Hi [[ session.user.profile.firstName ]]

Attacker's Methodology

A brief overview of the Attacker's Methodology. In this webinar we began our quest to think like an attacker. We will cover the 6 stages of an attack: reconnaissance, scanning & enumeration, gaining access, escalating privileges, maintaining access, and covering your tracks.
Recorded Feb 1 2018 23 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jason Dion, CISSP - Cyber Security Trainer at Dion Training Solutions
Presentation preview: Attacker's Methodology

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Let's talk about Cyber-security Standards of Practice with Fred Cohen Oct 18 2018 5:00 pm UTC 75 mins
    Fred Cohen, PhD. CEO of Management Analytics,
    This webinar, hosted by ITPG Secure Compliance and Certification Training, will be a practitioner oriented conversation about the latest Cyber-Security Standards of Practice and adoption models for CEOs and Information Security professionals . We will be joined by our guest contributor, Fred Cohen.

    Fred Cohen, in the mid 80s, created a Protection Posture Assessments methodology. It is available as open source in all.net and presents the Options and Basic components of standards of practice for enterprise information protection. The model provides overarching and specifics surrounding what we currently view as a reasonable and prudent approaches to addressing information protection for enterprises.

    ITPG Secure Compliance, a Cyber Security Boutique in Northern Virginia will be joined by Fred Cohen, to answer key questions for CTOs, CISOs, CIOs, Security Engineers, Analysts, and all other stakeholders interested in the topic of Cyber-security best practices.


    Fred Cohen has a long history of being ahead of the curve. He first defined the term "computer virus" and the invented most of the widely used computer virus defense techniques, led the team that defined the information assurance problem as it relates to critical infrastructure protection, did seminal researcher in the use of deception for information protection, is a leader in advancing the science of digital forensic evidence examination, and has been a top flight information protection consultant and industry analyst for many years. Along the way, he has started, grown, exited, and assisted in scores of companies, including Advanced Systems Protection, Mangement Analytics, Fred Cohen & Associates, Security Posture, The Radon Project, Fearless Security, TechVision Research, the Monterey Incubator, Can Do Funds, Angel to Exit, and many others.
  • Cracking the Human Factor problem: Sims, games & data Sep 27 2018 5:00 pm UTC 105 mins
    Bora Aytun Co-founder, CEO, MAVI Interactive
    Data-driven integration between Phishing Sims and game-based information security awareness training.

    In this webinar you will learn:
    •Why Phishing Sims didn’t turn out to be the silver bullet to bring down the Human Factor problem in Information Security.
    •Root cause analysis: Why people fail, and how cognitive neuroscience of learning can affect much-needed behavior change.
    •The behavior modification cycle: The process, and why accurate skills assessment is essential.

    You will also see a quick demo of the integrated solution: “Keepnet Labs” and "Info-Sentinel" training mini-games. Q/A Session to follow.

    Mr. Aytun is a 30-year veteran of building technology-based solutions, including B2B product development for the TV broadcast industry, TV and video production, software product development, and in the last decade, game development for training and education. He has been serving the corporate and government training space as the CEO of MAVI Interactive since 2008. MAVI's key contribution to the training industry is making immersive skill development products accessible by all, removing the prohibitive cost barriers.

    MAVI's approach is to develop award winning immersive training systems with modular data structures that can reliably deliver engaging skill development scenarios as well as data-driven performance evaluation. All their solutions are based on Natural Learning Principles, designed to “train the brain” and affect behavior change.

