My name is Cheryl Biswas. My fascination with computers started with those blinking machines on the original Star Trek, and the realization that if I could learn to work those things, then I could boldly go  – anywhere!  But I didn’t learn math like everyone else and found myself struggling.  I  mistakenly believed a few key people who convinced me I couldn’t learn computers, so I didn’t take programming or comp sci. They were wrong, though. Curiosity and passion led me to technology through the back door and I taught myself computers. Along the way, I was truly fortunate to work with and learn from some terrific and talented people. They didn’t see my lack of a tech degree but rather my  keen interest and will to learn. Thanks to them (you know who you are) I strive to share my love for all things tech with those who find it overwhelming or scary.

Currently, I am a Threat Intelligence analyst on a cybersecurity team, where I research, analyze, and report on what I find to help defend the organization. Threat actors, ransomware, supply chain attacks, zeroday vulnerabilities and exploits – the learning never stops. I share my passion and knowledge by writing and speaking about threats to less-known but critical systems like ICS SCADA and mainframes, Botnets and cryptominers, the problems securing internet of things and enterprise IoT-  there is so much we need to know. I love being able to make a difference.

Threats and adversaries are moving faster than ever, which means we have a lot of work to do just to keep up. Malware, security breaches, online scams – how much can the average user do to protect themselves?  There’s a lot of great information out there, but only if you know where it is and what it means. My role is to help make all that intel actionable.  I hope this site can be a resource to you, and that my posts will educate, illuminate and keep you safe using the technology that’s part of everything we do. Because in my world, technology is friend, not foe. And this is my post on CyberWatch.

Involved with:
The Diana Initiative, Founding Board Member
C3X
TASK Toronto
Mentoring

Publications:
Beginner’s Guide to Information Security by Peerlyst. Collaboration with members of the security community.
Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World by Marcus J. Carey and Jennifer Jin. Collaborative collection by members of the security community 2019.

Some pieces I have written:
I have posted to LinkedIn Pulse; AlienVault; and Tripwire.
“Irongate and Customized Malware for ICS: Don’t Hit the Snooze Button on this Wake-up Call”
“Errors and Omissions: How the Phineas Fisher Release Reflects our Insecurities”
“Dangerous Assumptions: How What We Know Will Hurt Us”
“A Matter of Time: Lessons from the Ukraine Power Grid Attack”
“Big Data, Big Problems”
“Embracing the Shadow: Wait! What?”

