Because the difference between a hard target and a soft target … is everything.

The recent flood of data breach news may numb us to the threat of attacks with kinetic effects--direct or indirect physical damage, injury, or death. Hack NYC focus’ on our preparation for, and resilience to, the genuine potential for Kinetic Cyber attack. Be part of defining solutions and illuminate risks aimed at Critical National Infrastructure

  • financial services (banking, clearing);
  • security services (police, military)
  • electricity generation transmission and distribution;
  • gas production, transport and distribution;
  • oil and oil products production, transport and distribution;
  • telecommunications
  • water supply (drinking water, waste water/sewage, stemming of surface water (e.g. dikes and sluices));
  • agriculture, food production and distribution;
  • heating (e.g. natural gas, fuel oil, district heating);
  • public health (hospitals, ambulances);
  • transportation systems (fuel supply, railway network, airports, harbors, inland shipping);

The event is about sharing big ideas on how we will fortify our daily life and economic vitality.  The threat of attack aimed at Critical National Infrastructure is real as services supporting our communities and businesses face common vulnerabilities and an unspoken kinetic threat.  On May 8-10, 2018, join us at 11 Times Square, across the street from the New York Port Authority, a national landmark of transportation.

Core content in support of The NIST Cyber Security Framework is aligned to five functional areas;

  • Identify - "Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities."
  • Protect - "Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services."
  • Detect - "Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event."
  • Respond -"Develop and implement the appropriate activities to take action regarding a detected cybersecurity event."
  • Recover - "Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event."

Who Should Attend

 operators preview   Join other Hunters, Red Teamers, Penetration Testers, Cryptographers, Security Analysts, Security Engineers, Software Developers and Risk Managers. Influence this critical conversation and sharpen your skills. Get your hands dirty with the latest tools and techniques. Explore challenges and real-world solutions from industry peers working challenges with critical infrastructure security.
    We provide the platform, you steer the conversation with 1:1 and group sessions. Engage with industry leaders, practitioners, and potential investors to ignite an open conversation in “think tank” style breakout talks. Mold how we fortify our critical infrastructure with unmatched networking and learning opportunities
sponsors preview    Reach hundreds of cybersecurity experts, decision makers, and influencers. Bring your best and brightest minds and innovation to the big apple and influence our ability to secure critical infrastructure. You can influence conversation affecting every industry: government, healthcare, finance, transportation, energy, law, policy and more. 
    Meet face-to-face with the top international talent committed to defining and defending the future of security. Meet with the most influential companies and recruiters who are hiring now. Register online, schedule your meetings in advance and plan to make life-changing connections.


*Continuing professional education credits (CPE)

2018 Speakers

New York University
Chief of Police
City of Hampton, VA
VP of Security Solutions
Check Point
Gula Tech Adventures
Cyberman Security LLC
Deputy Chief Information Security Officer
City of New York
Lt. Col. James Emerson, USMC (Retired) Chief Operating Officer/Managing Director
iThreat Cyber Group
Chief Operational Risk Officer
Goldman Sachs
Maven Security Consulting Inc.
CTO Security (Cloud & Enterprise)
Microsoft Corporation
Managing Consultant
Spirent Communications
Bank of America
I Am The Cavalry
Radicalization and Counter/Cyber Jihadist Operations Analyst (RCCJOA) Instructor
Cyber Security Forum Initiative
Lead Security Strategist
Adobe Systems Incorporated
Managing Director
Cyber Safety Innovation Fellow, Scowcroft Center for Strategy and Security
Atlantic Council
Founder Director President at Cyber Security Forum Initiative
Cyber Security Forum Initiative
Program Manager
Consortium for IT Software Quality (CISQ)
Senior Security Architect
Senior Research Scholar
Columbia University
Product Manager
USMC Recon Marine, GORuck Cadre
Managing Director, Cybersecurity
BioHacking Village Project Manager
Principal Consultant
Gotham Digital Science
Founder & CEO
Cleared Jobs
LJ Kushner & Associates
Chief Operating Officer
New York Internet
Criminal Defense Lawyer
EVP, Strategy and Analytics,
Director of Infrastructure
Interfaith Medical Center
Security Consultant
NCC Group
Technical Director
NCC Group
Sr. Vulnerability Researcher
CERT / Carnegie Mellon University
Senior Principal Engineer
MITRE Corporation
Founder, Consultant
BWG Strategy
Chief Information Security Officer
BGC Partners
VP, Security Intelligence
Host Intrusion Engineer
Detect & Response, The Butterfly Effect way!
Director of Cybersecurity Services


This event would not be possible without the industry support of "The Team"

Distinguished Engineer
Criminal Defense Lawyer
IT Specialist
U.S. Department of Homeland Security
Chief Operating Officer
BSides DE | RedLion
Senior Director
TrapX Security
Senior Principal Engineer
MITRE Corporation
Senior Vice President and Chief Evangelist
Center for Internet Security
Chief Scientist
International Board of Directors, Chairman for Education & Professional Development
ISSA International
Computer and Information Science
New Jersey Institute of Technology
Leader & Director, DevSecOps (Red Team, Cloud Security, Security Engineering)
Principal Engineer at McAfee and SANS Certified Instructor
Assistant Special Agent in Charge (ASAC) - National Security Branch at FBI
Federal Bureau of Investigation (FBI)
Vice President - Technology Risk
Goldman Sachs
Critical Infrastructure Association of America, Inc.
Executive Director
Senior Manager
Cyber Security Problem Solver | Podcaster
Kivu Consulting | Cyber Security Interviews
Co-Founder, Producer
All Day DevOps
Principal Software Assurance Engineer
MITRE Corporation
Moderator | Security Advisor
BWG Strategy
Advisory Board
CISO / Head of Risk and Security Management
Community Resilience Panel - NIST
Dragos, Inc.
Vice President - Application Security
Pershing, a BNY Mellon company
Consulting Security Group (C.G.S.)
* EPI Gradute as a P.P.S. *
Co-Executive Producer / Virtualization Security
VMware , Owasp NYC president
Information Security
Global Head of Services, Security, and Integration
Unit Head | NJSP Cyber Threat Intelligence Unit
New Jersey Cybersecurity & Communications Integration Cell
Senior Solutions Architect
Micro Focus, Fortify
Chief Investigator
District Attorney's Office
Whiteside Security
Founder, Principal Security Consultant
Assistant Professor
Pace University
New York University

