EVENT REVIEW: The Spiciest Bites from SpiceWorld 2017

The CBT Nuggets crew traveled to Austin, Texas, for SpiceWorld 2017 — and we met hundreds of IT pros, partied with the spiciest crowd in IT, and heard stories about new tech and the people working in the industry. Here are the spiciest bites we were able to bring back from SpiceWorld. Think you can handle it?

Live Hacking with Kevin Mitnick

Ask anyone who was there, the absolute highlight of the conference was the keynote presented by hacker extraordinaire and security expert Kevin Mitnick. We’re always told to beware of security issues like man-in-the-middle attacks, physical security, and phishing emails, but the proof was in the pudding as Kevin showed off live, and in real time, how easy some of these attacks can be to launch.

Using off-the-shelf parts like a Raspberry Pi, Kevin demoed an open WiFi access point with a common name such as “attwifi.” After connecting, your traffic is proxied back to the internet, unless you try to go somewhere like a bank website. Then the Pi takes over, serving up a picture-perfect clone of the site and logging any credentials you attempt to login with. Even better was the Pi serving up a fake pop-up prompt asking the user to install an Adobe Flash update, which upon running immediately granted remote admin command line access to the machine.

Get an email from your bank asking you to call about an issue on your account? Looks legit and when you call, an actual person can verify your account info, so everything’s cool right? Except the number you called is Kevin’s phone server, which took your call, transparently connected it to the bank’s real 800 number, and logged the account number you dialed in and did speech-to-text when you confirmed your mother’s maiden name to the rep. Account pwn’d.

Does your organization use HID key cards for access control? They seem pretty secure, right? Nope, Kevin showed off gear that he can carry in a backpack that will read those cards from three feet away and write your credentials onto a blank card.

Everyone walked away picking up their jaws off the floor, and more than a little scared about shoring up their security and end-user training.

Vendors Everywhere

No conference would be complete without the vendor floor, and Spiceheads had their fill of the latest and greatest in security, servers, network kit, backup solutions, and online training solutions. There was someone to talk to about any need your department could possibly have. Let’s not forget the swag. There were t-shirts, trucker caps, phone chargers, rubber ducks, and, yes, a battle axe.

And of course, all the cool kids were at the CBT Nuggets booth, where we gave out the sweetest fidget spinners and Magic 8-Balls, free week subscriptions, and IT fortunes from our very own Zoltar machine. If you weren’t there you missed out big time, but Zoltar the IT Fortune Teller is always giving out trials.

Help for Solo and Small Shops

While there was lots of new cutting-edge tech to be found at SpiceWorld, we gravitated toward sessions focusing on the soft skills of a successful IT guy/gal.

Our favorite session was by Jake Frederick, IT Manager at WL Plastics. Jake dug into the challenges of managing his two-person team at a multi-site manufacturing company. Anyone who has worked in a smaller department is familiar with these struggles — being expected to know everything, be everywhere, constantly on call, and also the most visible and easily reachable employees. Plus, being able to keep your day-to-day demands under control while carving out time for longer-term projects.

Jake gave tons of good advice, starting with working the human elements of your job. Here’s one of his biggest points: Don’t just fix someone’s problem and move on, take a minute to actually invest in your end users. Get to know them personally and you’ll pay into a relational bank account. This is especially true for management, not just to cover your rear, but to understand the company’s biggest needs, points of pride, and expectations of you.

IT is no longer simply a money sink. It’s integral to any company. It’s not just about keeping the lights on but innovating your processes and industry.
Think about these things for your organization. Do you have documentation? A ticketing system? A self-service portal? Training for onboarding? Clear areas of ownership with your team? Automating everything that possibly can be automated? These will all pay great dividends to your sanity.

Until Next Year…

These are but brief highlights. We could go on about the sweet tech we saw, the IT pros we met, and the Texas BBQ we ate. If you missed out, registration is already open for next year. In the meantime, get training so you can be up to date on all the tech that will be coming your way at Spiceworld 2018

This very cool review and other interesting nuggets can be found at the source.

Source: CBT nuggest

Topics: Speaking Engagements, physical security, WiFi access point, live hacking, IT, SpiceWorld 2017, Texas, WL Plastics, Zoltar Machine, Austin, phishing, Raspberry Pi, HID key cards, Jake Frederick, Kevin Mitnick, man in the middle attacks

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

The Growth of Third-Party Software Supply Chain Cyber Attacks

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Bypassing Key Card Access: Shoring Up Your Physical Security

As you build additional layers of defense into your cybersecurity framework, it's important to implement physical security strategies as well.

Read more ›

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›