ROOTCON 19 will be on September 24, 25 & 26, 2025, at Royce Hotel in Clark, Pampanga.
Cyber Threat Intelligence - Collection 101
Collection is a dominant activity in any Intelligence organisation. This holds true in the realm of Cyber Threat Intelligence (CTI). Effective collection is grounded in fulfilling the Priority Intelligence Requirements (PIRs) of the organisation. As the collection effort unfolds, CTI analysts must be able to interrogate and fully understand their collection sources. As an example, analysts do not have to be malware reverse engineers, but they must at least understand that work and know what data can be sought.
This Workshop aims to provide CTI professionals with the appropriate methodologies to design and deliver on their collection effort. We will cover CTI collection best practices, including identifying key collection sources. The nexus between open-source intelligence (OSINT) and CTI will also be covered. Participants will earn to seek and exploit information from domains, external datasets, malware, Transport Layer Security/Secure Sockets Layer (TLS/SSL) Certificates, and more.
Speaker
Aaron Ng
Aaron Ng is a Senior Systems Engineer at CrowdStrike where he advises customers on their security needs and solutions. He is currently based in Dubai, and is responsible for the CrowdStrike business across the Middle East, Turkey, and Africa (META) region. Aaron represented CrowdStrike Intelligence, speaking at various Security Conferences including BlackHat MEA, MENA ISC, GovWare, RootCon, AVAR, BSides SG, and SINCON.
Scott Jarkoff
Scott Jarkoff is the Co-Founder of Praeryx, a new startup currently developing some insanely deep services and technology. Prior to that Scott Jarkoff was the Director, Intelligence Strategy, APJ & META, at CrowdStrike, where he directed the Asia-Pacific & Japan, and Middle East threat intelligence business. He advised and guided customers on operationalizing and integrating threat intelligence within a holistic intelligence-led security strategy.
Scott's creative genius does not stop at cyber security. He is also the visionary Co-Founder and mastermind behind deviantART, the largest and most vibrant online art community in the world. Under his guidance, deviantART blossomed into a bustling hub where millions of artists and art enthusiasts connect, share, and thrive in a kaleidoscope of creativity. Scott's profound impact on the art world through deviantART mirrors his innovative spirit in tech, making him a true renaissance man in both realms.
Scott is based in Tokyo where he masterminds all facets of multiple opeartions. He has twenty-five years cyber security and intelligence experience, between his time with the US Department of Defense, and the private sector.
AI-Augmented Cloud Threat Detection with Prowler
This hands-on workshop will teach participants how to detect and prioritize real-world cloud threats using open-source tools and AI techniques. Led by a founding engineer of Prowler, the leading open-source multi-cloud security tool, attendees will learn how to secure AWS, Azure, and GCP environments with Prowler, and explore how to integrate AI to enrich and automate the analysis of security findings.
We will build a lightweight threat detection pipeline that uses Prowler to scan cloud accounts, integrates an LLM (such as Bedrock or Ollama), and outputs actionable summaries for security teams. This workshop blends cloud security engineering with practical applications of AI perfect for defenders looking to level up.
Speaker
@MrCloudSec
Sergio García is a Cloud Security Engineer and the main maintainer of Prowler, an open-source cloud security tool. With a strong background in cloud security and automation, he is passionate about securing cloud environments and contributing to the open-source community. Sergio shares insights on best practices, risk management, and innovative security solutions to help organizations strengthen their cloud security posture.