SlideShare a Scribd company logo

Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee

EC-Council
EC-Council

HACKING DIVERSITY We talk a lot about why diversity is important and we are all familiar with the woeful inclusion stats. In this talk we will discuss why diversity is important from both the perspective of an organization’s bottom line and the individual contributor.

Technology
1 of 32
Download to read offline
Hacking Diversity Marcelle Lee
#whoami www.hackerhalted.com 2@marcellelee security researcher educator CTF enthusiast packet nerd and forensicator CISSP | CEH | CSX-P | GCIA | GCFA | GCIH | GPEN | GSEC | GCCC | GISF | CCNA | PenTest+ | Sec+ | Net+ | ACE
#definition www.hackerhalted.com 3@marcellelee RFC 1392 Internet Users' Glossary, 1993
#definition www.hackerhalted.com 4 Merriam Webster @marcellelee
#the problem www.hackerhalted.com 5@marcellelee
#the problem www.hackerhalted.com 6@marcellelee
#the problem www.hackerhalted.com 7@marcellelee ● 3.5 million cybersecurity job openings by 2021 ● 74% of orgs are facing a cybersecurity skills shortage ● Cybercrime is predicted to cost the world $6 trillion annually by 2021 ● 60% of small businesses go out of business six months after a cyber attack. indeed.com search for cybersecurity, October 2019
www.hackerhalted.com 8@marcellelee We are beyond a village. It’s going to take an army.
#stats www.hackerhalted.com 9@marcellelee
#stats www.hackerhalted.com 10 ISC2 @marcellelee ● North America leads the world in female participation rates in cybersecurity at 14%. ● 51% of women in cybersecurity have experienced discrimination. ● 87% of that discrimination was associated with unconscious bias. ● People of color represent only about 12% of information security analysts.
www.hackerhalted.com 11@marcellelee Unconscious bias impacts hiring decisions.
#stereotypes www.hackerhalted.com 12@marcellelee
#stereotypes www.hackerhalted.com 13@marcellelee
#legalities www.hackerhalted.com 14 Protected classes: • Race • Religion • National origin • Gender • Age (40 and over) • Pregnancy • Familial status (having children) • Disability status • Veteran status • Genetic information @marcellelee
www.hackerhalted.com 15@marcellelee We are hackers. We can figure this out.
#benefits of diversity www.hackerhalted.com 16@marcellelee When companies commit themselves to diverse leadership, they are more successful. More diverse companies, we believe, are better able to win top talent and improve their customer orientation, employee satisfaction, and decision making, and all that leads to a virtuous cycle of increasing returns. This in turn suggests that other kinds of diversity—for example, in age, sexual orientation, and experience (such as a global mind-set and cultural fluency)—are also likely to bring some level of competitive advantage for companies that can attract and retain such diverse talent. McKinsey & Company
#benefits of diversity www.hackerhalted.com 17@marcellelee Forbes
#benefits of diversity www.hackerhalted.com 18@marcellelee TechRepublic
#benefits of diversity www.hackerhalted.com 19@marcellelee Want to know how to build more diverse teams?
www.hackerhalted.com 20@marcellelee Hold my beer Babe Grigio and watch this!
#solutions www.hackerhalted.com 21@marcellelee Change how you write your job postings: ● Avoid terms like “rockstar” and “ninja”. ● Set reasonable expectations for what is required for the job and don’t ask for more. ● State that training and professional growth are supported (and then actually support). ● Avoid listing gender-oriented perks (foosball anyone?)
#solutions www.hackerhalted.com 22@marcellelee Responsibilities: Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in network and on host. Find evidence of attack, and attackers actions thereafter. Work with team to produce effective countermeasures against found evidence. Also, contributes to mitigations for future attacks of a similar nature. Follow Security Operations Center (SOC) policies, procedures for incident reporting and management. Create a detailed Incident Report (IR) and contribute to lessons learned. . Analyze infrastructure build sheets, Configuration Management Database (CMDB), NIST 800-53 ATO artifacts, Vulnerability scans, Access Control Lists (ACL), and vendor documentation to thoroughly understand software behaviors and interactions. . Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs. Study and understand IANA, W3C, IETF and other internet bodies’ protocol RFC definitions to understand violations and security weaknesses. Conduct forensic testing and operational hardening of multiple OS platforms. Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture. Work with SOC shift team to help contain intrusions. ... Desired Experience: Thorough understanding of network protocol behaviors. Ability to understand netflow and PCAP. Thorough knowledge of open source tools to visualize PCAP data (Wireshark, TCPDump, etc.). Detailed knowledge of various forms of social engineering, including the ability to recognize and handle spear-phishing campaigns or other forms of social engineering attacks. Comprehensive knowledge of Windows and Linux behaviors, logging, vulnerabilities, exploits, and known attacks. Use of IPSec packet filtering and Windows firewalls with specific application to defense in depth of network based attacks, data corruption, data theft, credential theft, and administrative control. Red Team/Blue Team experience from a federal agency Actual job posting. But wait, there’s more...
