2022 National Cyber Summit
2021 Summit Photo

Training Opportunities

To register for a training session, you must be registered for the Summit. If you are already registered and you would like to add on a training, you may do so in your personal registration portal which you can access from your registration confirmation email or email NCSregistration@eventPower.com for assistance. If you have not registered for the Summit, you may register now below.

Register Now

Monday, September 19, 2022

Applying Cyber Threat Hunting Techniques and Tools to Operational Technology

Training by Netsecuris LLC
Presenter: Mr. Leonard Jacobs, President/CEO
Date: Monday, September 19, 2022 | 8:00a.m. - 4:00p.m.
Price: $325.00

Description
Operational Technology (OT) is everywhere. Learning about OT can lead to good job opportunities. Performing cyber threat hunting is one of the most important cybersecurity protections for OT. Using traditional cybersecurity protections on OT can lead to unwanted and sometimes dire consequences. Often, traditional cybersecurity protections cannot be applied to protect OT because those protections can affect the performance of OT systems, devices, and networks. The course addresses Cyber Threat Hunting fundamentals as applied to OT. Cyber Threat Hunting techniques and tools are clearly explained and demonstrated. The student gets the opportunity to try the techniques and tools through a series of orchestrated exercises in an OT virtual lab environment. Students are guided through the course and lab by the trainer. Personal laptop with adequate hard drive space and memory is needed to perform the lab exercises. Linux experience is helpful.



Ethical Hacking Attack Phases Workshop

Training by EC Council
Presenter: Mr. Kevin King, Director of Integrated Learning
Date: Monday, September 19, 2022 | 8:00a.m. - 4:00p.m.
Price: $250.00

Description
In this workshop you will learn system hacking, following this you will learn how to hack and assess web applications. Once you have practiced these hacks, you will learn attacks that target wireless devices as well as mobile devices. You will be introduced to techniques to identify the attack surface and then the vectors for attack depending on the device(s) encountered.



Fuzz Testing for DevSecOps

Training by DESE Research, INC.
Presenter: Mr. Justin Cole, Software Assurance Team Lead
Date: Monday, September 19, 2022 | 8:00a.m. - 4:00p.m.
Price: $100.00

Description
Fuzzing is widely recognized as a valuable technique for improving software security, robustness, and safety, and it's an integral part of some of the best-known secure software development life cycle (SDLC) frameworks. Fuzzing, or fuzz testing, is a quality assurance technique that uncovers coding errors and security loopholes during software vulnerability testing and assurance processes. This testing methodology can be combined with other established testing methods, including static testing, code reviews, or various dynamic testing methodologies, to offer a deeper understanding of the security of the application or software. Finding faults in the target application that are outside the purview of manual testing by a human is the primary objective of fuzzing.

Instructors from DESE Research and The Charles Stark Draper Laboratory, Inc., will show how to conduct basic fuzz testing, where and when to integrate fuzz testing into the DevSecOps lifecycle and provide resources for future learning.



OCTAVE: FORTE Implementing Enterprise Risk Practices to Achieve Cyber Security

Training by Carnegie Mellon University - Software Engineering Institute
Presenter: Mr. Brett Tucker, Technical Manager, Cyber Risk Management
Date: Monday, September 19, 2022 | 8:00a.m. - 4:00p.m.
Price: $100.00

Description
OCTAVE FORTE (FOR The Enterprise) educates executives on how to communicate risks using a tiered governance structure and a quantitative risk appetite. Similarly, OCTAVE FORTE’s structure provides managers with a practical direction to assist practitioners in managing the complete risk lifecycle. If your organization is in need of a risk program, is in the stages of building a program, or is mature and seeking new strategies to manage risk, then OCTAVE FORTE can assist in raising the standard.

OCTAVE FORTE uses classic enterprise risk management practices to identify, analyze, respond to, monitor, and control risks regardless of their categorization. As a result, C-suite executives are empowered to execute sound business decisions in a world where all business processes rely on personnel, information, technology, and facilities.

OCTAVE FORTE uses a new process that now accounts for key standards while adhering to the fundamental principles of the CERT Resilience Management Model (CERT-RMM). Compared to the former OCTAVE ALLEGRO process, OCTAVE FORTE addresses all forms of risk with a holistic approach where cyber risks are analyzed and managed in the same manner as all other risks within an enterprise risk portfolio. Additionally, OCTAVE FORTE establishes a more robust framework for risk management by providing a feedback loop for complete risk lifecycle management.



RMF 2.0

Training by Cyber Brews
Presenter: Ms. Karen Williams, CEO/Trainer
Date: Monday, September 19, 2022 | 8:00a.m. - 4:00p.m.
Price: $300.00

Description
Mrs. Williams uses her 17 years of experience working in the Department of Defense (DoD) as a contractor to explain how each step affects not only security professionals and system owners, but also project management, system development, and organizational risk tolerance. Mrs. Williams will demonstrate how to improve efficiencies in project planning and scheduling within the acquisition and system life cycles while integrating the RMF steps. This workshop will also cover how to build core RMF documents like the categorization worksheets, system security plans, and plan of actions & milestones.



