Black Hat USA Training 2004
Caesars Palace Las Vegas • July 26-27

Overview:
Hacking By Numbers: Chief of Staff is a brand new concept: A security course aimed at technical and business leaders. The latest offering in SensePost's acclaimed 'Hacking By Numbers', series this course brings IT and IT Security managers real technical information in a language they can relate to. No technical jargon, no acronyms or techno-speak, just good, solid information presented in a way that managers can apply to make better decisions. This course is designed to empower managers by cutting through the technical barriers and presenting them with useful facts and decision making skills.

Approach:
This course offers a unique blend of technical and managerial insights. Senior SensePost analysts with years of experience at multiple levels will present the technical realities of today's information security landscape in a form that is not only understandable, but also useful to managers and decision makers. Over the two-day course our skilled trainers will show you the dark side of the infosec world, then cut through all the technical noise to present you with the real facts and the skills you need to survive and thrive in a hostile digital world.

Recognizing that decision makers are busy people, and that there are different interests and different skill levels, the course is divided into three individually selectable modules, which we describe a little later. Attendees can choose to attend certain modules only, or attend all of them, depending on their interests and time constraints.

What You Will Learn:
There are three individual modules in this course. We'd like you to attend them all, but you can select just one or two if you like. The modules are:

• Reality Check: A practical demonstration of what can and can't really happen on your network.
  In this module we describe and demonstrate some of the better-known and lesser-known attacks that are being used against your network. You'll see how these attacks actually work, how difficult or easy they are to execute, and what the impact will be if they succeed.

• Digital Self Defense: How to protect your own electronic space.
  In this module we'll explore the risks that face you and your own personal technology and data. We'll consider many of the security issues that affect you as an individual and a representative of your company. This includes maintaining your privacy on the Internet, guarding the data on your workstation and protecting your personal area network – your notebook, your phone and your PDA.

• The Art of War: Sound security decision making
  In this module we'll start to equip with some of the facts, the thinking skills and the reasoning ability you'll need to process all the information you're faced with and make sound risk management decisions. We'll look at the definition of risk, and how it can be evaluated, we'll consider how to evaluate different security solutions and the role of various standards and 'best practices'.
  The course will be presented in an interactive manner with plenty of time for questions and discussion.

Who Should Attend:
This course offers a fresh perspective from which anyone involved in information security will benefit. Clearly, the target audience is the risk manager, the IT manager, the CIO or the CSO of a corporation. However, senior technical professionals, consultant, IT auditors and other enthusiasts will also find the course interesting and informative. This course has no prerequisites.

Roelof Temmingh is the technical director of SensePost where his primary function is that of external penetration specialist. Roelof is internationally recognized for his skills in the assessment of web servers. He has written various pieces of PERL code as proof of concept for known vulnerabilities, and coded the world-first anti-IDS web proxy "Pudding". He has spoken at many International Conferences and in the past year alone has been a keynote speaker at SummerCon (Holland) and a speaker at The BlackHat Briefings (New Orleans). Roelof drinks tea and smokes Camels.

Haroon Meer is currently SensePost's director of Development (and coffee drinking). He specializes in the research and development of new tools and techniques for network penetration and has released several tools, utilities and white-papers to the security community. He has been a guest speaker at many Security forums including the Black Hat Briefings. Haroon doesnt drink tea or smoke camels.

Charl van der Walt is a founder member of SensePost. He studied Computer Science at UNISA, Mathematics at the University of Heidelberg in Germany and has a Diploma in Information Security from the Rand Afrikaans University. He is an accredited BS7799 Lead Auditor with the British Institute of Standards in London. Charl has a number of years experience in Information Security and has been involved in a number of prestigious security projects in Africa, Asia and Europe. He is a regular speaker at seminars and conferences nationwide and is regularly published on internationally recognized forums like SecurityFocus. Charl has a dog called Fish.