Workshops And Training

5/10 | GORUCK Constellation Custom (One-Day-Course) 

Trains you to be a hard target and a protector of what you hold dear. This is not an "offensive" event by design. Firearms and combatives training are not part of this event. You and your cell will move throughout the city with a rucksack of supplies and learn what escape and evasion looks and feels like in a time of chaos. Once you see the constellations, you know exactly how to find them no matter where you are. This knowledge makes you a hard target. Upon successful completion, you’ll earn the GORUCK CONSTELLATION patch, which will never be for sale.

Don't miss this mission.

(One-Day-Course) | $295pp | Instructor: Mr. Mickey B


Course Syllabus

5/9 Web Hacking Jutsu with Burp Suite - Genin Level (下忍)

● Introduction to and hands-on use of Burp Suite Professional

● Gain first-hand experience with web vulnerabilities by discovering and exploiting them in web apps, using both manual and automated techniques

● Students will leave with an understanding of how to find and exploit the most common and dangerous flaws in web applications

● Begin working through the OWASP Testing Guide as a methodology for how to test app security

(One-Day Course) | $995pp | Instructor: David Rhoades

Course Syllabus

5/9-5/10 | Secure Coding in C and C++ 

Secure Coding Training in C and C++ provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries. 

(One-Day Course) | $1500pp | Instructor: Prof. Robert Seacord

 Course Syllabus

5/9 | Radicalization and Counter/Cyber Jihadist Operations Analyst

The end state of CSFI's unique Radicalization and Counter/Cyber Jihadist Operations Analyst (RCCJOA) training and certification is to support the warfighter, the intelligence community, and law enforcement to strategically defeat terrorist organizations and their affiliates and adherents through the use of cyberspace.

(One-Day-Course) | $1300pp | Instructor: Mubin Shaikh

Course Syallbus

5/9-5/10 | Firmware Exploitation and Attack Countermeasures 

The IoT Firmware Exploitation and Attack Countermeasures training is designed to provide techniques for testing of embedded IoT systems, employing proactive controls, embedded application security best practices, and address the challenges of building security into embedded devices. This course is suited for embedded systems engineers, software developers, and security professionals.

(Two-Day-Course) $1500pp Instructor: Aaron Guzman

Course Syllabus

5/9-5/10 | STORM-HACKING

Module 01: - Introducing The STORM!
Module 02: - Network Security Threats, Vulnerabilities, and Attacks
Module 03: - Network Traffic Monitoring and Analysis
Module 04: - Network Risk and Vulnerability Management
Module 05: - Introduction to Ethical Hacking 
Module 06: – Footprinting 
Module 07: – Scanning
Module 08: – Enumeration 
Module 09: – System Hacking/Hacking Wireless Networks 

(Two-Day-Course) $1995pp Instructor: Kevin Cardwell

Course Syllabus

5/10 | Industrial Control Systems (ICS)

What Students Will Learn:

·      Introduction to commonly used field devices used in various industries. Students will be introduced to old-school devices and the latest generation and why it matters.

·      PLC, PAC, DCS, IED, RTU, what are these and what do they do?

·      Is everything on the plant floor really insecure?

·      What can be done to secure what is in your plant already.

(One-Day-Course) | $1000pp | Instructor: Tom Vannorman

Course Syllabus



Check back soon... we are adding (9) additional workshops on 5/9 and 5/10

 Tara copyLarry CyberHero



City of New York logo image
Microsoft Corporation logo image
Checkpoint logo image
Adobe logo image
Colliers Real Estate  logo image
Log Rhythm logo image
Proactive Risk logo image
Versive logo image
Contrast Security logo image
Spirent Communications logo image
Dispel logo image
Comodo logo image
Mission Secure Inc. logo image
TrustedSec logo image
Data Robot logo image
Synack logo image
Software Assurance Marketplace (SWAMP) logo image
New York Internet logo image
Dragos, Inc. logo image
AGM logo image
MITIS logo image
ITSP Magazine logo image
Peerlyst logo image
BWG Strategy logo image
I Am The Cavalry logo image
Consortium for IT Software Quality (CISQ) logo image
Cyber Security Interviews logo image
BugHeist logo image
OWASP Foundation logo image
MAGE Groupe logo image
OWASP 24/7 Security Podcast logo image
CREST International  logo image
BSidesNYC logo image
Center for Internet Security logo image
SAFECode logo image
Amazon logo image
US Bank logo image
New Jersey Cybersecurity & Communications Integration Cell   logo image
All Day DevOps logo image
Flashpoint logo image
Goldman Sachs logo image
Lares logo image
Pace University logo image
VMWare logo image
New Jersey Institute of Technology logo image
NYU logo image
Intuit logo image
Micro Focus, Fortify logo image
Nuix logo image
ISSA International logo image
Mandelbaum Salsburg logo image

News Alerts

Want to be alerted of upcoming events and related activities? Sign Up



 Code of Conduct  Press Releases
 Get Involved   Report ISSUE / BUG

The Critical Infrastructure Association of America established in 2018 is a 501(c)6 Non-Profit. The purpose of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.