2017 Cyber Security Summit

Student Breakfast - MN IT Services w/ Chris Buse

• $400M budget for MNIT
• 0% unemployment rate
• MNIT wants to train/develop IT skills. Everyones wants skilled people but no one wants to train
• Lots of operational jobs
• Looking for interns with lots of general skills
• Flexible hours/locations

Q/A with Chris

• “Are certifications worth it?”
  • “Focus on certs, even though I don’t think they’re very useful. They’re mostly just to get passed HR. I’m more interested in people who do IT in their free time.
• “Do you do malware/AV development at MNIT?”
  • “No, we don’t develop those. We’re just now starting to reverse engineer samples. We use MCAP(?).
• “Do you do phishing training?”
  • “Yes, we send out about 8,500 emails per round. We usually get about a 10% success rate.

Welcome and Opening Remarks

• Collaboration is the key to spreading threat awareness.
• Matt Loeb - “Performance-based assessments are usually bad”

The Dark Web

• Pretty good demo. Mostly focused on scareing people about guns, drugs, carding.
• (Falsely) claimed that the Vegas shooter shopped in a shop like this
• Pointed out obviously fake/spam sites: rent-a-hacker, small drug sites, crazy expensive small gun sites
• Said people can only define what you’re doing wrong, but people can’t define what security is

Cyber Byte with Hala Furst from DHS

• Damages from attacks are increasing
• Security has to be the top priority
• Test response plan regularly
• Don’t have to be the strongest, just not the weakest
• ISAC/ISAO - Share intel
• us-cert.gov/ccubedvp

Governor Dayton

• “I’m old…I don’t tweet” Thunderous applause

Phishing Trends

• Email still very widely used
• Phishing - similar looking domains
  • Still effective
  • Have to train employees

Compliance - Lifeline

• Was mostly just the CTO complainging about how difficult FEDRamp compliance is to get
• CME - Similar to EMP?
• Complicance: Point in time
• CMP - Continuous

Breaches - Evan Wolff

• Average breach discovery time - 300+ days
• Have a plan for breach investigation. Be ready when you notify for the torrent of traffic

Cisco

• Super dope talk about Exploit Kits, how spam spreads, how to identify sources
• Great slides with full-screen informational GIFs

Spies in your wires

• We’re (as a whole) getting better at detecting hacks
• Detection Evasion
  • Hot Patching
  • Run-once malware
  • Time-based exfiltration
  • AMT SOL for OOB comms

Common Attack Vectors

• Lots of examples from pentests
• Basically stories from the road
• Tool: Hacker Arsenal

Blackberry

• Mobile workers are on the rise
• Don’t make use cases for new tech. Find new tech to satisfy your existing use case.

Criticial Infra

• Infrastructure is critical