#solutions www.hackerhalted.com 23@marcellelee Required Skills: Expert knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS) Deep technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures Knowledge of how encryption, key management and cryptology works in the enterprise and in cyber data Understanding of Enterprise Architecture Standards such as the Department of Defense Architecture Framework (DODAF), Service-Oriented Architecture (SOA), the Open Group Architecture Framework (TOGAF), and/or the Amazon Web Services (AWS) Well Architected Framework Knowledge in the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines (risk profiling, control selection, control assessment, control monitoring) Expertise in performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation Expertise in Application Penetration Testing (fuzzing, reverse engineering, Fortify or similar, IDA Pro, Kali, BackTrack, OllyDbg, SQLMap, etc.) Expertise in Proof of Concept (Exploit) development Understanding of Secure SDLC (threat modelling, security requirements, secure design, secure implementation, secure testing, secure maintenance) Knowledge of Mobile Application Security and MDM sensor data Expertise in Embedded Device Security Expertise in Malware Analysis Expertise in a variety of web application protocols, web services (components including JavaScript, XML, JSON), scripting capabilities (Powershell, Python, BASH) software development frameworks, operating systems, and networking technologies. Understanding of various web application frameworks such as ASP.NET, J2EE Organizational Skills: Proven ability to plan and prioritize work, both their own and that of team. Follows tasks to their logical conclusion. Problem Solving: Natural inclination for planning strategy and tactics. Ability to analyze problems and determine root cause, generating alternatives, evaluating and selecting alternatives and implementing solutions. Results oriented: Able to drive things forward regardless of personal interest in the task. Education Requirements: Minimum of 8 years of experience and a Masters, 10 years of experience with a Bachelor’s, or 12 years of experience with an Associate’s Degree This job description could change at any time, without notice.
#solutions www.hackerhalted.com 24@marcellelee Review the “face” of your organization: ● Is diversity depicted in external materials? ● Are your recruiting efforts geared to various audiences? ● Do you provide conference swag that appeals to a diverse group?
#solutions www.hackerhalted.com 25@marcellelee Is your company culture universally appealing? We take our work and our fun seriously. We refuse any work that isn’t hard and engaging. We make sure our engineers have the tools they need to do their jobs, and focus on recognizing results. Surfboards, pirate flags, and DEFCON black badges decorate our offices, and our Nerf collection dwarfs that of most toy stores Would you like to work at an office that celebrates International Tabletop Day, May the 4th Be With You, and Alan Turing’s birthday? A place that built their conference room table from Legos? An office that regularly breaks out in Nerf Wars? Do you want to work for a CEO that drives a DeLorean? Actual job postings.
#solutions www.hackerhalted.com 26@marcellelee Do your benefits appeal to a broad audience? ● Paid maternity/paternity leave. ● Flexible work hours. ● Gender reassignment assistance. ● Domestic partner benefits. ● Student loan debt assistance. ● Accessible facilities.
#solutions www.hackerhalted.com 27@marcellelee Treat candidates like the valuable assets they are: ● Be respectful of candidates’ time. ● Provide a salary range for the position. ● Respond promptly to questions. ● Don’t sugarcoat realities of the position. A Glassdoor study found that 82% of candidates felt that the interview process should take no more than a month.
#solutions www.hackerhalted.com 28@marcellelee Address the impact of unconscious bias in your hiring process. ● Create a diverse team to conduct interviews and rotate the members. ● Have a consistent and repeatable interview process. ● Educate your hiring managers and interviewers. ● Use blind hiring processes.
#solutions www.hackerhalted.com 29@marcellelee
#solutions www.hackerhalted.com 30@marcellelee Support organizations that promote the interests of diverse populations: ● Women’s Society of Cyberjutsu ● Out & Equal ● Hire Our Heroes ● Women Who Code ● Lesbians Who Tech ● International Consortium Of Minority Cybersecurity Professionals To name a few...
www.hackerhalted.com 31@marcellelee Who is on your team?
www.hackerhalted.com 32 marcellelee.github.io medium.com/@marcellelee linkedin.com/in/marcellelee twitter.com/marcellelee @marcellelee

Recommended

Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersMegan DeBlois
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...EC-Council
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationZero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationClare Nelson, CISSP, CIPP-E
 

Recommended

Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
OSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersOSINT Basics for Threat Hunters and Practitioners
OSINT Basics for Threat Hunters and PractitionersMegan DeBlois
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...EC-Council
 
Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationZero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationClare Nelson, CISSP, CIPP-E
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber SecuritySatria Ady Pradana
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobilegrugq
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
Zero-Knowledge Proofs in Light of Digital Identity
Zero-Knowledge Proofs in Light of Digital IdentityZero-Knowledge Proofs in Light of Digital Identity
Zero-Knowledge Proofs in Light of Digital IdentityClare Nelson, CISSP, CIPP-E
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA (European Emergency Number Association)
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Osint - Dark side of Internet
Osint - Dark side of InternetOsint - Dark side of Internet
Osint - Dark side of InternetRaghav Bisht
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseAndrew Morris
 
Maltego
MaltegoMaltego
Maltegopenetration Tester
 
Analogic Opsec 101
Analogic Opsec 101Analogic Opsec 101
Analogic Opsec 101vicenteDiaz_KL
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?ThreatConnect
 
Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber securityVishal Singh
 
Career options in Artificial Intelligence : 2020
Career options in Artificial Intelligence : 2020Career options in Artificial Intelligence : 2020
Career options in Artificial Intelligence : 2020Venkatarangan Thirumalai
 

More Related Content

What's hot

Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)PRISMA CSI
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobilegrugq
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
Zero-Knowledge Proofs in Light of Digital Identity
Zero-Knowledge Proofs in Light of Digital IdentityZero-Knowledge Proofs in Light of Digital Identity
Zero-Knowledge Proofs in Light of Digital IdentityClare Nelson, CISSP, CIPP-E
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniAdam Nurudini
 
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA (European Emergency Number Association)
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionChandrapal Badshah
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source IntelligenceOsama Ellahi
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Osint - Dark side of Internet
Osint - Dark side of InternetOsint - Dark side of Internet
Osint - Dark side of InternetRaghav Bisht
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseAndrew Morris
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?ThreatConnect
 

What's hot (20)

Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonZero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber Security
 
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
Practical White Hat Hacker Training - Passive Information Gathering(OSINT)
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobile
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
 
Zero-Knowledge Proofs in Light of Digital Identity
Zero-Knowledge Proofs in Light of Digital IdentityZero-Knowledge Proofs in Light of Digital Identity
Zero-Knowledge Proofs in Light of Digital Identity
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...
 
Owasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudiniOwasp osint presentation - by adam nurudini
Owasp osint presentation - by adam nurudini
 
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
 
OSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet versionOSINT mindset to protect your organization - Null monthly meet version
OSINT mindset to protect your organization - Null monthly meet version
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
 
osint - open source Intelligence
osint - open source Intelligenceosint - open source Intelligence
osint - open source Intelligence
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...
 
Osint - Dark side of Internet
Osint - Dark side of InternetOsint - Dark side of Internet
Osint - Dark side of Internet
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To Noise
 
Maltego
MaltegoMaltego
Maltego
 
Analogic Opsec 101
Analogic Opsec 101Analogic Opsec 101
Analogic Opsec 101
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?
 

