5 Fun-tastic Fall Activities for Information Security Teams

 

Fall is in the air, and along with pumpkin spice lattes and cozy sweaters, it’s also the perfect time for information security teams to step out of their digital shells and engage with other departments in their organizations. While security is serious business, there’s no harm in adding a dash of fun to foster better collaboration and understanding. Here are five light-hearted yet factual activities to spice up your information security team’s fall:

1. Cybersecurity Pumpkin Carving Contest

Unleash your inner artist and host a cybersecurity-themed pumpkin carving contest. Encourage teams from all departments to carve out their favorite security tools, icons, or even infamous cyber villains. Not only does this activity tap into everyone’s creative side, but it also sparks conversations about the importance of protecting the digital realm while having a gourd time!

2. “Escape the Phishing” Maze

Turn the concept of an escape room into an interactive cybersecurity challenge. Create a “phishing” maze where participants need to navigate through a series of puzzles and scenarios related to online security. This activity not only educates participants about the dangers of phishing attacks but also gets them working together to solve problems, fostering team spirit.

3. Crypto Treasure Hunt

Transform your office space into a treasure hunting ground by organizing a crypto-themed treasure hunt. Provide clues related to encryption, decryption, and security best practices that lead teams from one clue to another. Not only does this activity promote learning about cryptography, but it also encourages friendly competition among departments.

4. Security Awareness Fair

Set up a “Security Awareness Fair” in your office’s common area. Each department can have its own booth showcasing their approach to security. From IT’s “Spot the Vulnerability” game to HR’s “Password Strength Analyzer,” everyone gets to display their security prowess in a fun and informative way. This fair promotes cross-departmental engagement and ensures that everyone learns a thing or two about cybersecurity.

5. Cyber Movie Night

Host a cybersecurity-themed movie night with popcorn and cozy blankets. Screen movies like “Hackers,” “WarGames,” or even cybersecurity documentaries. After the movie, encourage lively discussions about what’s accurate and what’s exaggerated in the portrayal of hacking and security. It’s a laid-back way to bridge the gap between tech-savvy and non-technical teams.

Remember, the goal of these activities isn’t just to have fun, but to build bridges between information security teams and other departments. By approaching cybersecurity engagement with a light-hearted touch, you’re more likely to break down barriers, share knowledge, and create a culture of collaboration that lasts beyond the fall season. So, gear up for a season of learning, laughter, and interdepartmental camaraderie!

 

* Just to let you know, we used some AI tools to gather the information for this article, and we polished it up with Grammarly to make sure it reads just right!

 

Thanks to Columbus State Community College & Get Involved

On Tuesday, I spoke at Columbus State Community College to a group of high and middle school teachers about digital crimes, black market economics and cyber-ethics. We had fantastic discussions and as teachers, they were amazingly engaged with myself and my content. I have never taught a more enthusiastic group of folks.

They asked a lot of questions; mostly about crime, motivation and the techniques of criminals in the digital world. But, they also asked for critical lessons that they could take back to their students and use in their own classrooms. Kudos for that!

If you want to get involved in the program, please contact @sempf on Twitter for more info. They are always looking for great speakers, excellent content and especially women with experience in STEM related careers. Thanks so much to Columbus State for having me. I was honored and thrilled to participate in the GenCyber program. Thanks to @sempf for the photo!

Co3J RfW8AAem8l

3 Reasons I Believe In #CMHSecLunch And Its Mission

I get asked quite often about why I started CMHSecLunch and what the goals behind it are. I wanted to take a moment and discuss it on the blog.

First, if you aren’t a security person in Columbus, Ohio, you might not have heard of the event. Here are the details about it.

Every month, on the second Thursday, my team loosely organizes a simple lunch meet up at one of the local mall foodcourts. It is free, open to all – including non-security folks, kids and interested parties. There is usually a topic like “physical security”, “supply chain”, “threat intelligence”, “pen-testing”, etc. We also usually have something for people to fiddle with while they talk, like locks and lock picks, Legos, smart bits, cards and readers, etc. We find that having something to play with physically seems to help the attendees converse more easily.