    MAVI's latest integration between Phishing Simulations (Keepnet Labs) and information security behavior modification mini games (multiple-award-winning "Info-Sentinel" series) completes the behavior modification cycle, essential for reducing the Human Factor issues with information security.”
  • What Your Security Team Needs to Know about GDPR Recorded: Sep 12 2018 41 mins
    Richard Stiennon from IT-Harvest & Interfocus Technologies
    The scope of the 435 pages of the EU’s General Data Protection Regulation (GDPR) is vast and has raised the specter of excessive, unforeseen and unintended compliance consequences for companies around the world. In order to ensure individual privacy in the digital realm, there are numerous enterprise security requirements imposed by these regulations with significant compliance concerns, notification requirements and the potential for excessive penalties for non-compliance. Join Interfocus Technologies and security expert Richard Stiennon from IT-Harvest for an overview of GDPR’s implications on your security practices from a people, process and technology point of view. We will review the requirements for and processes to secure your endpoints, monitor and report on malicious user activity, and identify and trace where personal data resides in your network.
  • A Deep Dive into the 2018 State of IoT Security Report Recorded: Sep 12 2018 33 mins
    Vince Crisler, CEO of Dark Cubed
    Dark Cubed conducted extensive testing and determined that many IoT “smart home” device manufacturers have failed to implement basic security protections in the design, development, and production of their products such as electrical plugs, light bulbs and security cameras.

    Join CEO Vince Crisler for a live webcast as he discusses:

    · The creation and operation of the closed testing environment to simulate smart devices in a real-world home

    · The integration of Dark Cubed’s platform to capture and examine traffic patterns and message contents between each device, its back-end infrastructure and its Android app

    · Detailed port communications profiles, Nmap scan findings, infrastructure port reviews, man-in-the-middle assessments, Android app permissions and profiles, and privacy policy reviews for these light bulbs, cameras, and electrical outlets

    Learn more here: www.thestateofiotsecurity.com
  • ISSA Thought Leadership Series: Cybersecurity Heroes Aren't Born...They're Made Recorded: Aug 22 2018 52 mins
    ISSA International
    Phishing continues to be one of the fastest growing and most malicious threats to the security of industries of every kind—from financial organizations to government contractors to healthcare firms. Today’s savvy phisher manages to evade even the most sophisticated technical safeguards through carefully planned, socially-engineered emails that are only getting more advanced.


    During this panel, we will discuss key findings from Wombat’s 2018 State of the Phish™ and 2018 Beyond the Phish® Reports. You will gain insight into current vulnerabilities, industry-specific phishing metrics, and emerging threats.

    This collection of data is taken from tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period; data compiled from nearly 85 million questions asked and answered inside the CyberStrength® Knowledge Assessments and interactive training modules, responses from quarterly surveys of InfoSec professionals; and an international survey of working adults who were queried about social engineering threats and their cybersecurity behaviors.

    We will also discuss best practices related to security awareness and training. Our panelists will highlight key components and common threads of some of the most successful programs, and help attendees identify ways to apply new techniques and increase the effectiveness of their own cybersecurity education initiatives.

    Moderator:
    Jorge Orchilles, SANS Instructor

    Speakers:
    Gretel Egan, Brand Communications Manager at Wombat, a division of Proofpoint
    Michael Levin, CEO & Founder, Center for Information Security
    Kurt Wescoe, Chief Architect, Wombat Security
  • Build Your Cyber Budget for 2019: Part 1 Recorded: Aug 16 2018 35 mins
    Jerry Caponera, VP of Cyber Risk Strategy
    Choosing cyber vendors and balancing budgets can be a challenge. We want to help cut through the clutter and show how we build a cybersecurity budget and identify spending needs an organization needs to immediately address. This is a two-part webinar series where you will learn how to approach the cybersecurity budgeting process (as well as see common mistakes to avoid) and how to build your own cyber budget. We will offer a budget plan worksheet to guide you along the way and share best practices and takeaways.
  • Artificial Intelligence & Employee Security: Greasing the Wheels of Productivity Recorded: Aug 15 2018 32 mins
    Ehab Samy, VP Product Management, Plurilock
    Traditional security and authentication methods are designed to put up stumbling blocks for your employees, challenging them at several points throughout their workday to identify themselves. To do this they must enter, remember, and frequently change passwords, and in the expanding world of two- or multi-factor authentication the enterprise seeks greater security at the further expense of productivity. But traditional passwords and other authentication methods can be compromised, so the impact to your user processes does not always deliver proportional security.

