exquisitely header
Information Security Summit
May 21, 2017

Information Security Summit
On Friday, I attended an information security summit. This event was a great way to be informed on the current trends of security. Some of my schoolmates from the forensics club also attended the summit and it was a nice little reunion. It’s great to see my peers developing professionally! The club president told me they are proud of my achievements and that I serve as a role model to the club members 😊. 

WannaCry Ransomware

I attended a session about the WannaCry ransomware during the summit. A ransomware is a malicious software that blocks your access to file(s) on your computer until you pay the bad guy some money. WannaCry is a type ransomware that was unleashed over a week ago and has already hit hundreds of thousands of computers worldwide. WannaCry could be spread to other computers within the network through a Windows vulnerability. Most of the computers that got hit by this ransomware were running Windows 7. In this case, the bad guy encrypts your files and will give you the decryption key if you pay up $300. This ransomware is still news in developing.

I learned a lot during this session and here are some tips on lessening your risk of getting hit by a ransomware:

  • Keep your devices updated and patched to the latest version as soon as possible.
  • Always verify the sender’s email address, URL’s within the email, and file attachments. There can be a case where your friend’s email becomes hijacked or spoofed so you need to be extra careful.
  • Back up your files! If you happen to get hit, you can always restore your files to a clean state.
  • Microsoft macros can be malicious. Run them only if you know what’s going on.
  • Avoid torrenting files as much as possible. Attackers can insert malicious code into the software.
Lockpicking Village

There was a “capture the flag” competition in one of the conference rooms. Lockpicking happened to be one of the categories in the competition. I was pretty familiar with picking the cheaper padlocks so it was practically a walk in the park for me. One of the attendees gave me a tip on picking handcuffs. I ended up picking them while being handcuffed from the back. Unfortunately, I didn’t have a chance to pick the Titalium lock but maybe next time! In the cybersecurity aspect, lockpicking is essential to access a facility with critical devices when we perform pentesting services.

Vendors Meet and Greet

There were a lot of vendors set up throughout the venue. I tried going to most of the booths and talking to reps about what products or services they offer. Even though I’m in no position to make any decisions about what products we need at my company, it is good to know what’s in the market to potentially recommend to others. There were a couple of individuals who were interested in keeping contact to form some thought leadership.

This was a great opportunity for me to practice one of my introductory pitches. I use different ones depending on who I’m talking to. I don’t need to tell a coworker what company I work for or a vendor about my personal interests unless it goes down that path.

“Hi, I’m Nancy and I’m a risk consultant at [company name]. I primarily perform network security assessments and pentests. I’m just stopping by to learn more about your [service/product].”

Developing Myself

Thanks to this experience, I came up with some questions in order to push myself towards a desirable path:

  • How do I want to contribute to the cybersecurity community?
  • What do I need to do to continue developing professionally?
  • Who do I want to meet and potentially collaborate with?
  • When do I want to accomplish certain goals within the field?

My work is providing me a grant to pursue the Certified Ethical Hacker (CEH) certification. I’ve been slightly studying for CISSP but it’s not a priority since I need 5 years of work experience in order to actually hold the title.

17 Responses

  1. Tara ☆ May 22, 2017 at 5:29 am

    Oh, what a nice event to learn new trends and to see some of your schoolmates! It’s a real good compliment to be told that you are a role model to other club members!

    Eeek! I’m glad I’d upgraded from Windows 7! I’d had hesitated last year, but now I am glad I upgraded. That’s a very unpleasant ransomware. Thanks for the tips. I definitely try to keep my devices and such updated (well, maybe not my game system and Kindle, but definitely my computer and my iPhone!). I especially need to be more vigilant with the email trick. Hate it when I get an email from a friend and it turns out to be spam and evil other things!

    And wow! I’m surprised they teach you how to lock pick! I am now wondering if it’s really that easy to pick the cheaper padlocks . . . I should learn and see if I can handle it, haha!

    It is definitely good to keep abreast of what products are out in the market. And I think it’s good that this even has guided and shaped your future better. I think it’s great your workplace will give you a grant for that certification! I’d definitely take that opportunity 😀

  2. Cristina ☆ May 22, 2017 at 5:34 am

    I heard about this ransomware a few weeks ago. I think a few computers in my country were affected too. They were targeting only public institutions, no?

    Thank you for your tips, I will definitely be more careful with my data. I am using windows 10 but I guess that is not an excuse to not be careful. I guess windows 7 is not a criteria for an attack, so we have to be cautious no matter what operating system we are using.

    I am glad to hear that you want to contribute in increasing cyber security. It makes me very proud. I hope your goals will be accomplished. Take care <3

    • Nancy ☆ May 24, 2017 at 1:24 pm

      The ransomware was targeting whatever is vulnerable to attacks. Businesses (both public and private) were affected. Having the latest updates will give you an extra layer of security but humans are always the weakest factor! Better to practice clean security habits :).

  3. Alyse ☆ May 22, 2017 at 11:22 am

    Reading posts on your work is one of the most unique things I’ve found on the blogosphere — it is a completely different world from my day to day. It makes sense that lockpicking would be essential in training, but if you hadn’t mentioned it, I would’ve thought it to be far removed from cybersecurity!

    • Nancy ☆ May 24, 2017 at 11:12 am

      Thanks for the good vibes 💖. It makes sense because when we think of cyber, we think of the logical aspect. I never thought about the physical part of it until I started this job!

