Security 101 For New Security Professionals

okay sure everybody's ready to go my name is Bob Sarah welcome to this afternoon's talk on security 101. Mr Dave Thomas this is profession this is presentations for Security Professionals who will address how to find network infrastructure to an infrastructure networks that require for protection this is uh security 101. David is very good at what he does Dave Gomez is a distinguished fellow and a senior network security engineer working for the chief security officer of the Verizon Wireline security operations group it's current work involves Outsourcing offshore and federal regulations cyber security and privacy regulation customer business presentations and he is a Verizon representative on the outside committees David was the director of the Verizon's network security

architecture and design for nine years prior to his role in that role he led efforts on network security pki file security security governance and risk assessment previously David Helm positions of digital Equipment Corporation for 14 years established their security Consulting practice he was an author and presenter on the topic of securing Networks he has 27 years in the field of security and his background isn't computer science and security consultant ladies and gentlemen this is David Lewis this launches not that one because that looks like a bounce chairman

um welcome sounds like I built this startup for people in the room wanted to do and thanks for the quotes they did stop by the Issa table and ask what this talk was all about everybody at 38 slots I'm going to move pretty quick obviously um when I originally started putting this stuff together I said how do we get multiple security professional professionals into the field because there's a lot of criminal professionals out there we need even at the odds and so I said well we've got to start explaining to people young and old I talk to high schoolers I'm talking to new folks as adults we need more Security Professionals out there and they constantly will come by at me and

say how do I get into the field what should I be studying this is my business what should I be looking for so so take this slide deck and if you want a copy of it and just send an email to me um David W surprise.com send it to document it goes to another person um that's what happens when you have 10 million people use ISP um and uh taking go through every one of these slides the references are on the slides everyone in the keywords if you don't know if they are Google them figure out what the I use Wikipedia and things like that and just learn more about the field so you can talk

intelligently to whatever you're doing to your developers to your product people to your infrastructure how to protect your own home network so we're going to go through a lot of this stuff we're going to go through pretty quickly but you're going to get back feel this stuff and get a better idea so an adult of course a three-hour course that I did out in California this spring I gave them uh homework assignments this is one of yours so you have two questions to answer for the company you work for what would be the five things someone wants to steal you needed all the answer to that because that's not going to go after and that's

what you want to protect the most you can't protect everything you want to protect the most because the end game is now they're probably in your network they're trying to go for those five things you need to know what they are and you need to protect them better we're going to talk a little bit about how to do that all right the end game used to be used firewalls in a virus IBS and all of that stuff and you're going to be fine they're not going to get even past your perimeter they've probably passed the perimeter so the end game now is to find them as quick as you can and move them out before they steal they'll

stop by this okay that's that's the new game and that's why we need more security depression the other thing is uh in your home networks one of the five things you want to protect from your home networks for instance you can watch your financial bank account information you want to make sure that that is um not stolen uh your videos of your kids all of that stuff maybe you think is the most important in your home network um you just face this important because if someone's running illegal business they might want to put their child support on that disc things that so you don't let that knock on that door from the FBI saying you have child porn and

you had nothing about it but you had an open connection to the internet they usually disk space in order to store their stuff so yeah um so take that seriously know what you need to protect because you can't protect everything the other homework assignment I'll give you is to read the Verizon database report which I have some slides on a really good read and I'll summarize that too in this talk so we've been around for about 20 years since called the internet I was talking to high schoolers and realized that every one of them there was born um after the internet started so I really started feeling old when I did that but um but it's been uh it went from

streamlined users to 2.3 years that's a billion that's that's that's that's a lot of people so this internet has really taken off um I'm hearing things called industrial internet coming up now and things like that it may be to the point where the internet itself becomes hard to do business on it when they go to a second Network and do some of that stuff and that's where we'll really apply a lot more security to it uh this was never designed to be secure we've had to um fix a lot of the protocols over time so why do the criminals like this place it's in beautiful places no there's no taxes there's no laws uh you can rob the

