SlideShare a Scribd company logo

I hack you hack we all hack

Download as PPTX, PDF
K
KaraMichelleHarkins

WITS 2020 presentation

Presentations & Public Speaking
1 of 34
I Hack, You Hack, We All Hack! … or Why Cybersecurity Is Great for Underrepresented Communities Kara Harkins Urban Institute @kara_h #WITSMA20 April x, 2020 Women In Technology Midatlantic
Investigating: More work in cyber security (cybersec) to add to my toolbox Current Title: Senior Web Developer at the Urban Institute (been here since 2004) Previous Jobs: Applications Developer (White House, IRS, Urban) Network Operator (Rockingham Memorial Hospital) Systems Manager (James Madison University) Who am I?
I was doing programming before HS (yes, in the 70s). I was the student who was more used to being called to sys managers’ offices than to ones of principals and deans. If I was in college today people would decide I was headed to cybersec/hacking but this was the 80s. I wanted to study computational physics (probably even more obscure than cybersec back then) so CS grad school and programming it was. Basically, I am a computer generalist. My career concentrates more on breadth of experience than depth. Now the non-resume stuff
Logs Research Studying Maintenance Reports Yes, any profession has the boring stuff
We are concentrating on one thing … For this presentation though
FUN!!!
We want to find what is attractive about the field. Why?
Definitions
Hackers (I am using the original definition here) InfoSec CyberSec White Hats Certified Ethical Hackers The Forces of Light
Black Hats Crackers (yes, that is the word for hackers that went bad) Script Kiddies The Baddies
It can also be read as defenders here. The overlap of security and hacking is not exact (in fact it was even the DefCon theme last year) but at a high level it works. This is also part of my attempt to make the word not seen as scary to people. For this I will use the terms hackers and infosec as the good guys
Employment
Not much representation from diverse communities right now. Any field benefits from different voices. Hacking is about looking at problems differently. Black hats are *counting* on people all doing the same thing. High demand. High salary. Why is diversity needed?
• Cyber Security (CyberSec), Information Security (InfoSec) • Physical Security (may work in CyberSec later, some overlap) • Blue Teams (Defense) • Application Security • Web Security • Automotive Security, IoT Security • Cybercrime Investigator • Auditor • Security Architect • Network Security Administrator • Trainer • Data Security Analyst Jobs – staff (just some)
• Penetration Testing, Tiger Teams, Red Teams (Offense) • Bug Bounty Hunter • Data Recovery • Virus Technician • Ethical Hacker • Data Recovery Specialist • Forensic Computer Analyst • Security Consultant • Vulnerability Assessor Jobs – contractors (may also be staff)
Impressions? Responses Encouraged
Hackers will pay attention to this more than the best lock on the market but good luck convincing people to use only a sign. I would not suggest it anyway as black hats will love it when there is not a lock. What is your first reaction? Why?
Intense curiosity about what is beyond the door but annoyed there is a lock. Remember, signs keep out hackers more than locks. Ex: I got the combo to a door leading from my lab once because it was like fingernails on a chalkboard to not know it. I had no desire to be in that other room, the point was the lock. This is traditional security What is your first reaction? Why?
Security through obfuscation: someone WILL find it. This is the worst form of security next to no security. Yes, I have encountered this with computers. What is your first reaction? Why?
Do you immediately want to solve this?
Hacking Topics
Social engineering … people WANT to help - locked door? Approach it with your arms full when someone with access is going to it. Not all hacking is hard
• Do not always need to do … a lot of things are keyed alike • Information is your friend • Can find reasonably priced picks and places to practice … google Sometimes used in pen testing. Lockpicking
• Lots and lots to learn about here! • First thing: how to properly lock down your own machines (even if someone else will do the work). Tech stuff
Resources To Get Started
BsidesDC (www.bsidesdc.org) DefCon (www.defcon.org) … getting more diverse, for example, queercon Local DefCon groups (www.defcon.org/dcpages) Hint: Volunteer! Good networking and often a perk is free admission Resources - conferences
‘Hackers’ – Steven Levy ‘Cuckoo’s Egg’ – Cliff Stohl While these two are my favourite hacker books they are closer to the mainstream though. At the same time, neither is a perfect example of that. Part one of Levy’s book is about college kids and Stohl is an astronomer. Resources - Books
https://Girlswhohack.com/ https://www.meetup.com/WoSEC_DC/ https://www.icmcp.org/ https://queercon.org/ Resources - sites
Hak5 Null Byte DEFCONConference Resources - YouTube
Advantages Discussion
Attackers assume defenders will look at the world just like everyone else. What if that assumption does not work though? For example, some people will see tasks as needing to be done fast so will see something as impossible. Meanwhile you may be used to being patient to get something done. Bingo! A solve to what others call impossible. See the advantages? Advantages in general
Hyperfocus when interested Pattern recognition This means a person with ADD or ADHD would be GREAT at spotting attack patterns when engaged in finding an attack. This is something an attacker may want to slip under the radar with. Example: advantages to ADD/ADHD
For the discussion please pull up these: http://techgenix.com/cybersecurity-skills/ [google: cyber security skills] https://cybersecurityventures.com/50-cybersecurity-titles-that-every- job-seeker-should-know-about/ [google: cyber security titles]
@kara_h How can you see advantages in other unrepresented groups? How can they apply to cyber security? What strengths does a group have? How can those strengths work in cybersecurity?

