{"id":141004,"date":"2022-07-11T10:43:57","date_gmt":"2022-07-11T14:43:57","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?page_id=141004"},"modified":"2024-08-30T14:26:39","modified_gmt":"2024-08-30T18:26:39","slug":"talks","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/services\/security\/education\/camp\/archives\/agenda\/talks\/","title":{"rendered":"Security Camp 2022 Talks, Bios &#038; Slide Decks"},"content":{"rendered":"<h1 aria-hidden=\"true\" style=\"text-align: left;\">Security is Everyone&#8217;s Business<\/h1>\n<p><!-- This h1 is not included in the accessibility tree and therefore ignored by the rule --><br \/>\n<strong>Joanna Huisman<em>, Senior Vice President of Strategic Insights and Research, KnowBe4<\/em><\/strong><\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>Slides &amp; Resources<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p><a href=\"\/tech\/files\/2022\/08\/Security-is-Everyones-Business-Slides.pptx\">Security is Everyones Business Slides<\/a><\/p>\n<p><a href=\"\/tech\/files\/2022\/08\/Resource_2022-Phishing-by-Industry-Benchmarking-Report.pdf\">KnowBe4 Phishing by Industry Benchmarking Report 2022<\/a><\/p>\n<p><a href=\"\/tech\/files\/2022\/08\/Resource_Security-Culture-Maturity-Model-WP_EN-US.pdf\">KnowBe4 Security Culture Maturity Model<\/a><\/p>\n<p><a href=\"\/tech\/files\/2022\/08\/Resource_2022-Security-Culture-Report-Research_EN-US.pdf\">KnowBe4 Security Culture Report 2022<\/a><\/p>\n<p><a href=\"\/tech\/files\/2022\/08\/Resource_2022-data-breach-investigations-report-dbir.pdf\">Verizon Data Breach Investigations Report 2022<\/a><\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>About the talk<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p>With 82% of security incidents being the result of human error, security leaders, auditors, and regulators increasingly recognize that a more intentional focus on the human defense side of security is critical to the protection of organizations.<\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>About Joanna Huisman<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p>Joanna Huisman is Senior Vice President of Strategic Insights and Research at KnowBe4. She is a marketing, training and communications professional with over 20 years of experience in strategic, internal and customer-facing engagements in the financial services\/tech industries with added experience in sales, operations and organizational development. Huisman was previously senior research director at Gartner in the areas of security awareness, education, behavior management, culture, crisis communications, security and risk program management. Prior to that, she was senior director of global security communications, training and awareness for ADP. TALK TITLE: Security is Everyone&#8217;s Business<span><a href=\"http:\/\/bu.edu\/tech\/files\/2021\/11\/Bu-Security-Camp-2021-Josh-Madeley-M-Trends-.pptx\"><strong><em><\/em><\/strong><\/a><strong><em><a href=\"https:\/\/www.bu.edu\/tech\/files\/2021\/11\/Bu-Security-Camp-2021-Josh-Madeley-M-Trends-.pptx\" target=\"_blank\" rel=\"noopener noreferrer\"><\/a><\/em><\/strong><\/span><\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<blockquote><\/blockquote>\n<h1 style=\"text-align: left;\">FBI Election Crimes Program<\/h1>\n<p><strong>Leah Ferrara<em>, Special Agent, FBI Boston<\/em><\/strong><\/p>\n<p><em><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">Resources<\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/em><\/p>\n<p><a href=\"\/tech\/files\/2022\/08\/Resource-FBI-Elections-Crimes.pdf\">FBI Election Crimes<\/a><\/p>\n<p><a href=\"\/tech\/files\/2022\/08\/Resource_Cybersecurity-Mitigation-Strategies.pdf\">FBI Cybersecurity Mitigation Strategies<\/a><\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<p><em><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">About the talk<\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/em><\/p>\n<p><span>The FBI has an important but limited role in ensuring fair and free elections. This presentation will provide an overview of election crimes, including campaign finance fraud, civil rights violations, and voter\/ballot fraud. It will also cover the FBI\u2019s efforts to identify and investigate threats to election workers, cyber threats targeting election infrastructure, and foreign influence efforts directed at democratic institutions. Additionally, the ways in which the public can report suspected election fraud to law enforcement will be outlined.<\/span><\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<p><span class=\"searchHighlight\"><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>About Leah Ferrara<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/span><\/p>\n<p><span class=\"searchHighlight\">Leah<\/span><span> Ferrara has served as the Election Crimes coordinator for the Boston Division of the Federal Bureau of Investigation since January 2022. Ms. Ferrara entered on duty with the FBI as a Special Agent in 2019 and reported to the Boston Division of the Federal Bureau of Investigation where she has primarily worked national security cyber and public corruption, civil rights, and hate crime matters. She earned her undergraduate degree in International Business from James Madison University and a Masters in Public Administration from George Mason University. Prior to joining the FBI, she worked as a Project Manager at the Board of Governors at the Federal Reserve.<\/span><\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<h1 style=\"text-align: left;\">First Flight: Our Foray into SOAR<\/h1>\n<p><strong><em>Brian Gerdon, Incident Handler III, Boston University<\/em><\/strong><\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>Slides<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p><a href=\"\/tech\/files\/2022\/08\/Boston-University-Security-Camp-2022_Brian-Gerdon.pptx\">Boston University Security Camp 2022_Brian Gerdon<\/a><\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>About the talk<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p><span>This presentation will discuss challenges faced, lessons learned, and successes realized in our journey of incorporating a security orchestration, automation and response (SOAR) platform into our environment at Boston University.