Today I spent most of my time in break out sessions. As usual they were extremely well done presentations. The first one was on the ongoing game of cat and mouse between security professionals and hackers. As usual it is an ongoing arms race. I don’t see that ending anytime soon based on the material in the presentation.
The presenter went through a scenario using the Cyber Kill Chain model. He made some good points about the need to rethink the model. Without a perimeter that can be defined, some of the steps can now occur in different orders or simultaneously. Just like the OSI model, real life doesn’t always line up to the model.
The other session I attended was on social engineering and tools. One of the tools that the presenter told us about was an open source phishing tool called GoPhish. He showed us how easy it was to use it to run phishing campaigns. Really with the simplicity of the tool, there is no reason that every organization shouldn’t do phishing tests of their employees monthly. Computer based yearly training is definitely not effective. Repetition is key.
So after class I was a bit tired. (Yeah I stayed up too late last night.) Instead of the innovation keynote I went back to the hotel and caught a nap before heading out to dinner with the Cisco Gateway team. Hopefully I’ll get to bed earlier tonight and be ready for tomorrow. Tomorrow will be more breakout sessions, the closing keynote and then the customer appreciation event.