Chris Bogen, Tulane School of Professional Advancement, discusses the 2019 National Cyber Summit
Posted on behalf of Chris Bogen, Ph.D., GAWN, GPEN, GCIH, GICSP
Adjunct Instructor, Applied Computing Systems Technology,
Tulane School of Professional Advancement
As a cybersecurity professional and a cybersecurity educator I attended the 2019 National Cyber Summit in Huntsville, AL and enjoyed a balanced mixture of information from industry, academia, and government. Highlights of my conference visit included:
A two-day Red Team operations training course from Nicholas Downer and the folks at Millenium provided a well-guided introduction to the use of the CobaltStrike RAT (Remote Administration Tool). The course was paced well for beginners and allowed for more advanced, independent challenges for folks that already have some penetration testing experience. I had a great time working ahead and trying to harvest credentials and pivot through domain controllers.
Bobbie Stempfley’s (Managing Director, CERT Division – Carnegie Mellon University – Software Engineering Institute) keynote presentation was exceptional and personable. It was a privilege to hear a cybersecurity retrospective and look-ahead from an extremely effective pioneer of the industry – afterall, she established the U.S. Department of Defense’s Computer Emergency Response Team! I especially liked how she compared the relative maturity and timeline of disciplined engineering practices in software engineering, cybersecurity, and artificial intelligence (from oldest to newest).
Watching Rob Lee’s Keynote Presentation (Dragos Security) was also an exceptional privilege. As a principal investigator on several high profile industrial control system (ICS) incidents, Mr. Lee provided a healthy dose of reality to counteract several misconceptions about threats to the power grid and other national assets.
Major Bradley Eames (USAF)’s presentation on vulnerability testing for field weapon systems provided a great “out-of-the-box” example of how to manage the unique complexities of testing operational technology (OT) for mission and safety critical application. Major Eames emphasized the importance of credibility when communicating cybersecurity risks to field technicians and OT system owners – it is important not to exaggerate cybersecurity risks that, while technically interesting, have little impact on the system (and vice versa).
Dr. Wesley McGrew (HORNE Cybersecurity) provided a compelling argument for more rigorous cybersecurity education requirements. More importantly, Dr. McGrew recommended several books that are headed to the top of my already oversized reading queue: The Art of Software Security Assessment (Dowd, McDonald, and Schuh), Practical Malware Analysis (Sikorski, Honig), Psychology of Intelligent Analysis (Heuer), et al.
Marcus Sachs, P.E. (Ridge-Lane Limited Partners) knocked one off my bucket-list by allowing me to operate a working Enigma machine on the exhibit floor. Mr. Sachs generously shared his deep knowledge on this historically significant encryption device, and even told me where I could find an Enigma machine for sale in New Orleans. Too bad I don’t have tens of thousands of dollars to spend on the Holy Grail of nerd relics.
My Red Team course classmate, Kell Rozman (Toyota), gave an exceptional presentation on his effort to secure operations at Toyota. It was evident in his presentation that Toyota is forward thinking in the security of their products.
Dr. Brad Wardman (Paypal) provided some insightful stories about Paypal fraud investigations and how Paypal helped other tech companies mitigate risks in the recent “Collection #1” dump of over 1TB of usernames and passwords.
There were many other enlightening and enjoyable moments at the Cybersecurity Summit and I’ll enjoy visiting in the future.
Chapter Note: We appreciate Chris Bogen and Kat Sullivan joining us at the 2019 NCS to represent Tulane University and Tulane MS in Cyber Security Management and MS in IT Management. If you would like to see more about this sponsor's program, visit: