Interested in becoming a Secure Iowa Conference speaker? Apply today.

Lieutenant Colonel Robert J. Darling, United States Marine Corps (Ret.)

Lieutenant Colonel Robert J. DarlingUnited States Marine Corps (Ret.)


September 11, 2001 - The White House

A Crisis Leadership Presentation

By Lieutenant Colonel Robert J. Darling
United States Marine Corps (Ret.

On September 11th, 2001, Lieutenant Colonel Darling was working in the White House Military Office and was initially tasked to coordinate airlift assets for the President’s evacuation to an undisclosed site.  However, he was quickly recruited to provide his military expertise and became a liaison between the Vice President, National Security Advisor and the Pentagon.  During the next 24 hours, he received real time information from numerous government agencies and worked directly with the National Command Authority to respond to the terrorist attacks.  Lieutenant Colonel Darling witnessed firsthand the enormity of the crisis leadership decisions that were made that day on behalf of all Americans.  This presentation is designed to ensure we, as a nation, never forget the events of 9/11/01, and to inspire all leaders to take the necessary steps within their power to protect and safeguard their employees, their organizations and their communities.   

Robert J. Darling Bio

Retired Marine Corps Lt. Col.
Cobra “Attack Helicopter” Pilot
Marine Helicopter Squadron One Presidential Pilot for President Bill Clinton

White House Airlift Operations Officer who, during the attack on America on 9/11/01, responded to the underground White House Bunker Complex and stood shoulder to shoulder with America’s highest leaders as they made unprecedented crisis leadership decisions on behalf of all Americans.

Author : “24 Hours Inside the President’s Bunker, 9/11/01”


Keynote Speaker

David Nelson--President at Integrity

David NelsonPresident at Integrity

Dave is a Certified Information Systems Security Professional (CISSP) with 20 years of experience and a Fellow with the Information Systems Security Association (ISSA). He has lead technology organizations in both the public and private sector. Prior to founding Integrity, he most recently was the Chief Information Security Officer for a leading health informatics company.

He also managed an information security group for a top 5 U.S. banking organization, was the CIO for a higher education institution and served as the information security officer for one of the largest municipal governments on the east coast. Dave received his Bachelor of Science degree with a major in Computer Information Systems from Excelsior College. He has also taught and developed information technology curriculum at the post-secondary level, is a published author and speaker at national conferences.

Brad Beltman

Brad Beltman


AppSec War Stories

This is a look back at some of the fun, cool, and sometimes jaw-dropping situations we've encountered over the last year of web application penetration testing, where we'll recount stories of real tests that we conducted. Some stories include interesting ways around hurdles encountered, some include issues we see frequently, and some are included just for the lulz :) . This talk will include technical content, but has something for everyone from analysts and developers, to executives. 

Our intent is not to point fingers or place blame, but rather a reminder of what can happen if we don't all remain vigilant and work to continually improve our defenses. Pull up a chair and grab some pop-corn, it's story time!

Brad Beltman Bio

Brad is a consultant with SecureWorks doing full time web application penetration testing.

He has a masters degree in Information Assurance from Dakota State University. Certifications include OSCP, GWAPT, GPEN, GCIH, GCED, and CISSP. When not on a computer, Brad is usually tormenting his wife, playing with his two kids, or playing guitar.


Security Testing and Investigation


Eric Johnson

Eric Johnson


Secure DevOps: Static Analysis & the Puma’s Tail

DevOps is changing the way that organizations design, build, deploy and operate online systems. Engineering teams are making hundreds, or even thousands, of changes per day, and traditional approaches to security are struggling to keep up. Security must be reinvented in a DevOps world and take advantage of the opportunities provided by continuous integration and delivery pipelines.

In this talk, we will explore how static analysis fits into Secure DevOps and introduce you to Puma Scan: an opensource .NET static analysis rules engine. Live demonstrations will show Puma Scan identifying vulnerabilities inside Visual Studio and in a Jenkins continuous integration (CI) build pipeline. Attendees will walk away with a better understanding of the role static analysis play in DevOps and a .NET static analysis engine to help secure your organization’s applications.

Eric Johnson Bio

Eric Johnson is a Principal Security Consultant at Cypress Data Defense. At Cypress, he leads web and mobile application penetration testing, secure development lifecycle consulting, secure code review assessments, static source code analysis,
security research, and security tool development. Eric has presented his security research at conferences around the world including SANS, BlackHat, OWASP AppSecUSA, BSides, JavaOne, UberConf, and ISSA. He has contributed to several open
source projects including Puma Scan (a .NET static analysis tool), AWS Critical Security Control Automation, and the OWASP Secure Headers project.

Eric is also a Certified Instructor with the SANS Institute where he authors several application security courses, serves on the advisory board for the SANS Securing the Human Developer awareness training program, and delivers security training around the world.

Eric completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP. NET, and GSSPJava certifications.


Application & Infrastructure Security

Senior Level
Security Leader

Subscribe to this RSS feed