Users don’t pay attention to your security guidance and they tune out during those training programs you bought because it’s all just so boring. But learning “how to be a hack” is interesting, so I’ve turned cyber security education into an exercise in doing evil. This presentation will discuss why and how I’ve designed training classes that teach average users how to do some very bad things. I teach people ranging from software engineers to accountants how to carry out specific attacks, crack passwords, social engineer their way to fame and fortune, and so on. Furthermore, the talk dicuss how you too can raise general security awareness in so doing. It will comprise a discussion of my general philosophy on teaching evil, instructional design, classes I teach regularly, and topics for classes that are still on the drawing board.
Chris is an AOL veteran who once spent over seven years kicking spammers in their digital pants. He’s done time in the banking and pharma, plus some dot-coms we won’t talk about. He’s been designing and teaching security training classes in the Northern Virginia suburbs off and on for the past year, so he probably thinks he knows more than he does about it. He also speaks at conferences sometimes, has directed off-Broadway, and likes beer.