SlideShare a Scribd company logo
Tom Kopchak
Competitive Cyber Security:
The Ultimate Training
Experience
•Who Am I?
•Why Am I here, and what
got me here?
•Why I am passionate about
computer security?
About the Presenter -
Who am I?
How many of you have
experienced a cyber-attack?
System
intrusion?
Malware
Infestation?
Rushed
project?
Mysterious
network?
• Hopefully, most of you can relate to several of these
scenarios
• If you have not experienced anything, at least some
of you are lying, misinformed, or new
• If you aren't worried about attacks, why are you here?
Cyber-Attacks!
• Incidents will happen
• Systems will be compromised
• Applications need to both work and be secure
• People will break things
• You will need to be an expert on something
you've never seen before
Truths
Top Skills
• Fundamental
understanding of security
concepts
• Technical skills
• Direct experience
•Personal experience/on
your own
•Technology-specific training
•Formal education
How do I get skills?
• Nothing beats practical experience
• How do you get practical
experience?
• Production systems
• Personal equipment
• Labs
• Simulated production systems
Practical
• Hands on, practical experience
• Simulated Production systems
• Types
• Defense
• Attack
• Attack/Defend
Competitive Security Events
Collegiate Cyber Defense
Competition (CCDC)
• National Collegiate Cyber Security Competition
• Focuses on both business and technical aspects
Collegiate Cyber Defense
Competition (CCDC)
• Pre-qualifying (state) events
• Regional events
• Growing every year
• Winner goes to national competition
• National Competition
• San Antonio, Texas
• Top 9 teams in the nation
Competition Structure
• Competing teams have just been
hired as the IT staff for a company
• Everyone was fired
• Teams must secure their network,
while completing a multitude of
business tasks (injects)
• Red team = bad guys
Competition Premise
•DNS
•Mail (SMTP and POP)
•Web
•Secure Web (ecommerce)
•FTP
•Database
•SSH
•VoIP
What types of applications?
• Cisco IOS (Router, Switch, ASA)
• Windows
• Linux
• MacOS
• Printers
• VoIP Phones
• Wireless
What types of systems?
• Investigate a database breach
• Deploy McAfee security software
• Upgrade clients to Windows 7
• Provide a list of top attacking IPs
• Install and configure Splunk
Potential Injects - Technical
• Block social networking websites
• Develop an IT policy
• Create user accounts
• Recover lost e-mail
• Create a job description for HR
Potential Injects - Business
• Unplug everything, secure it, and bring it back online
• Services are not available
• Customers are not happy
• Mitigate security issues while keeping services alive
• The red team is everywhere
• Run away, crying
Potential Strategies – Day One
• Number of issues/systems/tasks greater than available
manpower
• Unexpected difficulties/limitations/business rules and
policies
• Uptime & SLA requirements
Challenges
• EMCTraining Center: Franklin, MassachusettsTopology – 2011 Regionals
Competitive cyber security
Topology - 2011 Nationals
San Antonio, Texas
Competitive cyber security
•Storytime with Tom (time permitting)
•CCDC experiences
•Red team attacks
•Strange tasks
Personal Experiences
• CCDC = NCAA of Computer Security
• US Cyber Challenge
• Private Events
• RIT Information Technology Talent Search (ISTS)
• Hurricane Labs Hackademic Challenge
• Hack for Hunger
But wait, there's more!
• Many opportunities/needs exist
• Gain experience yourself, and help others get
involved
Get involved,
and encourage others!
Wrap Up/QA

More Related Content

PPTX
Cyber Security –PPT
PPT
Cyber security & Importance of Cyber Security
PPTX
The Importance of Cybersecurity in 2017
PPTX
Introduction to Cybersecurity
PPTX
Cyber security
PPTX
Cyber Security Predictions 2016
PPTX
Cyber security ppt
PPTX
Cyber awareness program
Cyber Security –PPT
Cyber security & Importance of Cyber Security
The Importance of Cybersecurity in 2017
Introduction to Cybersecurity
Cyber security
Cyber Security Predictions 2016
Cyber security ppt
Cyber awareness program

What's hot (20)

