“Current Cyber Security Landscape” Dr. Josh Pauli Presentation
Download
Report
Transcript “Current Cyber Security Landscape” Dr. Josh Pauli Presentation
Josh Pauli
Associate Professor of Cyber Security
Dakota State University (Madison, SD)
10 years and counting!
We have 300+ students studying:
Cyber Operations (Cyber Security)
Computer Science
Largest degree on campus (170 / 1200)
Explosive growth in the last two years (55 in ‘11; 70 in ‘12)
Want the best and brightest regardless of computing history
A great mix of:
Programming
Networking
Operating systems
“hacking”!
Ethics
Critical thinking
Full ride scholarships + attractive stipend
$35,000-40,000 per year
including $20,000 stipend
Work for Gov’t agencies after graduation
National Security Agency (NSA)
Central Intelligence Agency (CIA)
Space and Naval Warfare Systems Command
(SPAWAR)
NSA wants the most technical cyber experts
DSU was selected as 1 of 4 in the entire nation
Now 8 schools
Only public institution in the nation
Only program with dedicated Cyber Ops
program in the nation
Only undergraduate program in the nation
Best Cyber Operations curriculum in the nation
Cyber Corps scholarships to save over $100,000
Top Secret security clearance before graduation
Work on the top security projects in the world
25 years old:
Undergrad & Graduate degrees in Cyber Operations
Top Secret government security clearance
2-3 years of experience in a Federal agency
Any job you ever want anywhere you want it
1.
What’s technical social engineering (TSE)?
2.
Timeline of hacking
3.
AV is dead! Long live AV!
4.
How to prevent TSE attack
5.
TSE in penetration testing
6.
Q &A
It’s NOT:
Physical impersonation
Pretext calling
Dumpster diving
Still good stuff; just not what we’re
talking about today!
Relying on people being:
Gullible
Greedy
Dumb
Naïve
And using technology own them!
Remote code execution
Administrative rights
Key loggers
<<insert juicy payload here>>
Not clicking links
Opening files
Visiting websites
But it only takes 1 person!
This is why we can’t have nice things…
But it’s not enough
Just one “layer”
Signature-based = always behind
How AV vendors work (simplified)
Why security researchers giggle at this
And only you!
User Awareness Training
Currently a raging debate in InfoSec
Fear v. education
Punish v. reinforce
“Check the box” v.
“Get after it!”
Timing
Scope
Price
So this is red team?
Who can actually do this?
[email protected]
@CornDogGuy
Happy to help
anyway that I can!