Jayson is available for Security Awareness training engagements for any size corporation and enterprise that will be uniquely tailored to each client. He also is available for speaking opportunities for groups, organizations and company events. Jayson has given from one hour talks to half day workshops on ways to create teachable moments that lead to better security awareness.
Employees will learn learn the dangers of social media and how innocent posts on a personal account could lead to the compromise of their company. He will walk them through on the thinking of the attacker as they plan, execute and succeed at compromising the company. Not only will employees leave with a better understanding of the dangers posed by online activities. They will be given tools and information on how to make themselves and also importantly their company more secure! Through an engaging, entertaining and educational presentation. Jayson will effectively convey the importance of good security awareness and the means on achieving that in their enterprise.
Traditional pentest focuses on exposing vulnerabilities and showing how they can be exploited. A Red Team engagement does a more in-depth simulation of an advanced targeted attack with once again focusing on not just discovering potential weaknesses in the targets defenses but giving proof of concepts showing they can be exploited. Jayson has created the Security Awareness Engagement methodology for a way to show real world threats without actually compromising or exploiting discovered vulnerabilities in a way that might negatively impact the company. Instead simulations use non intrusive demonstrations that work in tandem with direct and immediate education of those who are most vulnerable and susceptible to attack! Just like banks have routine exercises on how to handle a bank robbery so must companies have exercises that show and educate users on the everyday real world threats they are facing.
Through the use of hands-on, real-world examples, this class will go beyond Metasploit, popping shells and zero day exploits, focusing on the most considerable threat a company faces, the human factor. This class is not just for pentesters but also for security teams who want to educate their employees. Class activities will introduce students to real world simulations of how Social Engineering and Physical Compromise attacks occur. This is not your typical kind of class and I'm not your typical teacher!
The ability to "think like an attacker" is the best way to defend against attacks. Your employees are your biggest asset, but also at the biggest risk for social engineering (SE). Awareness is the best defense against SE threats. Class activities will introduce students to profiling the online presence of employees and enterprises, as well as performing hands-on attacks against WiFi and physical computers. After successful completion of this course, students will have a better understanding of how to detect and/or prevent to SE events by looking at their defenses from a different perspective. Students will gain insight into how to educate others and create greater awareness about the various dangers that can occur. Students will also learn about operational security (OPSEC) for defense against attacks.
The primary goal of this course is to demonstrate vulnerabilities with the intent of substantially increasing the security posture of an organization by implementing changes to better handle malicious SE attacks. This 2-day course will use current Red Team strategies to develop a better understanding of how attackers use SE, as well as provide methods to prevent and detect these attacks via awareness programs and "teachable moments". A custom Hak5 Field Kit will be provided to each student for use during the class, which students will be able to keep and take home.
Incident response (IR) programs are generally adequately geared toward for network attacks, however most of these programs do not have a sufficient plan for responding to and recovering from social engineering (SE) attacks. Employees know how to react if they get a computer virus, but not who to contact or what to do if they receive a suspicious phone call or if someone "piggybacks" them into the building. These attacks require special care, situational awareness, and a strong yet empathetic understanding of human nature. A solid set of procedures and knowledgeable staff are the foundation for proper SE IR. Having these in place prior to an attack is key to ensuring staff and first responders know what to do when something suspicious happens, such as how to avoid dangerous confrontations, de-escalation of encounters with possible intruders, or preventing further intrusions.
This course will teach the principles of preparing for an incident and ensuring detection measures are implemented to discover and report SE attacks. We will cover what an incident responder should do - step by step - once a potential SE incident has been identified. Learn how to validate, protect, detect, respond and recover from an SE event as part of a comprehensive IR plan that goes beyond the network and into the human heart of your enterprise.