 Welcome back to Cyber Underground. I know you missed me. I'm back. You're welcome. I'm Dave Stevens. I teach at the University of Hawaii, Capitol Island Community College. I teach ethical hacking and network security. That's my intro to the show, the cybersecurity show that we're having guests with today on today. Welcome guys, Brandon Lester, Victor Wolff. I need you guys to tell us about yourselves and then let's go into National Cyber Security Awareness Month again. All right. Victor. So I'm Victor Wolff. Okay. By day I'm a Chief Warrant Officer in the U.S. Army. However, I disclaimer, I'm not here to speak on behalf of the U.S. Army. You do not represent the U.S. Army. I'm very clear with staff judge advocate to make that disclaimer. So I'm not here to speak on that. I am also, you know, volunteer and so with the local ISC Squared chapter. So ISC Squared is the overarching organization which certifies CISSPs, the Certified Information Systems Security Professionals. So today we're going to discuss about how the ISC Squared professionals on Island, CISSPs, cyber professionals can go to different venues and give a presentation individuals on how to be safer online. So what does that get them? Okay. So that will be incentive to the cyber pros is to get five CPEs for each one of these. So as the CISSP, I have to maintain my certification. I have to do 40 CPEs each year and pay my $125 CISC Squared. Let's talk to the chief seats really quick. CPEs are continuing professional education credits. And you need to get a certain number of hours per year, 40 per year to keep your certification or otherwise the certification gets yanked and you got to go take that horrible test. And none of us want to go sit for that six hour exam again. So that's six hours and what 700 bucks. I mean, what do you pay for those? And that's that's stressful. I think I used half a paycheck on that way back when and I kept thinking, what if I fail? I mean, that's a lot of money. It's a lot of stress on you. Okay, so we can earn five CPEs by giving a talk to the public about how to stay safe online at home with your devices. Hopefully a lot of mobile security now. Social media has invaded our mobile devices and we are never without them ever. It's become an electronic leash and we can't throw it away. I tried to spend a day without my phone. Wouldn't that work? I had too many people coming to say, hey, I just sent you an email. I just tried to text you. I just tried to call you. Now I got to take my phone everywhere I go. You guys turn it off at night, I hope. Do not disturb. Yeah, absolutely. Do not disturb. I do. I'm religious about to do that. We're starting to get our mental health now. But a lot of channels into the social engineering aspect of getting into somebody's life comes through your mobile device now. Especially leaving your geolocation services on all the time. It's convenient to just open that little app. Where am I right now? Where am I going? Where's my car? It knows. It does. It tells you parked the car at certain locations. That's right. I'll take you two minutes to walk to your car. It's like, where are my cars? You see a lot of changes in the newer versions of software. They're being a lot more conscientious with how they treat accessing that data. I know in some of the new iOS stuff, they're asking, do you want access to Bluetooth for this app? Do you want access to location for this app? How often, once a day, while it's open, forever and ever, and they're doing a lot better job, I think, trying to make us aware of that. Thank goodness. Because when this first came out, we all thought, look at this magical internet. Look at this wonderful mobile device. Look at this great iPhone and Android phone. Look at all these wonderful things that can do. And hardly any of us thought, what's going on in the background? Who's getting all this stuff? Now, I got a little plug here. I watched a thing called The Great Hack on Netflix. Have you guys seen this? I have. Cambridge Analytica. Man. Good show. Folks, go out and watch The Great Hack. It was awesome. It's on Netflix, and I'm sure you can get it in other places, but I'm not going to tell you how to do that, because this is an ethical cybersecurity show. So anyway, yeah, great. But it really identified for me some of the little missing pieces, because I knew this data was out there. I thought, you know, what's the trick? How are they using this stuff? Really important for people to know everything you do, you're tagged. There's some kind of grid, right? So be careful what you put out there. I had to tell my sister, please don't tag us when we're in Vegas. You know, here I'm here with my brother. Click, you know, and... Absolutely. Great. Now everyone knows I'm not home. Thanks a lot. Yeah. If it's a dollar to be made on your data, someone's going to try and do it. Oh, sure. Yeah. And I guess people don't realize all these free services are free because the other revenue streams supports your usage, right? Right. They're selling you, basically, who you are, your essence, other people. And now, in my opinion, that really swung an election, or was a great part of it, at least, right? Positive statement, but I'm saying after that show, it reinforced my belief that we really got swayed that way. So I'm so glad that individuals like you are giving talks out there in the public, in the islands, and we were just talking about how few of us