Practical Security Strategy: Strategery Simplified
In this workshop, we will assume the role of CISO to an organization struggling to make sense of information security and what it means to their organization. During the workshop, we will take the pentest results that inspired WLDD Inc. to hire their first CISO and use them to inform our efforts to rapidly mature and improve WLDD Inc.’s security posture. Guaranteed to framework all the things.
4 Hour Workshop
Friday May 11th 2pm to 6pm WS Room 3
Sign Up for Practical Security Strategy: Strategery Simplified HERE
2018 - Tactical SecOps with Kevin Johnson
Tactical Security Ops is a hands-on class that integrates security operations into the daily activities of network and system administrators. Students of the course will gain an appreciation for the security risks that threaten their environment and leave with practical skills that make them better prepared to face these threats. Students will spend time in labs implementing security tools, performing common attacks, analyzing the signs of the attacks, and hardening systems. Class discussions will focus on common security controls and how to adapt tools and processes to their own environments whether they are large or small. (This is a condensed version of the course).
Friday May 11th 11am to 6pm WS Room 2
Sign Up for Tactical SecOps HERE
Social Engineering for the Blue Team
Within two months of being on a development team, I started hearing that they wanted to hire me away from the security team. Was this my technical prowess? Hardly. I was still learning the lay of the land. Instead it was my ability to build strong relationships and fit in with the team.
It wasn’t always like this. I was one of those kids picked on from middle school through high school for his glasses and tight pants. Later my JNCO jeans (remember those?). I found talking to girls intimidating and scary. All these failures and emotional baggage led to a desire to be better at human interaction. To not only interact, but to actually be liked. Eventually (through lots of failure), I found that I could improve my interactions. Slowly, I started to hone my soft skills. In my first security role my manager made mention of the fact that I got a lot of work done and everyone seemed to like me. This sparked some questions, “I am? How am I doing that?” Last year I read my first social engineering book. Everything became clear. What I was doing right and what I was doing wrong in my interactions. This opened my eyes to how I was getting so much done at work. I was building strong relationships with people in the organization. When I came to them with a need, they were quick to respond. Often times they dropped what they were doing to help.
In this training we will walk through the tools and techniques help build better relationships. We’ll discuss what we’re doing right and wrong. How to build rapport with your co-workers. We’ll also work on verbal and electronic communication techniques, body language, going the extra mile, and appreciation. Interaction is a big part of this training. Come prepared to get outside your comfort zone and learn by interacting with your fellow participants.
There is a massive need in the information security field to get more done at work. There is a talent shortage. Unfortunately, the field is not going to suddenly be flooded with capable technical talent. We need to look at how we can get more out of what we’re doing. How to get more out of those in other departments. Working with a development team has made me realize they have a lot to say in security. They can make a huge security impact. Building a good relationship with the team allows me to get more done, because they will drop what they’re doing to address a security item. My relationship allows me to influence people into a better security mindset. This can have a huge positive impact on the security posture of an organization.
4 Hour Workshop
Friday May 11th 2pm to 6pm WS Room 1
Sign Up for Social Engineering for the Blue Team HERE
Effective Presenting and Public Speaking
Presenting and communicating is a part of every professional’s career. It includes everything from expressing ideas in a team meeting to teaching someone a new concept to showing off a new piece of software or technique you developed. As a security professional, you may need to communicate properly with the various levels of your organization about the status of security and how to improve it. Or you may need to communicate the “big picture” to clients about how you can help them or what their options are. But public speaking and presenting can be a nerve-wracking or painful experience for many. This session will offer advice and cover some tips and tricks to help you overcome any nerves and aid you in becoming a more effective presenter as well as giving you some practice with these skills.
4 Hour Workshop
Thursday May 10th 2pm to 6pm WS Room 1
Sign Up for Effective Presenting and Public Speaking HERE
Figure it out! A practical guide to grokking malware.
In this workshop, attendees will learn how to understand what software is doing by observing its operations at a low level. These techniques will be presented in the context of malware analysis, and will focus on building skills useful for reverse engineering malware. Topics covered will include the following:
Triaging malicious documents (e.g. Microsoft Word)
Dealing with obfuscation
Binary analysis, disassembly, debugging
Required software will be provided during the workshop, and will also be made available to download before the conference begins.
Beginner / intermediate level
Laptop running VMware workstation (the free trial is ok, but Player is not). 8GB RAM and an SSD will be helpful
Knowledge of x86/64 assembly language not necessary, but will be helpful
4 Hour Workshop
Thursday May 10th 2pm to 6pm WS Room 2
Sign Up for Figure it out! A practical guide to grokking malware HERE