SlideShare a Scribd company logo

Cyber Hacking & Security - IEEE - Univ of Houston 2015-04

Kyle Lai
Kyle Lai

What is CyberSecurity? Who are the threats? Why is cyber attack happening? How bad is it? How do attackers do it? What can we learn from Star Wars? This presentations Cyber Attacks, State of CyberSecurity, some guidance for the students interested in getting into the field, and some great resources.

Technology
1 of 21
Download to read offline
KLC Consulting 1 Kyle Lai President & CTO KLC Consulting April 2015
KLC Consulting 2 Career Highlights CISSP, CISA, CSSLP, CIPP/US/G 20 years in IT, 15 year specializing in security CISO, DISA Operations Manager for Security Portal ISO 27001/2, Regulatory Compliance, Third-Party Risk, Penetration/Vulnerability Tester, IT Auditor, Network Admin, Developer, DBA, Sys Admin Consultant for Boeing | HP | PWC | DoD | Fidelity | ExxonMobil Fannie Mae | RBS | Federal Gov’t | Akamai | Brandeis Univ Author of SMAC MAC Address Changer (SMAC) tool WebDAV Scanner tool Administer Linkedin Groups CyberSecurity Community Cloud Computing Security Community Third Party Security Risk Management Married, 2 kids, 1 teenage dog! Graduated from UCONN with BS in Electrical Engineering
KLC Consulting 3
KLC Consulting 4 Recent huge cyber attacks: (1/2015) Primera Blue Cross : 11 million customer records in May 2014, went undiscovered until 1/29/2015 (2/2015) Anthem (including Blue Cross Blue Shield members) : 80 million insured’s health records stolen (11/2014) SONY Picture : 11/2014 (10/2014) Staples : 1.16 million customer credit cards (9/2014) Home Depot : 56 million customer credit cards (8/2014) JPMorgan Chase : 83 million household and business accounts (6/2014) Community Health Systems : 4.5 million patient records (4/2014) Michaels Stores: 3 million customer payment cards (12/2013) Target : 40 million customer credit and debit cards. CEO was fired!
KLC Consulting 5
KLC Consulting 6 CyberSecurity Definition: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation. (http://niccs.us-cert.gov/glossary) In Straight Talk: Your Capability and Readiness for attacks against your technology / system / applications: Prevention / protection / monitoring / detection React / respond / attack* / counter attack* / handle breach notifications *Authorization required
KLC Consulting 7 Source: https://buildsecurityin.us-cert.gov/sites/default/files/BobMartin-CybersecurityEcosystem.pdf
KLC Consulting 8 * “Scope of Supplier Expansion and Foreign Involvement” graphic in DACS www.softwaretechnews.com Cloud / Outsource
KLC Consulting 9 92% OF THE INCIDENTS WE’VE SEEN OVER THE LAST 10 YEARS — AND 94% OF THE BREACHES IN 2013 — CAN BE DESCRIBED WITH JUST NINE PATTERNS. Source: VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT
KLC Consulting 10 Advanced Persistent Threat (APT) Distributed Denial of Service (DDoS) Cross-Platform Malware Metamorphic and Polymorphic Malware Phishing Source: Recorded Future - Cyber Threat Landscape: Basic Overview and Attack Methods
KLC Consulting 11 A1: Injection A2: Broken Authentication and Session Management A3: Cross-Site Scripting (XSS) A4: Insecure Direct Object References A5: Security Misconfiguration A6: Sensitive Data Exposure A7: Missing Function Level Access Control A8: Cross-Site Request Forgery (CSRF) A9: Using Known Vulnerable Components A10: Unvalidated Redirects and Forwards
KLC Consulting 12
KLC Consulting 13 Critical Infrastructure Power grid / Oil pipelines Financial Services Banking / Wall Street Government Services Fire / Police / Water / Traffic Light Several nations are capable of launching large-scale attacks against the USA
KLC Consulting 14 Live Attacks - http://map.ipviking.com (no sensors in China so cannot see attacks made upon China)
KLC Consulting 15 Source: http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet • Cyber Weapon – Stuxnet attacked Iranian nuclear centrifuge in 2010 • It is claimed to be the first effective cyber weapon • Infect the environment by USB • Attack industrial programmable logic controllers (PLCs) • Only target Siemens system running on Windows • Reportedly compromised Iranian PLCs • Collects information about industrial systems • Causes the high speed centrifuges to tear themselves apart • Who made Stuxnet??? No one claimed the responsibility…