there are in the islands that actually work in this industry as professionals. But secretly, many of us work in the IT profession and do a lot of cyber as well. So we're also cyber security professionals. Thank goodness. What do we need to know about national cyber security awareness? So for two audiences, one, for the cyber security professionals on Island, we want you to go to our website, ISC Squared. The quickest way to just Google ISC Squared Hawaii. Go on there. We have a Google Web form that you can fill out. There's a link there that you can say, hey, these different places, we're going to be at libraries, we're going to be at shopping centers all month. What's convenient for you, and what works best for your schedule. And then we already have the can presentation. It's not like you have to go invent the wheel or anything. We're going to have, after you fill out the form, it's going to let you download this presentation. You'll go ahead and study that. You'll get credits for, that's what we're really giving you credits for, five hours of study and then presentation. So we give you that. You can do it up to two times. So you can get essentially 10 credits out of this. Then after that, it's going to be one per. But yeah, it's a quick way to earn 10 CPEs for those of you on Island who want to go out and just give an already pre-canned pitch. And it's really actually very well put together. So I think we've done a good job between our organizations to put forth a good product so you can download it, take a look at it, and it's probably stuff you're already familiar with and pitch it. And so that's for the Cyber Security Pro and they can earn those CPEs, which I know all of us need. The second pitch is for your average citizen here who just wants to learn how to be safe online. So again, you can go to some of these events, whether it's at a library or whether it's a shopping mall. We also are hearing one of the presentations that you can choose to go to is for the Kapuna. So we have some of the care facilities on Island. Some are open. Some are not. Some we've already reserved that we have other cyber pros that are going to go there and be at those. But all the open ones are going to be on the website. If you could bring up the website, I want to make sure everyone sees... So it's going to be the OHS.Hawaii.gov, forward slash cyber. So you want to put the cemetery up on the screens first? Absolutely, if you would. So we've got to put the... Office of Homeland Security. This one is the state of Hawaii. Okay, so if you'll see on the left hand side, you have all the places on Oahu, our neighbor islands. We're going to have some places there. Hilo, Arakawa-Kona, et cetera. But we'll be out at some of the different shopping malls, different workshops for Kapuna. It's all listed on this graphic right here. So take your family out if you want to see how to just, you know, secure your elderly mother's cell phone better. I think all of us could do that, right? So go to one of these events, see how you may have some of your own settings within your Android device or your Apple device, and you have it set great, and you've been using it securely for years, but maybe someone who just got it out of the box when they went to Verizon or wherever, and they're just still sitting there default. We're not just going to talk and give a great slideshow. We're going to actually show people there's going to be a Q&A. So even cyber pros are going to learn something from this. Every time I go to any one of these kind of events, I went to a Boy Scout event, and there was someone else pitching his thing. I learned a lot just from his thing, and I'm sure he did from mine as well. So I think it's going to be mutually beneficial, and at the end of the day, we'll all be smarter on how to be more secure online because there's a lot of criminals that are out there trying to get your data off of data breaches, many data breaches they target and all those. There's all these hashes of their passwords already out there. They can download it on the dark web. So if you haven't changed your, the biggest thing I would say is just change your password. Like right now, National Cyber Security Month, everybody change your password, especially on your bank. Go to a passphrase, Mary had a little lamb. Say lamb in Spanish, cue ball graphic or something in there, something weird. You know what, we didn't get to you, Brandon. I'm here. Tell us about yourself. So Brandon Lester representing AFCA Hawaii today. Much like Victor, I have the day job with SRC Technologies as a cyber security professional. And then in my volunteer time, I represent the young Afsians, which is a facet within AFCA Hawaii. Oh, what is AFCA? So AFCA is an organization that's really focused on bringing communities together, whether that's government and industry and academia, but it's meant to kind of help us bolster defense at the government levels, whether it's federal, state, or local. So I think, doesn't it say for armed forces, communications, electronics association? It did, once. Once. What is it now? As of this year, there's a rebranding going more towards just the brand name of AFCA that's been recognized for so long as an international organization. So the acronym is gone, but everyone does still remember the acronym and it's good to know our roots, right? Going back to the foundation over 60 years ago and having that organization