toronto “Review of Adventures in Mainframe Hacking”
09/2015 NET Tuesday Toronto (Tech Soup) “Digital Literacy for Non-Profits”
11/2015 BSides Toronto “What Lurks in the Shadow: Expanded Edition”
11/2015 TASK Toronto “What Lurks in the Shadow: Expanded Edition”
06/2016 Circle City Conference “A Stuxnet for Mainframes”
08/2016 BSides Las Vegas “How to Rob a Bank: The SWIFT Heists”
08/2016 TiaraCon Las Vegas “Women in Security Panel Discussion”
10/2016 SecTor Toronto “How to Rob a Bank: The SWIFT and Easy Way to Grow Your Online Savings”
11/2016 Hackfest Quebec City “Blue Team Reboot”, “A Stuxnet for Mainframes”
05/2017 InteropITX “Collecting, Correlating and Analyzing Security Data”
05/2017 DC416 “Enhancing Threat Intelligence Data”
06/2017 Circle City Conference “It’s A Disaster!”
07/2017 BSides Las Vegas “Banking on Insecurity”
07/2017 DefCon Wall of Sheep “Threat Intel for All: There’s More to Your Data”
07/2017 The Diana Initiative Keynote Speaker “Resilience, Strength, Determination”
11/2017 Hackfest Quebec City “Banking on Insecurity V2”
11/2017 BSidesToronto “Reduce Your AD Attack Surface: Securing the Forest Through the Trees”
01/2018 ShmooCon Firetalks “Patching – It’s Complicated!”
04/2018 Atlantic Security Conference “Patching – Show Me Where it Hurts”
06/2018 Circle City Conference “Patching – It’s Complicated!”
08/2018 BSides Las Vegas “Don’t Bring Me Down: Are You Ready for Weaponized Botnets?”
08/2018 Defcon Skytalks “Don’t Bring me Down: Weaponizing Botnets”
09/2018 DerbyCon “Draw A Bigger Circle: InfoSec Evolves” and “Patching – Show me Where it Hurts”
10/2018 BSides DC “Don’t Bring me Down: Are You Ready for Weaponized Botnets?”
11/2018 Hackfest “Don’t Bring me Down:  Are You Ready for Weaponized Botnets?”
01/2019 ShmooCon Epilogue “Don’t Bring me Down: Weaponized Botnets”
03/2019 Tactical Edge Colombia “The Weaponization of Monetization”
04/2019 Atlantic Security Conference “The Weaponization of Monetization”
08/2019 Defcon Cloud Village “Cryptominers in the Cloud”
08/2019 Defcon Wall of Sheep “Patching – It’s Complicated!”
08/2019 Defcon Skytalks “The Emperor Has No Clothes”
08/2019 Blackhat USA Diversity Panel hosted by Salesforce
09/2019 Closing Keynote at C3X “What If …”
10/2019 BSidesDC “Mind the Gap: Managing Insecurity in EIoT”
11/2019 Hackfest “Mind the Gap: Managing Insecurity in EIoT”
02/2020 RSA Conference “Culture at a Crossroads: Hacking Our Way from Vicious to Virtuous” with Josh Corman and She Speaks Security Panel
09/2020 CISA Cyber Summit 2020 Session Day 3 Panel “Coming Together: Empathy and Allyship”
07/2021 Defcon AppSec Village
07/2021 Defcon Adversary Village
07/2021 Defcon IoT Village “Mind the Gap: Managing Insecurity in Enterprise IoT”
10/2021 Shellcon “Signed, Sealed, Delivered: Abusing Trust in Software Supply Chain Attacks”
10/2021 Texas Cyber Summit “Invitation to Exploitation: Risks from Mass IoT Vulnerabilities”
10/2021 Adversary Village, Texas Cyber Summit
11/2021 Hackfest
05/2022 MTUG “Third Party Compromise: Lessons From the Okta Breach”
08/2022 BSides LV “Code Dependency: Chinese APTs in Software Supply Chain Attacks”
08/2022 Defcon Skytalks “The Internet Wars” Panel

Podcasts:
11/26/2015 Brakeing Down Security “The Rise of the Shadow”
02/21/2016 Brakeing Down Security “Mainframe Security”
07/19/2016 Brakeing Down Security “TiaraCon, Women in InfoSec and SCADA Headaches”
10/10/2016 PVC Security
03/20/2017 Advanced Persistent Security Podcast
04/25/2017 Silver Bullet Podcast with Dr. Gary McGraw
04/29/2018 Purple Squad Security “The Importance of Community in InfoSec”
10/14/2018 Brakeing Down Security “DerbyCon 2018”
07/ 08/2019 InSecurity Podcast with Matt Stephenson
02/2021 C Suite with Claudette McGowan
03/2020 ITSP Magazine Podcast “Meet 12 Non-Profits Supporting Diversity and Inclusion in InfoSec”
04/2022 ITSP Magazine Changemaking Podcast

Webinars:
Dark Reading September 28 “How to Effectively Analyze Threat Intelligence Data”
Dark Reading November 15 “The Future of the Online Threat”
Dark Reading March 23 “Enriching Threat Intelligence Data”

TV:
09/15/2016         TVO “The Agenda” The Rise of Ransomware
http://tvo.org/video/programs/the-agenda-with-steve-paikin/the-rise-of-ransomware