  4. Audrey | Brunch at Audrey's ☆ May 23, 2017 at 12:24 pm

    Looks like you learned a lot from the summit, and it also sounds like it was a lot of fun! It’s good that you got to practice your introductory pitch; I need to figure out what mine is and then practice it! It would make me less nervous about networking opportunities and also be a more productive use of those opportunities. So cool how you got to learn how to pick locks too! I guess when I think about information security, I usually just think of cybersecurity and not physical things like locks and handcuffs! -Audrey | Brunch at Audrey’s

    • Nancy ☆ May 23, 2017 at 10:40 pm

      Keep on practicing and it’ll become completely natural! I didn’t know that lockpicking in security is a thing until I heard of some reasons. Seems legit enough or is it an excuse for people to lockpick for fun? XD

  5. Kim ☆ May 23, 2017 at 3:21 pm

    Wait you can pick locks? That’s crazy!! I would love to know that skill. Not that I ever get in situations where I’d need to… but it seems like a cool skill to have.

    I totally believe how you’d be a great role model for your peers! And I love the way you write your blog posts, particularly when you define things like Ransomware. As someone who doesn’t know a thing about Security, it’s nice to be able to still understand what’s going on in your life!

    Thanks for sharing about your summit!
    Kim
    Simply Lovebirds

    • Nancy ☆ May 23, 2017 at 10:37 pm

      Lockpicking kits are pretty cheap these days! Add some YouTube magic and you’re good to go with some lockpicking.

      Thanks, Kim! I know I would get lost in other technical terms sometimes so I thought it’d be great to take a step back and give some background knowledge :).

  6. Eena ☆ May 23, 2017 at 4:08 pm

    DUDE YOU ARE OFFICIALLY ONE OF THE COOLEST BLOGGERS I KNOW. I love that you work in such a cool field – plus you get to pick locks?! How much cooler can you be?!

    So crazy knowing there are crazy people out there who’ll put a ransom on your files. I mean, maybe not entirely crazy but devious? Does that virus typically affect all kinds of OS or just Windows in general? I’ve used Apple all my life and I don’t think I’ve ever encountered anything that crazy on my laptop – then again, I don’t have really interesting documents anyways xD

    When you get the CEH certificate, does that mean you’re able to hack anything and everything they need you to or what? That’s such a cool title though!

    • Nancy ☆ May 23, 2017 at 10:36 pm

      💖 💖 💖 💖 You’re a cool blogger (and person) too! Mac OS is safer than Windows but it is still to follow best practices to minimize the risk of getting hit by a ransomware or some other malicious tool. I did hear of a ransomware hitting a computer operating on Mac OS. Good that you haven’t encountered anything like that on your laptop XD. CEH certification is a great way to convince people that I can pentest – depending on how strong their security is!

  7. Chynna ☆ May 25, 2017 at 3:30 am

    Aw, I love reunions. That’s so nice that they see you as role model – I definitely agree with them 🙂

    When I heard about WannaCry, I immediately thought of Mr. Robot because I had just started watching it. Coincidence? I THINK NOT. Okay, I am exaggerating, but what are the chances? Those are som good tips – thank you for sharing! I saw you lockpicking on Snapchat, and I was like DAYUMMMM GIRL, U SHOW DEM!

    This sounded like an amazing event and am so proud to hear how much your learning and growing in your field!

  8. Ann ☆ May 25, 2017 at 7:41 am

    Eek! It is such an amazing event to attend! Hope you have learnt a lot from it 🙂
    http://theoraclejournal.net

  9. Cassidy ☆ May 26, 2017 at 7:00 pm

    I have always wanted to go to an infromation security summit. I’ve heard through the news about the nightmares of ransomware and I’d love to learn more about it.

    The only thing I know about lock picking is the basic trick with a credit card and it’s not very useful in a lot of situations.

    That’s so awesome that your work is providing you with the grant. Good luck on getting the certification!

  10. Pauline ☆ May 27, 2017 at 6:11 am

    I love meeting old school friends and seeing how they are developing professionally! It’s always great to see everyone doing well and chasing after their dreams! 😀

    I remember seeing the impact of the WannaCry Ransomware here in the UK a few weeks ago – attacking the NHS. It was super scary and got a lot of people worried about their own security online/of their laptops/computers. I am always one for upgrades and always keen in having the latest systems installed. Eek. I’m actually bad with the backing up part though – I should really improve this.

    Thanks for the advice, you’re such a rocking security chick – saving lives! 😉

    I loved reading the rest of your summit – you get up to such cool things at work! I’ve said it before (and I will continue saying it) but you are seriously so awesome. Admire you a lot! <3 I love the questions you've set yourself too, questioning yourself after events like this to reflect is the best thing to do for your personal and professional development. Go you!

  11. Gillan ☆ May 28, 2017 at 12:06 pm

    Wow, this summit was so exciting! I love how you learned a lot about cybersecurity and about yourself while you were at it!
    I’ve been seeing that WannaCry ransomware because it’s all over the news. People are pointing at North Korea but of course they denied it. Thank you for these awesome tips btw!
    I WOULD LOVE TO LEARN HOW TO LOCKPICK. I’m a law-abiding citizen, I swear, but there’s something about lockpicking that requires intense focus and knowledge and I want to achieve it lol
    I didn’t know there was such a thing as a Certified Ethical Hacker certification. It sounds so cool and professional, I love it!

  12. Liz ☆ May 28, 2017 at 9:36 pm

    Hey there. Thanks for the ransomeware tips! I didn’t know that was happening!

exquisitely.me
est. two-thousand sixteen
homecontactarchivepolicybloglovin'webhost

Exquisitely.Me Logo