The mission of CMHSecLunch was to emulate the “hallway conversations” part of security conferences, and to open up the security community to even larger groups of folks that may be interested, but may not have an easy way to get involved. I wanted it to be less formal than something like an ISSA/ISACA event, be free, loose in organization and really help people make personal connections with each other and the community at large.

The mission started in roughly 2012, and while we took a couple of breaks, is over 4 years old. Sure, there a lot of other events and even a couple of knock off lunches – emulation is a compliment 🙂 – but those usually include some formal presentation, vendor sponsor pitches or some other form of noise as the center of the event. I wanted to avoid all of that and put people at the center of the event. No vendor pitches, no one buys your lunch – so you don’t owe anyone anything either implicit or implied – and since it is in an open public space like a mall food court – there is no separation of infosec from the general public. Everyone can see, talk and ask questions without all of the speed bumps and smoke/mirrors and sense of separation sometimes associated with the infosec community. We’ve had middle school kids, college students, IT folks, janitors at the mall, infosec practitioners, managers and executives join us, engage and ask questions.

So, the #1 reason that I support CMHSecLunch is just that – the open nature and open discussion that comes from it. Thus far, nearly everyone who sits down with us at these events leaves their ego at home or in their car. We’ve had honest discussions from technical to personal, jokes and explanations, stories and anecdotes and even some project launches. Overall, the sense of openness and community has been one of the most amazing parts of my career. Sometimes there are 3 people, sometimes 30 – but I always leave with a smile and a renewed sense of community.

The second reason I believe in CMHSecLunch is that I have seen it bring new talent and fresh energy to the community. People have personally told me that because it was an open, public space and there was nothing expected, that they had the courage to finally approach infosec folks. Many times, people are nervous that they may not fit in, or have the skill set or knowledge of security practitioners at the more focused meetings. They may not have the management or budget support to go to conferences, ISSA/ISACA/OWASP events or even know that they exist. But a lot of people are on Twitter. A lot of people aren’t nervous to go to a mall food court. A lot of people can afford to invest in a fast food or brown bag lunch to get to know people to get started. That’s the crucial ingredient – to make it easy for new folks to join and engage. We need them. The community desperately needs new talent, fresh ideas and new resources that aren’t already locked into the echo chamber of infosec. In fact, I would say new ideas and new talent will make or break infosec over the next 10 years. I believe CMHSecLunch is an easier way for those new people to get started.

Lastly, I love bringing security discussions out of closed business conference rooms and into the mall. I absolutely get thrilled when people around us ask about lock picking or smart bits or whatever we are playing with. I love it when people lean in to listen about hacking or about how credential theft works. We have seen so many surrounding tables clearly listening in – that I have made it a habit to simply ask them to join us and explain the mission. It’s a beautiful thing. Remove the smoke, mirrors and mysticism of infosec – and everyday people are suddenly interested again. They become a little less apathetic, a little less distant and a lot more aware. Isn’t that what we have always asked for as a community? Didn’t we always want everyday users to be more engaged, more aware and more security capable? I truly believe that it will take bringing the public into the fold to make that happen. I believe that events like CMHSecLunch – loosely organized, free, open to the public, held in common public locations and developed on a spirit of inclusion, just might be a way forward. Mostly, I believe in the open, honest and caring attitudes of people, regardless of what community they believe themselves to be a part of. Thus, I believe in CMHSecLunch and our mission…

Wanna give it a try? If you are around central Ohio, you can find the schedule, locations and times here. Want to start your own event, in your area? Ping me on Twitter (@lbhuston) and I’ll be happy to discuss what I did to promote it, and how I would go about it. If I can help you get a group started, I will. That’s it. That’s why I believe. I hope you will believe too… 

14 Talks I Would Like to Attend This Summer

Here is just a quick list, off the top of my head, of some of the topics I would like to see someone do talks about at security events this summer. If you are in need of a research topic, or something to dig into for a deep dive, give one of these a try. Who knows, maybe you will see me in the audience. If so, then feel free to sit down for a cup of coffee and a chat! 