Tuesday, September 20, 2022

CMMC Assessment using CSET

Training by Center for Cyber Innovation
Presenter: Ms. Melissa Hannis, Research Engineer II
Presenter: Mr. Idongesit Mkpong-Ruffin, Associate Professor, Computer & Information Sciences Dept. Director, FAMU Center of Cyber Security (FCCS)
Date: Tuesday, September 20, 2022 | 9:00a.m. - 5:00p.m.
Price: $50.00

Description
This training will go through how to utilize the Cybersecurity Evaluation Tool (CSET) for a Cybersecurity Maturity Model Certification (CMMC) compliance assessment. With an understanding of CSET participants will have a tool that can aid them in preforming risk assessments within their own organization. CSET is a free to use stand-alone desktop tool that guides users systematically through evaluating operational technology and information technology within their business. Developed by the Department of Homeland security, the CSET installation can be downloaded from the CISA GitHub page. However, we intend to provide a copy of the CSET installation with a preloaded mock assessment of a company that will be part of our hands-on demonstration of CSET. The hands-on portion of this training will include performing an assessment of a fictitious company in CSET that has already been populated and preloaded with some background information. This will allow the trainee to evaluate said company and review the generated risk assessment reports. Participants of this training will walk away with an understanding of how to use CSET with a focus on implementing the CMMC security standards which can be utilized within their organization.



CompTIA Data + Certification for Security Professionals

Training by ThinkData Solutions, Inc.
Presenters: Ms. Robin Hunt, CEO & Instructor
Date: Tuesday, September 20, 2022 | 9:00a.m. - 5:00p.m.
Price: $125.00

Description
Learn from the people who created the CompTIA Official Content and Labs and taught the CompTIA Data+ Pilot Program! You could say we wrote the book about CompTIA Data+.

We walk you through everything, so that you have a full understanding of all the materials and resources available to prepare you for the CompTIA Data+ certification exam.
“We believe that one of the most valuable skills an employee can have is the ability to solve problems by working effectively with data” – Robin Hunt, co-founder of ThinkData Solutions and author of CompTIA Data+ Official Content.

Individuals who earn the CompTIA Data+ certification have demonstrated their ability to analyze and report on complex datasets, to use oversight and data quality standards, and to communicate insights effectively to support data-driven decisions. This certification shows the holder has the data knowledge of someone with 2 years of data work experience.

CompTIA Data+ is the only data analyst certification that covers baseline data analytics skills, assesses hands-on abilities and is vendor neutral. This certification gives you the skills you need to perform a data job regardless of the specific programs you’re using.



Hacking Network APIs

Training by NagleCode, LLC
Presenter: Mr. Dan Nagle, Sr. Cyber Engineer
Date: Tuesday, September 20, 2022 | 10:00a.m. - 12:00p.m.
Price: $50.00

Description
A foundational component of communication between devices is the TCP/IP network stack. Web browsing, streaming video, secure control, and innumerable other applications are built upon this technology. This 3-part demonstration will use open source tools to focus on the data transfer components UDP and TCP while targeting an IoT device. Part 1 is reverse-engineering the network commands to better understand them and then mimic it (a common attack strategy). Network protocols will be discussed during this process. Armed with our new knowledge and skills, part 2 will take them a step further to discover and analyze malware present on the IoT device. Time permitting, part 3 will cover fundamentals of network latency vs network throughput by forced network degradation. This presentation is light on slides and heavy on demos.



Hands-On Ransomware Incident Response

Training by RangeForce
Presenter: Mr. Tanner Howell, Director of Solutions Engineering
Date: Tuesday, September 20, 2022 | 9:00a.m. - 5:00p.m.
Price: $180.00

Description
A threat actor group has launched a ransomware campaign against the fictional company Commensurate Technology in order to extort the company. The group sends phishing emails to several employees with an enticing attachment claiming someone external to the company found a salary/compensation dump for all employees.

Participants will roleplay as SOC analysts and utilize Splunk Enterprise and FortiGate Firewalls to investigate and mitigate this threat via intel ingestion, log investigation, malware deconstruction, and security control implementation.



OT Network Control and Monitoring

Training by Red Trident Inc
Presenter: Mr. Patric Dove, OT Network Security Engineer
Date: Tuesday, September 20, 2022 | 9:00a.m. - 5:00p.m.
Price: $350.00

Description
When it comes to industrial environments, there are many risks. This is due to the necessity of determinism, speed, and reliability developed in the product offerings by vendors. Information Technology (IT) folks often argue that they are implementing "Real Time" systems and then refer to Voice Over IP. According to the ITU G.114 specification, 150ms or less is recommended (one way) with 100ms or less Jitter. These numbers are an eternity for Industrial Control Systems (ICS). In ICS, real time systems are significantly faster. A Programmable Logic Controller (PLC) communicating with a Remote Input/Output (RIO) Block is likely less than 2ms cycle times (for send and reply before the next send). This required speed over security causes it to be significantly more difficult to protect the Operational Technology (OT) Systems. What things do we need to start securing our OT systems? Consider Network Access Control (NAC) to protect against who is getting on the network, a Security Information and Event Management (SIEM) system so that we can get logs and appropriately analyze what's going on, and an intrusion detection system (IDS) to alert if there is a breach. Hands on: • Deploy NAC • Deploy SIEM • Deploy IDS • Tie them all together.