    Artificial intelligence and biometrics can change the authentication game, supporting enhanced security by automatically identifying employee identity without impacting workflows and user processes. Join Ehab Samy, VP Product Management, to learn about applications of biometrics and Artificial Intelligence that smooth your employees’ path to completing any task at work.
  • Making Cybersecurity Matter to Business - A conversation with Pete Herzog Recorded: Jul 26 2018 55 mins
    Pete Herzog, Managing Director at ISECOM
    In early 2000, the Open Source Security Testing Methodology Manual (OSSTMM) was released with the primary objective of improving how the enterprise conducted security testing. Key sections of this methodology include operational, human, physical, wireless, telecommunication, and data network security testing. Today, OSSTMM is widely regarded as a methodology for penetration testing world-wide, offering a standard approach to conducting security testing.

    Frank Shirmo of ITPG Secure Compliance, a Cyber Security Boutique in Northern Virginia will be joined by Pete Herzog, the creator of OSSTMM, to answer key questions, and provide clarifications on OSSTMM for CTOs, CISOs, CIOs, Security Engineers and Analysts, and all other stakeholders interested in the topic of security testing.
  • ISSA International Series: Trials & Tribulations of Social Engineering Recorded: Jul 24 2018 121 mins
    ISSA International
    We all know about social engineering and phishing; but ‘Is it as simple as sending an email or asking for a click?’ probably not. As hackers and attacks evolve, they will go from simple tricks to very sophisticated attacks. So how do we know what these attacks will be? Simply, we can’t. So how can we detect the new attacks? This session will cover the state of the attacks and the directions they are taking. Ultimately, we will discuss strategies and how we can define the science that will evolve to thwart the evolving various attacks

    Moderated by: Pete Lindstrom, IDC

    Presenters:

    Roger Grimes, Data-Driven Defense Evangelist, KnowBe4
    Andrew Lewman, Laxdaela Technology
    Ben Rothke, Senior Security Consultant, Nettitude
    Paul Williams, CEO, Clarity Consulting Corporation
  • Increasing Cyber Workforce Diversity Recorded: Jun 20 2018 64 mins
    Max Shuftan, Jessica Gulick and other panelist
    Join this webinar to hear from past students and current champions discuss how the SANS CyberTalent program is changing lives and closing the workforce gap. The cybersecurity workforce gap can be partly solved through increasing diversity. Organizations like SANS CyberTalent and the WSC are reaching into communities throughout Maryland and the US searching for professionals with technical appitude but new to cybersecurity.

    These academies are designed to help qualified veterans and women receive training and certifications to quickly and effectively launch careers in cybersecurity. The Immersion Academy is an intensive, accelerated program designed for completion in six to eight months, depending upon program selected. The program is at NO COST to the students selected.


    Come listen to learn:
    • What the selection process includes and important application tips
    • Understand what kind of training is provided (length and format)
    • Hear from a recent graduate who will share her experience
    • How this training academy and related certifications can help your career
  • Artificial Intelligence - Internet of Things : Cybersecurity Perspectives Recorded: Jun 14 2018 75 mins
    Dr. Shawn P. Murray, President, Murray Security Services & Consulting
    Artificial Intelligence (AI) is quickly gaining recognition as a viable method to increase successful problem solving, advance research in areas that exceed human capabilities and are automating menial processes to increase efficiency and productivity in expediential time. In the future, your interface with a human doctor may be limited, as AI gains more prominence in the medical industry diagnosing patients and determining levels of care. AI is being used to develop humanoids for companionship and is providing additional conveniences that are starting to alarm some organizations. There is a sense that the pace of AI is growing so fast that it may be impacting areas that are not getting the attention required to address various risks. Cybersecurity issues continue to arise regarding the integration of AI in computer systems, network and software platforms and the growing advances in IoT devices. As various industries invest in AI technology, CIOs, CISOs, researchers and manufacturers need to be working together to ensure cybersecurity and other safeguards are being considered in the design phase before allowing AI technology into the computing environment.
  • ISSA International Series: Breach Report Analysis Recorded: May 22 2018 123 mins
    Matt Mosley | Patrick Cable | Paul Williams | Jay Jacobs | Laurance Dine
    It's everyone's favorite time of year. What will we learn from this
    year's breach reports? Join us as we review the latest data, look for
    lessons and trends, and help you understand what it all means. Our
    panel of experts will focus on how security professionals can learn
    from the data, and hopefully avoid becoming a statistic for next
    year's report.
  • How Cyber (measured in dollars) Earns a Spot on the Risk Register Recorded: May 17 2018 47 mins
    Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security
    Cyber has yet to be fully integrated into the suite of business functions and monitored risks within most organizations. GRC is the mechanism to align cyber and the business, but it’s current state is not sufficient. Governance hierarchy is ineffective (CISOs reporting to the CIO or COO), Risk leveraging ambiguous risk measurements, and Compliance mistaken as security. Moving forward, Governance must be redefined, making CISOs business leaders, reporting to the Board. Risk should leverage traceable data to measure in a common business language. Compliance should be the baseline for security initiatives, not the end goal. When these initiatives can be achieved, GRC will transform cyber into a business enabler.

