InfoconDB

Presented at BSidesDC 2017, Oct. 8, 2017, 12:30 p.m. (50 minutes)

For an outsider, the world of cybersecurity and hacking can be complex and mystifying. People are intrigued and terrified by the “400 lb hacker.” With phishing and other forms of social engineering still being one of the most common root cause of breach, there is a need to empower a company’s employees, especially the non-technical ones, to be able to defend and not fall prey to such attacks. Similarly, the increase in the amount of code being written along with the shortage of cybersecurity professionals calls for a need to train software developers in Security. Traditional methods of awareness including lectures, videos etc. have been ineffective in achieving this adequately. I claim this based on reports by organizations such as Experian, Ponemon etc. and the extensive internal research done at my current company. I present a novel system for cybersecurity training and awareness : Security Gamification including CTF ( Capture The Flags). The training emphasizes on a ‘no one left behind’ principle in which all the employees at a company get trained in CyberSecurity defense.

Presenters:

Kashish Mittal - Application Security Engineer at Duo Security
Kashish Mittal is a Security Engineer at Duo Labs, the advanced research center part of Duo Security.He has 3+ years of experience in the Security industry and has worked for companies such as Bank of America, Deutsche Bank etc. By choice, he is an ethical hacker and an addicted CTF player. He is a member of PPP (CMU's elite CTF group) that won DefCon 24 and 23 CTF competitions. Prior to joining Duo, he did Security Research at Cylab, Pittsburgh. He has a BS and a MS from Carnegie Mellon University majoring in ECE with a focus on Security. He is passionate about delivering Security awareness and training for employees, college students and high schoolers etc.

No one left behind : Security Defense through Gamification including CTFs

Presenters:

Links:

Similar Presentations: