 Josh Pauli
 Associate Professor of Cyber Security
 Dakota State University (Madison, SD)
 10 years and counting!
 We have 300+ students studying:
 Cyber Operations (Cyber Security)
 Computer Science

Largest degree on campus (170 / 1200)

Explosive growth in the last two years (55 in ‘11; 70 in ‘12)

Want the best and brightest regardless of computing history

A great mix of:






Programming
Networking
Operating systems
“hacking”!
Ethics
Critical thinking
 Full ride scholarships + attractive stipend
 $35,000-40,000 per year
 including $20,000 stipend
 Work for Gov’t agencies after graduation
 National Security Agency (NSA)
 Central Intelligence Agency (CIA)
 Space and Naval Warfare Systems Command
(SPAWAR)

NSA wants the most technical cyber experts

DSU was selected as 1 of 4 in the entire nation
 Now 8 schools

Only public institution in the nation

Only program with dedicated Cyber Ops
program in the nation

Only undergraduate program in the nation

Best Cyber Operations curriculum in the nation

Cyber Corps scholarships to save over $100,000

Top Secret security clearance before graduation

Work on the top security projects in the world

25 years old:




Undergrad & Graduate degrees in Cyber Operations
Top Secret government security clearance
2-3 years of experience in a Federal agency
Any job you ever want anywhere you want it
1.
What’s technical social engineering (TSE)?
2.
Timeline of hacking
3.
AV is dead! Long live AV!
4.
How to prevent TSE attack
5.
TSE in penetration testing
6.
Q &A
 It’s NOT:
 Physical impersonation
 Pretext calling
 Dumpster diving
 Still good stuff; just not what we’re
talking about today!
 Relying on people being:
 Gullible
 Greedy
 Dumb
 Naïve
 And using technology own them! 
 Remote code execution
 Administrative rights
 Key loggers
 <<insert juicy payload here>>
 Not clicking links
 Opening files
 Visiting websites
 But it only takes 1 person!
 This is why we can’t have nice things…
 But it’s not enough
 Just one “layer”
 Signature-based = always behind
 How AV vendors work (simplified)
 Why security researchers giggle at this
 And only you!
 User Awareness Training
 Currently a raging debate in InfoSec
 Fear v. education
 Punish v. reinforce
 “Check the box” v.
“Get after it!”
 Timing
 Scope
 Price
 So this is red team?
 Who can actually do this?
 Josh.Pauli@dsu.edu
 @CornDogGuy
 Happy to help
anyway that I can! 