Competitive Cyber Security


Published on

The truth is incidents will happened and systems will get compromised. You need to be an expert on how to handle these incidents. The best way to learn is through experience, such as the Collegiate Cyber Defense Competition.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Matrix reference - "load me up the helicopter program"
  • Based on Career Impact Survey of more than 2250 information security professionals conducted by (ISC)², the administrators of the CISSP certification.
  • CCN Network at HL
  • Business/Technical
  • Business/Technical
  • Competitive Cyber Security

    1. 1. Tom KopchakCompetitive Cyber Security:The Ultimate TrainingExperience
    2. 2. •Who Am I?•Why Am I here, and whatgot me here?•Why I am passionate aboutcomputer security?About the Presenter -Who am I?
    3. 3. How many of you haveexperienced a cyber-attack?
    4. 4. System intrusion?
    5. 5. Malware Infestation?
    6. 6. Rushed project?
    7. 7. Mysterious network?
    8. 8. •Hopefully, most of you can relate to several of thesescenarios•If you have not experienced anything, at least some ofyou are lying, misinformed, or new•If you arent worried about attacks, why are you here?Cyber-Attacks!
    9. 9. •Incidents will happen•Systems will be compromised•Applications need to both work and be secure•People will break things•You will need to be an expert on somethingyouve never seen beforeTruths
    10. 10. Top Skills•Fundamentalunderstanding of securityconcepts•Technical skills•Direct experience
    11. 11. •Personal experience/on yourown•Technology-specific training•Formal educationHow do I get skills?
    12. 12. •Nothing beats practical experience•How do you get practical experience?• Production systems• Personal equipment• Labs• Simulated production systemsPractical
    13. 13. •Hands on, practical experience•Simulated Production systems•Types• Defense• Attack• Attack/DefendCompetitive Security Events
    14. 14. Collegiate Cyber DefenseCompetition (CCDC)
    15. 15. •National Collegiate Cyber Security Competition•Focuses on both business and technical aspectsCollegiate Cyber DefenseCompetition (CCDC)
    16. 16. • Pre-qualifying (state) events• Regional events• Growing every year• Winner goes to national competition• National Competition• San Antonio, Texas• Top 9 teams in the nationCompetition Structure
    17. 17. • Competing teams have just beenhired as the IT staff for a company• Everyone was fired• Teams must secure their network,while completing a multitude ofbusiness tasks (injects)• Red team = bad guysCompetition Premise
    18. 18. • DNS• Mail (SMTP and POP)• Web• Secure Web (ecommerce)• FTP• Database• SSH• VoIPWhat types of applications?
    19. 19. • Cisco IOS (Router, Switch, ASA)• Windows• Linux• MacOS• Printers• VoIP Phones• WirelessWhat types of systems?
    20. 20. • Investigate a database breach• Deploy McAfee security software• Upgrade clients to Windows 7• Provide a list of top attacking IPs• Install and configure SplunkPotential Injects - Technical
    21. 21. • Block social networking websites• Develop an IT policy• Create user accounts• Recover lost e-mail• Create a job description for HRPotential Injects - Business
    22. 22. • Unplug everything, secure it, and bring it back online• Services are not available• Customers are not happy• Mitigate security issues while keeping services alive• The red team is everywhere• Run away, cryingPotential Strategies – Day One
    23. 23. • Number of issues/systems/tasks greater thanavailable manpower• Unexpected difficulties/limitations/business rulesand policies• Uptime & SLA requirementsChallenges
    24. 24. EMC Training Center: Franklin, MassachusettsTopology – 2011 Regionals
    25. 25. Topology - 2011 NationalsSan Antonio, Texas
    26. 26. •Storytime with Tom (time permitting)•CCDC experiences•Red team attacks•Strange tasksPersonal Experiences
    27. 27. •CCDC = NCAA of Computer Security•US Cyber Challenge•Private Events• RIT Information Technology Talent Search (ISTS)• Hurricane Labs Hackademic Challenge• Hack for HungerBut wait, theres more!
    28. 28. •Many opportunities/needs exist•Gain experience yourself, and help others get involvedGet involved,and encourage others!
    29. 29. Wrap Up/QA
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.