Dan [the] Salmon

2017 Cyber Security Summit

Dan Salmon

October 30 2017

Student Breakfast - MN IT Services w/ Chris Buse

  • $400M budget for MNIT
  • 0% unemployment rate
  • MNIT wants to train/develop IT skills. Everyones wants skilled people but no one wants to train
  • Lots of operational jobs
  • Looking for interns with lots of general skills
  • Flexible hours/locations

Q/A with Chris

  • “Are certifications worth it?”
    • “Focus on certs, even though I don’t think they’re very useful. They’re mostly just to get passed HR. I’m more interested in people who do IT in their free time.
  • “Do you do malware/AV development at MNIT?”
    • “No, we don’t develop those. We’re just now starting to reverse engineer samples. We use MCAP(?).
  • “Do you do phishing training?”
    • “Yes, we send out about 8,500 emails per round. We usually get about a 10% success rate.

Welcome and Opening Remarks

  • Collaboration is the key to spreading threat awareness.
  • Matt Loeb - “Performance-based assessments are usually bad”

The Dark Web

  • Pretty good demo. Mostly focused on scareing people about guns, drugs, carding.
  • (Falsely) claimed that the Vegas shooter shopped in a shop like this
  • Pointed out obviously fake/spam sites: rent-a-hacker, small drug sites, crazy expensive small gun sites
  • Said people can only define what you’re doing wrong, but people can’t define what security is

Cyber Byte with Hala Furst from DHS

  • Damages from attacks are increasing
  • Security has to be the top priority
  • Test response plan regularly
  • Don’t have to be the strongest, just not the weakest
  • ISAC/ISAO - Share intel
  • us-cert.gov/ccubedvp

Governor Dayton

  • “I’m old…I don’t tweet” Thunderous applause
  • Email still very widely used
  • Phishing - similar looking domains
    • Still effective
    • Have to train employees

Compliance - Lifeline

  • Was mostly just the CTO complainging about how difficult FEDRamp compliance is to get
  • CME - Similar to EMP?
  • Complicance: Point in time
  • CMP - Continuous

Breaches - Evan Wolff

  • Average breach discovery time - 300+ days
  • Have a plan for breach investigation. Be ready when you notify for the torrent of traffic


  • Super dope talk about Exploit Kits, how spam spreads, how to identify sources
  • Great slides with full-screen informational GIFs

Spies in your wires

  • We’re (as a whole) getting better at detecting hacks
  • Detection Evasion
    • Hot Patching
    • Run-once malware
    • Time-based exfiltration
    • AMT SOL for OOB comms

Common Attack Vectors

  • Lots of examples from pentests
  • Basically stories from the road
  • Tool: Hacker Arsenal


  • Mobile workers are on the rise
  • Don’t make use cases for new tech. Find new tech to satisfy your existing use case.

Criticial Infra

  • Infrastructure is critical