Similar to Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee

Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber securityVishal Singh
 
Career options in Artificial Intelligence : 2020
Career options in Artificial Intelligence : 2020Career options in Artificial Intelligence : 2020
Career options in Artificial Intelligence : 2020Venkatarangan Thirumalai
 
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and PredictionsFru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and PredictionsFru Louis
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckMaryLudloff
 
Introduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSecIntroduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSecYashSomalkar
 
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Edureka!
 
Salesforce Architect Group, Frederick, United States July 2023 - Generative A...
Salesforce Architect Group, Frederick, United States July 2023 - Generative A...Salesforce Architect Group, Frederick, United States July 2023 - Generative A...
Salesforce Architect Group, Frederick, United States July 2023 - Generative A...NadinaLisbon1
 
Classroom to careers in Web Development
Classroom to careers in Web DevelopmentClassroom to careers in Web Development
Classroom to careers in Web DevelopmentDouglas Ng
 
Future of Work and AI - Digital Disruption in the Workplace
Future of Work and AI - Digital Disruption in the WorkplaceFuture of Work and AI - Digital Disruption in the Workplace
Future of Work and AI - Digital Disruption in the WorkplaceSotiris Karagiannis
 
Technology Trends and a Digital Revolution - Alexandre Blauth
Technology Trends and a Digital Revolution - Alexandre BlauthTechnology Trends and a Digital Revolution - Alexandre Blauth
Technology Trends and a Digital Revolution - Alexandre BlauthGeneXus
 
How To Become A Blockchain Engineer
How To Become A Blockchain EngineerHow To Become A Blockchain Engineer
How To Become A Blockchain Engineer101 Blockchains
 
Understanding the New World of Cognitive Computing
Understanding the New World of Cognitive ComputingUnderstanding the New World of Cognitive Computing
Understanding the New World of Cognitive ComputingDATAVERSITY
 
How I Learned to Stop Worrying and Love Building Data Products
How I Learned to Stop Worrying and Love Building Data ProductsHow I Learned to Stop Worrying and Love Building Data Products
How I Learned to Stop Worrying and Love Building Data ProductsAlejandro Correa Bahnsen, PhD
 
Building an enterprise security knowledge graph to fuel better decisions, fas...
Building an enterprise security knowledge graph to fuel better decisions, fas...Building an enterprise security knowledge graph to fuel better decisions, fas...
Building an enterprise security knowledge graph to fuel better decisions, fas...Jon Hawes
 
Using Product Box to Build the Complete Developer
Using Product Box to Build the Complete DeveloperUsing Product Box to Build the Complete Developer
Using Product Box to Build the Complete DeveloperLuke Hohmann
 
Phx-techtalk
Phx-techtalkPhx-techtalk
Phx-techtalkThinkful
 
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!Cyber Immunity Unleashed: Explore the Future with iTech Magazine!
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!DIGITALCONFEX
 
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4jAI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4jIvan Zoratti
 
Adopting Data Science and Machine Learning in the financial enterprise
Adopting Data Science and Machine Learning in the financial enterpriseAdopting Data Science and Machine Learning in the financial enterprise
Adopting Data Science and Machine Learning in the financial enterpriseQuantUniversity
 
What Is Ethical Hacking and How Does It Work?
What Is Ethical Hacking and How Does It Work?What Is Ethical Hacking and How Does It Work?
What Is Ethical Hacking and How Does It Work?Careervira
 

Similar to Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee (20)

Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber security
 
Career options in Artificial Intelligence : 2020
Career options in Artificial Intelligence : 2020Career options in Artificial Intelligence : 2020
Career options in Artificial Intelligence : 2020
 
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and PredictionsFru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
Fru 2022 | Tech Trends, Themes, Thoughts, Perspectives and Predictions
 
Patternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase DeckPatternbuilders Founder Showcase Deck
Patternbuilders Founder Showcase Deck
 
Introduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSecIntroduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSec
 
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
 
Salesforce Architect Group, Frederick, United States July 2023 - Generative A...
Salesforce Architect Group, Frederick, United States July 2023 - Generative A...Salesforce Architect Group, Frederick, United States July 2023 - Generative A...
Salesforce Architect Group, Frederick, United States July 2023 - Generative A...
 