be a leader in trying to bring the community together in at least the technology space and now a lot more in the cyberspace. I think another organization, as is, did the same thing. They're just known as AASIS now, but they used to be way back when the American Society of Industrial Security. And that's not even on the website anymore. If you can't go back and look at that history, I had to really dig for that because I thought, who are these people? Right. I mean, it's a name, but at some point you have to remember where it came from, but also looking forward maybe as is the future branding that they're looking for. You know, I think why they did that and I think you guys can go with me on this. I'm a little older, so I remember how the IT department and the physical security in any company were completely separate silos. You had facilities handling physical security, security cards, cameras, and gates and all that stuff, and then IT guys handled the network. Now they have to come together and I think that's why AASIS rebranded is because the physical security guys are realizing that all these cameras and gates and prox cards and all the other things are hooked up to an IT system, which just happens to be run by the IT crew. You should put the whole cyber package together, especially when you talk about NIST and ISO and all this other quals that we got out there, those standards, they have physical security in their control set, so it makes sense. I guess FCE is going down the same road. I like you guys have young SIA and you guys do awards for youth almost every month. Yeah, absolutely. We have student awards. We have young FCE awards. We try to focus on recognizing folks out there in the community that are doing good things. And last time I went, they were at Fort Shafter. We are at Fort Shafter most of the time. This month, actually we're hosting a special event here at the Hawaiian Convention Center next Tuesday, October 8th. It's going to be focused on cybersecurity, so we're hosting a panel with a great selection of guests. We've got folks from Coast Guard, Department of Justice, Department of Homeland Security, NSA, State of Hawaii's SISO, a litany of good folks. People weigh up the food chain for me. That's awesome. And I don't think to our audience out there, if you haven't ever been to the Hawaii Convention Center, it's an experience. It is a beautiful place. It's like a cathedral. I mean, it's glass with beautiful plants and waterfalls. And it's just escalators. Just the escalators is an experience. Yeah. So yeah, actually I should go. Please do. Yeah, join us. All right. So next Tuesday it's a breakfast. So we've got food starting at around seven and then we're going to kick the events off at eight. And much like speaking, some of these ISC squared hosted awareness events, we're also offering some CEUs for this. So you get two hours of cybersecurity professional style credits. Great. We're going to get right back to this after we take a break and pay some bills and we'll be coming right back with more slides and more information about the National Cybersecurity Awareness Month. Until then, everybody, stay safe. Aloha. My name is Duretian. You are watching Think Tech Hawaii. I will be hosting a show here every other Wednesday at 1 p.m. And we will be talking to a lot of experts and guests around sustainability, social justice, the future here in Hawaii, progressive politics, and a whole lot more. So please tune in and thank you for watching Think Tech Hawaii. Excellent. Achieving and sustaining success and finding greatness. If you're a student, parent, sports or business person and want to improve your life and the lives of people around you, tune in and join me on Mondays at 11 a.m. as we go beyond the lines on Think Tech Hawaii. Aloha. Welcome back to the Cyber Underground, the second half of the show. And once again, I'm Dave Stevens. I teach ethical hacking and network security. For the University of Hawaii at Capulani Community College. I'm also the IT program director over there. I'd like to give a little plug for my show. We're trying to do this at least once a month. Now, the Defense Federal Acquisition Regulations, or DFARS, is extremely important and will be coming up with a new cybersecurity maturity model certification program as of the year 2020. And if you're a DOD vendor working with a DOD, you have to be NIST 800-171-compliant and certified by an outside organization that stamps you on level one through five. We're going to give you more information and updates as the certification becomes live. It's still being worked on right now. And every month we'll do DFARS for dummies. We had our last episode two weeks ago. Please check it out on YouTube. We're back again with Victor Wolf, Brandon Lester, talking about National Cyber Security Awareness Month. I said all that without stuttering. That's like my first time ever. Wow. What else can you tell us about National Cyber Security Awareness Month? We talked about presentations at the libraries and at shopping centers at malls. We put up the graphic a minute ago of where to go and where to get the information. Maybe we should put that up again really quick and it'll pick off our talk. Is there a website on here we can go to? There's not a website. Not on here. Not on here. There's another website. Which one? Office of Homeland Security websites if you want to bring the number two slide. OHS.Hawaii.gov