SlideShare a Scribd company logo

2016_AZCWR_Vanguard_keynote_presentation

R
Richard Larkins

The document discusses the Arizona Cyber Warfare Range (AZCWR), a privately owned cybersecurity training facility. It describes AZCWR as offering a novel approach of allowing trainees to conduct offensive "live hacking" activities over public networks in a controlled environment. This hands-on experience has helped many trainees transition into cybersecurity careers. The AZCWR has grown rapidly since starting in 2014 and now includes a larger dedicated facility. It emphasizes an open, flexible model with mentoring to help address the shortage of cybersecurity professionals across many skill levels.

1 of 21
Download to read offline
VANGUARD SECURITY & COMPLIANCE 2016 Rich Larkins AZCWR Network Architect The Arizona Cyber Warfare Range Learning by Destruction SECURITY & COMPLIANCE CONFERENCE 2016
VANGUARD SECURITY & COMPLIANCE 2016 What is the AZCWR? • New Paradigm for Government/Private Sector Cooperation on Offensive Cyber Attack and Computer Network Defense Training & Research • Donation Funded, Privately Owned (Largest in the country) • Volunteer Management and Operations Team • “No-Holds-Barred” 24x7 Remotely Accessible
VANGUARD SECURITY & COMPLIANCE 2016 The Vision -- Win at Cyber Warfare We (the U.S.) are losing the war on Cyber. Worldwide. The AZCWR mission is to grow the population of qualified Cyber Professionals through self-paced training, organic mentoring, and real-world experience using live hardware. Learn how to do bad things in a controlled environment …so you can protect the good things.
VANGUARD SECURITY & COMPLIANCE 2016 Why Are We Doing This? (We are unbalanced and committed) • Millions of Cyber positions – Not enough talent available. • Founding members agreed that the best way to fix the problem was to create a “live-fire” environment that people could learn to be as bad as the baddest out there. • Game Over? … FBI and DHS didn’t take well to the idea of “live hacking” over public infrastructure. • It took over 5 years of negotiations. (remember: unbalanced AND committed) • More problems… • No tax-deductable path for equipment donation. • No funding partner for space, power and HVAC.
VANGUARD SECURITY & COMPLIANCE 2016 The “Origin Story” – It All Comes Together • Agreements signed early in 2014 with Federal and State Agencies. • First rack on-net July 2014 in “Ray’s Garage*” • Partnerships Made the Difference: • Phoenix ISSA Chapter (501.c.6) • AZLabs (Alion Sciences) • Arizona Cyber Threat Response Alliance (Infragard)
VANGUARD SECURITY & COMPLIANCE 2016 4 Months Later… (Dec 2014) blowing circuits* and over loading HVAC The response was a bit overwhelming… *Yes… there was a small fire in a PDU
VANGUARD SECURITY & COMPLIANCE 2016 6 Months… More Donations AZLabs was finally convinced that we were “for real”.
VANGUARD SECURITY & COMPLIANCE 2016 AZCWR 2.0, March 2015 – Less than 1 year from kickoff.
VANGUARD SECURITY & COMPLIANCE 2016 AZCWR 3.0… Q2 - 2017 3X Raised Floor Space Classroom-Presentation Space for 60+ MORE Power! MORE Cooling!
VANGUARD SECURITY & COMPLIANCE 2016 AZCWR 3.0… Q2 - 2017
VANGUARD SECURITY & COMPLIANCE 2016 AZCWR 3.0… Q2 - 2017
