So I attended two very good day long seminars in the past few weeks. First I attended the BSides Iowa event in Ames, IA on the Iowa State University campus. It was held on March 24, 2012 in Howe Hall. The program was very good.
I must admit that the best presentation of the day was by Kellman Meghu, titled How NOT To Do Security: Lessons Learned From the Galactic Empire. The basic concept was to examine the original Star Wars movies from an IT controls and security perspective. I have to admit I had never considered this before, but as soon as he started talking it made perfect sense. Why was R2-D2 able to so easily access systems on the Death Star? Why would the Empire not realize that once the Death Star plans were out in the wild they could not be contained again. Like once something is on the Internet it will always be on the Internet. Now I am really tempted to watch the movies again with an eye toward how the Empires security and control weaknesses lead to its ultimate demise. I believe the organizers said they were going to post the videos online, but I do not know if they have done it yet or where they plan to post them. All I know is I am really looking forward to attending next year.
I learned at BSides Iowa about the Security Challenge that is held every year at Iowa State University. Students are give an operating system and a menu of services and must secure the system with the designated services running. A group of security professional then attempt to hack the systems or take down the services. I am looking forward to learning more about this event and hopefully I can participate.
I also presented at my local ISACA chapters spring seminar. This was an all day event that we held at the University of Iowa. I presented on a number of free network discovery and vulnerability assessment tools that are available. They are Nmap, Nessus Home Feed, NeXpose Community, and Retina Community. I hope that my brief overview of these tools was of some benefit to the attendees and that maybe a few will go on to learn a little more about the tools themselves.
I began learning about these tool earlier this year to prepare for some work I was going to be performing. I will not be doing any scanning myself, but I am hoping that having a better understanding of these tool might help me communicate and interact with those who are scanning more effectively.
I am hoping to maybe write a few blog posts later this year providing a brief overview of the tools, where to get them, and some of the basics of how to use them.