Niko Bailey
Vulnerability Management Analyst,
Duke University
Tornado Talks in Ten
Wednesday, May 15, 2019 | 3:30PM–4:30PM CT | Montreux, Second Floor Event Centre
Session Type:
Breakout Session
Delivery Format:
Lightning Talk Presentation
Talk 1: CMSS: Plug In Some Security into Your CMS
Content management systems provide an easy interface for users to alter website content and appearance but often leave security and IT professionals in the dark regarding the security state of the platform. Come join the fun as we explore how Duke is using modules and plug-ins to catalog important security data contained within each CMS and collect it centrally for vulnerability-alerting and incident response.
Outcomes: Understand how CMS data can be used to improve your web security posture * Identify methods of aggregating CMS data in your environment * Examine some potential strategies for inventorying your web presence
Presenter: Niko Bailey (Duke University)
Talk 2: How to Survive a Successful Phishing Attempt
We experienced a successful phishing incident at KCU, which cost the university real dollars and forced us to create an incident management response team and ongoing security processes. We would like to share our story with other institutions, including what we did and lessons learned that others can benefit from.
Outcomes:Apply lessons learned from our phishing experience to your own institution * Craft your own incident response plan * Identify tools and ideas to apply on your campus
Presenter: Lance Huggins (Kansas City University of Medicine and Biosciences
Talk 3: NIST-800-63-3B Password-Vetting Compliance
In June 2017, NIST Special Publication 800-63-3B established new guidelines regarding how organizations should vet user passwords. Rather than password composition policies that require a certain number of character sets, NIST now recommends that organizations check passwords against a list of banned passwords and reject those that are found on the list. As of July 2018, the list of known compromised passwords numbers more than half a billion strings. This presentation will demonstrate how to solve this problem at all levels of the organization and also share a specific technical solution using a Bloom filter at Virginia Tech.
Outcomes: Understand the drastic password-vetting changes introduced by NIST 800-63-3B as of June 2017 * Learn how these changes will impact every level of your organization and how to adapt * Learn how to solve the technical challenges brought about by the changes with a hybrid solution
Presenters: Randy Marchany (Virginia Tech), Richard Tilley
Talk 4: Sleight-of-Hand Magic and Cybersecurity
We'll explore the commonalities between sleight-of-hand magic and cybersecurity, specifically, the neuroscience behind the way the observer/user interprets data they see and how the senses can be tricked both in magic and in cybersecurity.
Outcomes:Learn how to triage potential threats * Learn how to manage your attention to mitigate errors in judgement * Understand the science behind illusion and perception and its role in exploiting the user
Presenter: Don Warrick (California Lutheran University
