Seeing is believingMaking the cyber hype real with hacking demos

Dan Kern - CSO, Monterey County @w6fdo

Awareness attendance was a problem for us

Initial numbers were less than 60% participation

Needed to get their attention…

2013:Live awareness training

But since cyber is sooo…cyber!

2014:Hacking demos!

> 70% attendance

2015:> 85% attendance

2016:YouTube version to be released soon!

Impact on our organization

20

65.5

3

21 21 21 21

2011 (ZEUS) 2014 2015 2016

Phishing Test Metrics(click-rate percentage)

Us Government national average

Government click-rate statistic source: KnowBe4.com

Hacking Demo Themes

We become the bad guys

We target a person within the

organization

We use our target’s social media content against them

We keep it simple

We keep it real

We become them!

Business andpersonal impact

Making demos effective and improving your awareness metrics

Not just a hacking demo. You are arming users!!!

Show users how to socially engineer,and they will recognize it!

Remind users of ethics…

Presentation creation tips

Computing environment fordemo creation

Don't do the demo live!

Many tools available, but I Camtasia

If you use a real person in your example, get permission!

Resources for training

• SEC504 – Hacker Tools, Techniques, Exploits and Incident Handling

• SEC560 – Network Penetration Testing and Ethical Hacking

• SANS NetWars

• YouTube

• Basic tools

If you don't want to do it yourself…

https://www.youtube.com/user/w6fdo

Questions?