GRAND RAPIDS – Information Security and cyber hacking were the focus of this year?s GRRCon, an annual hacking conference held October 16-17 at DeVos Place in downtown Grand Rapids. The attendees were a mix of IT professionals interested in improving cyber defense and those who make a living beating it.
Throughout the conference, speakers offered advice on choosing how to choose security careers both through their individual lectures and during the networking in the halls outside the conference rooms. Lectures were given by shadowy figures, many of whom did not provide their real names or affiliations, but most that have worked in the past or even today as black hat or white hat hackers.
Games offered at the conference were centered on security-related challenges like capturing the flag; others offered network forensics challenges. Each year, the competition improves giving attendees the opportunity to put their skills to good use. This year?s wrinkle featured a tattoo artist on-site; several people left with the GRRCon logo under their skin.
Jayson E Street shared his experience in a talk called, ?Around the world in 80 cons, a tale of perspectives.? Matt Johnson also shared his personal experience and more while he was there. Similarities were drawn between protecting a country and the pride we should have in protecting the network and data.
Jen Fox shared her experience related to social engineering that uses non-technical methods to enable a technical attack. Verizon’s 2013 Data Breech Investigations report cites 29 percent of breeches investigated had a social engineering component involved.
Besides the great lineup of lectures and an Executive Summit on the first day, the conference also featured a special appearance by Henry Rollins, a noted American writer and musician.
In another talk, Charles Herring made clear that the nature of attacks are also changing. The strategy of patiently taking information little by little to complete a larger ?puzzle? of information can be effective, why, he said, it is important to use net flow and a baseline of network behavior to detect even the smallest changes. By blending in with legitimate traffic, cyber attacks have a higher success rate, Herring said.
With the concept of software defined networking on the rise, the control of the network is now from a centralized location. That is exactly why cyber security will continue to evolve from an insurance policy to a mandatory element in every organization, Herring said. Security in this new network model, plus virtualization, and the ?Internet of Everything? will continue to remains hot topics as they were at GRRCon.
Chris Roberts, in his talk, went deeper into the risks behind the Internet of Everything as more and more digital devices get connected to the Web. He went on to discuss how access to one device with weak security allows ?Security Hopscotch? into other areas from the point of origin.
In today?s ever changing security landscape there are threats emerging that change the way organizations must secure their networks and data. There are also a growing number of reasons why using a traditional perimeter security defense is not enough. With a good baseline understanding of the industry by the security leadership team, an organization should develop a model to defend itself each day.
Both Todd Bursch and J Wolfgang Goerlich shared methods that can be followed to help provide guidance for incident response and protection. Proper security models and methodologies are great ways to stay educated and defend against the security threats of our time.
Events like GRRCon provide a forum for critical conversations and education in an area that is important to everyone because we are all consumers. And as consumers, users, and employees we should all invest in understanding cyber security. That is why conferences like GRRCon continue to grow and find success each year providing best practices that lead to an exchange of security information in Michigan and beyond.
Associate Editor Nicole Johnson leads MITechNews.Com?s efforts to foster STEM education, as well as provides coverage for her fellow women in computing. If you have a story idea for Nicole, email [email protected] Follow Nicole on Twitter: @tech_nicole