Recommended

Netiquette, Copyright, Plagiarism
Netiquette, Copyright, PlagiarismNetiquette, Copyright, Plagiarism
Netiquette, Copyright, PlagiarismKamarziTillery
 
Netiquette, Copyright, and Plagiarism
Netiquette, Copyright, and Plagiarism Netiquette, Copyright, and Plagiarism
Netiquette, Copyright, and Plagiarism brileyrourk
 
Getting involved in network security
Getting involved in network securityGetting involved in network security
Getting involved in network securityjeffmcjunkin
 
Academic plagiarism presentation
Academic plagiarism presentationAcademic plagiarism presentation
Academic plagiarism presentationKyleLynch
 
Plagiarism, netiquette, copyright issues slideshare
Plagiarism, netiquette, copyright issues slidesharePlagiarism, netiquette, copyright issues slideshare
Plagiarism, netiquette, copyright issues slideshareRyleeSwag
 
Blacks In Technology for BMI Technology Workshop Presentation
Blacks In Technology for BMI Technology Workshop PresentationBlacks In Technology for BMI Technology Workshop Presentation
Blacks In Technology for BMI Technology Workshop Presentationblacksintechnology
 
Blacks In Technology BMI Tech Workshop preso
Blacks In Technology BMI Tech Workshop presoBlacks In Technology BMI Tech Workshop preso
Blacks In Technology BMI Tech Workshop presoblacksintechnology
 
Documentation for developers
Documentation for developersDocumentation for developers
Documentation for developersMichael Marotta
 

Recommended

Netiquette, Copyright, Plagiarism
Netiquette, Copyright, PlagiarismNetiquette, Copyright, Plagiarism
Netiquette, Copyright, PlagiarismKamarziTillery
 
Netiquette, Copyright, and Plagiarism
Netiquette, Copyright, and Plagiarism Netiquette, Copyright, and Plagiarism
Netiquette, Copyright, and Plagiarism brileyrourk
 
Getting involved in network security
Getting involved in network securityGetting involved in network security
Getting involved in network securityjeffmcjunkin
 
Academic plagiarism presentation
Academic plagiarism presentationAcademic plagiarism presentation
Academic plagiarism presentationKyleLynch
 
Plagiarism, netiquette, copyright issues slideshare
Plagiarism, netiquette, copyright issues slidesharePlagiarism, netiquette, copyright issues slideshare
Plagiarism, netiquette, copyright issues slideshareRyleeSwag
 
Blacks In Technology for BMI Technology Workshop Presentation
Blacks In Technology for BMI Technology Workshop PresentationBlacks In Technology for BMI Technology Workshop Presentation
Blacks In Technology for BMI Technology Workshop Presentationblacksintechnology
 
Blacks In Technology BMI Tech Workshop preso
Blacks In Technology BMI Tech Workshop presoBlacks In Technology BMI Tech Workshop preso
Blacks In Technology BMI Tech Workshop presoblacksintechnology
 
Documentation for developers
Documentation for developersDocumentation for developers
Documentation for developersMichael Marotta
 
Final Blacks In Tech /BMI presentation
Final Blacks In Tech /BMI presentationFinal Blacks In Tech /BMI presentation
Final Blacks In Tech /BMI presentationblacksintechnology
 
Threat Modeling Lessons From Star Wars
Threat Modeling Lessons From Star WarsThreat Modeling Lessons From Star Wars
Threat Modeling Lessons From Star WarsAdam Shostack
 
Software Architecture Meetup introduction
Software Architecture Meetup introductionSoftware Architecture Meetup introduction
Software Architecture Meetup introductionMuhammad Ali
 
Connecting the Dots
Connecting the DotsConnecting the Dots
Connecting the DotsInnoTech
 
On plagiarism
On plagiarism On plagiarism
On plagiarism vida-dehnad
 
Digital Citizenship Presentation
Digital Citizenship PresentationDigital Citizenship Presentation
Digital Citizenship Presentationmhporter1
 
