2017 Hacker Halted Recap


YouTube video

The theme for Hacker Halted 2017 is The Art of Cyber War: Lessons from Sun Tzu. 2,500 years ago, Sun Tzu wrote 13 chapters on military strategy. Fast forward to today and we are still learning from those chapters and applying them in our newfound digital age.

In an age where war is waged over cables and microchips instead of battlefields, one challenge is defining what war is and when war should be declared. Boundaries are being eroded as the globalization of technology continues its march across our physical landscape. Come learn strategies for Cyber War: Hacker Halted 2017.

Conference at a Glance

Hacker Halted 2017 focused on the teachings of Sun Tzu as applied to cyberwarfare. The Hacker Halted speaker committee combed through the dizzying stack of submissions to form the agenda for this year’s conference with a special focus on presentations that take the Chinese strategist’s lessons to heart and apply them to the cyberwars being fought every day across the world.

In a change to Hacker Halted’s long standing tracks, this year’s committee chose three brand new tracks that focus on aspects of Tzu’s teachings.

Track 1: All Cyber War is Based on Deception

2,500 years ago Sun Tzu wrote 13 chapters on military strategy. Fast forward to today and the world is still learning from those chapters and applying them in our newfound digital age. This track focuses on those very strategies from breaking resistance, knowing ourselves, and, of course, deception. This track will focus on using deception as an aid in defense, the “great results can be achieved with small forces,” and how that might apply to the potential shortfalls we are facing in this industry.

Track 2: Philosophy of Cyber

In an age where war is waged over cables and microchips instead of battlefields, one challenge is defining what war is and when war should be declared. Boundaries are being eroded as the globalization of technology continues its march across our physical landscape. The world is facing a future where soon our very existence can be digitized and moved between any number of diverse systems. What is war these days? Is it simply the reality that anyone with sufficient knowledge and a decent Internet connection can simply declare “war” against anyone else be they human, government, or nation state? War now transcends boundaries – what DO we do?

Track 3: Tech Behind Cyberwar

Leave your 0days, leave your latest hacks behind, and bring your playbook for the blue team. The industry has more hacks and more working trojans and attack vectors than it knows what to do with. What do we actually do with them? That is the question this track will answer. This track is not about attack but ALL about defense. When a hack happens, how, where, and why does the industry react? How does one even know about a breach? Security experts fave failed their very charges by continuing to allow them to be attacked and failing at defense.

All-Star Team of Security Veterans

Hacker Halted’s 2017 speaker committee was an all-star team of security veterans. Winn Schwartau, Founder of The Security Awareness Company and “security guy since 1983,”; Chris Roberts, Chief Security Architect at Acalvio Technologies; Aamir Lakhani, Dr. Chaos and Global Security Strategist and Researcher at Fortinet; Joe Gray, Enterprise Security Consultant at Sword and Shield; and Adrian Crenshaw, Senior Security Consultant at TrustedSec, LLC bring their vast networks and expertise to the task of filling the agenda with the top security minds in the industry.

Showcase of Over 30 Exhibitors

Hacker Halted saw over 30 exhibitors showcasing their products and services for the two days of the conference including RevBits, Incl, Lynx, Swimlane, Prevalent, IBM, and DarkTrace. Chiron held a Capture the Flag game that attracted over 100 attendees while Augusta LockSports hosted a lock-picking station to challenge attendees’ physical security skills!

CybersecJobs Career Fair

Hacker Halted also added a new component to its annual agenda by bringing a career fair to conference goers and the Atlanta community. Over 500 attended as they networked with large corporations interested in hiring IT professionals at all levels. The career fair was hosted by CyberSecJobs, an organization dedicated to improving the information security industry and its professionals.

Letter from Our CEO

Dear Attendees of Hacker Halted USA 2017,

I would like to thank you for attending the 26th global edition of the Hacker Halted Conference!

We were excited to welcome you once again to our Hacker Halted USA home, Atlanta, GA to continue the tradition of outstanding Hacker Halted events. We brought you the best Hacker Halted in our long history with the theme “The Art of Cyber War: Lessons from Sun Tzu.”

Hacker Halted 2017 continued our tradition of bringing our attendees a job fair to help our attendees continue to grow in their careers. We at EC-Council believe that one of the basic steps in unifying global cyber defense is ensuring the best professionals can grow their careers, their knowledge, and their networks within information security. By bringing companies who need to hire the best and the brightest to our conference, we know we will be successful in this goal.

We also addressed a global concern during our “Hackers, The Media, Truth, Trust, and Alternative Facts” debate in a rare instance of a joint session of the Global CISO Forum, our executive conference, and Hacker Halted. Over the last year, this subject has proven to be a divisive, destabilizing force among between the public, commercial interests, privacy advocates, and governments. We hope that by highlighting information security’s role in both the problem and potential solutions, progress can be made.

We hope everyone had a great time while learning from your outstanding peers from all over the world, representing an entire network of professionals dedicated to security. EC-Council’s offerings now span the industry, from basic end-user training to highly technical deep dives to our executive program to graduate-level education – EC-Council is truly making a difference in the lives of information security practitioners around the world and the security of the world’s top organizations.

Thank you for being a part of our global initiative toward a more secure world.

Jay Bavisi
President of EC-Council
Testimonials

About “PsyOps, Deception, outLIErs” by Sean Bodmer

“Interesting concept, well-presented, 5 stars”

About “A Functional Taxonomy of Information Warfare and Cyberweapons” by Winn Schwartau

“Informative and interactive, excellent!, 5 stars!”
“Inspirational and thought provoking!”
“Well done with useful and practical information, models and techniques that can utilized.”

About “A Corporate Guide to Surviving Cyberwarfare Through Cyber Resiliency” by Dr. John Johnson

“Well done with useful and practical information, models and techniques that can utilized.”

About “Hidden in plain sight: How could a decades old standard possibly be broken?” by Paul Mellen

“Excellent information. Thank you!”

About “Leave your zero days at the door, leave your latest hacks behind, AND bring your playbook for the blue team” by Chris Roberts

“A great talk! Very honest and a lot of information”
“Have seen Chris Robert’s several times over the years and enjoy the information he gives. If you have never seen him speak his mind, you’re missing out. A great single malt scotch is the only kind of drink. Cheers!”
“Frightening and entertaining”
“Fantastic presentations. And not just because of that awesome scotch at the end. Chris is challenging us to rethink our roles in securing our online communities. It’s important. We’ve got to stop being “the bully”, where we break everything to prove a point and get back to doing what we came here to do in the first place. Secure. Chris, thanks for a wonderful well thought out presentation. Hope to see you again next year.”
“I came to this conference to decide whether or not I wanted to go into this field and Chris’s presentation was a big factor in helping me decide that this is something I want to do. He is an effective and dynamic speaker with the ability to explain the material to a diverse audience. It was the highlight of the 1st day. Thank you”

About “Bypassing iOS Security using Enterprise Provisioning Hooks” by Georgia Weidman

“Very COOL!! Extremely relevant information! Engaging, entertaining, enjoyable speaker!”

About “The Anarchist’s Guide to Security Management – A Strategy To Apply Infosec Skills To A Human Challenge” by Spencer Wilcox

“Awesome. While I may not improve in politics, I may improve in management.”

About “W.A.R. (WordsAreRisk)” by Deidre Diamond

“Excellent and very informative”
“As a woman attending this event, I found this speaker very empowering. Please have her at future events.”

About “How to Patch Stupid – A modern approach to remediating user risk” by Joshua Crumbaugh

“Very good thoughts on end user training.”
“Engaging”

About “DEBATE – HACKERS, THE MEDIA, TRUTH, TRUST, AND ALTERNATIVE FACTS” with Winn Schwartau, Michael Masucci, and Dr. Gregory Carpenter

“Engaging.”
“Best thing I’ve ever seen”
“Outstanding presenters”
“All three were Amazing! I thoroughly enjoyed!”
“This was the single best season in the entire conference.”
“Very well done! The Moderator was excellent. Panelists were very knowledgeable and engaging.”

1. About “Decoding Cyber Counterintelligence (CCI) for the Private Sector” by Jonathan Creekmore

“Extremely concise and informative.”

About “The Tao of Cyber Warfare: Introducing an Innovation Frame that Will Dramatically Bolsters Cyber Defense (& Offense)” by LTC Ernest Wong

“LTC Wong presented an incredibly informative and fun talk. Hooah.”

About “Proactive Defense: Leveraging Red Team reconnaissance to reduce your asset exposure” by Joshua Hiller

“Awesome presentation!”

About “Incident Response in Hybrid Cloud” by Yuri Diogenes

“This was the one!!! Yuri understands how to instruct. It’s clear that his passion is knowledge and passing it on. Wish there was more by him.”

About “Application of Sun Tzu Art of War Principles to the Cyber Warfare Domain” by Roy Wilson

“Interesting, informative. 5 stars”
“Excellent presentation! The material was clear and focused and speaker engaged. The only flaw was not being able to see his slides and give him more time to present. This was a very interesting topic and should have been done on 2nd day in the larger venue. Everyone should have seen this presentation!”