TALKS:
08/2015 BSIdes Las Vegas “What Lurks in the Shadow: Shadow IT/Shadow Data”
08/2015 TASK Toronto “Review of Adventures in Mainframe Hacking”
09/2015 NET Tuesday Toronto (Tech Soup) “Digital Literacy for Non-Profits”
11/2015 BSides Toronto “What Lurks in the Shadow: Expanded Edition”
11/2015 TASK Toronto “What Lurks in the Shadow: Expanded Edition”
06/2016 Circle City Conference “A Stuxnet for Mainframes”
08/2016 BSides Las Vegas “How to Rob a Bank: The SWIFT Heists”
08/2016 TiaraCon Las Vegas “Women in Security Panel Discussion”
10/2016 SecTor Toronto “How to Rob a Bank: The SWIFT and Easy Way to Grow Your Online Savings”
11/2016 Hackfest Quebec City “Blue Team Reboot”, “A Stuxnet for Mainframes”
05/2017 InteropITX “Collecting, Correlating and Analyzing Security Data”
05/2017 DC416 “Enhancing Threat Intelligence Data”
06/2017 Circle City Conference “It’s A Disaster!”
07/2017 BSides Las Vegas “Banking on Insecurity”
07/2017 DefCon Wall of Sheep “Threat Intel for All: There’s More to Your Data”
07/2017 The Diana Initiative Keynote Speaker “Resilience, Strength, Determination”
11/2017 Hackfest Quebec City “Banking on Insecurity V2”
11/2017 BSidesToronto “Reduce Your AD Attack Surface: Securing the Forest Through the Trees”
01/2018 ShmooCon Firetalks “Patching – It’s Complicated!”
04/2018 Atlantic Security Conference “Patching – Show Me Where it Hurts”
06/2018 Circle City Conference “Patching – It’s Complicated!”
08/2018 BSides Las Vegas “Don’t Bring Me Down: Are You Ready for Weaponized Botnets?”
08/2018 Defcon Skytalks “Don’t Bring me Down: Weaponizing Botnets”
09/2018 DerbyCon “Draw A Bigger Circle: InfoSec Evolves” and “Patching – Show me Where it Hurts”
10/2018 BSides DC “Don’t Bring me Down: Are You Ready for Weaponized Botnets?”
11/2018 Hackfest “Don’t Bring me Down:  Are You Ready for Weaponized Botnets?”
01/2019 ShmooCon Epilogue “Don’t Bring me Down: Weaponized Botnets”
03/2019 Tactical Edge Colombia “The Weaponization of Monetization”
04/2019 Atlantic Security Conference “The Weaponization of Monetization”
08/2019 Defcon Cloud Village “Cryptominers in the Cloud”
08/2019 Defcon Wall of Sheep “Patching – It’s Complicated!”
08/2019 Defcon Skytalks “The Emperor Has No Clothes”
08/2019 Blackhat USA Diversity Panel hosted by Salesforce
09/2019 Closing Keynote at C3X “What If …”
10/2019 BSidesDC “Mind the Gap: Managing Insecurity in EIoT”
11/2019 Hackfest “Mind the Gap: Managing Insecurity in EIoT”
02/2020 RSA Conference “Culture at a Crossroads: Hacking Our Way from Vicious to Virtuous” with Josh Corman and She Speaks Security Panel
09/2020 CISA Cyber Summit 2020 Session Day 3 Panel “Coming Together: Empathy and Allyship”
07/2021 Defcon AppSec Village
07/2021 Defcon Adversary Village
07/2021 Defcon IoT Village “Mind the Gap: Managing Insecurity in Enterprise IoT”
10/2021 Shellcon “Signed, Sealed, Delivered: Abusing Trust in Software Supply Chain Attacks”
10/2021 Texas Cyber Summit “Invitation to Exploitation: Risks from Mass IoT Vulnerabilities”
10/2021 Adversary Village, Texas Cyber Summit
11/2021 Hackfest
05/2022 MTUG “Third Party Compromise: Lessons From the Okta Breach”
08/2022 BSides LV “Code Dependency: Chinese APTs in Software Supply Chain Attacks”
08/2022 Defcon Skytalks “The Internet Wars” Panel

Podcasts:
11/26/2015 Brakeing Down Security “The Rise of the Shadow”
02/21/2016 Brakeing Down Security “Mainframe Security”
07/19/2016 Brakeing Down Security “TiaraCon, Women in InfoSec and SCADA Headaches”
10/10/2016 PVC Security
03/20/2017 Advanced Persistent Security Podcast
04/25/2017 Silver Bullet Podcast with Dr. Gary McGraw
04/29/2018 Purple Squad Security “The Importance of Community in InfoSec”
10/14/2018 Brakeing Down Security “DerbyCon 2018”
07/ 08/2019 InSecurity Podcast with Matt Stephenson
02/2021 C Suite with Claudette McGowan
03/2020 ITSP Magazine Podcast “Meet 12 Non-Profits Supporting Diversity and Inclusion in InfoSec”
04/2022 ITSP Magazine Changemaking Podcast

Webinars:
Dark Reading September 28 “How to Effectively Analyze Threat Intelligence Data”
Dark Reading November 15 “The Future of the Online Threat”
Dark Reading March 23 “Enriching Threat Intelligence Data”

TV:
09/15/2016         TVO “The Agenda” The Rise of Ransomware
http://tvo.org/video/programs/the-agenda-with-steve-paikin/the-rise-of-ransomware