PDF
Cyber Security Awareness
PPTX
Reducing the Impact of Cyber Attacks
PDF
Cyber security-briefing-presentation
PPTX
A military perspective on cyber security
PPTX
Career Guidance on Cybersecurity by Mohammed Adam
PPT
Security and privacy
PPT
HIPAA, Privacy, Security, and Good Business
PPT
Cyber Security
PPTX
Cyber Threat Simulation
PDF
Cyber Security
PPT
Network security presentation
PPTX
Cyber Security: Threats and Needed Actions
PPTX
Beyond The Dark Hacking Screen
PDF
Experience Sharing on School Pentest Project (Updated)
PPTX
Cyber security # Lec 1
PDF
Information cyber security
PDF
Cybersecurity concepts & Defense best practises
PPTX
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
PPTX
Cybersecurity - Introduction and Preventive Measures
PPTX
Cyber Threat Simulation Training
Cyber Security Awareness
Reducing the Impact of Cyber Attacks
Cyber security-briefing-presentation
A military perspective on cyber security
Career Guidance on Cybersecurity by Mohammed Adam
Security and privacy
HIPAA, Privacy, Security, and Good Business
Cyber Security
Cyber Threat Simulation
Cyber Security
Network security presentation
Cyber Security: Threats and Needed Actions
Beyond The Dark Hacking Screen
Experience Sharing on School Pentest Project (Updated)
Cyber security # Lec 1
Information cyber security
Cybersecurity concepts & Defense best practises
Tonex Cybersecurity Fundamentals, Cybersecurity Training and Certification
Cybersecurity - Introduction and Preventive Measures
Cyber Threat Simulation Training
Ad

Viewers also liked (17)

DOC
Resume Updated - 2016
PPTX
Appreciation Day Award
PDF
Reyes,T. Resume 2013
DOC
AnthonyJankowskiResume
PPT
Shares and Debentures
PDF
Impact of colonization in canada essay
PPTX
example of product proposal
PPT
Virtual Server Implementation
PPT
Experts Exchange - Disaster Recovery & Business Continuity Planning
PDF
KubeCon EU 2016: A Practical Guide to Container Scheduling
PDF
Rio Info 2015 - Processo Digital no Governo do Pará - Odlaniger Lourenço Mont...
PDF
Aceco TI
PPTX
Fortinet
PDF
Linux NUMA & Databases: Perils and Opportunities
PDF
Automating the CI / CD pipeline of your containerized applications
PDF
Kubernetes and Prometheus
PPTX
Introducing Kubernetes Clusters in Rancher - February 2016 Online Meetup
Resume Updated - 2016
Appreciation Day Award
Reyes,T. Resume 2013
AnthonyJankowskiResume
Shares and Debentures
Impact of colonization in canada essay
example of product proposal
Virtual Server Implementation
Experts Exchange - Disaster Recovery & Business Continuity Planning
KubeCon EU 2016: A Practical Guide to Container Scheduling
Rio Info 2015 - Processo Digital no Governo do Pará - Odlaniger Lourenço Mont...
Aceco TI
Fortinet
Linux NUMA & Databases: Perils and Opportunities
Automating the CI / CD pipeline of your containerized applications
Kubernetes and Prometheus
Introducing Kubernetes Clusters in Rancher - February 2016 Online Meetup
Ad

Similar to Competitive cyber security (20)

PPT
Competitive Cyber Security
PDF
Security Training: Making your weakest link the strongest - CircleCityCon 2017
PPTX
Application Security within Agile
PDF
WTF is Penetration Testing
PPTX
Presentation infra and_datacentrre_dialogue_v2
PPT
Security for database administrator to enhance security
PPTX
Intro to INFOSEC
PPTX
Information Security: Advanced SIEM Techniques
PPTX
It security the condensed version
PPTX
Defending Enterprise IT - beating assymetricality
PPTX
Internet Etiqute
PPTX
Pentesting Tips: Beyond Automated Testing
PPTX
Inetsecurity.in Ethical Hacking presentation
PPTX
How To Start Your InfoSec Career
PPTX
Career In Information security
PDF
Refugees on Rails Berlin - #2 Tech Talk on Security
PDF
Expand Your Control of Access to IBM i Systems and Data
PDF
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
PDF
2023 NCIT: Introduction to Intrusion Detection
Competitive Cyber Security
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Application Security within Agile
WTF is Penetration Testing
Presentation infra and_datacentrre_dialogue_v2
Security for database administrator to enhance security
Intro to INFOSEC
Information Security: Advanced SIEM Techniques
It security the condensed version
Defending Enterprise IT - beating assymetricality
Internet Etiqute
Pentesting Tips: Beyond Automated Testing
Inetsecurity.in Ethical Hacking presentation
How To Start Your InfoSec Career
Career In Information security
Refugees on Rails Berlin - #2 Tech Talk on Security
Expand Your Control of Access to IBM i Systems and Data
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
2023 NCIT: Introduction to Intrusion Detection

Recently uploaded (20)

