Friday, April 8, 2022


Begins at 11am EDT

The third installment of our annual conference, UniCon, will be held virtually on Friday, April 8 this year. While UniCon is usually held on National Unicorn Day, April 9, it unfortunately falls on a Saturday this year, hence the shift in date.

Our theme for this year is "Collaboration". Come hear the best from our customers and friends at our third annual UniCon.

UniCon is a free conference for the entire purple team: security researchers, developers, red teamers, blue teamers, and digital forensics and incident responders. Don’t miss your chance to be a part of the most magical, exciting, and interactive Cyber Conference of the year.  

We look forward to making a better future, together.

Click here to register!

Olaf Hartong

Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specialises in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects. Olaf has presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences. Olaf is the author of various tools including ThreatHunting for Splunk, ATTACKdatamap and Sysmon-modular. He maintains a blog at

John Strand

John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.  He is a coveted speaker and much loved SANS teacher. John is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks.

UniCon22 Agenda

Time (Eastern Time)



10 mins

Welcome to UniCon!

Bryson Bort and Jorge Orchilles, SCYTHE

50 mins

Welcome Keynote and Fireside Chat:1-10-60 Detection Metrics

Dmitri Alperovitch and Bryson Bort

Gula Tech Foundation and Lauren Buitta from Girl Security

25 mins

Finding the Blindspots – Training, Tuning, and Showing Results

Ben Finke, OnDefend

25 mins

Cool, the Purple Team exercise is done: Now What?

Daniel DeCloss, PlexTrac



Dave Kennedy, @HackingDave, TrustedSec

25 mins

Managed Detection and Response

Randy Pargman and Justin Schmitt, Binary Defense

25 mins

Syscalls in C# - brought to you by Dynamic Invoke!

Jean-François Maes, NVISO

50 mins
30min + 20 q&a

Panel - How to Conduct Security Assessments on Critical Infrastructure.

Megan Samford, Corey T Jackson, Jacob Kamieniak, Brian Wisniewski

from Schneider Electric, SACRO, LLC, GE, & United States Army Reserve Innovation Command

Gula Tech Foundation and Darold Kelly Jr. from the Black Cyber Association

25 mins

Big bad guys, compliance and a tiny budget

Urban Jonson, NMFTA

50 mins

Purple Teams and the CURES Act, why they're needed for providing patients their data

Mitch Parker, IU Health

Gula Tech Foundation and Kendra Parlock from Npower


Closing Fireside Chat - Boundary Protection to Mitigate Occupational Burnout

Magen Wu, Urbane Security & Elizabeth Wharton, SCYTHE

We have a brand new CTF that will debut. This one is for the entire Purple Team, whether you are Red Team, Security Operations, Hunt Team, or Digital Forensics and Incident Response. We all need to know what our payloads do before deploying them in an environment. We will create various synthetic malware and you will need to tell us what they do!

We’ve detected malicious activity on an endpoint after a recruiter downloaded a resume.doc which executed some sort of malware. We were able to take that endpoint offline before it could do any major damage (we think), but we’d like you to investigate what exactly the executable does. This CTF will be 3 levels and require you to run 3 different pieces of synthetic malware and analyze what it does. Level 1 and 2 are question/answer format while level 3 asks you to go way deeper. More details coming soon!

Special Appearances

Cyndi Gula, Gula Tech Adventures

Ron Gula, Gula Tech Adventures

Ron and Cyndi Gula created the Gula Tech Foundation to amplify the impact of cybersecurity nonprofit organizations. The Gula Tech Foundation operates a $1,000,000 competitive grant process for cybersecurity nonprofits multiple times a year. Each grant competition has a unique cybersecurity focus. Grant winners receive a financial donation and will have the opportunity to participate in an all-expenses-paid marketing program to elevate public awareness of their organization.

The January 2021 grant program focused on nonprofits which increase African American engagement with cybersecurity.
The three winners were Black Cybersecurity AssociationNPower Inc and Girlsecurity.

The winners will be given time to speak, and we look forward to learning from their experience.

We are honored to have Ron and Cyndi Gula take part in UniCon21, and grateful for the opportunity to learn from their leadership as they break down barriers in the community.