Military Strategy and Tactics for Cyber Security

Gregory Conti and David Raymond | July 24-25



Overview

The designation of cyberspace as a U.S. military operational domain and subsequent application of U.S. doctrine to cyberspace operations has shed light on new tactics and techniques for network defense. In this course we will introduce you to the intricacies of this complex new landscape through discussion and hands-on exercises.

We designed this course for security professionals who would like to apply military cyber operations concepts to defending their enterprise and for DoD, contractor, and other government personnel who need to know more about the emerging field of Cyber Operations. Whether you like it or not, if you are charged with defending a network, you are facing nation-state adversaries. It is no longer sufficient to be "just a little more secure than the other guy". Our enemies in the digital world will target both of you. And they will probably be successful. Furthermore, they don't discriminate between government and private industry. They will attack them all and take whatever might prove useful in the future.

We will teach you how the enemy uses military strategies to attack your network, and how you can use similar strategies to defend it. Publicly available information, software and hardware monocultures, porous attack surfaces, and ever present vulnerabilities have the defender always playing catch up. This course will help defenders generate the information, disinformation, and intelligence strategies that will to put you and your assets in a position of tactical strength, not weakness. Many of today's best practices are stuck in the individual and small team model, we'll provide you an entirely new arsenal of military grade strategies and tactics that scale to the enterprise-level and will help you fend off even nation-state adversaries. In addition, you will also learn how to reverse enemy strategy and tactics to help predict their next moves so you can counter them in advance.

This course is developed and taught by career Army officers with a combined 50+ years of experience and all material discussed will be unclassified. The views expressed in course are those of the authors and do not reflect the official policy or position of the Department of the Army, the Department of Defense, or the United States Government.

Who Should Take this Course

Anyone responsible for defending a network and interested in new defensive techniques and approaches based on military doctrine and strategy. Our material is appropriate for hands-on network defenders as well as executives responsible for network defense.

Student Requirements

General understanding of network security concepts and how they are traditionally applied. Prior familiarity with military tactics or doctrine is not required.

What Students Should Bring

Preferred tool for taking notes. All course materials will be provided.

What Students Will Be Provided With

  • Full course content slides
  • DVD/USB with class resources
  • Book on military strategy

Trainers

Gregory Conti ran West Point's cybersecurity research and education programs for almost a decade and is currently Director of Information Security Research at IronNet Cybersecurity. He holds a PhD in computer science and has published more than 70 research articles. He is the author of "Security Data Visualization" (No Starch Press), "Googling Security" (Addison-Wesley) and the forthcoming "On Cyber" as well as over 70 articles and papers covering cyber warfare, online privacy, usable security, and security data visualization. Greg has served as Officer in Charge of a forward deployed expeditionary cyber team, acted as a Senior Advisor in the US Cyber Command Commander's Action Group, and co-created US Cyber Command's flagship Joint Advanced Cyber Warfare Course (JACWC). He has spoken at numerous security conferences, including Black Hat, DEF CON, HOPE, ShmooCon, RSA, and the NATO Conference on Cyber Conflict and numerous academic conferences. His work can be found at www.gregconti.com and @cyberbgone

David Raymond is on faculty at Virginia Tech, where he teaches computer networking and cybersecurity courses and runs a cybersecurity research lab for graduate students and undergraduates studying Computer Science and Computer Engineering. He is also Director of the Virginia Cyber Range and serves as deputy to the Virginia Tech CISO, helping lead security efforts for the university network. David holds a Ph.D. in Computer Engineering and taught West Point's capstone course in cybersecurity for four years. David created West Point's cyber-competition team, and currently serves as faculty advisor to Virginia Tech's student Cybersecurity club. He has published over 25 papers and articles on topics including computer architecture, wireless security, online privacy, and cyber warfare, and has spoken at several academic and industry conferences, including Black Hat, RSA, Shmoocon, and the NATO Conference on Cyber Conflict. David is also co-author of the forthcoming "On Cyber", a book on military cyber operations.