bank from anywhere in the world um so for a lot of reasons they're actually kind of pissed off because it's not fast enough to steal all the stuff that they want good enough that's how much money they're making around the world on stealing from the internet the United States has been a prime target to steal from because we're so well connected we have almost everything online so they can do it from this age even throughout the world uh how much can they make the the biggest thing is to get something called a zero day exploit what they need is that there's no patch against whatever it is so that if you're running that software and they have uh

an exploit for it you never even know that they kiss you so that's why zero days are more valuable so if you have the zero day against the Microsoft operating system who's with fifty thousand dollars in today's money that's a lot of money uh for uh for some countries that maybe two or three years worth of salary oh you get down into these things these used to be worth a lot more money now there is so much identity of that going on that you really can't make a lot of money on that stuff so so people are really going up into this area so it's out there um these are some of the numbers excuse me how do you came up

with these numbers uh this was part of this study here because related to the fraud stuff and I think I got this live from a guy within Verizon so my suggestion is to just on each one of these things sort of Google the first two or three words in it you'll find the actual part of this reference I know the bottom half you can go to paste fit and actually look at advertisements for people selling the stuff yeah see what they're asking it's it's to the point where um Black Hole uh premium is probably one of the most used uh exploit tips that are out there it costs ten thousand dollars a month to run you save my horrible crap

that's 120 000 a year through my illegal business but all I have to do is create you get some free zero day exploits on it so you can just go out and just broadcast it across the world and all you have to do is get 200 people to click on it infect them and then just with like ransomware just encrypt the disk and just say if you give me fifty dollars I'll be cooking just to go away I have all you kids pictures back or you work at PC back you say wow that's worth fifty dollars and we get that back to the PC at 8 500 um all they have to do is get uh you

know 200 people to do that and they've got that ten thousand dollars and then they can use the rest of the time to steal intellectual property and do stuff like that and make you know twenty Thirty forty thousand dollars a month so it's a real business for a lot of people and you get full-time 24x7 support you buy this so it's easy it's a valid business that's right so it was pretty scary um uh how much of this stuff has changed uh until three years ago if you talk about I saw this report this is report happening this spring and it's just amazing to show that this level of intelligence is out there so this is a

red October exploit and um University Labs actually put this out there and they stole seven terabytes worth of data over five years and it was just let known now as to what they were doing the interesting thing in all of this is if you take a look at some of the gray areas these are the areas that more actually compromised and so I'm not pointing to anyone country but there may be something that could potentially have been involved in this in some cases you know I don't think that up here is called a climate there's too much going on but they may not even have internet up there but but the reality is that this happened

over a five-year span and we just figured it all out and most people don't even keep logs past year see what you feel and tell them that didn't even happen to you because it was five years ago so um one word of caution if you aren't carrying enough logs you need to start carrying your logs for for many many years because they can be in there for two three five years before you even know you were compromised you know a little bit more of us up a little fun for EMC by someone just the firearm report this came out this spring too I thought this was interesting in that this area right in here it they Analyze This is their data

because they analyze malware 89 million events and uh all across all organizations on average you are attacked every three months so they're persistent they're out there they're constantly doing it as Security Professionals we have to do better than they are that's really hard because they just have to find one problem you have to defend the whole network in our case we're in 150 countries it's really hard to keep that Network tight in my group alone we have 120 professionals so anyways take a look at these reports that come out from a lot of vendors that deal with malware deal with intrusion so just take a look at what's happening in the industry that's why we need more