VANGUARD SECURITY & COMPLIANCE 2016 The Secret Sauce • Open Environment For any Skill Level • We Fully Encourage Pwnage • Open-Source, Virtual Platforms Recycle to Known Good • No Simulators • 100% Non-Profit, 501.c.3 • As an “educational” entity, we hold to the agreements in place that allow for live hacking over public networking Infrastructure. • Allows for Red/Blue team exercises with Cyber agencies. • Allows us to be quicker than any Government funded project. • Allows us to bring in commercial hardware (by donation) and tear it up.
VANGUARD SECURITY & COMPLIANCE 2016 Flexibility • Different skill levels of hacking targets (ranges) that are tailored to the needs of the users. • Beginner • Intermediate • Advanced • Jedi • Custom ranges can be deployed for special events. • 24x7 Remote Access by SMS Sign-in (subject to availability – remember we are volunteers)
VANGUARD SECURITY & COMPLIANCE 2016 Organic Mentoring
VANGUARD SECURITY & COMPLIANCE 2016 It Is Working • Over 30 people that have volunteered over the course of 2014 and 2015 have either started new careers in Cyber Security or have elevated their careers with new and lucrative positions. • Former Massage Therapist… now Security Analyst SOC/NOC • Unemployed Recent Tech School Grad… now Firewall SOC Admin • 16-year Old High School Student… giving Tech Talks at Security Conferences
VANGUARD SECURITY & COMPLIANCE 2016 Why Are We Doing This? - We Are Making a Difference • Former Costco® Cashier… now Lead Security Admin for Major Education Provider • “That doesn’t look right…” • “Highly Paid Experts” Called it a False Positive • Pseudo-Darkleech Malware • One of the First Captures in the Wild • Very Complex, Very Nasty, Extensive iFrame Obfuscation in Code • Able to Deconstruct and Publish • National Alert published through ACTRA/Infragard in Summer 2016.
VANGUARD SECURITY & COMPLIANCE 2016 Community Involvement = Results • ISSA Phoenix Chapter – International Chapter of the Year 2015 • Directly related to AZCWR involvement. • Arizona Statewide Cyber Workforce Consortium • Received NIST grant of nearly $200K for Regional Alliances and Multi-stakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development. [Sept 2016]. • Mobile Oppression Machine (Mobile AZCWR) on- site at several community events. • We have it here -- 09:00 Session
VANGUARD SECURITY & COMPLIANCE 2016 How to Get Involved http://azcwr.org Home page for AZCWR. https://plus.google.com/communities
VANGUARD SECURITY & COMPLIANCE 2016 Hack Responsibly (i.e. Don’t Go to Jail) • DHS has recognized our collaborative partner, the Arizona Cyber Threat Response Alliance (ACTRA) as the premier model for an Information Sharing and Analysis Organization (ISAO) [Pursuant to Executive Order 13691 Feb. 2015] • DHS has recognized AZCWR as a leading Cyber Warfare Training facility.
VANGUARD SECURITY & COMPLIANCE 2016 Final Thoughts • We are losing the war on Cyber. Get moving. • Real Hardware = Real Experience = Real Jobs. • Practice Organic Mentoring. • “That doesn’t look right…” • Make a Difference. Adopt a Dog. Or Two…
VANGUARD SECURITY & COMPLIANCE 2016 Thank you! SECURITY & COMPLIANCE CONFERENCE 2016

