Jayson is available for 1 or 2 day Security Awareness training engagements for any size corporation and enterprise that will be uniquely tailored to each client. He also is available for speaking opportunities for groups, organizations and company events. Jayson has also given several 2 hour & half day workshops on ways to create teachable moments that lead to better security awareness.
If you are interested in having Jayson speak or train at your event please send an email to firstname.lastname@example.org who will be happy to help make that happen!
Munich Germany February 2nd 2018
Patching the Human: Defending against Social Engineering via Teachable Moments
Jayson will discuss how to create internal security-awareness training's for executives and users. To help them better understand the evolving threats and how to take precautions so they do not become a victim of social-engineering attacks!
IT Web Summit
Johannesburg South Africa May 21st 2018
Using Red Team tactics to create Blue Team solutions
Learn how to use modern social engineering attack tools and gain a better understanding of physical and network attack vectors. Classroom hands on exercises will include basic open-source intelligence (OSINT) skill-building, risk evaluation of humans. The emphasis of the class exercises, real-world case studies, and demonstrations is on building comprehension of attack techniques that can be used to create awareness programmes.
The students will learn how to create a comprehensive strategy to better protect their company and its employees from social engineering attacks.
Black Hat USA Training 2018
Las Vegas USA August 4-5th & 6-7th 2018
Evaluating Human Risk & Protecting People: Social Engineering Attack Testing and Awareness Training
Jayson E. Street
April C. Wright
Learn how to use common social engineering attack tools and gain a better understanding of physical and network attack vectors. Classroom hands-on exercises will include basic open-source intelligence (OSINT) skill-building, risk evaluation of humans, use of the Hak5 Pineapple to conduct WiFi attacks, and performing physical computer attacks with the Hak5 Bash Bunny. The emphasis of the class exercises, real-world case studies, and demonstrations is on building comprehension of attack techniques that can be used to perform pen testing and create awareness programs.
Abstract / Description:
The ability to "think like an attacker" is the best way to defend against attacks. Your employees are your biggest asset, but also at the biggest risk for social engineering (SE). Awareness is the best defense against SE threats. Through hands-on exercises using software and hardware tools, SE risks will be discussed and evaluated with an emphasis on developing awareness programs. Class activities will introduce students to profiling the online presence of employees and enterprises, as well as performing hands-on attacks against WiFi and computers. After successful completion of this course, students will have a better understanding of how to detect and/or prevent to SE events by looking at their defenses from a different perspective. Students will gain insight into how to educate others and create greater awareness about the various dangers that can occur. The primary goal of this course is to substantially increase the security posture of an organization by implementing changes to better handle malicious SE attacks. This 2-day course will use current Red Team strategies to develop a better understanding of how attackers use SE, as well as provide methods to prevent and detect these attacks via awareness programs and "teachable moments". A custom Hak5 Field Kit will be provided to each student for use during the class, which students will be able to keep and take home.
This training will be different from other SE/OSINT training because the content is more focused on increasing an organization's defensive posture and building a security awareness program, rather than on increasing one's attack technique, i.e. not focused on improving offensive capabilities, but on ideas that can be used to build greater enterprise mindfulness. The concepts will be explained and emphasized through examples and real-world scenarios including events experienced by the trainers. As an example, in terms of security awareness program discussions, we will talk about crafting security policies and how to establish testing procedures. This is not something generally covered by offensive-only testing classes.
Blue team (Data Forensics, Incident Response, Analysts)
Infosec personnel interested in defending against social engineering
IT support staff
Customer-facing call-centers and similar jobs
Anyone interested in learning more about common social engineering attacks
What do students need to know going into the training:
Willingness to try
What Students Should Bring
A laptop with WiFi capability
A phone or a tablet with WiFi capability.
A 2nd laptop would also work.
If required for their laptop (e.g. newer Macbooks), an adapter so the student is able to connect a USB-A cable (e.g. USB-C to USB-A adapter)
What someone would get out of the class:
Learn how to use common social engineering attack tools
Understand common attack vectors for social engineering
Threat of basic OSINT skills
How to develop effective security awareness training and programs for teaching employees to be alert for attacks
Risk evaluation of humans
How commonly used attack tools work
Learn from case studies about real-world attacks
What Students Will Be Provided With:
Students will be provided with a custom Hak5 Field Kit that they will get to keep.
physical code execution