NCI’s Black Hat 2014 Wrap Up

Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.

Black Hat 2014 Wrap Up

On Tuesday, 5 August, the Black Hat 2014 training sessions were being wrapped up during the evening sessions. There were a number of topics that security experts were attending during the first couple of weeks of Black Hat 2014. I attended a few of these training sessions as they were being wrapped up. “Practical Threat Intelligence in Cybersecurity” as well as “Insider Threat Interrogation techniques.” Each subject was very interesting in content. In the hallways of The Mandalay Bay Resort and Casino, reporters were actively interviewing key cybersecurity researchers from various federal agencies. In the future, I will cover one of the training sessions that I attended on Practical Threat Intelligence in cyber security.

The week started off for the larger part of Black Hat 2014, preparing briefings being conducted by key speakers and presenters in the cybersecurity industry. The Black Hat 2014 Key Note speaker this year was Mr. Dan Geer. You are able to view the Key Note Speaker’s highlights from various web sources. Mr. Dan Geer is currently the chief security officer for In-Q-Tel, which is the investment venture of The Central Intelligence Agency.

Mr. Dan Geer’s focus this year was on the security of mobile applications. He predicts that a major attack will be made via mobile software applications. He believes that these software applications need to be more securely written by developers. Other topics of interest being covered at this year’s Black Hat 2014 were “The Most Hackable Cars,” and “The Internet of Things – How to hack everything.” Each subject will also be covered in separate individual blogs in the future.

The Black Hat 2014 Business Hall opened the next day on Wednesday, 7 August, on the same day the Key Note Speaker and The Briefings started. The Business Hall was chock full of new and improved analytical products for cybersecurity professionals in the industry. I sat through a couple of vendor presentations. There were three that were of much interest. There was the company called “ssh.” Yes, it is the same name for secure shell which is a very popular encryption communication technique over The Linux operating system. The company’s founder, Tatu Ylonen, was the inventor of the “ssh” encrypted communication technique over Linux. The Open SSH encryption system has been around for 15 years since 1999.

There was another vendor named “Codenomicon” who had discovered the major vulnerability of Heartbleed. The vendor gave it the name and logo of the Open SSL Heartbleed vulnerability. They stated they were using the symbol as a logo because they were the first to discover and report the vulnerability and wanted to display the discovery as public awareness. I also sat through various other vendors’ presentations such as “Websense,” which is an abnormally intrusion detection system, FireEye, Malware detection and prevention system, and finally BlueCoat, which is a Firewall IDS, and Packet Sniffer analyzer for deep packet inspections. Packets are the data sent over network channels in frames through what information technology professionals call ports. There are specific ports to each type of protocol over the communication networks.

Overall, there was a lot of data shared through industry collaboration and presentations at Black Hat 2014. I highly recommend attending at least one Black Hat as a cybersecurity professional. It will both motivate you and continually educate you for the future of battling cybersecurity intrusions and incidents.

Randall Sylvertooth.fw
About Randall Sylvertooth

Randall Sylvertooth is a career industry subject matter expert (SME) in cyber security, working as a contractor for The U.S. Government in various capacities. Mr. Sylvertooth was formerly an adjunct professor and advisor for the University of Virginia’s School of Continuing and Professional Studies (SCPS) Cyber-security Management program.

Read Full Profile