There’s a Tool for That

What’s in your toolbox?

Think about many other professions: plumbers, electricians, doctors, lawyers, etc. They all have a set of tools they keep with them as part of their job. In cybersecurity, we need to do the same.

Many of the resources we need as cybersecurity professionals are out there. You just need to find them. I can help you with that. This is a quick look at my 2019 RSA Conference session, Cybersecurity Tips, Tools and Techniques for Your Professional Tool Bag.

Think about many other professions: plumbers, electricians, doctors, lawyers, etc. They all have a set of tools they keep with them as part of their job. In cybersecurity, we need to do the same.

The goal of my RSAC session is to provide attendees with many of the tools they may want in their real or virtual “tool bag.” Participants will experience the different tools, tips, tricks and techniques I use as a cybersecurity professional when working with different clients. Many of these I keep on thumbdrives to use depending on the situation or need. You should do the same. This session will answer questions like:

  • Where do I find security standards for locking down my systems?
  • What tools can I use for OSInt and information gathering on websites?
  • How do I set up a virtual lab at home and what app should I use for it?
  • Which pen testing and DevSecOps apps should I have in my arsenal?
  • Where is quality security awareness material for my employees?

Some of these tools can be dangerous if used in the wrong hands or in the wrong way, so I’m going to try to keep you out of trouble in describing how and why they are used along with what they can do.

A quick note on the ones I mention in my talk: they are mostly focused on Small to Medium sized businesses or home users. Most are free. Everyone likes free, right? I purposely steer clear of major commercial products you’ll find on the conference showroom floor. By the way, I’m not associated with the app developers. I just find them valuable.

The idea of this session is to introduce many different tools and provide participants with take-aways, a tool or trick they were not aware of, that they can use right away to solve a particular problem.

This session also provides a variety of websites, references and resources to help you do your job as a cybersecurity professional and then tips to keep yourself and others out of trouble. In this quick look preview video, I’m showing just a few of the 100s of Tools I’ll be talking about in my RSAC sessions.

We’ll be talking about virtualization and how you can create your own test lab of operating systems and software using tools such as VMWare and VirtualBox. With a test lab, you have a safe place to experiment with many of these tools without the risk to corporate networks.

You need an Operating System to put on the VMs, so I recommend Linux. It’s the backbone of the Internet. We also use Linux Distributions like Kali, Taro, Parrot as part of our security testing. These come pre-built with many of the tools mentioned in this talk.

To remain OS-agnostic, I’ll also be demonstrating Windows tools such as SysInternals Suite, that includes all those programs needed by Windows sys admins like process explorer, autoruns, and even the zoom feature. New this year is the Windows Subsystem for Linux. It’s a way to run Linux shell commands in windows.

On the networking side, I’ll show tried and true applications like wireshark and nmap.

Another new area is the use of Open Source Intelligence (OSInt) used for information gathering to help you answer the question, what is known about my organization on the Internet. This is often associated with Social Engineering.

Security testing is also part of a security pros repertoire. In this session, I’ll be explaining testing applications that are readily available such as the Social Engineering Toolkit, Metasploit, and OWASP ZAP. These come from pen-testers I work with who use them every day.

Security careers are also a great discussion, since the cyber skills gap and shortage is a hot topic. There are many free or low-cost options for training and building your cyber abilities. My intent is to show you many of the options available to you to help you make intelligent choices as a cybersecurity professional.

It’s not just about the tools. There are many standards and references available to help us secure our organization. I use cheat sheets to guide me since it’s near impossible to remember everything. On the screen are just some of the ones I’ll be mentioning in my RSA talk. I challenge you to review these lists and pick out the ones that work for you.

RSAC2019 – Security Tips, Tools and Techniques https://www.rsaconference.com/videos/quick-look-cybersecurity-tips-tools-and-techniques-for-your-professional-toolbag

Please join me at the 2019 RSA Conference on Tuesday, March 5th for Cybersecurity Tips, Tools and Techniques. I look forward to seeing you there. Thank you for reading this blog and watching this quick look video.

Ron W – @ronw123

https://www.rsaconference.com/speakers/ron-woerner

Leave a Reply

Your email address will not be published. Required fields are marked *