Johnny Xmas

Chicago, IL

Bio

Johnny Xmas: Infosec’s most successful community builder.

Johnny is been a dedicated and prominent figure in the Information Security community, sharing his extensive research and knowledge since 2002. Most notably recognized for his pivotal role in exposing the American TSA Master Key leaks (2014-2018), uncovering Venmo stalking vulnerabilities (2018), and being an overall nuisance. Currently, he is the Global Head of Offensive Security for a Fortune 200 food and beverage manufacturing company.

Past experience includes being: Director of Cyber Training at security research firm GRIMM, defending against the automated abuse of web infrastructure with Kasada, and as the Lead Researcher on Uptake’s Industrial Cybersecurity Platform. Before this, he spent many years in the field as a penetration tester, security engineer for a global Fortune 500 corporation, and Mainframe auditor and Systems Engineer for several IT asset recovery firms.

My Talks

IC (What you Did There): Managing a Career While Staying out of Management

Are you an IT professional who values technical expertise over management roles? Learn how to advance your career, earn more, and stay true to your technical roots without moving into management. W...

Infosecs in the City

A current showrunner BurbSec meetups will discuss the social InfoSec scene from around the Midwest, covering the most successful aspects of various “CitySec” frameworks. You'll leave with the knowl...

OT\ICS\SCADA 101

In this “OT for IT” talk, we’ll delve into the foundational elements of Operational Technology environments, covering terminology, frameworks, and most importantly: engineer mentality.

Poisoning Pidgins in the Park

This talk is a play-by-play of a hobbyist's incident response to an active supply-chain attack against a very popular free, open-source (FOSS) communication tool, involving not only the implementat...

Saving Ryan's Privates

Despite strong passwords and MFA use, discover how the world's most private digital assets are still being stolen and leaked. Join Johnny as he exposes privacy myths, common theft methods, and acti...

SIEM and the Art of Motorcycle Maintenance

A really fun presentation comparing my lessons learned from motorcycle ownership and how they directly relate to SIEM ownership. The goal is to hopefully finally convey information in a way that SI...

Superposition, not Superstition

Quantum computing won't break encryption overnight. "Superposition Without Superstition" cuts through the hype, explaining why quantum threats are distant, limited in scope, and already being count...