slash cyber. OHS.Hawaii.gov slash cyber. Correct. And then all that information you're talking about is there. Okay tell me more about what you guys are doing. So we'll be out at these different facilities. We want to recruit with this TV show hopefully. Some cybersecurity professionals to come go online, sign up to be a presenter. We want plenty of people in the public to come be our audience that we can go ahead and earn our CPEs for. And we also want to make sure that everyone on the islands is more secure online. So I know there was a recent statistic saying that our capoona are targeted more than the rest of the elderly population throughout the states. The other in the United States. So really for whatever reason a lot of the cyber crime is directed at our capoona. So we want to make sure that we have a separate program just for that because of that vulnerable population. Enormously important when you think about some of these people live in communities that is all capoona and they have computer access there and the people running the centers sometimes aren't security professionals they're more in the medical profession. So this is enormously important and of course we all give our capoona their smartphones because we want them to contact us and that's pretty terrible when they get hacked that way through their mobile device. I love that you guys do it. What about our keiki? So for our keiki we'll have a so for this month particularly we don't have a gear program towards our keiki. Some of the times we'll have the Boy Scouts there's also I'm sorry at the November 1st there is one for the Girl Scouts. Girl Scouts of America is doing a lot of cyber. Absolutely. They have a brilliant cyber event out there on Fort Island on the 1st of November. So we're going to be out there as a chapter and one good thing if you're a cyber security professional you're not in one of the two organizations either AFSIA or ISD Square. We do a lot of events together co-sponsor a lot of events. So if you're plugged into one you're plugged into the other earlier talked about AFSIA and what it was and how they've changed their name by being in DoD. I've been an AFSIA member for years and just kind of always knew about them but yeah it's great that we can co-sponsor so you know if you're one organization you kind of get the benefit of being the other. I wish I'd known about it when I was in the service but I served in the 80s and I was a cop so nobody's going to tell a Marine Corps MP that there's AFSIA. There you go look at this technical organization. They have guns? No? Okay. But it sounds like a great organization and I've had the opportunity to speak and attend those events for AFSIA and they're terrific and keep doing them please. I'm going to try to get to the convention center for the one you were speaking about earlier. And I just want to do a quick note. The Girl Scouts event is called STEMFest and they are really looking to partner with as many folks in the community as possible so it's always great especially here it tends to feel like one big cyber ohana in a sense everyone wants to help each other right we're not we're not trying to have one organization that says well we can do cyber but I don't know about the other guys. Everyone wants to build up the community for awareness sake and help each other as much as we can. Enormously important I think you bring up a great important topic STEM science technology engineering and math has notoriously just pushed out IT functions like cyber security but now we're seeing that we're especially in the IoT or internet of things we're needing more cyber because we be putting out webcams and refrigerators and you know internet-enabled toasters with no security or the worst security possible and and they're eminently hackable they're on your network and you can use it as a pivot device to get to the real stuff so if you can get on someone's Wi-Fi through their webcam you can get to the computer and get the bank account eventually if you're good enough right but that pivot point is enormously important and I like that STEM people are bringing in cyber folks and now we can work together again it's it's very nice fact I think they think it's I think they forget that science technology engineering math shares the T with information technology so they're actually the same same thing yeah the technology piece I think has become so pervasive that if you don't know that you're related to cyber security in some way you'll learn it in probably the bad way yeah even if you know if you run a layless flower shop right you might have a website you might have some online payment methods but that is all on the internet and you're exposed just as well as that that internet of things camera oh and then the most effective channel to anybody's businesses through the port of sale system that's POS is usually hooked up to the windows 7 computer that everybody shares with the admin privileges right so if you can hack the POS you've got it in with the company so I target and Home Depot learn that the hard way I hope all the small businesses will will learn that tell us more so if they're still running the POS system is still running on an XP box I mean that it's like this is the month to get rid of that POS box upgrade spend a little bit of capital right up front from the business and there's so many cloud services that businesses can take advantage of