University of Maryland Global Campus, in conjunction with the EC-Council Foundation, hosted the 2015 TakeDownCon Capital Region Conference, June 1–2 at the College Park Marriott Hotel and Conference Center.
Bringing together leading industry researchers and technical experts, the two-day ethical hacking conference focused on a range of topics related to both the attack and defense of information systems. Among the featured speakers at TakeDownCon were UMGC faculty members, who shared their industry expertise and scholarship on the latest vulnerabilities and security threats, along with the methods and strategies for effective detection and prevention of cyber attacks.
Day One: Attack
The first day of the conference was centered around cyber attacks, with speakers discussing how even the most protected systems can be breached.
Emma Garrison-Alexander, program chair for UMGC's Master of Science in Cybersecurity, led a session entitled, "Technology Built for Attack," discussing how the various electronic devices that we have come to rely on are vulnerable to cyber attacks.
"Whether using a laptop, desktop, tablet, smartphone, or smartwatch, significant vulnerabilities exist and will be exploited," she said. Garrison-Alexander also called for a greater focus on reducing product vulnerabilities during the development stage. "I think we need to do some due diligence to say, 'Let's back up a step and not just be responsive to vulnerabilities once they're in the marketplace. . . [Let's] build in better security.'"
Also on day one was a presentation by UMGC computer science student and Cyber Padawan, Dustin Noe, who discussed heartbleed vulnerability and the security threats associated with it.
Day Two: Defense
The second day of sessions at TakeDownCon focused on mechanisms and strategies to protect systems and information from nefarious and persistent cyber attacks.
Among the speakers was Steven Gantz, associate professor in the information assurance program at UMGC, whose presentation, "Defending Applications in the Cloud," covered the challenges of securing sensitive personal and corporate information for organizations moving systems, data, and services to the cloud.
"Security is a big issue for people; they get nervous about it," he said. "Financial data, employee records, personal data, [as well as] intellectual property, trade secrets, product development plans . . . Who has access to it? What happens to it?"
Gantz discussed how standard network security practices and architectures don't always transfer directly to the cloud.
"It all boils down to the principle of 'defense in depth,'" he said. "One security control is good but not sufficient. You need more, because one can fail. Following cloud-specific defensive strategies supports implementation of defense in depth."
The second day also featured UMGC adjunct instructor Michael Kopbett, whose presentation, "MACE: Malware Analysis in a Controlled Environment," dealt with the current status of malware—hostile, intrusive software, including computer viruses—and some of the methods and strategies for safely conducting static and dynamic malware analysis.
Prior to the conference, UMGC also hosted EC-Council certification classes for information security professionals wishing to prepare for industry certifications such as Certified Ethical Hacker, Computer Hacking Forensic Investigator, Certified Security Analyst, and Certified Chief Information Security Officer.