Johnny Xmas

Chicago, IL

Bio

Johnny Xmas: The Most Interesting Man in Information Security

Johnny Xmas, a prominent figure in the Information Security community since 2002, has been a dedicated contributor to public forums, sharing his extensive research and knowledge. Most notably recognized for his pivotal role in exposing the American TSA Master Key leaks (2014-2018), uncovering Venmo stalking vulnerabilities (2018), and being an overall nuisance. Currently, he is the Global Head of Offensive Security for a Fortune 1000 / Global 2000 food manufacturing company.

Past experience includes being: Director of Cyber Training at security research firm GRIMM, defending against the automated abuse of web infrastructure with Kasada, and as the Lead Researcher on Uptake’s Industrial Cybersecurity Platform. Before this, he spent many years in the field as a penetration tester, security engineer for a global Fortune 500 corporation, and Mainframe auditor and Systems Engineer for several IT asset recovery firms.

My Talks

Artificial Intelligence, Real Threats

Artificial intelligence (AI) has evolved into a powerful, extremely accessible tool, and it's increasingly being used for evil. We'll demonstrate the ease of crafting text, audio, and video-based a...

Couch to Compromise 2024

Delve into 2023's most common attack chains used against large enterprises! Gain insights into attacks, defense strategies, and actionable tasks for an instant security lift, learning how to lower ...

IC (What you Did There): Managing a Career While Staying out of Management

Are you an IT professional who values technical expertise over management roles? Learn how to advance your career, earn more, and stay true to your technical roots without moving into management. W...

Infosecs in the City

A current showrunner BurbSec meetups will discuss the social InfoSec scene from around the Midwest, covering the most successful aspects of various “CitySec” frameworks. You'll leave with the knowl...

OT\ICS\SCADA 101

In this “OT for IT” talk, we’ll delve into the foundational elements of Operational Technology environments, covering terminology, frameworks, and most importantly: engineer mentality.

Poisoning Pidgins in the Park

This talk is a play-by-play of a hobbyist's incident response to an active supply-chain attack against a very popular free, open-source (FOSS) communication tool, involving not only the implementat...

Saving Ryan's Privates

Despite strong passwords and MFA use, discover how the world's most private digital assets are still being stolen and leaked. Join Johnny as he exposes privacy myths, common theft methods, and acti...

SIEM and the Art of Motorcycle Maintenance

A really fun presentation comparing my lessons learned from motorcycle ownership and how they directly relate to SIEM ownership. The goal is to hopefully finally convey information in a way that SI...