Houston Security Conference Training Sessions

Training Session One: Cloud Busting: Cloud Forensics Workshop and Challenge

What, exactly, is “the Cloud”? Is it a network of machines connected via the Internet scattered all over the globe? Is it a data center environment located in the United States or anywhere in the world? Is it really just “someone else’s computer”? Or, is there more to it that needs to be understood by the Information Security professional, to arm him or her with enough knowledge to answer the tough question that inevitably will be asked by their employer, “Why should we take the risk to move our most sensitive data into the cloud?” To take it one step further, should in the event of a data breach that same employer should say, “We need to investigate how this happened;” what exactly will the Information Security professional need to know to successfully conduct a digital forensic investigation, especially if he or she doesn’t have direct access to the server or hardware? The Cloud Forensics Challenge team (@Cloud4n6) is excited to come to HOU.SEC.CON for 2019 and bring our workshop with us. We have presented this training at both the 2017 BSides DC and the 2018 BSides Charm events, and seats have sold out both times. The focus of our workshop is two-fold: first, to explore key concepts of Cloud computing and understanding the procedures and processes of conducting a digital forensics investigation in the Cloud; and second, a half-day challenge to test students' comprehension of the material and their skill sets by investigating a digital image of a Cloud-based server and searching for various "flags" to be turned in as part of a team competition. Prizes will be up for grabs and we look forward to sharing our knowledge with attendees!

Sign up today for Houston Security Conference Training! Spots are limited so don't miss your chance!

Training Session Two: Mitre ATT&CK: What is it, how to use, and apply it to your organization

Mitre has created the “Adversarial Tactics, Techniques & Common Knowledge” (ATT&CK) to help security practitioners understand the actual techniques and tactics that adversaries use against us. The advantage of ATT&CK is it allows us to build a framework to understand how we might detect, respond, and prevent many of the tactics. Creating your own ATT&CK framework provides for a way for us to map what technologies, procedures, playbooks, reports/queries, and alerts we have, and then map any gaps that we have that then can be addressed. This course is intended for any Information Security or IT professional. The focus will be on What ATT&CK is, How to start using it, and resources available to you. We will walk through mapping your technologies and options to self-assess yourself against ATT&CK and how to know if you are ready to defend against these type of adversarial techniques. All attendees will get a copy of LOG-MD Professional as part of the class.

Sign up today for Houston Security Conference Training! Spots are limited so don't miss your chance!

Training Session Three: Red Team/Blue Team for Industrial Control Systems

Security aware and knowledgeable users serve as the “front line” of your overall security posture. As such, training is one of the most essential components of your risk mitigation strategy and overall cybersecurity program. However, without learning cybersecurity from the “hacker’s” perspective and gaining a true understanding of how adversaries attack and compromise ICS networks and assets, you’re only getting half of the picture. Red Team/Blue Team Training provides the opportunity to learn adversarial tactics in conjunction with the defensive methods; and then students get to apply the skills they learn as they face off in a head-to-head competition, Blue Team (the defenders) against Red Team (the attackers). Gamification Traditionally, red team/blue (or red team vs. blue team) training has been a significant time commitment, often upwards of five days or more. This can be taxing on constrained schedules and budgets. ThreatGEN™ Red Team/Blue Team Training uses cutting edge computer gaming technology developed by authors of “Hacking Exposed: Industrial Control Systems”, to offer all the best aspects of red team/blue team training, but in a fraction of the time and without a technical learning curve. Students of all levels can even play the part of the red team, regardless of experience or skill level. In the end, students discover that defending their ICS networks and assets is more than simply deploying “best practices” and “layered defense”. Students will learn to create targeted defensive strategies (despite having limited resources) against a live opponent who is strategizing against them.