Recommended

Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
Cyren, Inc
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
Cyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Cyren, Inc
 
Jisc cyber security posture survey
Jisc cyber security posture surveyJisc cyber security posture survey
Jisc cyber security posture survey
Jisc
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Cyren, Inc
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Cyren, Inc
 

Recommended

Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
Cyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
Cyren, Inc
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
Cyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Cyren, Inc
 
Jisc cyber security posture survey
Jisc cyber security posture surveyJisc cyber security posture survey
Jisc cyber security posture survey
Jisc
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Cyren, Inc
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Cyren, Inc
 
How Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differentlyHow Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differently
Scott Cressman
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threat
Cyren, Inc
 
Rise of Crypto rRansomware
Rise of Crypto rRansomwareRise of Crypto rRansomware
Rise of Crypto rRansomware
Napier University
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
NetworkCollaborators
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
North Texas Chapter of the ISSA
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 Presentation
Cyren, Inc
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-Virus
North Texas Chapter of the ISSA
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
Sylvain Martinez
 
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
North Texas Chapter of the ISSA
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
RafiqIslam36
 
NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?
North Texas Chapter of the ISSA
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
Saumil Shah
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
marketingunitrends
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood
Alireza Ghahrood
 
NTXISSACSC1 Conference - Security is Doomed by Jesse Lee
NTXISSACSC1 Conference - Security is Doomed by Jesse LeeNTXISSACSC1 Conference - Security is Doomed by Jesse Lee
NTXISSACSC1 Conference - Security is Doomed by Jesse Lee
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
North Texas Chapter of the ISSA
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your Worries
Ed Bellis
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
North Texas Chapter of the ISSA
 
The Top Five Things You Need to Conduct Better eDiscovery
The Top Five Things You Need to Conduct Better eDiscoveryThe Top Five Things You Need to Conduct Better eDiscovery
The Top Five Things You Need to Conduct Better eDiscovery
ESI Attorneys LLC
 
A Litigator's Guide to Cloud-Based eDiscovery and Document Review
A Litigator's Guide to Cloud-Based eDiscovery and Document ReviewA Litigator's Guide to Cloud-Based eDiscovery and Document Review
A Litigator's Guide to Cloud-Based eDiscovery and Document Review
Lexbe_Webinars
 

More Related Content

What's hot

How Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differentlyHow Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differently
Scott Cressman
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threat
Cyren, Inc
 
Rise of Crypto rRansomware
Rise of Crypto rRansomwareRise of Crypto rRansomware
Rise of Crypto rRansomware
Napier University
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
NetworkCollaborators
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
North Texas Chapter of the ISSA
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 Presentation
Cyren, Inc
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-Virus
North Texas Chapter of the ISSA
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
Sylvain Martinez
 
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
North Texas Chapter of the ISSA
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
RafiqIslam36
 
NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?
North Texas Chapter of the ISSA
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
Saumil Shah
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
marketingunitrends
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood
Alireza Ghahrood
 
NTXISSACSC1 Conference - Security is Doomed by Jesse Lee
NTXISSACSC1 Conference - Security is Doomed by Jesse LeeNTXISSACSC1 Conference - Security is Doomed by Jesse Lee
NTXISSACSC1 Conference - Security is Doomed by Jesse Lee
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
North Texas Chapter of the ISSA
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your Worries
Ed Bellis
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
North Texas Chapter of the ISSA
 

What's hot (20)

How Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differentlyHow Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differently
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threat
 
Rise of Crypto rRansomware
Rise of Crypto rRansomwareRise of Crypto rRansomware
Rise of Crypto rRansomware
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 Presentation
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-Virus
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
 
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?NTXISSACSC4 - Cyber Insurance – Did You Know?
NTXISSACSC4 - Cyber Insurance – Did You Know?
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
 
(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood
 
NTXISSACSC1 Conference - Security is Doomed by Jesse Lee
NTXISSACSC1 Conference - Security is Doomed by Jesse LeeNTXISSACSC1 Conference - Security is Doomed by Jesse Lee
NTXISSACSC1 Conference - Security is Doomed by Jesse Lee
 
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
NTXISSACSC4 - Introducing the Vulnerability Management Maturity Model - VM3
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your Worries
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 

Viewers also liked

The Top Five Things You Need to Conduct Better eDiscovery
The Top Five Things You Need to Conduct Better eDiscoveryThe Top Five Things You Need to Conduct Better eDiscovery
The Top Five Things You Need to Conduct Better eDiscovery
ESI Attorneys LLC
 
A Litigator's Guide to Cloud-Based eDiscovery and Document Review
A Litigator's Guide to Cloud-Based eDiscovery and Document ReviewA Litigator's Guide to Cloud-Based eDiscovery and Document Review
A Litigator's Guide to Cloud-Based eDiscovery and Document Review
Lexbe_Webinars
 
Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016
Kate Chan
 
Microsoft Windows Server
Microsoft Windows ServerMicrosoft Windows Server
Microsoft Windows Server
Gabriel Santos
 
Parole in libertà2
Parole in libertà2Parole in libertà2
Parole in libertà2
wanded1958
 
Ranking argentino 2011 velocidad varones
Ranking argentino 2011 velocidad varonesRanking argentino 2011 velocidad varones
Ranking argentino 2011 velocidad varones
ACAM ATLETISMO
 
Plan analitico fep 56 estu
Plan analitico fep 56 estuPlan analitico fep 56 estu
Plan analitico fep 56 estu
lizvasquezvalero
 
foto
foto foto
foto
sorrosalana
 
Hipertensión arterial
Hipertensión arterialHipertensión arterial
Hipertensión arterial
Natalia Rubiños Chiappe
 
First Slide
First Slide First Slide
First Slide
akrupa1
 
CC Espirometria. Anàlisi de resultats al nostre centre l'any 2012
CC Espirometria. Anàlisi de resultats al nostre centre l'any 2012CC Espirometria. Anàlisi de resultats al nostre centre l'any 2012
CC Espirometria. Anàlisi de resultats al nostre centre l'any 2012
Institut Català de la Salut
 
Presentación ciencia, tecnologia y sociedad.
Presentación ciencia, tecnologia y sociedad.Presentación ciencia, tecnologia y sociedad.
Presentación ciencia, tecnologia y sociedad.
NUVIA GUERRERO
 
revista
revistarevista
revista
alexadelgadillo204
 
4 comunicación científica
4 comunicación científica4 comunicación científica
4 comunicación científica
lizvasquezvalero
 
Tarjeta para el padre
Tarjeta para el padreTarjeta para el padre
Tarjeta para el padre
Carlos Pedraza
 
Framework - Empower
Framework - EmpowerFramework - Empower
Framework - Empower
Francisco Mello Castro
 

Viewers also liked (20)

The Top Five Things You Need to Conduct Better eDiscovery
The Top Five Things You Need to Conduct Better eDiscoveryThe Top Five Things You Need to Conduct Better eDiscovery
The Top Five Things You Need to Conduct Better eDiscovery
 
A Litigator's Guide to Cloud-Based eDiscovery and Document Review
A Litigator's Guide to Cloud-Based eDiscovery and Document ReviewA Litigator's Guide to Cloud-Based eDiscovery and Document Review
A Litigator's Guide to Cloud-Based eDiscovery and Document Review
 
Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016Kroll.cross border ediscovery-2016
Kroll.cross border ediscovery-2016
 
Bogota
BogotaBogota
Bogota
 
Microsoft Windows Server
Microsoft Windows ServerMicrosoft Windows Server
Microsoft Windows Server
 
Tabellone jsf
Tabellone jsfTabellone jsf
Tabellone jsf
 
Parole in libertà2
Parole in libertà2Parole in libertà2
Parole in libertà2
 
Ranking argentino 2011 velocidad varones
Ranking argentino 2011 velocidad varonesRanking argentino 2011 velocidad varones
Ranking argentino 2011 velocidad varones
 
Plan analitico fep 56 estu
Plan analitico fep 56 estuPlan analitico fep 56 estu
Plan analitico fep 56 estu
 
foto
foto foto
foto
 
Hipertensión arterial
Hipertensión arterialHipertensión arterial
Hipertensión arterial
 
First Slide
First Slide First Slide
First Slide
 
CC Espirometria. Anàlisi de resultats al nostre centre l'any 2012
CC Espirometria. Anàlisi de resultats al nostre centre l'any 2012CC Espirometria. Anàlisi de resultats al nostre centre l'any 2012
CC Espirometria. Anàlisi de resultats al nostre centre l'any 2012
 
Presentación ciencia, tecnologia y sociedad.
Presentación ciencia, tecnologia y sociedad.Presentación ciencia, tecnologia y sociedad.
Presentación ciencia, tecnologia y sociedad.
 
