Kevin Bong

Kevin is a director of cybersecurity consulting, responsible for penetration testing, risk assessments, compliance audits, incident response, and cybersecurity advisory services. Kevin has over 20 years of experience working in a variety of cybersecurity leadership roles, including application development, network management, risk management, fraud monitoring, digital forensics, and assessment services. He has worked with both large and small organizations across many industries helping them navigate complex security and compliance requirements as well as navigating them through security breaches.



The Bad Guys Are (Unfortunately) Talented Developers


Attackers write crafty code to compromise apps, steal data, and cover their tracks. To protect against them, you need to understand them. Come discover the mistakes developers make, see actual exploits & code extracted from ecommerce breach investigations, and learn ways to protect your own apps.


In this entertaining and informative talk, you will…

  • Hear war stories of our real-world ecommerce breach investigations
  • Watch us demonstrate & analyze different app weaknesses & exploit techniques
  • See the code used to create hidden persistent command & control backdoors, covertly capture & exfiltrate credit card data, and cover evidence of attacks
  • Leave with knowledge of how you can better protect your apps along with a top 10 cheat sheet

Both novice and veteran developers will benefit from this talk, as it provides an alternative view to their application development backgrounds. There aren't many people that have the combination of experience that I do, and I'm excited to share it with the Chippewa Valley developers community.

I am a professional application penetration tester, getting paid to hack into organizations to help identify weaknesses; a developer, building banking & ecommerce applications; and most recently a Payment Card Industry (PCI) Forensic Investigator (PFI), leading a digital forensics practice responsible for investigating credit card breaches, ransomware attacks, cloud & account-takeover attacks, and other cyber breaches.

I've been described as both entertaining & informative, and I have extensive experience speaking and training both technical & non-technical audiences. My recent conferences include CypherCon, SecretCon, and even organizing Skunk's Misery, a local community-based hacker conference.