<\/span><\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>About Brian Gerdon<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p><span>Brian is a member of Boston University\u2019s Security Operations Center where he focuses on automation, digital forensics, and incident detection &amp; response. He has been a part of BU\u2019s Information Security team for over 5 years. In addition to his InfoSec roles at BU, Brian led the Network Engineering team on BU\u2019s Medical Campus, was the IT Director at a Cambridge MA based audio technology company, and a Digital Forensics Examiner at a Chelsea MA based digital forensics consulting company. Brian is a CISSP and holds an MS from Boston University.<\/span><\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<h1 style=\"text-align: left;\">Catching Transparent Phish: Understanding and Detecting MITM Phishing Kits<\/h1>\n<p><strong>Babak Amin Azad<em>, Stony Brook University<\/em><\/strong><\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>Slides<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p><a href=\"\/tech\/files\/2022\/08\/Boston-University-Security-Camp-2022_Babak-Amin-Azad.pdf\">Boston University Security Camp 2022_Babak Amin Azad<\/a><\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>About the talk<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p>For over a decade, phishing toolkits have been helping attackers automate and streamline their phishing campaigns. Man-in-the-Middle (MITM) phishing toolkits are the latest evolution in this space, where toolkits act as malicious reverse proxy servers of online services, mirroring live content to users while extracting credentials and session cookies in transit. These tools further reduce the work required by attackers, automate the harvesting of 2FA-authenticated sessions, and substantially increase the believability of phishing web pages. In this talk, we first go over the design concepts of these malicious tools and then introduce PHOCA, our MITM phishing detection framework which is able to fingerprint such toolkits. Finally we report on our findings of the MITM phishing toolkits deployed in the wild and discuss the mitigations.<\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>About Babak Amin Azad<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p>Babak Amin Azad is a Ph.D candidate at the Stony Brook University in New York. His main research area revolves around web security topics including static and dynamic code analysis for software debloating, browser fingerprinting and bot detection. Prior to joining PragSec lab at Stony Brook University, he worked as a CSIRT engineer.<\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<h1 style=\"text-align: left;\">How Networks are Breached<\/h1>\n<p><strong>Nicholas Spagnola, <em>Security Consultant, Rapid7<\/em><\/strong><\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>Slides<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p><a href=\"\/tech\/files\/2022\/08\/Boston-University-Security-Camp-2022_Nicholas-Spagnola.pptx\">Boston University Security Camp 2022_Nicholas Spagnola<\/a><\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\"><em>About the talk<\/em><\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p>This will explore some of the techniques utilized by security companies performing Red Teams and threat actors to breach a company&#8217;s internal network. This will discuss common ways Red Teams and threat actors achieve initial access to a given network as well as some ways this access can be prevented. This presentation will also discuss the goals of threat actors vs red teamers as well as touch on the differing methods used between the two groups.<\/p>\n<p><\/div>\n<\/div>\n<\/p>\n<p><strong><div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h3 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">Nicholas Spagnola<\/h3><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/strong><\/p>\n<p>Nicholas Spagnola is a Security Consultant providing multiple years of penetration testing experience. Nicholas has performed penetration tests in many organizations including Fortune 500 companies. Nicholas has compromised a variety of systems including Internal, external, web applications, and AWS. Nicholas has published multiple blogs discussing topics such as AWS penetration testing and malware development. Nicholas currently works providing Red Team and Penetration Testing services at Rapid7.<\/p>\n<p><\/div>\n<\/div>\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security is Everyone&#8217;s Business Joanna Huisman, Senior Vice President of Strategic Insights and Research, KnowBe4 FBI Election Crimes Program Leah Ferrara, Special Agent, FBI Boston First Flight: Our Foray into SOAR Brian Gerdon, Incident Handler III, Boston University Catching Transparent Phish: Understanding and Detecting MITM Phishing Kits Babak Amin Azad, Stony Brook University How Networks&#8230;<\/p>\n","protected":false},"author":4352,"featured_media":0,"parent":140998,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/141004"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/4352"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=141004"}],"version-history":[{"count":21,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/141004\/revisions"}],"predecessor-version":[{"id":154025,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/141004\/revisions\/154025"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/140998"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=141004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}