Here’s the list, in no particular order:

  1. machine learning,  analytics in infosec
  2. detection capabilities with nuance visibility at scale
  3. decision support from security analytics & automated systems based on situational awareness
  4. rational controls and how to apply them to different industries
  5. crowdsourcing of policies and processes – wiki-based approaches
  6. internal knowledge management for security teams
  7. tools for incident response beyond the basics
  8. tools and processes for business continuity after a breach – show us your guide to “Ouchies!”
  9. attacker research that is actually meaningful and that does NOT revolve around IOCs
  10. skills and capability mapping techniques for security teams and their management
  11. new mechanisms for log management and aggregation beyond Splunk & SEIM – how would the death star handle logs?
  12. near-real time detection at a meaningful level – even better if admins can make decisions and take actions from their iPhone/iWatch, 😛
  13. extrusion/exfiltration testing capabilities & metrics-focused assessment approaches for testing exfil robustness
  14. network mapping and asset discovery techniques and tools – how would the death star map their IT networks? 🙂
Give me a shout on Twitter if you want to explore these together – @lbhuston.

ICS/SCADA Security Symposium 2014 Announced

For those of you who were wondering about our yearly event, the 4th annual ICS/SCADA Security Symposium has been announced!

The date will be Thursday, December 11, 2014 and the entire event will be virtual! Yes, that’s right, no travel & no scheduling people to cover the control room. YOU can learn from right there! 

To learn more about the event, the schedule and to register, click here!

Save The Date: 2014 ICS/SCADA Security Symposium Dec. 11

This year’s ICS/SCADA Security Symposium will be held on Thursday, December 11, 2014. This year’s event will be a little different, in that we are opening it up to any organizations who are asset owners or manufacturers of ICS/SCADA components. That includes utilities, manufacturing companies, pharma, etc. If you are interested in ICS security, you can sign up for the event.

This year’s event will also be virtual. It will be a series of Webinars held on the same day in 45 minute blocks, with time for follow-on questions. We will also hold a Twitter Q&A Hour from 1pm – 2pm Eastern, and we will attempt to make all speakers available for the Q&A!

In addition, we plan to stand up a supporting website for the event, and release a number of materials, including podcasts, interviews and other surprises the day of the event!

We will be tracking attendance in the webinars and providing notes of attestation for attendees for the purpose of CPE credits. We hope this new format will allow folks who wanted to attend in the past, but either couldn’t make the physical trip to Columbus or couldn’t leave their positions to attend training the ability to join us.

More details, including speakers and topics, as well as schedules, hashtags and other info will be released shortly. Thanks for reading, and we hope to see you on 12/11/14!

CMHSecLunch is July 14th @ Tuttle Mall

Just a quick reminder to save the date for CMHSecLunch this month. It is July 14th at 11:30am at the Tuttle Mall Food Court. We are usually pretty close to the giant germ ball fountain, and the Tuttle event is usually pretty well attended. 

Come out and beat the summer heat, hang out, meet old and new friends and have some food.

We hope to see you there! 

As always, you can RSVP if desired (not needed) or learn more by clicking here. 

Bring a friend, attendance is FREE and open to everyone!

See You at the Columbus ISSA InfoSec Summit

Remember, the Columbus InfoSec Summit is this week. It starts Monday afternoon and runs through Tuesday.

I will be speaking on Monday at 5:30 in Track 1 and my topic is a deep dive into Tor hidden nodes, including how to get business intelligence from them.

Come and say hello. Have a cup of coffee or just a chat. We look forward to seeing you and wish the ISSA a great event!

CMHSecLunch is Monday 4/14/14

Just a reminder that #CMHSecLunch is Monday, 4/14/14 from 11:30 to 1 at the North Market.

Come out and hang with friends, both old and new. The whole gang will be there, so spend some time.

As always, you can read more about the event, tell us you’re coming or see the schedule here.

Hope to see you there. Bring a buddy or at least a smile! 🙂