Template test
Template testTemplate test
Template test
 
revista
revistarevista
revista
 
Recepta débora
Recepta déboraRecepta débora
Recepta débora
 
4 comunicación científica
4 comunicación científica4 comunicación científica
4 comunicación científica
 
Tarjeta para el padre
Tarjeta para el padreTarjeta para el padre
Tarjeta para el padre
 
Framework - Empower
Framework - EmpowerFramework - Empower
Framework - Empower
 

Similar to 2016_AZCWR_Vanguard_keynote_presentation

Analytical Driven Security - Chip Copper
Analytical Driven Security - Chip CopperAnalytical Driven Security - Chip Copper
Analytical Driven Security - Chip Copper
scoopnewsgroup
 
Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016
Adrian Cockcroft
 
Innovation and Architecture
Innovation and ArchitectureInnovation and Architecture
Innovation and Architecture
Adrian Cockcroft
 
(SACON) Vandana Verma - Living In A World of Zero Trust
(SACON) Vandana Verma - Living In A World of Zero Trust(SACON) Vandana Verma - Living In A World of Zero Trust
(SACON) Vandana Verma - Living In A World of Zero Trust
Priyanka Aash
 
Csa summit argentina-reavis
Csa summit argentina-reavisCsa summit argentina-reavis
Csa summit argentina-reavis
CSA Argentina
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
Scalar Decisions
 
BCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_ProofBCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_Proof
Dominic Vogel
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
Skycure
 
Enhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber RangeEnhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber Range
scoopnewsgroup
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
Scalar Decisions
 
Securely Enabling the Digital Age
Securely Enabling the Digital AgeSecurely Enabling the Digital Age
Securely Enabling the Digital Age
CA Technologies
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
Scalar Decisions
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
Phil Agcaoili
 
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_aprSarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Introducing testing cloud services - Transformation to SaaS
Introducing testing cloud services - Transformation to SaaSIntroducing testing cloud services - Transformation to SaaS
Introducing testing cloud services - Transformation to SaaS
Kees Blokland
 
Redefining Security in the Cloud
Redefining Security in the CloudRedefining Security in the Cloud
Redefining Security in the Cloud
Mike Spaulding
 
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
Casey Ellis
 
Event report 2014 published
Event report 2014 publishedEvent report 2014 published
Event report 2014 published
DSCI_Connect
 
Untuk penggiat Cyber Security dan Sertifikasi dari isaca csx-update-18_apr - ...
Untuk penggiat Cyber Security dan Sertifikasi dari isaca csx-update-18_apr - ...Untuk penggiat Cyber Security dan Sertifikasi dari isaca csx-update-18_apr - ...
Untuk penggiat Cyber Security dan Sertifikasi dari isaca csx-update-18_apr - ...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...
Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...
Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...
Amazon Web Services
 

Similar to 2016_AZCWR_Vanguard_keynote_presentation (20)

Analytical Driven Security - Chip Copper
Analytical Driven Security - Chip CopperAnalytical Driven Security - Chip Copper
Analytical Driven Security - Chip Copper
 
Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016Microservices Workshop All Topics Deck 2016
Microservices Workshop All Topics Deck 2016
 
Innovation and Architecture
Innovation and ArchitectureInnovation and Architecture
Innovation and Architecture
 
(SACON) Vandana Verma - Living In A World of Zero Trust
(SACON) Vandana Verma - Living In A World of Zero Trust(SACON) Vandana Verma - Living In A World of Zero Trust
(SACON) Vandana Verma - Living In A World of Zero Trust
 
Csa summit argentina-reavis
Csa summit argentina-reavisCsa summit argentina-reavis
Csa summit argentina-reavis
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
BCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_ProofBCAWARE_ProgramBook_FINAL_Proof
BCAWARE_ProgramBook_FINAL_Proof
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
 
Enhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber RangeEnhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber Range
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Securely Enabling the Digital Age
Securely Enabling the Digital AgeSecurely Enabling the Digital Age
Securely Enabling the Digital Age
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_aprSarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
 
Introducing testing cloud services - Transformation to SaaS
Introducing testing cloud services - Transformation to SaaSIntroducing testing cloud services - Transformation to SaaS
Introducing testing cloud services - Transformation to SaaS
 
Redefining Security in the Cloud
Redefining Security in the CloudRedefining Security in the Cloud
Redefining Security in the Cloud
 
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
 
Event report 2014 published
Event report 2014 publishedEvent report 2014 published
Event report 2014 published
 
Untuk penggiat Cyber Security dan Sertifikasi dari isaca csx-update-18_apr - ...
Untuk penggiat Cyber Security dan Sertifikasi dari isaca csx-update-18_apr - ...Untuk penggiat Cyber Security dan Sertifikasi dari isaca csx-update-18_apr - ...
Untuk penggiat Cyber Security dan Sertifikasi dari isaca csx-update-18_apr - ...
 
Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...
Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...
Status Quo is Death: nib health funds’ Innovative Journey to the Cloud: AWS S...
 

2016_AZCWR_Vanguard_keynote_presentation

  • 1. VANGUARD SECURITY & COMPLIANCE 2016 Rich Larkins AZCWR Network Architect The Arizona Cyber Warfare Range Learning by Destruction SECURITY & COMPLIANCE CONFERENCE 2016
  • 2. VANGUARD SECURITY & COMPLIANCE 2016 What is the AZCWR? • New Paradigm for Government/Private Sector Cooperation on Offensive Cyber Attack and Computer Network Defense Training & Research • Donation Funded, Privately Owned (Largest in the country) • Volunteer Management and Operations Team • “No-Holds-Barred” 24x7 Remotely Accessible
  • 3. VANGUARD SECURITY & COMPLIANCE 2016 The Vision -- Win at Cyber Warfare We (the U.S.) are losing the war on Cyber. Worldwide. The AZCWR mission is to grow the population of qualified Cyber Professionals through self-paced training, organic mentoring, and real-world experience using live hardware. Learn how to do bad things in a controlled environment …so you can protect the good things.
  • 4. VANGUARD SECURITY & COMPLIANCE 2016 Why Are We Doing This? (We are unbalanced and committed) • Millions of Cyber positions – Not enough talent available. • Founding members agreed that the best way to fix the problem was to create a “live-fire” environment that people could learn to be as bad as the baddest out there. • Game Over? … FBI and DHS didn’t take well to the idea of “live hacking” over public infrastructure. • It took over 5 years of negotiations. (remember: unbalanced AND committed) • More problems… • No tax-deductable path for equipment donation. • No funding partner for space, power and HVAC.
  • 5. VANGUARD SECURITY & COMPLIANCE 2016 The “Origin Story” – It All Comes Together • Agreements signed early in 2014 with Federal and State Agencies. • First rack on-net July 2014 in “Ray’s Garage*” • Partnerships Made the Difference: • Phoenix ISSA Chapter (501.c.6) • AZLabs (Alion Sciences) • Arizona Cyber Threat Response Alliance (Infragard)
  • 6. VANGUARD SECURITY & COMPLIANCE 2016 4 Months Later… (Dec 2014) blowing circuits* and over loading HVAC The response was a bit overwhelming… *Yes… there was a small fire in a PDU
  • 7. VANGUARD SECURITY & COMPLIANCE 2016 6 Months… More Donations AZLabs was finally convinced that we were “for real”.
  • 8. VANGUARD SECURITY & COMPLIANCE 2016 AZCWR 2.0, March 2015 – Less than 1 year from kickoff.
  • 9. VANGUARD SECURITY & COMPLIANCE 2016 AZCWR 3.0… Q2 - 2017 3X Raised Floor Space Classroom-Presentation Space for 60+ MORE Power! MORE Cooling!
  • 10. VANGUARD SECURITY & COMPLIANCE 2016 AZCWR 3.0… Q2 - 2017
  • 11. VANGUARD SECURITY & COMPLIANCE 2016 AZCWR 3.0… Q2 - 2017
  • 12. VANGUARD SECURITY & COMPLIANCE 2016 The Secret Sauce • Open Environment For any Skill Level • We Fully Encourage Pwnage • Open-Source, Virtual Platforms Recycle to Known Good • No Simulators • 100% Non-Profit, 501.c.3 • As an “educational” entity, we hold to the agreements in place that allow for live hacking over public networking Infrastructure. • Allows for Red/Blue team exercises with Cyber agencies. • Allows us to be quicker than any Government funded project. • Allows us to bring in commercial hardware (by donation) and tear it up.
  • 13. VANGUARD SECURITY & COMPLIANCE 2016 Flexibility • Different skill levels of hacking targets (ranges) that are tailored to the needs of the users. • Beginner • Intermediate • Advanced • Jedi • Custom ranges can be deployed for special events. • 24x7 Remote Access by SMS Sign-in (subject to availability – remember we are volunteers)
  • 14. VANGUARD SECURITY & COMPLIANCE 2016 Organic Mentoring
  • 15. VANGUARD SECURITY & COMPLIANCE 2016 It Is Working • Over 30 people that have volunteered over the course of 2014 and 2015 have either started new careers in Cyber Security or have elevated their careers with new and lucrative positions. • Former Massage Therapist… now Security Analyst SOC/NOC • Unemployed Recent Tech School Grad… now Firewall SOC Admin • 16-year Old High School Student… giving Tech Talks at Security Conferences
  • 16. VANGUARD SECURITY & COMPLIANCE 2016 Why Are We Doing This? - We Are Making a Difference • Former Costco® Cashier… now Lead Security Admin for Major Education Provider • “That doesn’t look right…” • “Highly Paid Experts” Called it a False Positive • Pseudo-Darkleech Malware • One of the First Captures in the Wild • Very Complex, Very Nasty, Extensive iFrame Obfuscation in Code • Able to Deconstruct and Publish • National Alert published through ACTRA/Infragard in Summer 2016.
  • 17. VANGUARD SECURITY & COMPLIANCE 2016 Community Involvement = Results • ISSA Phoenix Chapter – International Chapter of the Year 2015 • Directly related to AZCWR involvement. • Arizona Statewide Cyber Workforce Consortium • Received NIST grant of nearly $200K for Regional Alliances and Multi-stakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development. [Sept 2016]. • Mobile Oppression Machine (Mobile AZCWR) on- site at several community events. • We have it here -- 09:00 Session
  • 18. VANGUARD SECURITY & COMPLIANCE 2016 How to Get Involved http://azcwr.org Home page for AZCWR. https://plus.google.com/communities
  • 19. VANGUARD SECURITY & COMPLIANCE 2016 Hack Responsibly (i.e. Don’t Go to Jail) • DHS has recognized our collaborative partner, the Arizona Cyber Threat Response Alliance (ACTRA) as the premier model for an Information Sharing and Analysis Organization (ISAO) [Pursuant to Executive Order 13691 Feb. 2015] • DHS has recognized AZCWR as a leading Cyber Warfare Training facility.
  • 20. VANGUARD SECURITY & COMPLIANCE 2016 Final Thoughts • We are losing the war on Cyber. Get moving. • Real Hardware = Real Experience = Real Jobs. • Practice Organic Mentoring. • “That doesn’t look right…” • Make a Difference. Adopt a Dog. Or Two…
  • 21. VANGUARD SECURITY & COMPLIANCE 2016 Thank you! SECURITY & COMPLIANCE CONFERENCE 2016