KLC Consulting 16 Denial Of Service AMIDALA : We must continue to rely on negotiation. BIBBLE : Negotiation? We've lost all communications! (Also used in Russia-Georgia war) Compromise Integrity, Escalation of Privilege... OBI-WAN: This is where it ought to be... but it isn’t. Gravity is pulling all the stars in this area inward to this spot. There should be a star here... but there isn’t. JEDI CHILD: Because someone erased it from the archive memory. OBI-WAN: But Master Yoda who could have erased information from the archives? That’s impossible, isn’t it? YODA: (frowning) Much harder to answer, that question is.
KLC Consulting 17 You Possess Fundamental Skills for CyberSecurity Strong PROBLEM SOLVING SKILLS Programming Skills Advanced Computer skills Understand a mix of technologies Acquire new skills Think outside the box when it comes to creative problem solving Learn penetration testing skills Think like a BAD hacker, and see how you can protect your employer Learn Risk Assessment. Identify vulnerabilities, potential areas of exposure, estimate cost of damage should attack come via this vulnerability, estimate cost to fix, the cost to not fix, the cost of carrying business insurance to cover the risk, is the risk acceptable?
KLC Consulting 18 Learn the basics (network, database, application, web) Learn programming languages (Python – most useful) Be passionate! You will learn more if you have the interest Try out all the hacking practice sites. Lots of free training. Youtube. Google - research!!! Follow websites, tweets, security news Follow the new security threats, vulnerabilities Learn the hacking tools, stay current with existing and newest Jedi tricks Pay attention to the trend... Setup a lab and try out Jedi tricks at home! A few computers A few Virtual Machines
KLC Consulting 19 Sample CyberSecurity Opportunities Vulnerability Management Secure Software Development Encryption Security Operations Center Patch Management Malware Analysis Security Policy / Procedure Forensics ERP / SAP / Oracle Network / Firewall / VPN Threat Intelligence Incident Response Application Security Penetration Testing Project Manager Database Security Third-Party Security Risk Regulatory Compliance SCADA / PLC Security Certification & Accreditation Cyber Warfare (DoD, DHS, NSA, CIA) Cloud Security / VM Security Audit / Logging / Log coordination Researcher – Focus on security issues POS Security IoT Hardware Security
KLC Consulting 20 Verizon Data Breach Investigation Report - http://www.verizonenterprise.com/DBIR/2014 DHS CyberSecurity Portal - http://www.dhs.gov/topic/cybersecurity DoD Information Assurance Portal – http://iase.disa.mil Hacking Practice (Web App Pentest) Hack This Site - https://www.hackthissite.org Multillidae - http://sourceforge.net/projects/mutillidae Damn Vulnerable Web App - http://www.dvwa.co.uk Security Knowledge OWASP – www.owasp.org DarkReading - www.darkreading.com SANS Reading Room - https://www.sans.org/reading-room/ FireEye / Mandiant Threat Intelligence Reports - https://www.fireeye.com/current-threats/threat- intelligence-reports.html Youtube, Twitter Security Intel Twitter – follow news, alerts – i.e. @Symantec, @TheHackersNews, @SCMagazine SANS Internet Storm Center US-CERT Alerts - Subscribe - https://www.us-cert.gov/ncas/alerts NIST Vulnerability Database - https://nvd.nist.gov Tools Kali Linux - https://www.kali.org (Linux Distro – comes with many tools – MUST HAVE) Metasploit – http://www.metasploit.com System Internals - https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx Basic Certifications Security+ CEH
KLC Consulting 21 Kyle Lai CISSP, CSSLP, CISA, CIPP/US/G President & CTO KLC Consulting, Inc. @KLCConsulting klai@klcconsulting.net www.KLCConsulting.net

Recommended

Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
cyber security
cyber securitycyber security
cyber securityabithajayavel
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 

Recommended

Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
cyber security
cyber securitycyber security
cyber securityabithajayavel
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYVaishak Chandran
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
Cyber security
Cyber securityCyber security
Cyber securityvishakha bhagwat
 
Cyber Security - Flier
Cyber Security - FlierCyber Security - Flier
Cyber Security - FlierSunit Belapure
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017R-Style Lab
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarVishwadeep Badgujar
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesBijay Senihang
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security ThreatsQuick Heal Technologies Ltd.
 
