Page 1
Seeing is believingMaking the cyber hype real with hacking demos
Dan Kern - CSO, Monterey County @w6fdo
Page 3
Awareness attendance was a problem for us
Initial numbers were less than 60% participation
Page 4
Needed to get their attention…
Page 5
2013:Live awareness training
Page 6
But since cyber is sooo…cyber!
Page 9
2016:YouTube version to be released soon!
Page 10
Impact on our organization
20
65.5
3
21 21 21 21
2011 (ZEUS) 2014 2015 2016
Phishing Test Metrics(click-rate percentage)
Us Government national average
Government click-rate statistic source: KnowBe4.com
Page 13
We target a person within the
organization
Page 14
We use our target’s social media content against them
Page 19
We become them!
Business andpersonal impact
Page 21
Making demos effective and improving your awareness metrics
Page 22
Not just a hacking demo. You are arming users!!!
Page 23
Show users how to socially engineer,and they will recognize it!
Page 25
Presentation creation tips
Page 26
Computing environment fordemo creation
Page 28
Many tools available, but I Camtasia
Page 29
If you use a real person in your example, get permission!
Page 30
Resources for training
• SEC504 – Hacker Tools, Techniques, Exploits and Incident Handling
• SEC560 – Network Penetration Testing and Ethical Hacking
• SANS NetWars
• YouTube
• Basic tools
Page 31
If you don't want to do it yourself…
https://www.youtube.com/user/w6fdo