The third day of Hacker Halted saw talks on slightly more technical topics than the previous days.
The opening speaker Chloe Messdaghi went through the benefits of gamefying training to help build a cyber security team in your organisation in order to create a team who can react quicker to new threats and actually prevent breaches instead of just running through compliance checklists. Ending the talk with some examples of how CTF style events have helped people land jobs was a nice touch to encourage people to take action after the slides had finished.
A more Americanized talk followed from Chris Roberts with a discussion of the dangers of electronic voting systems. While this might mostly affect the USA currently these are points that will likely affect many parts of the world at some point. The biggest danger being that the current voting booths get a F- for security and instead of respecting the cyber security community the vendors behind these booths prefer to divert their money towards lawyers and marketing. I can’t see this being an issue which is going to get resolved until the vendors see that the cyber sec community is on their side.
Annalisa Nash Fernandez spoke to the geography fans regarding how cyber criminals can hide behind geographical borders to hinder law enforcement and aid themselves in crime as a result of two things. One is that laws and agencies are often unable to easily investigate problems once the trail leaves their borders. and Secondly how the culture difference between large parts of the world often means 2 teams working together on a problem are stopped from making progress because they focus on different ways of doing things. A quick run down of what different cultures think of in regards to things such as data privacy highlights the issue that while you may be creating a system which users in one country love another country may see it as moot/trivial.
Last talk of the day allowed Wayne Burke and Kevin Cardwell to give us their wisdom and experience about what they see corporations doing wrong when they visit to take part in an engagement. The main point seems to be companies focusing far too heavily on buying fancy software instead of working on their processes and training staff which results in a large bill for largely ineffectively deployed software. The next part of the talk demonstrates the effectiveness of spending time on misdirecting villains once they have accessed your network. Stopping someone getting in takes a lot of time, but once they are in if they spend 100% of their time getting confused by a honeypot it keeps your data safe for long enough for you to spot the intrusion and kick the bad guys out.