Importance of cyber crime security
Importance of cyber crime security Importance of cyber crime security
Importance of cyber crime security Pavan Kuls
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013Dr. Amitabha Yadav
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 

More Related Content

What's hot

Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defensefantaghost
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
Cyber Security - Flier
Cyber Security - FlierCyber Security - Flier
Cyber Security - FlierSunit Belapure
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017R-Style Lab
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarVishwadeep Badgujar
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Knowledge Group
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesBijay Senihang
 
Importance of cyber crime security
Importance of cyber crime security Importance of cyber crime security
Importance of cyber crime security Pavan Kuls
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 

What's hot (20)

Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber threats landscape and defense
Cyber threats landscape and defenseCyber threats landscape and defense
Cyber threats landscape and defense
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security - Flier
Cyber Security - FlierCyber Security - Flier
Cyber Security - Flier
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep Badgujar
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data Breaches
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
Importance of cyber crime security
Importance of cyber crime security Importance of cyber crime security
Importance of cyber crime security
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 

Viewers also liked

Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chainaletarw
 
Clearance barriers to Cyber Security Profession
Clearance barriers to Cyber Security ProfessionClearance barriers to Cyber Security Profession
Clearance barriers to Cyber Security Professionaletarw
 
What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyEly Kahn
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittJack Whitsitt
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8John Palfreyman
 
Teacher Zen with Google Tools and Apps
Teacher Zen with Google Tools and AppsTeacher Zen with Google Tools and Apps
Teacher Zen with Google Tools and AppsShelly Sanchez Terrell
 
Cyber-Security in Education
Cyber-Security in EducationCyber-Security in Education
Cyber-Security in EducationTyrone Grandison
 

Viewers also liked (11)

Cyber security 22-07-29=013
Cyber security 22-07-29=013Cyber security 22-07-29=013
Cyber security 22-07-29=013
 
Cyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply ChainCyber Security Professionals Viewed via Supply Chain
Cyber Security Professionals Viewed via Supply Chain
 
Clearance barriers to Cyber Security Profession
Clearance barriers to Cyber Security ProfessionClearance barriers to Cyber Security Profession
Clearance barriers to Cyber Security Profession
 
What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity Policy
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
 
Teacher Zen with Google Tools and Apps
Teacher Zen with Google Tools and AppsTeacher Zen with Google Tools and Apps
Teacher Zen with Google Tools and Apps
 
Cyber-Security in Education
Cyber-Security in EducationCyber-Security in Education
Cyber-Security in Education
 

Similar to Cyber Hacking & Security - IEEE - Univ of Houston 2015-04

CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextPriyanka Aash
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6hymasakhamuri
 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to InfrastructureJorge Orchilles
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseChristiaan Beek
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52Felipe Prado
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetuppbink
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionWeb security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionEoin Keary
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos, Inc.
 

Similar to Cyber Hacking & Security - IEEE - Univ of Houston 2015-04 (20)

CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6
 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to Infrastructure
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
The 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypseThe 4horsemen of ics secapocalypse
The 4horsemen of ics secapocalypse
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionWeb security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud version
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
 

More from Kyle Lai

Isaca app sec presentation - v3
Isaca app sec presentation - v3Isaca app sec presentation - v3
Isaca app sec presentation - v3Kyle Lai
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt Systems
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt SystemsWhitepaper - Cybersecurity Threats for Treasure and Payment Mgmt Systems
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt SystemsKyle Lai
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Kyle Lai
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Kyle Lai
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 

More from Kyle Lai (7)