Security Professionals because the battle is changing and um let me tell you a quick story um I do this um a cyber talk and a Healthcare company last year they have a computer security week and um I thought you know I had one hour to talk about security and how to get them a little excited about it notice after lunch so I know they're all going to be through earlier but the person who talked with folding was the senior can be in the organization are you stood up there like this and before I get up and you look at everybody in the room there's like 80 people they all work for them he said if we have an exploit in this company

how long you have a job do that listen to me it was amazing I was like they thought I was a guru no the reality was they're in healthcare field if uh 60 employees um and if the reputation if they knew that they were compromised the next few on those contracts would come before we knew they could go to alternate vendors therefore the business goes down downtown now so small medium business they can't handle very many of these exploits so so he was telling them the truth but the reality is everybody that works for a company it gets really really compromised um may not be working there the Saudi aramco stuff once they figured out what they want to steal over there

they wanted to create a diversion and trying to steal the stuff and get it out because they found out that they had been people knew that they were they created a diversion by working 30 hours and service think about from an I.T point of view how long it would take you to build learning files and systems that's the level of sophistication that you're willing to go through to do something so that's why we need more Security Professionals because we get to get ahead of all of this so what this talk is just going to do one side on each one of these areas um and we're just going to hit them real quickly and I'm not going to go through

a lot of the slides but they're there to give us a homework assignment you can send me an email I'll send it aside okay it's full security very important if they get access to the system they have it is that simple it's just a question of time they can put in a CD of another operating system and put it back up again get to the disk itself carry it up they can spend a lot of time with it you're just too big to carry off they'll try to compromise in other ways but people say here is really important the most compelling thing that I heard lately was they said if you ignore the users you've already lost the battle

through the battlefield because the uses are your eyes and ears to see what's going on they know what's not normal how come my system is running so slow how come my this application goes blue screen on me they know big big sense when the Network's not right if they reported to ITV but that's a hint that something went wrong in the network someone's doing something so never forget physical security we are having these really ugly buildings in every town they call Central offices that was our perimeter for a long period of time it's concrete bunkers and press which is the reality is now today we're just broadcast around the world a lot of our stuff now is in data centers and not

Central offices but they're still there everywhere So Physical is important going north people security that who you have in the company it's really important we do background checks and done drug testing all of that stuff exchange information you're seeing a lot more of this with the uh the presidential executive order for sharing information between the government and the private sector but there's still there are a lot of laws out there so for instance my company can't share directly with the government because we'll be breaking the law so we can do it under a subpoena when they ask us for specific information where we can't just simply share back and forth so some of those laws have to change in order for these

executive orders to work but the reality is we do a lot of sharing with a lot of different companies a lot of different types of organizations uh that good-looking guy I think our part of uh my job is I have to cross uh cross-train for other types of jobs so uh if the union decides to go along strike we should have did about a year and a half ago that's that's doing something so and I don't even like heights but you know sometimes you have to do that so um who do we interact with in my company um these are some of the organizations we work with I just want to put a plug in

for some of these local organizations isaka is near ISC squared so if you have a cissp certification which is something that is it gives you through the resume uh to the first level so you maybe get a phone interview uh if you're you know trying to get into the security field so getting at least one certification even as a Cisco certification or something it shows that you want to be a security professional and want to match up you have to get past the HR department and the computers first before you can even get the phone interview before you get the job interview so so it's important to do some of that stuff down here I

belong to the multi-state ISAC which is a group of uh a lot of times governments and vendors and we work together on things that are happening across the states in the United States so that's another good one over here um all day so many folks have come up and behind just a group of Security Professionals so there's a lot of things I gave a talk at 5 only two weeks ago the laws are changing around the world it's a very very complex thing for me to try to keep track of because we're in 150 countries even when I do write we write a policy that matches to the regulation I have translated to that country's

language and I I hope that they did a good job with translation because

they did a good job on it um but there's a lot of private privacy is driving a lot of the regulations around the world right now you're seeing it also in the United States too but as people become computer savvy they will have computer cyber laws they will have privacy laws uh just through the bank I see other things so I have to keep track of that because presidential executive order was really busy making sure that they don't think that the ISP can solve a little hunger um in that there is responsibility across the ecosystem for secure is not against the ISP that has the pipe that enables a lot of this stuff to happen