Icse 2013-tutorial-data-science-for-software-engineering
Icse 2013-tutorial-data-science-for-software-engineeringIcse 2013-tutorial-data-science-for-software-engineering
Icse 2013-tutorial-data-science-for-software-engineeringCS, NcState
 
Know it: Plagiarism,Netiquette.and Copyrighting
Know it: Plagiarism,Netiquette.and CopyrightingKnow it: Plagiarism,Netiquette.and Copyrighting
Know it: Plagiarism,Netiquette.and CopyrightingAmena99
 
The law of the internet
The law of the internetThe law of the internet
The law of the internetkane21
 
Open source
Open sourceOpen source
Open sourceNathan Smith
 
Hackerspaces & engineering education slides
Hackerspaces & engineering education slidesHackerspaces & engineering education slides
Hackerspaces & engineering education slidesCK Harnett
 
Filenames are not metadata, changing cultures at the University of York
Filenames are not metadata, changing cultures at the University of YorkFilenames are not metadata, changing cultures at the University of York
Filenames are not metadata, changing cultures at the University of YorkJulie Allinson
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Bed on Ceiling Progress
Bed on Ceiling ProgressBed on Ceiling Progress
Bed on Ceiling ProgressDoyeon Kwak
 
Interactiondesignwk4
Interactiondesignwk4Interactiondesignwk4
Interactiondesignwk4Anthony Hutton
 
De fratis webquest
De fratis webquestDe fratis webquest
De fratis webquestAJHalliwell
 
Is p netiquette
Is p netiquetteIs p netiquette
Is p netiquetteMelissa McLendon
 
Nick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs securityNick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs securityDevSecCon
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Less is More: Behind the Data at Risk I/O
Less is More: Behind the Data at Risk I/OLess is More: Behind the Data at Risk I/O
Less is More: Behind the Data at Risk I/OMichael Roytman
 
New text document
New text documentNew text document
New text documentsleucwnq
 
New text document
New text documentNew text document
New text documentsleucwnq
 

More Related Content

What's hot

Final Blacks In Tech /BMI presentation
Final Blacks In Tech /BMI presentationFinal Blacks In Tech /BMI presentation
Final Blacks In Tech /BMI presentationblacksintechnology
 
Threat Modeling Lessons From Star Wars
Threat Modeling Lessons From Star WarsThreat Modeling Lessons From Star Wars
Threat Modeling Lessons From Star WarsAdam Shostack
 
Software Architecture Meetup introduction
Software Architecture Meetup introductionSoftware Architecture Meetup introduction
Software Architecture Meetup introductionMuhammad Ali
 
Connecting the Dots
Connecting the DotsConnecting the Dots
Connecting the DotsInnoTech
 
Digital Citizenship Presentation
Digital Citizenship PresentationDigital Citizenship Presentation
Digital Citizenship Presentationmhporter1
 
Icse 2013-tutorial-data-science-for-software-engineering
Icse 2013-tutorial-data-science-for-software-engineeringIcse 2013-tutorial-data-science-for-software-engineering
Icse 2013-tutorial-data-science-for-software-engineeringCS, NcState
 
Know it: Plagiarism,Netiquette.and Copyrighting
Know it: Plagiarism,Netiquette.and CopyrightingKnow it: Plagiarism,Netiquette.and Copyrighting
Know it: Plagiarism,Netiquette.and CopyrightingAmena99
 
The law of the internet
The law of the internetThe law of the internet
The law of the internetkane21
 
Hackerspaces & engineering education slides
Hackerspaces & engineering education slidesHackerspaces & engineering education slides
Hackerspaces & engineering education slidesCK Harnett
 
Filenames are not metadata, changing cultures at the University of York
Filenames are not metadata, changing cultures at the University of YorkFilenames are not metadata, changing cultures at the University of York
Filenames are not metadata, changing cultures at the University of YorkJulie Allinson
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Bed on Ceiling Progress
Bed on Ceiling ProgressBed on Ceiling Progress
Bed on Ceiling ProgressDoyeon Kwak
 
De fratis webquest
De fratis webquestDe fratis webquest
De fratis webquestAJHalliwell
 

What's hot (17)

Final Blacks In Tech /BMI presentation
Final Blacks In Tech /BMI presentationFinal Blacks In Tech /BMI presentation
Final Blacks In Tech /BMI presentation
 
Threat Modeling Lessons From Star Wars
Threat Modeling Lessons From Star WarsThreat Modeling Lessons From Star Wars
Threat Modeling Lessons From Star Wars
 