Isaca app sec presentation - v3
Isaca app sec presentation - v3Isaca app sec presentation - v3
Isaca app sec presentation - v3
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt Systems
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt SystemsWhitepaper - Cybersecurity Threats for Treasure and Payment Mgmt Systems
Whitepaper - Cybersecurity Threats for Treasure and Payment Mgmt Systems
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Cyber Hacking & Security - IEEE - Univ of Houston 2015-04

  • 1. KLC Consulting 1 Kyle Lai President & CTO KLC Consulting April 2015
  • 2. KLC Consulting 2 Career Highlights CISSP, CISA, CSSLP, CIPP/US/G 20 years in IT, 15 year specializing in security CISO, DISA Operations Manager for Security Portal ISO 27001/2, Regulatory Compliance, Third-Party Risk, Penetration/Vulnerability Tester, IT Auditor, Network Admin, Developer, DBA, Sys Admin Consultant for Boeing | HP | PWC | DoD | Fidelity | ExxonMobil Fannie Mae | RBS | Federal Gov’t | Akamai | Brandeis Univ Author of SMAC MAC Address Changer (SMAC) tool WebDAV Scanner tool Administer Linkedin Groups CyberSecurity Community Cloud Computing Security Community Third Party Security Risk Management Married, 2 kids, 1 teenage dog! Graduated from UCONN with BS in Electrical Engineering
  • 4. KLC Consulting 4 Recent huge cyber attacks: (1/2015) Primera Blue Cross : 11 million customer records in May 2014, went undiscovered until 1/29/2015 (2/2015) Anthem (including Blue Cross Blue Shield members) : 80 million insured’s health records stolen (11/2014) SONY Picture : 11/2014 (10/2014) Staples : 1.16 million customer credit cards (9/2014) Home Depot : 56 million customer credit cards (8/2014) JPMorgan Chase : 83 million household and business accounts (6/2014) Community Health Systems : 4.5 million patient records (4/2014) Michaels Stores: 3 million customer payment cards (12/2013) Target : 40 million customer credit and debit cards. CEO was fired!
  • 6. KLC Consulting 6 CyberSecurity Definition: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation. (http://niccs.us-cert.gov/glossary) In Straight Talk: Your Capability and Readiness for attacks against your technology / system / applications: Prevention / protection / monitoring / detection React / respond / attack* / counter attack* / handle breach notifications *Authorization required
  • 7. KLC Consulting 7 Source: https://buildsecurityin.us-cert.gov/sites/default/files/BobMartin-CybersecurityEcosystem.pdf
  • 8. KLC Consulting 8 * “Scope of Supplier Expansion and Foreign Involvement” graphic in DACS www.softwaretechnews.com Cloud / Outsource
  • 9. KLC Consulting 9 92% OF THE INCIDENTS WE’VE SEEN OVER THE LAST 10 YEARS — AND 94% OF THE BREACHES IN 2013 — CAN BE DESCRIBED WITH JUST NINE PATTERNS. Source: VERIZON 2014 DATA BREACH INVESTIGATIONS REPORT
  • 10. KLC Consulting 10 Advanced Persistent Threat (APT) Distributed Denial of Service (DDoS) Cross-Platform Malware Metamorphic and Polymorphic Malware Phishing Source: Recorded Future - Cyber Threat Landscape: Basic Overview and Attack Methods
  • 11. KLC Consulting 11 A1: Injection A2: Broken Authentication and Session Management A3: Cross-Site Scripting (XSS) A4: Insecure Direct Object References A5: Security Misconfiguration A6: Sensitive Data Exposure A7: Missing Function Level Access Control A8: Cross-Site Request Forgery (CSRF) A9: Using Known Vulnerable Components A10: Unvalidated Redirects and Forwards
  • 13. KLC Consulting 13 Critical Infrastructure Power grid / Oil pipelines Financial Services Banking / Wall Street Government Services Fire / Police / Water / Traffic Light Several nations are capable of launching large-scale attacks against the USA
  • 14. KLC Consulting 14 Live Attacks - http://map.ipviking.com (no sensors in China so cannot see attacks made upon China)