Classroom to careers in Web Development
Classroom to careers in Web DevelopmentClassroom to careers in Web Development
Classroom to careers in Web Development
 
Future of Work and AI - Digital Disruption in the Workplace
Future of Work and AI - Digital Disruption in the WorkplaceFuture of Work and AI - Digital Disruption in the Workplace
Future of Work and AI - Digital Disruption in the Workplace
 
Technology Trends and a Digital Revolution - Alexandre Blauth
Technology Trends and a Digital Revolution - Alexandre BlauthTechnology Trends and a Digital Revolution - Alexandre Blauth
Technology Trends and a Digital Revolution - Alexandre Blauth
 
How To Become A Blockchain Engineer
How To Become A Blockchain EngineerHow To Become A Blockchain Engineer
How To Become A Blockchain Engineer
 
Understanding the New World of Cognitive Computing
Understanding the New World of Cognitive ComputingUnderstanding the New World of Cognitive Computing
Understanding the New World of Cognitive Computing
 
How I Learned to Stop Worrying and Love Building Data Products
How I Learned to Stop Worrying and Love Building Data ProductsHow I Learned to Stop Worrying and Love Building Data Products
How I Learned to Stop Worrying and Love Building Data Products
 
Building an enterprise security knowledge graph to fuel better decisions, fas...
Building an enterprise security knowledge graph to fuel better decisions, fas...Building an enterprise security knowledge graph to fuel better decisions, fas...
Building an enterprise security knowledge graph to fuel better decisions, fas...
 
Using Product Box to Build the Complete Developer
Using Product Box to Build the Complete DeveloperUsing Product Box to Build the Complete Developer
Using Product Box to Build the Complete Developer
 
Phx-techtalk
Phx-techtalkPhx-techtalk
Phx-techtalk
 
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!Cyber Immunity Unleashed: Explore the Future with iTech Magazine!
Cyber Immunity Unleashed: Explore the Future with iTech Magazine!
 
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4jAI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
AI, ML and Graph Algorithms: Real Life Use Cases with Neo4j
 
Adopting Data Science and Machine Learning in the financial enterprise
Adopting Data Science and Machine Learning in the financial enterpriseAdopting Data Science and Machine Learning in the financial enterprise
Adopting Data Science and Machine Learning in the financial enterprise
 
What Is Ethical Hacking and How Does It Work?
What Is Ethical Hacking and How Does It Work?What Is Ethical Hacking and How Does It Work?
What Is Ethical Hacking and How Does It Work?
 

More from EC-Council

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident ResponseEC-Council
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoEC-Council
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderEC-Council
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019EC-Council
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementEC-Council
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...EC-Council
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...EC-Council
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...EC-Council
 
Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats"
Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats" Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats"
Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats"EC-Council
 
Global CCISO Forum 2018 | Sharon Smith "Don't Panic"
Global CCISO Forum 2018 | Sharon Smith "Don't Panic"Global CCISO Forum 2018 | Sharon Smith "Don't Panic"
Global CCISO Forum 2018 | Sharon Smith "Don't Panic"EC-Council
 
Global CCISO Forum 2018 | AI vs Malware 2018
Global CCISO Forum 2018 | AI vs Malware 2018Global CCISO Forum 2018 | AI vs Malware 2018
Global CCISO Forum 2018 | AI vs Malware 2018EC-Council
 
Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...
Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...
Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...EC-Council
 

More from EC-Council (20)

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
 
Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats"
Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats" Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats"
Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats"
 
Global CCISO Forum 2018 | Sharon Smith "Don't Panic"
Global CCISO Forum 2018 | Sharon Smith "Don't Panic"Global CCISO Forum 2018 | Sharon Smith "Don't Panic"
Global CCISO Forum 2018 | Sharon Smith "Don't Panic"
 
Global CCISO Forum 2018 | AI vs Malware 2018
Global CCISO Forum 2018 | AI vs Malware 2018Global CCISO Forum 2018 | AI vs Malware 2018
Global CCISO Forum 2018 | AI vs Malware 2018
 
Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...
Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...
Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee

  • 2. #whoami www.hackerhalted.com 2@marcellelee security researcher educator CTF enthusiast packet nerd and forensicator CISSP | CEH | CSX-P | GCIA | GCFA | GCIH | GPEN | GSEC | GCCC | GISF | CCNA | PenTest+ | Sec+ | Net+ | ACE
  • 7. #the problem www.hackerhalted.com 7@marcellelee ● 3.5 million cybersecurity job openings by 2021 ● 74% of orgs are facing a cybersecurity skills shortage ● Cybercrime is predicted to cost the world $6 trillion annually by 2021 ● 60% of small businesses go out of business six months after a cyber attack. indeed.com search for cybersecurity, October 2019
  • 8. www.hackerhalted.com 8@marcellelee We are beyond a village. It’s going to take an army.
  • 10. #stats www.hackerhalted.com 10 ISC2 @marcellelee ● North America leads the world in female participation rates in cybersecurity at 14%. ● 51% of women in cybersecurity have experienced discrimination. ● 87% of that discrimination was associated with unconscious bias. ● People of color represent only about 12% of information security analysts.
  • 14. #legalities www.hackerhalted.com 14 Protected classes: • Race • Religion • National origin • Gender • Age (40 and over) • Pregnancy • Familial status (having children) • Disability status • Veteran status • Genetic information @marcellelee
  • 15. www.hackerhalted.com 15@marcellelee We are hackers. We can figure this out.
  • 16. #benefits of diversity www.hackerhalted.com 16@marcellelee When companies commit themselves to diverse leadership, they are more successful. More diverse companies, we believe, are better able to win top talent and improve their customer orientation, employee satisfaction, and decision making, and all that leads to a virtuous cycle of increasing returns. This in turn suggests that other kinds of diversity—for example, in age, sexual orientation, and experience (such as a global mind-set and cultural fluency)—are also likely to bring some level of competitive advantage for companies that can attract and retain such diverse talent. McKinsey & Company
  • 18. #benefits of diversity www.hackerhalted.com 18@marcellelee TechRepublic
  • 19. #benefits of diversity www.hackerhalted.com 19@marcellelee Want to know how to build more diverse teams?
  • 20. www.hackerhalted.com 20@marcellelee Hold my beer Babe Grigio and watch this!
  • 21. #solutions www.hackerhalted.com 21@marcellelee Change how you write your job postings: ● Avoid terms like “rockstar” and “ninja”. ● Set reasonable expectations for what is required for the job and don’t ask for more. ● State that training and professional growth are supported (and then actually support). ● Avoid listing gender-oriented perks (foosball anyone?)
  • 22. #solutions www.hackerhalted.com 22@marcellelee Responsibilities: Actively hunt for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP) in network and on host. Find evidence of attack, and attackers actions thereafter. Work with team to produce effective countermeasures against found evidence. Also, contributes to mitigations for future attacks of a similar nature. Follow Security Operations Center (SOC) policies, procedures for incident reporting and management. Create a detailed Incident Report (IR) and contribute to lessons learned. . Analyze infrastructure build sheets, Configuration Management Database (CMDB), NIST 800-53 ATO artifacts, Vulnerability scans, Access Control Lists (ACL), and vendor documentation to thoroughly understand software behaviors and interactions. . Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and other attacker TTPs. Study and understand IANA, W3C, IETF and other internet bodies’ protocol RFC definitions to understand violations and security weaknesses. Conduct forensic testing and operational hardening of multiple OS platforms. Analyze network perimeter data, flow, packet filtering, proxy firewalls, and IPS/IDS to create and implement a concrete plan of action to harden the defensive posture. Work with SOC shift team to help contain intrusions. ... Desired Experience: Thorough understanding of network protocol behaviors. Ability to understand netflow and PCAP. Thorough knowledge of open source tools to visualize PCAP data (Wireshark, TCPDump, etc.). Detailed knowledge of various forms of social engineering, including the ability to recognize and handle spear-phishing campaigns or other forms of social engineering attacks. Comprehensive knowledge of Windows and Linux behaviors, logging, vulnerabilities, exploits, and known attacks. Use of IPSec packet filtering and Windows firewalls with specific application to defense in depth of network based attacks, data corruption, data theft, credential theft, and administrative control. Red Team/Blue Team experience from a federal agency Actual job posting. But wait, there’s more...