Software Architecture Meetup introduction
Software Architecture Meetup introductionSoftware Architecture Meetup introduction
Software Architecture Meetup introduction
 
Connecting the Dots
Connecting the DotsConnecting the Dots
Connecting the Dots
 
On plagiarism
On plagiarism On plagiarism
On plagiarism
 
Digital Citizenship Presentation
Digital Citizenship PresentationDigital Citizenship Presentation
Digital Citizenship Presentation
 
Icse 2013-tutorial-data-science-for-software-engineering
Icse 2013-tutorial-data-science-for-software-engineeringIcse 2013-tutorial-data-science-for-software-engineering
Icse 2013-tutorial-data-science-for-software-engineering
 
Know it: Plagiarism,Netiquette.and Copyrighting
Know it: Plagiarism,Netiquette.and CopyrightingKnow it: Plagiarism,Netiquette.and Copyrighting
Know it: Plagiarism,Netiquette.and Copyrighting
 
The law of the internet
The law of the internetThe law of the internet
The law of the internet
 
Open source
Open sourceOpen source
Open source
 
Hackerspaces & engineering education slides
Hackerspaces & engineering education slidesHackerspaces & engineering education slides
Hackerspaces & engineering education slides
 
Filenames are not metadata, changing cultures at the University of York
Filenames are not metadata, changing cultures at the University of YorkFilenames are not metadata, changing cultures at the University of York
Filenames are not metadata, changing cultures at the University of York
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
Bed on Ceiling Progress
Bed on Ceiling ProgressBed on Ceiling Progress
Bed on Ceiling Progress
 
Interactiondesignwk4
Interactiondesignwk4Interactiondesignwk4
Interactiondesignwk4
 
De fratis webquest
De fratis webquestDe fratis webquest
De fratis webquest
 
Is p netiquette
Is p netiquetteIs p netiquette
Is p netiquette
 

Similar to I hack you hack we all hack

Nick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs securityNick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs securityDevSecCon
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Less is More: Behind the Data at Risk I/O
Less is More: Behind the Data at Risk I/OLess is More: Behind the Data at Risk I/O
Less is More: Behind the Data at Risk I/OMichael Roytman
 
New text document
New text documentNew text document
New text documentsleucwnq
 
New text document
New text documentNew text document
New text documentsleucwnq
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfTravisMcPeak1
 
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesLeon Kuunders
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360John Strand
 
Preservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesPreservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesDorothea Salo
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017Adrien de Beaupre
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau
"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau
"Startups, comment gérer une équipe de développeurs" par Laurent CerveauTheFamily
 
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose TutorialArchitecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose TutorialWill Gallego
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineeringTiago Henriques
 
BSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityBSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityAlex Pinto
 
Measuring Relevance in the Negative Space
Measuring Relevance in the Negative SpaceMeasuring Relevance in the Negative Space
Measuring Relevance in the Negative SpaceTrey Grainger
 

Similar to I hack you hack we all hack (20)

Nick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs securityNick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs security
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
 
Less is More: Behind the Data at Risk I/O
Less is More: Behind the Data at Risk I/OLess is More: Behind the Data at Risk I/O
Less is More: Behind the Data at Risk I/O
 
New text document
New text documentNew text document
New text document
 
New text document
New text documentNew text document
New text document
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdf
 
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slides
 
If i wake evil 360
If i wake evil 360If i wake evil 360
If i wake evil 360
 
Preservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesPreservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanities
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau
"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau
"Startups, comment gérer une équipe de développeurs" par Laurent Cerveau
 
Binary crosswords
Binary crosswordsBinary crosswords
Binary crosswords
 
Patterns of fail
Patterns of failPatterns of fail
Patterns of fail
 
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose TutorialArchitecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineering
 
BSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information SecurityBSidesLV 2013 - Using Machine Learning to Support Information Security
BSidesLV 2013 - Using Machine Learning to Support Information Security
 
Measuring Relevance in the Negative Space
Measuring Relevance in the Negative SpaceMeasuring Relevance in the Negative Space
Measuring Relevance in the Negative Space
 

Recently uploaded

No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 

Recently uploaded (20)

