Seeing is believingMaking the cyber hype real with hacking demos
Dan Kern - CSO, Monterey County @w6fdo
Awareness attendance was a problem for us
Initial numbers were less than 60% participation
Needed to get their attention…
2013:Live awareness training
But since cyber is sooo…cyber!
2014:Hacking demos!
> 70% attendance
2015:> 85% attendance
2016:YouTube version to be released soon!
Impact on our organization
20
65.5
3
21 21 21 21
2011 (ZEUS) 2014 2015 2016
Phishing Test Metrics(click-rate percentage)
Us Government national average
Government click-rate statistic source: KnowBe4.com
Hacking Demo Themes
We become the bad guys
We target a person within the
organization
We use our target’s social media content against them
We keep it simple
We become them!
Business andpersonal impact
Making demos effective and improving your awareness metrics
Not just a hacking demo. You are arming users!!!
Show users how to socially engineer,and they will recognize it!
Remind users of ethics…
Presentation creation tips
Computing environment fordemo creation
Don't do the demo live!
Many tools available, but I Camtasia
If you use a real person in your example, get permission!
Resources for training
• SEC504 – Hacker Tools, Techniques, Exploits and Incident Handling
• SEC560 – Network Penetration Testing and Ethical Hacking
• SANS NetWars
• YouTube
• Basic tools
If you don't want to do it yourself…
https://www.youtube.com/user/w6fdo