  • 23. #solutions www.hackerhalted.com 23@marcellelee Required Skills: Expert knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS) Deep technical understanding of operating systems, network architecture and design, Active Directory (AD) application log consumables, systems design as well as superior knowledge of technical operations process and procedures Knowledge of how encryption, key management and cryptology works in the enterprise and in cyber data Understanding of Enterprise Architecture Standards such as the Department of Defense Architecture Framework (DODAF), Service-Oriented Architecture (SOA), the Open Group Architecture Framework (TOGAF), and/or the Amazon Web Services (AWS) Well Architected Framework Knowledge in the Risk Management Framework (NIST 800-37), Security Controls as described in NIST 800-35, and the Federal Information Security Modernization Act (FISMA) operating standards and applicable guidelines (risk profiling, control selection, control assessment, control monitoring) Expertise in performing threat modelling, risk analysis, root cause analysis, risk identification, and risk mitigation Expertise in Application Penetration Testing (fuzzing, reverse engineering, Fortify or similar, IDA Pro, Kali, BackTrack, OllyDbg, SQLMap, etc.) Expertise in Proof of Concept (Exploit) development Understanding of Secure SDLC (threat modelling, security requirements, secure design, secure implementation, secure testing, secure maintenance) Knowledge of Mobile Application Security and MDM sensor data Expertise in Embedded Device Security Expertise in Malware Analysis Expertise in a variety of web application protocols, web services (components including JavaScript, XML, JSON), scripting capabilities (Powershell, Python, BASH) software development frameworks, operating systems, and networking technologies. Understanding of various web application frameworks such as ASP.NET, J2EE Organizational Skills: Proven ability to plan and prioritize work, both their own and that of team. Follows tasks to their logical conclusion. Problem Solving: Natural inclination for planning strategy and tactics. Ability to analyze problems and determine root cause, generating alternatives, evaluating and selecting alternatives and implementing solutions. Results oriented: Able to drive things forward regardless of personal interest in the task. Education Requirements: Minimum of 8 years of experience and a Masters, 10 years of experience with a Bachelor’s, or 12 years of experience with an Associate’s Degree This job description could change at any time, without notice.
  • 24. #solutions www.hackerhalted.com 24@marcellelee Review the “face” of your organization: ● Is diversity depicted in external materials? ● Are your recruiting efforts geared to various audiences? ● Do you provide conference swag that appeals to a diverse group?
  • 25. #solutions www.hackerhalted.com 25@marcellelee Is your company culture universally appealing? We take our work and our fun seriously. We refuse any work that isn’t hard and engaging. We make sure our engineers have the tools they need to do their jobs, and focus on recognizing results. Surfboards, pirate flags, and DEFCON black badges decorate our offices, and our Nerf collection dwarfs that of most toy stores Would you like to work at an office that celebrates International Tabletop Day, May the 4th Be With You, and Alan Turing’s birthday? A place that built their conference room table from Legos? An office that regularly breaks out in Nerf Wars? Do you want to work for a CEO that drives a DeLorean? Actual job postings.
  • 26. #solutions www.hackerhalted.com 26@marcellelee Do your benefits appeal to a broad audience? ● Paid maternity/paternity leave. ● Flexible work hours. ● Gender reassignment assistance. ● Domestic partner benefits. ● Student loan debt assistance. ● Accessible facilities.
  • 27. #solutions www.hackerhalted.com 27@marcellelee Treat candidates like the valuable assets they are: ● Be respectful of candidates’ time. ● Provide a salary range for the position. ● Respond promptly to questions. ● Don’t sugarcoat realities of the position. A Glassdoor study found that 82% of candidates felt that the interview process should take no more than a month.
  • 28. #solutions www.hackerhalted.com 28@marcellelee Address the impact of unconscious bias in your hiring process. ● Create a diverse team to conduct interviews and rotate the members. ● Have a consistent and repeatable interview process. ● Educate your hiring managers and interviewers. ● Use blind hiring processes.
  • 30. #solutions www.hackerhalted.com 30@marcellelee Support organizations that promote the interests of diverse populations: ● Women’s Society of Cyberjutsu ● Out & Equal ● Hire Our Heroes ● Women Who Code ● Lesbians Who Tech ● International Consortium Of Minority Cybersecurity Professionals To name a few...