May 20th, 2025
Kentucky Transportation Cabinet Building
200 Mero Street, Frankfort KY
8:30 AM - 4:30 PM, EST
Join KOHS and our partners for this no-cost, dynamic, one-day cybersecurity event designed for IT professionals like you! The KY Blue Team Summit 2025 will bring together some of the brightest minds in the industry to deliver engaging technical-level sessions covering the latest trends, strategies, and solutions in cybersecurity. Not just your typical series of lectures, we will be including hands-on training and demonstrations including capture the flag events, incident response, case studies, demonstrations of hacking tools, and a wealth of opportunities to collaborate and grow your contact list.
Our 20+ expert speakers, hailing from Kentucky and neighboring states, will cover key topics such as threat intelligence, network defense, incident response, and the evolving landscape of cyber risks. This event is a unique opportunity to learn from industry leaders, stay ahead of emerging threats, and gain actionable insights to bolster your organization's cybersecurity posture.
Whether you're looking to sharpen your skills, expand your knowledge, or build valuable relationships,
KY Blue Team Summit 2025 is the event you won't want to miss!
Featuring
A 5 hour capture the flag event hosted by The KY Army National Guard and the University of Louisville.
4 hours of hands-on incident response training.
Demonstrations of hacking tools including Flipper Zero and Kali Linux.
Plenty of networking time to meet the experts and expand your contacts.
20+ speakers from around the Commonwealth including:
- Keynote Session from KY Army National Guard
- FBI
- Baptist Health
- CISA
- Commonwealth Office of Technology
- UPS
- Several State and Community Colleges
- And many more!!
Event FAQs
- Local Lodging and Dining Information - View Map
- Who is the intended audience for this event? IT and cybersecurity professionals, regardless of skill or experience.
- Is there a registration fee? There is no fee to attend this event, parking or otherwise.
- Is parking free? Yes, in addition to street parking there are two publicly accessible multi-story parking structures adjoined to the venue.
- Will an event map and schedule be published? Yes, those things will be sent to your email after registration, near the date of the event.
- Is lunch provided? No, lunch will not be provided for this event. However, there are many restaurants walking distance from the training venue, and we will take a break from sessions during lunch time.
- Is there a registration deadline? There is not a deadline, however this event is limited to 220 participants. Register Early to guarantee your seat!
Sessions Preview
Detection Engineering at UPS
In this presentation, we Will share how UPS security operations center (SOC) operations are engineered, and how we orient our efforts to defend against recent threats
UK's Road to DMARC Enforcement ...and Securing all the Email Things
A roadmap discussion on how the University of Kentucky successfully reached a DMARC enforcement policy of p=reject and other changes to drastically reduce the attack surface of the enterprise's Exchange environment. This session will discuss challenges and milestones for the teams involved. And provide recommendations on tools, products, and configurations that can be leveraged to better secure complex mail environments that leverage M365's Exchange Online or hybrid Exchange services.
Beyond Passwords: Strengthening Identity Security in M365
As identity-based attacks continue to rise, securing user access has become the foundation of modern cybersecurity. In this session, we will explore how Microsoft 365’s identity protection features—such as Azure AD Identity Protection, Privileged Identity Management (PIM), Temporary Access Pass (TAP), and Conditional Access—can help organizations mitigate risks and enforce strong security policies.
Is Big Brother Really Watching?
Are your devices betraying you? In this session, we will be taking a look at mobile, IoT, and automobile infotainment system forensics. We are all aware of the plethora of data that is stored in that little box each of us carries around with us. Our mobile phones are basically a digital recording of our lives. What you may not be aware of is the amount of and types of data that can be recovered other devices you use on a daily basis. What does your automobile know about you? What about the simplest of IoT devices? In this session we will investigate details we can glean from your devices, which means these are all things that your devices are collecting about you.
Building a Cybersecurity Culture.
This presentation focuses on the importance of cultivating a cybersecurity culture that goes beyond compliance and integrates security practices into the organization’s values and everyday behavior. We explore how leadership commitment, continuous education, and fostering open communication can build a culture of security. Employees should feel empowered to follow secure practices, report suspicious activities, and view cybersecurity as an essential part of their role.
The Forgotten Networks: OT Cybersecurity Across Industries
Operational Technology (OT) cybersecurity is no longer just a concern for power plants and water utilities. From building access controls and IP cameras to HVAC systems and point-of-sale devices, overlooked OT components are becoming prime cyberattack targets across industries. This session will explore real-world cyber incidents, best practices for securing OT environments, and the importance of frameworks like the Purdue Model. Attendees will gain insights into mitigating emerging threats and practical security strategies for diverse sectors, including manufacturing, healthcare, and retail.
Ghostmarket09 - The United States v. Jesse Kipf
In this joint presentation, we will present a case study on the successful investigation that brought cybercriminal Jesse Kipf, aka Ghostmarket09, to justice. The FBI opened and investigation after they identified Kipf attempting to sell access to state death registration systems. The talk will discuss how collaboration supported the FBI's investigation and assisted federal prosecutors. In October 2023, Kipf was indicted on charges of computer fraud, identity theft, and bank fraud. In August 2024, Kipf was sentenced to 81 months for computer fraud and identity theft for breaching death registration systems in multiple states. The speaker will share insights from this collaboration, discussing how cybersecurity vendors, law enforcement, and prosecutors can work together to identify, investigate and prosecute threat actors. They will highlight challenges of building a case and critical evidence needed for conviction.
Securing Healthcare’s Future: The Role of Cyber Resilience in Patient Safety
Healthcare provider CISO perspective on the evolution of cyber-crime, lessons learned from recent public incidents, emerging threat vectors and suggested focus areas for cyber defense teams in the next 6-12 months
Getting Started with Risk Assessment for Blue Teams
Risk assessment is a crucial component of any blue team's defense strategy. This session covers the fundamentals, including how to identify assets, evaluate threats, and prioritize risks. Participants will learn practical steps to assess vulnerabilities, measure their potential impact, and implement security controls to enhance their organization's defenses. This session is ideal for individuals who are new to risk assessment or are looking to improve their current approach.
Red Team Tool Demo
See red team tools in action. Flipping Zeros, Kali's Linux, Social Engineering Toolkits, Bad USBs and more that can't be named by specific brand.
CISA’s No - Cost Tools, Available to YOU!
CISA has developed several cybersecurity tools which are available to anyone to use. This session will specifically focus on three tools, Logging Made Easy, Malcolm, and SCUBA Gear. CISA's Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure. Malcolm is a powerful network traffic analysis tool suite designed with the goals of being easy to use, a streamlined deployment, and provides powerful traffic analysis. ScubaGear is an assessment tool that verifies that a Microsoft 365 (M365) tenant’s configuration conforms to the policies described in the Secure Cloud Business Applications (SCuBA) Secure Configuration Baseline documents/
...and more!
Blue Team Summit Capture-the-Flag Challenge
Objective: To conduct a Capture-the-Flag event that tests the cybersecurity skills of participants, promotes teamwork and problem-solving, and fosters a spirit of competition and learning.
Event Overview:
Duration: 5 hours
Format: Individual or Team Competition (Users can select during registration)
Challenges: A series of cybersecurity-themed challenges, including:
- Steganography
- Cryptography
- Network analysis
- Binary exploitation
- Forensics
Scoring: Points awarded for each challenge solved, with bonus points for speed and creativity
Winning Team: The participant/team with the most points at the end of the competition will be declared the winner
Logistics:
Date and Time: May 20th, 2025, 8:30am. CTF Range Open 9:30am-2:30pm.
Location: Kentucky Transportation Cabinet: 200 Mero Street, Frankfort 40622
Equipment: Participants will be required to bring their own laptop and necessary software.
Rules: A detailed rules document will be provided to participants prior to the event.
Registration:
Deadline: May 20th, 2025
Process: Participants can register online through the link above. Opt-in by choosing "yes" under CTF participation.
CTF Questions:
Contact
kyngcyberinitiatives.mil@army.mil