right now office 365 and Azure has just run way out in front with their GCC high offering for the DoD and the office 365 is NIST 800 171 compliant on 50 different controls from the from the outset I think if you took advantage of that even remote hosting of your operating system through a dumb terminal so it's all secured some place else and it's it's a service that like Hawaii tech support can offer for local vendors or Amazon web services has that right any recommendations for small businesses to come up to speed actually Hawaii tech support Tim Ames is our vice president so Timothy Ames of Hawaii Tech support frequent guests on this show shameless plug thank you yeah no it's a it's a it's a great organization and they what I like about Hawaii tech support is they do what you guys do they focus on the individuals they don't just come to sell you a package they find out what you do and how you do it and then try to simplify it and secure it and I think that's what you guys do too tell me what you do here's how you can do it not exactly better but at least a little bit more efficient and safe stay in the safe space when you wander out of the edges you take it at risk right and that's what I preach to small businesses when I work with them is your threat landscape can never be zero but you can shrink it down to only the zero day attacks will get to you right or only the insider threat but that's got to be an effort right absolutely if everybody's participating we can all find the cheapest and easiest way to get there safely and I'm I'm so glad you guys are doing this during this I wish every month with cybersecurity awareness month yeah I've seen I've seen that trending on on LinkedIn some other places you know we can't say this for one month we have to do it all year well this is the month where we'll go a little bit above and beyond our normal mantra to say okay you guys are always teaching this right yeah this is absolutely this is our mantra yeah we go through the streets and preach this and scream it from the mountain tops exactly yeah what else are you guys gonna do so I think coming up we have quite a few different events between the different websites whether you go to google isc squared Hawaii or whether you google apsia Hawaii that all gets you pointed back to some of these links much easier than saying okay this date this this particular location but in general we're really pumping up the efforts for October specifically and that really kind of leads us to the to the rest of the year and then all the other fun things happening through our typical calendar years well that's great we got about two minutes left you guys want to do any shameless plugs for your businesses or organizations because now is the time I want to give a cyber security tip right okay like you said before Vic mentioned change your password now well there is a national password change day somewhere out there remember what it is I can't remember what I like to tell folks is make sure you don't use the same password on multiple websites oh I know that is my parents have the password book that's better because that's your physical control that is it right just make sure you don't do the same password on gmail zippos and then every other susceptible shopping website you ever go to right and a lot of good ways to to deal with that personally most folks recommend password managers there's like quite a few out there and it lets you control the password you don't even have to remember it because the whole idea is it's complex it's long and you're copying and pasting it back right into where the website yeah that's a great thing to have in your mobile phone too what I wouldn't recommend is what a lot of people have done and they have a notepad or or some kind of excel spreadsheet it's called passwords and sits on their desktop you're a more eminently more secured not passwords no that's where secret right secret file do not open yeah what people don't realize is once you get hacked like if I'm the hacker and I get under your system that's that's what I'm looking for I'm looking for the passwords file I'm looking for the stuff that can get me into other stuff you're just my pivot point your bank account or your personal information is that good tip yeah any tips from the ic2 yeah I would just say definitely don't save that on your desktop so that that would be the main thing because a hacker is not looking for your pictures or anything you have like that's you know just something else that they can sell online maybe yeah but yeah they want that one file that you keep all your passwords to all your accounts on and then they're just going to pivot from that there's one site out there I could recommend to everyone it's called uh have I have I been pwned oh yeah yeah yeah PWNED yeah that's a great site and it'll it actually told me a couple of my email addresses from way back when uh the Sony hack like I got in that right because I had a ps3 yeah but you know luckily I changed my password every month or every six weeks or every week or however right when I think of it well great tips thanks for being on the show yeah absolutely thank you guys for having us on the show all right appreciate it thanks everybody for joining us we'll be back in another couple of weeks uh two weeks 14 days from now come back and see another cyber underground we'll be doing another defars for dummies and until then stay safe