  • 15. KLC Consulting 15 Source: http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet • Cyber Weapon – Stuxnet attacked Iranian nuclear centrifuge in 2010 • It is claimed to be the first effective cyber weapon • Infect the environment by USB • Attack industrial programmable logic controllers (PLCs) • Only target Siemens system running on Windows • Reportedly compromised Iranian PLCs • Collects information about industrial systems • Causes the high speed centrifuges to tear themselves apart • Who made Stuxnet??? No one claimed the responsibility…
  • 16. KLC Consulting 16 Denial Of Service AMIDALA : We must continue to rely on negotiation. BIBBLE : Negotiation? We've lost all communications! (Also used in Russia-Georgia war) Compromise Integrity, Escalation of Privilege... OBI-WAN: This is where it ought to be... but it isn’t. Gravity is pulling all the stars in this area inward to this spot. There should be a star here... but there isn’t. JEDI CHILD: Because someone erased it from the archive memory. OBI-WAN: But Master Yoda who could have erased information from the archives? That’s impossible, isn’t it? YODA: (frowning) Much harder to answer, that question is.
  • 17. KLC Consulting 17 You Possess Fundamental Skills for CyberSecurity Strong PROBLEM SOLVING SKILLS Programming Skills Advanced Computer skills Understand a mix of technologies Acquire new skills Think outside the box when it comes to creative problem solving Learn penetration testing skills Think like a BAD hacker, and see how you can protect your employer Learn Risk Assessment. Identify vulnerabilities, potential areas of exposure, estimate cost of damage should attack come via this vulnerability, estimate cost to fix, the cost to not fix, the cost of carrying business insurance to cover the risk, is the risk acceptable?
  • 18. KLC Consulting 18 Learn the basics (network, database, application, web) Learn programming languages (Python – most useful) Be passionate! You will learn more if you have the interest Try out all the hacking practice sites. Lots of free training. Youtube. Google - research!!! Follow websites, tweets, security news Follow the new security threats, vulnerabilities Learn the hacking tools, stay current with existing and newest Jedi tricks Pay attention to the trend... Setup a lab and try out Jedi tricks at home! A few computers A few Virtual Machines
  • 19. KLC Consulting 19 Sample CyberSecurity Opportunities Vulnerability Management Secure Software Development Encryption Security Operations Center Patch Management Malware Analysis Security Policy / Procedure Forensics ERP / SAP / Oracle Network / Firewall / VPN Threat Intelligence Incident Response Application Security Penetration Testing Project Manager Database Security Third-Party Security Risk Regulatory Compliance SCADA / PLC Security Certification & Accreditation Cyber Warfare (DoD, DHS, NSA, CIA) Cloud Security / VM Security Audit / Logging / Log coordination Researcher – Focus on security issues POS Security IoT Hardware Security
  • 20. KLC Consulting 20 Verizon Data Breach Investigation Report - http://www.verizonenterprise.com/DBIR/2014 DHS CyberSecurity Portal - http://www.dhs.gov/topic/cybersecurity DoD Information Assurance Portal – http://iase.disa.mil Hacking Practice (Web App Pentest) Hack This Site - https://www.hackthissite.org Multillidae - http://sourceforge.net/projects/mutillidae Damn Vulnerable Web App - http://www.dvwa.co.uk Security Knowledge OWASP – www.owasp.org DarkReading - www.darkreading.com SANS Reading Room - https://www.sans.org/reading-room/ FireEye / Mandiant Threat Intelligence Reports - https://www.fireeye.com/current-threats/threat- intelligence-reports.html Youtube, Twitter Security Intel Twitter – follow news, alerts – i.e. @Symantec, @TheHackersNews, @SCMagazine SANS Internet Storm Center US-CERT Alerts - Subscribe - https://www.us-cert.gov/ncas/alerts NIST Vulnerability Database - https://nvd.nist.gov Tools Kali Linux - https://www.kali.org (Linux Distro – comes with many tools – MUST HAVE) Metasploit – http://www.metasploit.com System Internals - https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx Basic Certifications Security+ CEH
  • 21. KLC Consulting 21 Kyle Lai CISSP, CSSLP, CISA, CIPP/US/G President & CTO KLC Consulting, Inc. @KLCConsulting klai@klcconsulting.net www.KLCConsulting.net