    Jerry Caponera is the VP Cyber Risk Strategy at Nehemiah Security where he leads the effort to quantify cyber risk in financial terms. Prior to Nehemiah he founded PivotPoint Risk Analytics which focused on cyber risk quantification through value-at-risk modeling and simulations. Jerry has a broad background in cyber, having worked for incident response, malware analysis, and services companies. He has spoken at a number of conferences worldwide including ISS World MEA in Dubai, InfoSecurity Russia in Moscow, and TM World Forum in Nice, France. He holds an MBA from the University of Massachusetts, an MS in Computer Science from the University of Pennsylvania, and a BS in Electrical Engineering from the University of Buffalo.
  • Is Threat Hunting the Next Frontier: Separating the Hype from the Reality Recorded: May 3 2018 78 mins
    Dr. James Stanger Chief Technology Evangelist, CompTIA
    One of the more interesting-sounding job skills today is that of the “threat hunter.” Let’s talk about the activity of “threat hunting,” and deconstruct it a little bit. The idea behind threat hunting is to proactively look for adversaries and for traces of their activity. So, is threat hunting all that it’s cracked up to be? Is looking for trouble really the best approach today? It’s very possible that the one key element of threat hunting is one fundamental assumption: That you’ve already been hacked, but you just don’t quite realize it yet. In this presentation, James will discuss the benefits and drawbacks of “active defense,” and where it fits in with other security activities.
  • Gamification and Security: The Role of Competitions in Readiness and Defense Recorded: Apr 26 2018 57 mins
    Lisa Jiggetts, Founder, President & CEO of the Women's Society of Cyberjutsu
    Security operations face intensifying pressures along numerous fronts, including a constantly shifting threat landscape, an increasingly complex environment to defend, and an extreme shortage of skills. This panel of distinguished security experts will discuss the role that competitions – at the primary school, collegiate and professional levels – can play in attracting workers to the security arena, growing their skills, and developing methods to identify and defend against the greatest threats and risks of the day.

    Lisa Jiggetts, the Founder & CEO of the Women's Society of Cyberjutsu, one of the fastest growing nonprofits dedicated to women in cybersecurity, will spearhead this panel of experts is cyber security and competitions.

    Other panelists include Mika Devonshire, Director of Forensics and Cyber Risk Analytics at SSIC; Marcelle Lee, Threat Researcher at LookingGlass Cyber Solutions; and Dan Manson, Professor of Computer Information Systems at Cal Poly Pomona.
  • ISSA International Series: IoT/Mobile Security Recorded: Apr 24 2018 66 mins
    Hari Pendyala | S.A. Srinivasa Moorthy | Chris Rouland | Matthew Crouse
    The prolific outburst of IoT devices in our lives has become a boon or a curse. Boon as they make it easy to interact with "Things" and Curse as they make it easy for hackers to invade our privacy and breach security.

    Implementing Security in IoT devices is still after thought.This webinar looks at the challenges of securing IoT devices against threats and discusses about the options available to secure these devices.
  • GDPR and you! Perfect together....? Recorded: Mar 29 2018 58 mins
    Joshua Marpet. Red Lion, COO/Founder
    GDPR is a huge topic, with issues ranging from "What does it mean to my business processes?" to "Do I have to care about it?" And that's besides the technical bits! Together, let's explore what it means for a sample company. We'll discuss data, geography, and business processes. You'll learn about some of the pitfalls, and some of the opportunities inherent in GDPR. And maybe we can make it work for you, instead of causing a headache. Want to find out? Just show up.