About “Phishing: It’s Not Just for Pentesters – Using Phishing to Build a Successful Awareness Program” by Joe Gray

“Excellent presentation.”

About “Keynote – IoT Security – Executing an Effective Security Testing Process” by Deral Heiland

“Very clear and understandable!”
“This is very interesting for any “gadget geek” and very important to know for anyone.”
“Awesome presentation! Extremely informative and interesting!”
“Excellent!”
“Great speaker.”
Stats


Highlights

IBM Sponsored Passes to Hacker Halted for Women!

Months before the conference, EC-Council and IBM announced a scholarship program for women to attend Hacker Halted free of charge. Funded by IBM Security, the scholarship was designed to help address the underrepresentation of women in cybersecurity and help women further their skills and expertise in this high-demand field.

Hacker Halted’s agenda also showcased several prominent women of cyber including Georgia Weidman, Shevirah founder and CTO; Dr. Catherine J. Ullman, Senior Information Security Analyst, University at Buffalo; and Laura Samsó Pericón, Executive Vice President, Centurion Technologies Consulting LLC.

Over 460 women used the code to register, bringing many more women to the conference than ever before!

A New EC-Council Training Program Launched at Hacker Halted

The world’s first 18 hour, 3 stage, hands-on, live proctored exam was formally launched at Hacker Halted to test ethical hackers. Ethical hackers will have to pass a grueling new cyber security exam before being called Licensed Penetration Testers.

EC-Council President, Jay Bavisi, unveiled his company’s latest certification program at Hacker Halted, one of the largest ethical hacking conferences of the year. The Licensed Penetration Tester (Master) certification is a part of EC-Council’s continuous effort to align the skills of penetration testers to the methods of an advanced attacker. The hands-on exam that students must pass to earn the certification offers a challenging environment previously unseen in the market. The exam simulates the complex network of a multinational organization and requires students to test its security before writing a full report.

The LPT (Master) exam challenges the candidates to successfully exploit web application, network, and OS-level vulnerabilities, gain administrative access, think unconventionally, and provide proof of exploitation to prove their skills as expert-level penetration testers. The exam is a true test of a candidate’s ability to perform at the level of expert penetration testers putting to use the methodologies practiced by industry leaders. The online, fully proctored exam will provide penetration testing professionals the opportunity to validate their skills in a secure, credible environment.

According to Jay Bavisi, “With the recent Equifax incident and the multitude of other data security breaches in recent years, the need for skilled, vetted penetration testers has increased for the world’s organizations. The LPT (Master) exam simulates a real-world environment and requires candidates to correctly identify any security threats and weaknesses against social, physical, network and application attacks.”

Visit https://www.LPTMaster.com for more details.

In the News

EC-Council Unveils New Licensed Penetration Tester (Master) Certification

The world’s first 18 hour, 3 stage, hands-on, live proctored exam was formally launched at Hacker Halted to test ethical hackers. Ethical hackers will have to pass a grueling new cyber security exam before being called Licensed Penetration Testers.

Read the Article

EC-Council’s Hacker Halted Conference Shines a Light on Cyber Warfare

Hacker Halted, EC-Council’s largest annual information security, attracted over 1,200 attendees to hear from the world’s foremost security experts. The event began with a Kung Fu style dance routine presented by Atlanta Chinese Dance Academy. After the acrobatic dancers, Jay Bavisi, EC-Council’s President, addressed the record-breaking crowd with his keynote entitled “From Hackers to Professionals: The Evolutions of an Industry.” Bavisi’s talk also unveiled the new EC-Council penetration testing certification program, LPT (Master).

Read the Article

EC-Council Announces CISO Award Winners at Black Tie Gala

In a black-tie ceremony, EC-Council honored leaders in information security by recognizing finalists and winners in seven categories. The CISO Awards precedes both Hacker Halted, EC-Council’s largest annual cybersecurity conference, and the Global CISO Forum, EC-Council’s premier executive-level event. EC-Council’s CISO Awards recognize leaders making an impact by implementing security programs and security awareness programs that break the mold and address the root problems of modern breaches. These awards are decided by a committee in an anonymous voting process.

Read the Article

Hacker Halted Security Conference Complimentary for Women through IBM Security Scholarship

Today EC-Council and IBM announced a scholarship program for women to attend EC-Council’s Hacker Halted security conference free of charge. Funded by IBM Security, the scholarship is designed to help address the underrepresentation of women in cybersecurity and help women further their skills and expertise in this high-demand field.

