Competitive cyber security

300 views

Published on

Tom Kopchak discusses Competitive Cyber Security and how someone can train to be a part of a Cyber Security Competition.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
300
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Matrix reference - "load me up the helicopter program"
  • Based on Career Impact Survey of more than 2250 information security professionals conducted by (ISC)², the administrators of the CISSP certification.
  • CCN Network at HL
  • Business/Technical
  • Business/Technical
  • Competitive cyber security

    1. 1. Tom KopchakCompetitive Cyber Security:The Ultimate TrainingExperience
    2. 2. •Who Am I?•Why Am I here, and whatgot me here?•Why I am passionate aboutcomputer security?About the Presenter -Who am I?
    3. 3. How many of you haveexperienced a cyber-attack?
    4. 4. Systemintrusion?
    5. 5. MalwareInfestation?
    6. 6. Rushedproject?
    7. 7. Mysteriousnetwork?
    8. 8. • Hopefully, most of you can relate to several of thesescenarios• If you have not experienced anything, at least someof you are lying, misinformed, or new• If you arent worried about attacks, why are you here?Cyber-Attacks!
    9. 9. • Incidents will happen• Systems will be compromised• Applications need to both work and be secure• People will break things• You will need to be an expert on somethingyouve never seen beforeTruths
    10. 10. Top Skills• Fundamentalunderstanding of securityconcepts• Technical skills• Direct experience
    11. 11. •Personal experience/onyour own•Technology-specific training•Formal educationHow do I get skills?
    12. 12. • Nothing beats practical experience• How do you get practicalexperience?• Production systems• Personal equipment• Labs• Simulated production systemsPractical
    13. 13. • Hands on, practical experience• Simulated Production systems• Types• Defense• Attack• Attack/DefendCompetitive Security Events
    14. 14. Collegiate Cyber DefenseCompetition (CCDC)
    15. 15. • National Collegiate Cyber Security Competition• Focuses on both business and technical aspectsCollegiate Cyber DefenseCompetition (CCDC)
    16. 16. • Pre-qualifying (state) events• Regional events• Growing every year• Winner goes to national competition• National Competition• San Antonio, Texas• Top 9 teams in the nationCompetition Structure
    17. 17. • Competing teams have just beenhired as the IT staff for a company• Everyone was fired• Teams must secure their network,while completing a multitude ofbusiness tasks (injects)• Red team = bad guysCompetition Premise
    18. 18. •DNS•Mail (SMTP and POP)•Web•Secure Web (ecommerce)•FTP•Database•SSH•VoIPWhat types of applications?
    19. 19. • Cisco IOS (Router, Switch, ASA)• Windows• Linux• MacOS• Printers• VoIP Phones• WirelessWhat types of systems?
    20. 20. • Investigate a database breach• Deploy McAfee security software• Upgrade clients to Windows 7• Provide a list of top attacking IPs• Install and configure SplunkPotential Injects - Technical
    21. 21. • Block social networking websites• Develop an IT policy• Create user accounts• Recover lost e-mail• Create a job description for HRPotential Injects - Business
    22. 22. • Unplug everything, secure it, and bring it back online• Services are not available• Customers are not happy• Mitigate security issues while keeping services alive• The red team is everywhere• Run away, cryingPotential Strategies – Day One
    23. 23. • Number of issues/systems/tasks greater than availablemanpower• Unexpected difficulties/limitations/business rules andpolicies• Uptime & SLA requirementsChallenges
    24. 24. • EMCTraining Center: Franklin, MassachusettsTopology – 2011 Regionals
    25. 25. Topology - 2011 NationalsSan Antonio, Texas
    26. 26. •Storytime with Tom (time permitting)•CCDC experiences•Red team attacks•Strange tasksPersonal Experiences
    27. 27. • CCDC = NCAA of Computer Security• US Cyber Challenge• Private Events• RIT Information Technology Talent Search (ISTS)• Hurricane Labs Hackademic Challenge• Hack for HungerBut wait, theres more!
    28. 28. • Many opportunities/needs exist• Gain experience yourself, and help others getinvolvedGet involved,and encourage others!
    29. 29. Wrap Up/QA

    ×