PDF
Approach and Philosophy of On baking technology
PDF
Encapsulation_ Review paper, used for researhc scholars
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
PDF
Review of recent advances in non-invasive hemoglobin estimation
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
PDF
Machine learning based COVID-19 study performance prediction
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
PPTX
Understanding_Digital_Forensics_Presentation.pptx
PDF
NewMind AI Monthly Chronicles - July 2025
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
PDF
Network Security Unit 5.pdf for BCA BBA.
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
PDF
Unlocking AI with Model Context Protocol (MCP)
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
Approach and Philosophy of On baking technology
Encapsulation_ Review paper, used for researhc scholars
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
Review of recent advances in non-invasive hemoglobin estimation
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
Agricultural_Statistics_at_a_Glance_2022_0.pdf
Machine learning based COVID-19 study performance prediction
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
Understanding_Digital_Forensics_Presentation.pptx
NewMind AI Monthly Chronicles - July 2025
20250228 LYD VKU AI Blended-Learning.pptx
Network Security Unit 5.pdf for BCA BBA.
“AI and Expert System Decision Support & Business Intelligence Systems”
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
The Rise and Fall of 3GPP – Time for a Sabbatical?
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
Unlocking AI with Model Context Protocol (MCP)
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...

Competitive cyber security

  • 1. Tom Kopchak Competitive Cyber Security: The Ultimate Training Experience
  • 2. •Who Am I? •Why Am I here, and what got me here? •Why I am passionate about computer security? About the Presenter - Who am I?
  • 3. How many of you have experienced a cyber-attack?
  • 8. • Hopefully, most of you can relate to several of these scenarios • If you have not experienced anything, at least some of you are lying, misinformed, or new • If you aren't worried about attacks, why are you here? Cyber-Attacks!
  • 9. • Incidents will happen • Systems will be compromised • Applications need to both work and be secure • People will break things • You will need to be an expert on something you've never seen before Truths
  • 10. Top Skills • Fundamental understanding of security concepts • Technical skills • Direct experience
  • 11. •Personal experience/on your own •Technology-specific training •Formal education How do I get skills?
  • 12. • Nothing beats practical experience • How do you get practical experience? • Production systems • Personal equipment • Labs • Simulated production systems Practical
  • 13. • Hands on, practical experience • Simulated Production systems • Types • Defense • Attack • Attack/Defend Competitive Security Events
  • 15. • National Collegiate Cyber Security Competition • Focuses on both business and technical aspects Collegiate Cyber Defense Competition (CCDC)
  • 16. • Pre-qualifying (state) events • Regional events • Growing every year • Winner goes to national competition • National Competition • San Antonio, Texas • Top 9 teams in the nation Competition Structure
  • 17. • Competing teams have just been hired as the IT staff for a company • Everyone was fired • Teams must secure their network, while completing a multitude of business tasks (injects) • Red team = bad guys Competition Premise
  • 18. •DNS •Mail (SMTP and POP) •Web •Secure Web (ecommerce) •FTP •Database •SSH •VoIP What types of applications?
  • 19. • Cisco IOS (Router, Switch, ASA) • Windows • Linux • MacOS • Printers • VoIP Phones • Wireless What types of systems?
  • 20. • Investigate a database breach • Deploy McAfee security software • Upgrade clients to Windows 7 • Provide a list of top attacking IPs • Install and configure Splunk Potential Injects - Technical
  • 21. • Block social networking websites • Develop an IT policy • Create user accounts • Recover lost e-mail • Create a job description for HR Potential Injects - Business
  • 22. • Unplug everything, secure it, and bring it back online • Services are not available • Customers are not happy • Mitigate security issues while keeping services alive • The red team is everywhere • Run away, crying Potential Strategies – Day One
  • 23. • Number of issues/systems/tasks greater than available manpower • Unexpected difficulties/limitations/business rules and policies • Uptime & SLA requirements Challenges
  • 24. • EMCTraining Center: Franklin, MassachusettsTopology – 2011 Regionals
  • 26. Topology - 2011 Nationals San Antonio, Texas
  • 28. •Storytime with Tom (time permitting) •CCDC experiences •Red team attacks •Strange tasks Personal Experiences
  • 29. • CCDC = NCAA of Computer Security • US Cyber Challenge • Private Events • RIT Information Technology Talent Search (ISTS) • Hurricane Labs Hackademic Challenge • Hack for Hunger But wait, there's more!
  • 30. • Many opportunities/needs exist • Gain experience yourself, and help others get involved Get involved, and encourage others!

Editor's Notes

  • #10: Matrix reference - "load me up the helicopter program"
  • #11: Based on Career Impact Survey of more than 2250 information security professionals conducted by (ISC)², the administrators of the CISSP certification.
  • #13: CCN Network at HL
  • #21: Business/Technical
  • #22: Business/Technical