so we I've been working a lot with that you have to follow the laws and regulations of the landing a new business center so you have to do those things or else you can find some penalties and reputation as a couple of those downhill so keep track a little legal up to wherever you can because your lawyers should be your best friends security trainings uh really important I'll hit one bullet here which is cyber tabletops usually one one stable table top a year in my company and uh I used to think when I was writing it that I was thinking very deviously about you know what could go wrong in the network and nobody reads some of the

things that have happened over the last year I said well I'm not even down in the weeds of being duties compared to what some of the people have actually done so um it gets out there one of the things that we learned from the latest one was that um if we think our network is compromised how do we use it and communicate because of bad people need our email that people need to be watching my file transfers as we try to recover and forwarding all of our efforts um so that was an interesting takeaway and the other one was well if I network is really really compromised how do we communicate and get together on the

outside of all networks and to come back in and do the repair so that's one of my projects internal and external way of communicating if things really go bad and trust me if they go bad in my company they can go bad in your company too find it works out working parasite so we're thinking along those lines now just to figure out okay what could be some bad things that would take place and how do we recover from as quick as possible we do that really good on physical security like in Hurricane Sandy we had to replace 10 000 telephone poles that's a lot of telephones the logistics to get all those trees there get them ready put them up put new wires

on them and do it as quick as possible so uh we're capable of doing it but the Cyber side of that it's not a challenge and people need to stop and think about how do I travel my business if something like that was to happen for you this came out of multi-state Isaac and it's just a good awareness type training that you can get to your users if you go under the mailing list these come out like once a month you can just park your new company logo on it send it back out again it doesn't scare your awareness now um and uh there's some good ideas in here the thing is trying to get someone to

social engineering someone to do something click on the link and get infected and then they're already inside the company so we'll talk about that so the security terms I mentioned ransomware there's a lot of things up there advanced persistent threat is one that you definitely should look up and understand it's really more of an advanced persistent adversary but someone just gets in hunkers down in most cases their spies who are trying to take intellectual property through this along those lines the real juicy stuff you have the Coca-Cola formula if you're working for course they're looking for the stuff they're familiar making a lot of money and then down in here there's a lot of different things I don't know if anybody

knows what water holding is but I think of uh you know the zebras in Africa they're really thirsty and they it hasn't rained in 100 days and they're going to the water hole and the lions are just waiting for the weak one to call up to herd well that's the same thing on the internet and basically they see something big happening and it's going through CNN's publicizing a bill in fact CNN so anybody that goes to that website gets infected so it's the same analogy they call it water pulling but so we have a geeky cyber terms for the same things that happen in the real world but there's a lot of terms here at

Google look them up uh these are some security resources for people who come by the issuccess and so how do I get into this this is what I look at and read on a pretty religious cases I'm getting some pretty good feeds from the Department of Homeland Security um going on and the FBI also they are now starting to share more information the good thing about it is it's more actionable information and what that means is it's no longer good enough just to say this IP address you have to have the IP address to do the exact time stamp of that because this malware is constantly fluxing their IP addresses you have to know that instant in time that place in

the world this was um so that um they're now they've now figured out from U.S government funding because that actionable data is more available and you know because you don't want to as a company to go out and shut off someone that wasn't even their IP address that they were using um you could be guarding their business it could be a whole match the person has a heart monitor and things like that so you get into all these messy lawsuits and so you really have to know who you're dealing with so that at times that's really critical now the US government is getting that all but um journals up there different magazines all of this stuff is free so take a look

at some of it don't inundate yourself with incoming spam every day but it's nice to know what's going on in the level of magnitude of what's going on especially if it's let's say there's a new exploit and you're in the electric sector you do know you're in the water section you didn't know about it um got some guys hanging out on the problem Reservoir over the last week or so chemical engineers at midnight okay not from this country myself um you know so we just have to think that you know you know we had some terrible things happen here in the marathons they're out there so our jobs these professionals is to try to keep our