    Joshua Marpet is an accomplished speaker, long time information and physical security practitioner, as well as a start up CEO and serial entrepreneur.
    He has presented on topics ranging from Facial Recognition to National Security, to audiences from government agencies, law enforcement, Fortune 5 companies, and many others. His research encompasses Digital Forensics, business security maturity, and how not to start an information security business!

    Joshua has been in the hot seat, at all levels of IT and Infosec. From the Federal Reserve, to law enforcement, to being an entrepreneur, Josh has been there. Let's talk.
  • ISSA International Series: Blockchain and other Mythical Technology Recorded: Mar 27 2018 123 mins
    Mark Kadrich | James Grundvig, Myntum Ltd. | Peter Linder | Brian Russell, Leidos
    We will be examining blockchain technology and its proliferation in our data security architectures. Our speakers will discuss their experiences with BC technology, how it’s working today, plans for taking advantage of it in the future, and possible technical issues that may affect its long term efficacy.
  • The Best Defense Is An Offense-Informed Defense Recorded: Mar 27 2018 43 mins
    Jeff Schmidt, VP & Chief Security Officer, Columbus Collaboratory
    In this session, you will learn how an offense-informed defense approach will enable your security team to cut through the noise, be more effective at both identifying the most likely and riskiest attacks and thwarting them faster at less cost. We will discuss how to understand not only the attack vectors, the attackers’ tactics, techniques and procedures but also the residual effects so that, in an environment of almost immeasurable alerts and alarms, your team can focus on the indicators that are the most important.

    Jeff Schmidt, VP and Chief Cyber Security Innovator at Columbus Collaboratory is an accomplished cybersecurity expert with a background in security and risk management. He founded JAS Global Advisors LLC, a security consulting firm in Chicago, and Authis, a provider of innovative risk-managed identity services for the financial sector. Jeff is a board member for Delta Risk LLC, A Chertoff Group Company, a global advisory firm focused on security and risk management. In 1998, he worked with the FBI to create the InfraGard Program, receiving commendations from the Attorney General and the Director of the FBI. He is an adjunct professor of systems security engineering at the Stevens Institute of Technology and a Zurich Cyber Risk Fellow, Cyber Statecraft Initiative, at The Atlantic Council. Jeff received a Bachelor of Science in computer information systems and an MBA from the Fisher College of Business at The Ohio State University.
  • The Future of Passwords Recorded: Mar 22 2018 58 mins
    Hamza Sirag
    This webinar will provide an overview of the future of passwords. Passwords have become very important, protecting a treasure trove of information. You will get an inside look at the techniques and tactics used conduct password attacks. We will discuss the various countermeasures available, new improvements made to the latest operating systems to prevent successful password attacks, and how the industry is trying to eliminate passwords. We will conclude by discussing ways we can potentially circumvent new countermeasures.

    Hamza Sirag Hamza is currently an Information Security consultant. He has spent the majority of his time immersed in the world of cybersecurity. He has had the opportunity to lead complex penetration tests for a variety of federal and commercial clients. He is the founder of Beltway Hackers, a Northern VA based meetup group focused on offensive cybersecurity. https://www.meetup.com/Beltway-Hackers
Cybersecurity and Compliance
Founded in 1999, ITPG Secure Compliance is dedicated to preventing information security breaches that put organizations at risk of noncompliance. Based in Vienna, VA, our subject matter experts are sought-after authorities on PCI DSS, HIPAA Security and Privacy Rule, FERPA and other industry security requirements. Our IT security consultants and virtual CISOs have decades of experience assessing security risks and vulnerabilities, recommending mitigation strategies and mapping remediation plans to strengthen enterprise security posture. We work with corporate, association, and state agency clients that span multiple industries and for multiple resellers. Visit our web site www.itpgsecure.com

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Attacker's Methodology
  • Live at: Feb 1 2018 6:00 pm
  • Presented by: Jason Dion, CISSP - Cyber Security Trainer at Dion Training Solutions
  • From:
Your email has been sent.
or close