Tom Kopchak discusses Competitive Cyber Security and how someone can train to be a part of a Cyber Security Competition.

1. Tom Kopchak
Competitive Cyber Security:
The Ultimate Training
Experience

2. •Who Am I?
•Why Am I here, and what
got me here?
•Why I am passionate about
computer security?
About the Presenter -
Who am I?

3. How many of you have
experienced a cyber-attack?

4. System
intrusion?

5. Malware
Infestation?

6. Rushed
project?

7. Mysterious
network?

8. • Hopefully, most of you can relate to several of these
scenarios
• If you have not experienced anything, at least some
of you are lying, misinformed, or new
• If you aren't worried about attacks, why are you here?
Cyber-Attacks!

9. • Incidents will happen
• Systems will be compromised
• Applications need to both work and be secure
• People will break things
• You will need to be an expert on something
you've never seen before
Truths

10. Top Skills
• Fundamental
understanding of security
concepts
• Technical skills
• Direct experience

11. •Personal experience/on
your own
•Technology-specific training
•Formal education
How do I get skills?

12. • Nothing beats practical experience
• How do you get practical
experience?
• Production systems
• Personal equipment
• Labs
• Simulated production systems
Practical

13. • Hands on, practical experience
• Simulated Production systems
• Types
• Defense
• Attack
• Attack/Defend
Competitive Security Events

14. Collegiate Cyber Defense
Competition (CCDC)

15. • National Collegiate Cyber Security Competition
• Focuses on both business and technical aspects
Collegiate Cyber Defense
Competition (CCDC)

16. • Pre-qualifying (state) events
• Regional events
• Growing every year
• Winner goes to national competition
• National Competition
• San Antonio, Texas
• Top 9 teams in the nation
Competition Structure

17. • Competing teams have just been
hired as the IT staff for a company
• Everyone was fired
• Teams must secure their network,
while completing a multitude of
business tasks (injects)
• Red team = bad guys
Competition Premise

18. •DNS
•Mail (SMTP and POP)
•Web
•Secure Web (ecommerce)
•FTP
•Database
•SSH
•VoIP
What types of applications?

19. • Cisco IOS (Router, Switch, ASA)
• Windows
• Linux
• MacOS
• Printers
• VoIP Phones
• Wireless
What types of systems?

20. • Investigate a database breach
• Deploy McAfee security software
• Upgrade clients to Windows 7
• Provide a list of top attacking IPs
• Install and configure Splunk
Potential Injects - Technical

21. • Block social networking websites
• Develop an IT policy
• Create user accounts
• Recover lost e-mail
• Create a job description for HR
Potential Injects - Business

22. • Unplug everything, secure it, and bring it back online
• Services are not available
• Customers are not happy
• Mitigate security issues while keeping services alive
• The red team is everywhere
• Run away, crying
Potential Strategies – Day One

23. • Number of issues/systems/tasks greater than available
manpower
• Unexpected difficulties/limitations/business rules and
policies
• Uptime & SLA requirements
Challenges

24. • EMCTraining Center: Franklin, MassachusettsTopology – 2011 Regionals

26. Topology - 2011 Nationals
San Antonio, Texas

28. •Storytime with Tom (time permitting)
•CCDC experiences
•Red team attacks
•Strange tasks
Personal Experiences

29. • CCDC = NCAA of Computer Security
• US Cyber Challenge
• Private Events
• RIT Information Technology Talent Search (ISTS)
• Hurricane Labs Hackademic Challenge
• Hack for Hunger
But wait, there's more!

30. • Many opportunities/needs exist
• Gain experience yourself, and help others get
involved
Get involved,
and encourage others!

31. Wrap Up/QA