Security is Everyones Business Slides

KnowBe4 Phishing by Industry Benchmarking Report 2022

KnowBe4 Security Culture Maturity Model

KnowBe4 Security Culture Report 2022

Verizon Data Breach Investigations Report 2022

With 82% of security incidents being the result of human error, security leaders, auditors, and regulators increasingly recognize that a more intentional focus on the human defense side of security is critical to the protection of organizations.

Joanna Huisman is Senior Vice President of Strategic Insights and Research at KnowBe4. She is a marketing, training and communications professional with over 20 years of experience in strategic, internal and customer-facing engagements in the financial services/tech industries with added experience in sales, operations and organizational development. Huisman was previously senior research director at Gartner in the areas of security awareness, education, behavior management, culture, crisis communications, security and risk program management. Prior to that, she was senior director of global security communications, training and awareness for ADP. TALK TITLE: Security is Everyone’s Business

FBI Election Crimes

FBI Cybersecurity Mitigation Strategies

The FBI has an important but limited role in ensuring fair and free elections. This presentation will provide an overview of election crimes, including campaign finance fraud, civil rights violations, and voter/ballot fraud. It will also cover the FBI’s efforts to identify and investigate threats to election workers, cyber threats targeting election infrastructure, and foreign influence efforts directed at democratic institutions. Additionally, the ways in which the public can report suspected election fraud to law enforcement will be outlined.

Leah Ferrara has served as the Election Crimes coordinator for the Boston Division of the Federal Bureau of Investigation since January 2022. Ms. Ferrara entered on duty with the FBI as a Special Agent in 2019 and reported to the Boston Division of the Federal Bureau of Investigation where she has primarily worked national security cyber and public corruption, civil rights, and hate crime matters. She earned her undergraduate degree in International Business from James Madison University and a Masters in Public Administration from George Mason University. Prior to joining the FBI, she worked as a Project Manager at the Board of Governors at the Federal Reserve.

Boston University Security Camp 2022_Brian Gerdon

This presentation will discuss challenges faced, lessons learned, and successes realized in our journey of incorporating a security orchestration, automation and response (SOAR) platform into our environment at Boston University.

Brian is a member of Boston University’s Security Operations Center where he focuses on automation, digital forensics, and incident detection & response. He has been a part of BU’s Information Security team for over 5 years. In addition to his InfoSec roles at BU, Brian led the Network Engineering team on BU’s Medical Campus, was the IT Director at a Cambridge MA based audio technology company, and a Digital Forensics Examiner at a Chelsea MA based digital forensics consulting company. Brian is a CISSP and holds an MS from Boston University.

Boston University Security Camp 2022_Babak Amin Azad

For over a decade, phishing toolkits have been helping attackers automate and streamline their phishing campaigns. Man-in-the-Middle (MITM) phishing toolkits are the latest evolution in this space, where toolkits act as malicious reverse proxy servers of online services, mirroring live content to users while extracting credentials and session cookies in transit. These tools further reduce the work required by attackers, automate the harvesting of 2FA-authenticated sessions, and substantially increase the believability of phishing web pages. In this talk, we first go over the design concepts of these malicious tools and then introduce PHOCA, our MITM phishing detection framework which is able to fingerprint such toolkits. Finally we report on our findings of the MITM phishing toolkits deployed in the wild and discuss the mitigations.

Babak Amin Azad is a Ph.D candidate at the Stony Brook University in New York. His main research area revolves around web security topics including static and dynamic code analysis for software debloating, browser fingerprinting and bot detection. Prior to joining PragSec lab at Stony Brook University, he worked as a CSIRT engineer.

Boston University Security Camp 2022_Nicholas Spagnola

This will explore some of the techniques utilized by security companies performing Red Teams and threat actors to breach a company’s internal network. This will discuss common ways Red Teams and threat actors achieve initial access to a given network as well as some ways this access can be prevented. This presentation will also discuss the goals of threat actors vs red teamers as well as touch on the differing methods used between the two groups.

Nicholas Spagnola is a Security Consultant providing multiple years of penetration testing experience. Nicholas has performed penetration tests in many organizations including Fortune 500 companies. Nicholas has compromised a variety of systems including Internal, external, web applications, and AWS. Nicholas has published multiple blogs discussing topics such as AWS penetration testing and malware development. Nicholas currently works providing Red Team and Penetration Testing services at Rapid7.