No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 

I hack you hack we all hack

  • 1. I Hack, You Hack, We All Hack! … or Why Cybersecurity Is Great for Underrepresented Communities Kara Harkins Urban Institute @kara_h #WITSMA20 April x, 2020 Women In Technology Midatlantic
  • 2. Investigating: More work in cyber security (cybersec) to add to my toolbox Current Title: Senior Web Developer at the Urban Institute (been here since 2004) Previous Jobs: Applications Developer (White House, IRS, Urban) Network Operator (Rockingham Memorial Hospital) Systems Manager (James Madison University) Who am I?
  • 3. I was doing programming before HS (yes, in the 70s). I was the student who was more used to being called to sys managers’ offices than to ones of principals and deans. If I was in college today people would decide I was headed to cybersec/hacking but this was the 80s. I wanted to study computational physics (probably even more obscure than cybersec back then) so CS grad school and programming it was. Basically, I am a computer generalist. My career concentrates more on breadth of experience than depth. Now the non-resume stuff
  • 5. We are concentrating on one thing … For this presentation though
  • 7. We want to find what is attractive about the field. Why?
  • 9. Hackers (I am using the original definition here) InfoSec CyberSec White Hats Certified Ethical Hackers The Forces of Light
  • 10. Black Hats Crackers (yes, that is the word for hackers that went bad) Script Kiddies The Baddies
  • 11. It can also be read as defenders here. The overlap of security and hacking is not exact (in fact it was even the DefCon theme last year) but at a high level it works. This is also part of my attempt to make the word not seen as scary to people. For this I will use the terms hackers and infosec as the good guys
  • 13. Not much representation from diverse communities right now. Any field benefits from different voices. Hacking is about looking at problems differently. Black hats are *counting* on people all doing the same thing. High demand. High salary. Why is diversity needed?
  • 14. • Cyber Security (CyberSec), Information Security (InfoSec) • Physical Security (may work in CyberSec later, some overlap) • Blue Teams (Defense) • Application Security • Web Security • Automotive Security, IoT Security • Cybercrime Investigator • Auditor • Security Architect • Network Security Administrator • Trainer • Data Security Analyst Jobs – staff (just some)
  • 15. • Penetration Testing, Tiger Teams, Red Teams (Offense) • Bug Bounty Hunter • Data Recovery • Virus Technician • Ethical Hacker • Data Recovery Specialist • Forensic Computer Analyst • Security Consultant • Vulnerability Assessor Jobs – contractors (may also be staff)
  • 17. Hackers will pay attention to this more than the best lock on the market but good luck convincing people to use only a sign. I would not suggest it anyway as black hats will love it when there is not a lock. What is your first reaction? Why?
  • 18. Intense curiosity about what is beyond the door but annoyed there is a lock. Remember, signs keep out hackers more than locks. Ex: I got the combo to a door leading from my lab once because it was like fingernails on a chalkboard to not know it. I had no desire to be in that other room, the point was the lock. This is traditional security What is your first reaction? Why?
  • 19. Security through obfuscation: someone WILL find it. This is the worst form of security next to no security. Yes, I have encountered this with computers. What is your first reaction? Why?
  • 20. Do you immediately want to solve this?
  • 22. Social engineering … people WANT to help - locked door? Approach it with your arms full when someone with access is going to it. Not all hacking is hard
  • 23. • Do not always need to do … a lot of things are keyed alike • Information is your friend • Can find reasonably priced picks and places to practice … google Sometimes used in pen testing. Lockpicking
  • 24. • Lots and lots to learn about here! • First thing: how to properly lock down your own machines (even if someone else will do the work). Tech stuff
  • 26. BsidesDC (www.bsidesdc.org) DefCon (www.defcon.org) … getting more diverse, for example, queercon Local DefCon groups (www.defcon.org/dcpages) Hint: Volunteer! Good networking and often a perk is free admission Resources - conferences
  • 27. ‘Hackers’ – Steven Levy ‘Cuckoo’s Egg’ – Cliff Stohl While these two are my favourite hacker books they are closer to the mainstream though. At the same time, neither is a perfect example of that. Part one of Levy’s book is about college kids and Stohl is an astronomer. Resources - Books
  • 31. Attackers assume defenders will look at the world just like everyone else. What if that assumption does not work though? For example, some people will see tasks as needing to be done fast so will see something as impossible. Meanwhile you may be used to being patient to get something done. Bingo! A solve to what others call impossible. See the advantages? Advantages in general
  • 32. Hyperfocus when interested Pattern recognition This means a person with ADD or ADHD would be GREAT at spotting attack patterns when engaged in finding an attack. This is something an attacker may want to slip under the radar with. Example: advantages to ADD/ADHD
  • 33. For the discussion please pull up these: http://techgenix.com/cybersecurity-skills/ [google: cyber security skills] https://cybersecurityventures.com/50-cybersecurity-titles-that-every- job-seeker-should-know-about/ [google: cyber security titles]
  • 34. @kara_h How can you see advantages in other unrepresented groups? How can they apply to cyber security? What strengths does a group have? How can those strengths work in cybersecurity?