Read the Article

Hacker Halted Takes a Deep Dive into The Art of Cyberwar

Hacker Halted, EC-Council’s largest annual conference, will focus its 2017 edition on the teachings of Sun Tzu as applied to cyberwarfare. The Hacker Halted speaker committee has combed through the dizzying stack of submissions to form the agenda for this year’s conference with a special focus on presentations that take the Chinese strategist’s lessons to heart and apply them to the cyberwars being fought every day across the world.

Read the Article

Awards

EC-Council InfoSec Tech and Exec Awards

In a black-tie ceremony, EC-Council honored leaders in information security by recognizing finalists and winners in seven categories. The CISO Awards precedes both Hacker Halted, EC-Council’s largest annual cybersecurity conference, and the Global CISO Forum, EC-Council’s premier executive-level event. EC-Council’s CISO Awards recognize leaders making an impact by implementing security programs and security awareness programs that break the mold and address the root problems of modern breaches. These awards are decided by a committee in an anonymous voting process.

The first award given was the Presidential Award for Excellence to Nitin Kumar, the Senior Managing Director of Technology, Media & Telecom for FTI Consulting where he manages innovations in security across multiple industries. Kumar is a founding member of the Certified CISO Executive Board and has helped shape the CCISO program and its initiatives since its very inception.

The next category was the Innovative Security Project of the Year, wherein EC-Council recognizes a CISO for a specific effort that made a lasting impact to his or her business. The winner, Jorge Mario Ochoa Vasquez is the CISO for Tigo Guatemala and he focused his innovative project on an area critical to the success of a security program: end user awareness. After a thorough measure of the demographics of his company, adjustments were made to the communication strategy that leads to drastically improved outcomes for participation, comprehension, and phishing incidences.

The next award was Most Improved Security Program of the Year. This award was designed to recognize CISOs who have been able to make huge strides in their programs in a short time. Nominations outlined where their programs started, the changes implemented, and the improvements realized. The runner-up for the award was John Young, IT Security Manager for his work with the People’s Postcode Lottery security system. The winner, Hemant Dusane, Chief Information Security & Risk Management Officer of Rage Frameworks, focused improvements for his program on reducing the delays caused by information security measures to product development, thereby reducing project teams’ hesitance in involving security as early in the project as possible.

The third award is for the CISO of the Year and is EC-Council’s chance to look out at the industry and acknowledge a distinguished professional making a difference in the security of not just their organization, but the world at large. The finalists for the awards were John Christly, Global CISO at Netsurion and EventTracker; Heath Renfrow, CISO at US Army Medicine; Sumit Dhar, Senior Director & Head, Information Security & Risk Management; Tim Callahan, SVP, Global Chief Security Officer at Aflac; Ashvin Parankusha Narasimha Murthy; Risk and Compliance Leader at IBM; Aneesh Nair, CIO at NDTV Worldwide; and Youseff Elmalty, Global Cybersecurity Architect at IBM.

The winner, Heath Renfrow, CISO of Army Medicine, oversees a vast network of military healthcare entities. He has helped guide his teams to executing the Risk Management Framework and NIST standards throughout not only the enterprise, but also with the medical devices and their vendors. He oversees a complex and vast worldwide cyber security program, which not only includes the security of the enterprise, but the manpower recruitment, training programs, budgetary management, and many other complicated duties.

The final award was the Certified CISO of the Year. The Certified CISO program has been in place since 2011 but has seen an explosion of growth around the world in the last two years. Finalists include Favour Femi-Oyewole, CISO of the Nigerian Stock Exchange; Vijay Haripal, Director, Solutions Architecture for Optiv; Bob Van Graft, Director IT/CISO for Vrije Universiteit Amsterdam; Cory Mazzola; CISO of the Las Vegas Sands Corp; Sean Walls, Senior Director of Information Security for Presidio; Mike Santos, Director of Security and Information Governance; Syed Ovais Irfan, ISM South Asia Region SSC, IT Manager, BGV Pakistan Pvt. Ltd; Patric Versteeg, CISO at Novamedia; Craig Goodwinn, Vice President, Chief Security Officer (CSO) at CDK Global; Marco Pacchiardo, Senior Enterprise Security Architect EMEA at Akamai; and Blake Holman, CIO & HIPAA Security Officer at St. David’s Foundation.

The CCISO of the Year winner is Favour Femi-Oyewole, CISO of the Nigerian Stock Exchange, a self-driven, motivated, problem-solving CISO with a positive, can-do attitude. Oyewole strives to suggest ideas, innovations, and drive solutions. She worked tirelessly to deliver twenty policies within 6 months of joining the organization and this had grown to about 120 security policies at the time of the nomination.