companies yes thank you this was a horrific time in most people's lives it was 9-1-1 we lost a number of employees from that plane hit there we lost some employees from uh what happened here was these two buildings collapsed which is what you see here but what happened was World Trade seven collapsed into this building here this building here is 140 West Street which was a large coal movement you know downtown Manhattan so the wiring so the wiring rack looked like this this is all the cables coming in that are connecting up Wall Street we had three or four days to rewire that so what we were doing was we were taking the wires and we were taking off the

side of the buildings and doing whatever we could to make this I think this happened require it that gives you an idea of the damage that had occurred in that central office who would have thought that people would use a plane as a bomb got to stop thinking like the bad guys on the Cyber side who would have thought that people were doing some things like this but they have and so we've been a 401 so we have the we had to stop thinking about what we were defenses so we have a lot of different types of operation centers um this is a picture of actually the G-Shock down in Texas it's a Global Security operations center that you did

a lot of Adventures so they're watching my egress assistant Network most people are watching what comes into the network you also have to watch the network because it could be the most valuable stuff you had just left the network at that point get your resume so it's uh it's really important to have a pulse on your network the plug for Stu Jacobs who wrote This Book engineering commission security usage professor at Boston University um you're a pretty decent engineering book and all of these appendices in the back of it has some really good examples if you have to write policies to write an RPG or things like that so the bigger slide deck that I did he had

a lot of graphics and so I gave him a bigger plug but I think this stuff exceptions you know our security uh we're not going to talk about a whole of this stuff here because I could talk about three hours on just as one slide but the reality is these are some of the layers of defense that you would use no no one of them is going to stop the bad people from getting in however you do need these layers because if you don't they just don't come blocking it so you need firewalls you need routers you need white listing lists and you need intrusion detection systems you need load balancers you need denial of

service attackers have been a big thing in the paper and financial sections but that hard with it they're going to go from the financial sector and go to the electric sector they're going to go to any sector that they want that's activists and keep on bugging because they'll know that this type of attack does work so just before one think about Canal service understand what it means to your business at those web servers you have on the front end is really valuable to your business think about that layer of protection on that stuff for our services you can buy to mitigate some of it but they get pretty sophisticated to let you know how a denial service

works from a carrier point of view you buy so much bandwidth just like on your cell phone you buy so much per month or if your files you can buy so much a month they have 30 30 30 Downstream when you go beyond that capacity then we have to make a decision and we let you have that extra capacity or not well when you're using an edge router there's probably 130 other customers that are using that same product these are the road as a size refrigerators they'll support like 130 customers and um if you are taking 50 or 60 of the bandwidth beyond what you pay for we have to make the determination of are we

going to really hurt the other 120 actors are out there so if you buy a mitigation service we can take that traffic and move it somewhere else and not trip us up at 29 if you don't then you have to make a business decision you would keep that road uh because it's going to reach capacity pretty fast those are decisions carries have to make with these types of attacks that happening so from a business point you think about it before it happens what are you going to do what you want us to do because if we drop your traffic the your internet connection is gone but as a as a company we'd have to try

to keep the internet so it's it's a real Balancing Act s anything that starts with an S is a good thing uh except for XML doesn't have an Essence anything that that sends passwords into clear if it's a no no why because they're already inside the network and you should send their own clear passwords guess what they get the admin passwords they get any passwords that they want so you have to assume they're on the inside so you use secure protocols why because to make it harder for them some of the algorithms to use if you're going to use encryption this could be a whole three hour without just on encryption but it's important to

understand it we use disk encryption on laptops things like that yeah people want to use this uh triple disc for all these better yeah it gets out there and AES is probably a pretty good way of going but there's a lot of older technology that still users so we have systems out there that are 50 years old 30 years old so so sometimes you have to be Backward Compatible so some of these older algorithms are still out there they're better than nothing but with Microsoft stuff sometimes they try to shut them off they call those features um if you say why do I want to tell my developers to use secure product also these are some of the reasons for

instance ask them questions like well what countries are you going to have this data stored in or move this data transfer this data back and forth from or um what are the laws of the land that you're using for stuff and what kind of performance do you need is this data sensitive if there's no sensitive at all you may not have to protect it this is all public knowledge but as soon as it becomes someone says it's sensitive social security number that's a credit card it has Health Care information it has financial information at that point it's sensitive it means it needs to be protected rest needs to be protected to Francis in transit because

someone could be just listening they didn't get into that Financial system should use that checklist application software security a lot going on in this space but people have lost track in protecting the operating system and all of the other stuff that we're talking about the application and the application that's really important and um the reason why they're important one of the things that we're looking at is um do I have the right level of roles for the different people in other words if the person only needs to do backups can they do backups and read writes and everything else or can they just do backups this person just needs to have read access to the

application as do they have read and write why do they have right because if the bad guy gets their account and both region right and keeps that match so so think about those roll stuff you also think about throttling if I can only do 50 transactions an hour and I just did 5 000 that's Way Beyond what I should be doing that means someone's probably running a script that's probably someone trying to do something really bad whether it's an internal employee or someone on the outside they don't know what the rules are so therefore that should be alarmed it may be that you're we're in a disaster situation and we run some big tools to try to get the network up

around the 9-1-1 but the reality is in most cases people physically do any emotions so therefore a machine is doing something really bad so so think about that when you're building applications what is Admiral and flag Admiral from an application point of view it's another layer of Defense don't forget it database security it's a very very complex area that probably was no talk in here on it I was amazed when I was talking to someone from Oracle I came in and talked to me about the database security about afghanist at the Bay Area this is really complex the reason why it's important is because they're going after the databases it's just the same reason why they go up to Banks because

that's where the money is well the databases have all the critical information in your company and critical information about your customers that's what they want so think about protection and your database administrators have to be well trained on the fishing and the latest security threats and they have to do a good job of protecting their password and watching their and just wait for those guys to meet guys and us to make a mistake yeah Salesforce or any other things that yourself well I really wouldn't put the real critical stuff on Salesforce like them but um cloud computing is a whole different topic I would I I would link people's Board of tools using private clouds versus public

clouds especially if you have sensitive information because the jury is out on whether the clouds can be protected with real sensitive information if you're encrypting everything and things along those lines just to make it more difficult for them but I would just be leery of putting a little sensitive stuff out there and think about that okay the data breach report let's go through a few things some things in red are the most important things so who gets attacked everybody in this room at all Industries attacked us to numerous get tactics and non-stop summer every three minutes you're lucky I could be faster than that state Affiliated 19 so you're up against nation states you have lots of money

the 20 income explanation States I mean guess what that is uh that's up 10 from last year so you're dealing with people that have lost billions of dollars that are willing to take you stuff so you know small medium businesses they don't have the money to work for these or against these guys so um who are these people they break up the report debates come up into activists which are doing a lot of the general service attacks right now uh criminals and spies the spies are the ones that are well funded ones criminals are the ones that are after the financial stuff that they can sell real fast five minutes okay and then um what are

some of the tactics um they are uh activists are very basic methods criminals are in between complexity and spies whatever they want to do whatever they want to take it could be trying a three to five years um 78 of these attacks are discovered by the outside not by you know 69 by the government telling you you've been hacked and nine percent by your own customers that's all that's not much uh not much faith in people inside Fairfield so um if someone tells you that they think that you have a problem you probably do uh 16 of the case 66 percent of the cases um were discovered in months and years well this is the one where last

year was 56 now it was 66 so we're going wrong so it was taking us months to years to figure out what we've been compromised and it takes them minutes to hours to break in so there's something wrong with that curve and we need to fix that this is really interesting this came from a company I think it's called um they they provide us some database report they looked at 47 000 incidents when they they go out and they do spear phishing attacks on companies you pay them to connect and do it so what they what they found out was on average at about three spear phishing emails they can get over fifty percent of click

on them and at 10 it's pretty much even now right here they're in so they all they have to do is send off 10 the same email inside your company and if somebody's going to click on it and you're going to be infected and the game's going to start because that's not many emails that's why the bad guys are usually it's so simple it's past your firewalls your routers everything else someone clicks on it they're infected all of a sudden um so you can read these recommendations I just want to talk a little about security home network all of these people are all breaking up with each other by texting the young people uh what is it like uh 80 of the kids

sleep with their phones between 50 and 80 so um if anyone just grab them tonight so they they can get pretty cool obviously but um and you laugh because my daughter her last breakup was over a text so it does happen um so if you're protecting your home think about these things these next few slides um I'm not sure I was surprised I went out to my router and I had 14 devices on a fire was almost 15 devices I'll hand it into the toasters and the refrigerators maybe because you can't patch them fast enough probably but um but then they gives you an idea this there's a lot of things you can do a lot

of smart things you can do these are some of them uh as far as smartphones uh iPhones are a lot better protected from a malware point of view droids of the world and drugs operating system we added about 150 000 right now Android malware attacks in uh the uh smart iPhones nowhere facing malware so so if you have a choice right now life alone uh however what they'll find over time is they'll find ways to get into whatever the most people are using so it'll come back or back home but at least for right now if you're buying one for the next few years um I gave me started a different one uh phones do disappear 3 400 last year

Boston was number 10 people just walk away from their homes any proprietary of your company information on those phones it's gone too that's the date of reach in a lot of cases you gotta report handled the supplies so so think about that make sure that if your people have a proprietary information on the phone make sure it's encrypted otherwise control some basic things to do on devices in the hole has to protect Wi-Fi use WPA or WPA2 don't use web it can be broken in less than 60 Seconds it's only for people driving by within 300 500 feet however just don't do it let them go to your other neighbors not your house

um just just a quick note um you can go to the site please Rodney you're on Facebook say hey everyone Evan great time in Puerto Rico or Kunta Cana or wherever you are and we'll give you back in five days and they just told everybody on the internet that's watching you that your house is ready to be robbed and you have five days to do it these people look at the same information you post publicly they look at it as oh this is an opportunity so think about that next time you post something you want everybody in the world to know where you are what you're doing who your friends are all that stuff the answer is no we're telling

kids to stop your life too because that's how kids can be uh you know socially engineered to meet someone in some way or or to try to compromise them at some event so think about it from a reverse point of view of oh this is good information to share is it the right thing to put some credit this gives you some more stuff for protecting your home so that's what I had to stick to it so you've got one minute any questions

everybody yes can you comment a little further on some other potential social engineering things like that I know that fishing is

um

yeah basically um I look at Social Engineers as magicians so they're using not magic which is they really helps your mind and your visual effects to do something the opportunity social Engineers are playing against um how mostly things work and using it in a different ways because they're very good it's like they can they can get someone to give up I'm from this bank and I need your credit cards the expiration date for three different number on the track and verifying your account we've had a problem we've had a break-in type of the things

source and that they really need this information and they're first of all you know you have to give this thing or we're shutting down yesterday you know so if someone is 80 years old say hello

thank you concerning certifications yeah awesome there are lots of certifications coming every day how you work to hire people 25 years

well number one is cisp it is not so important that it's a you're going to learn a lot from it but it's what's important is that it says that you're a security professional you have to have 40 hours of training per year to be admitted

would be the one that gets you in the door more than any other one if I'm allowed without between them interns are going to be hard to find at the Collegiate level just because a lot of people have their work experience

so I would say I would be looking at an aptitude and security who wants to be a security professional maybe it's John through a student chapter a local organization I know um I went to talk to Clark University Northeastern chapter as a student chapter for you guys to say I've bring them in terms that they look like that they haven't posted they can do what you want to do because these kids are so smart nowadays and mold them see if they have to try them out they all need the opportunity and we need those Security Professionals we can talk a little bit more if you want to send me an email address more ideas yeah

good all right we all set go forward