It was standing room only at security consultant Ron Woerner’s presentation on tools, tips and techniques for cybersecurity professionals this week at the 2018 (ISC)2 Security Congress in New Orleans.
Woerner, president and chief cybersecurity consultant at RWX Security Solutions, focused primarily on easily available, free resources that anyone can find with a simple internet search or by typing in a URL. The resources are useful in cybersecurity assessments, investigations, awareness and administration. That Congress attendees lined up patiently to get into the session indicates how much hunger there is for resources that can help them in their jobs.
Perhaps the most unexpected advice Woerner shared had to do with two of his most used tools: Google searches and a thumb drive. Calling it “the number one hacking tool in the world,” Woerner said Google is a good way to start any project because it will likely provide a lot of the answers you need.
As for the thumb drive, he called it the cybersecurity pro’s toolkit. “When I get called in for help, I already have most of tools I need on my thumb drive.” If clients get nervous about him using the thumb drive, since the devices have been known to spread malware, he tells them they can check it first.
Host of Resources
Woerner ran through a staggering list of resources, which he said is by no means complete, since there are plenty of tools out there his list doesn’t cover. Sometimes he learns about new tools and resources from high school students that he mentors as well as from clients.
His list ran the gamut, from how-to sites such as Oldergeeks.com, Likehacker and How-To Geek to network vulnerability detection sites and social engineering toolkits. His list also covered system inventory and automation, patching, network mapping, network evaluation and troubleshooting, security testing, digital forensics, password vaults and encryption. He said he doesn’t expect attendees to use all the resources he shares, but if they find one or two that can help them, his job is done.
Woerner also recommended visiting the Cybersecurity Canon website, which lists and reviews books on cybersecurity.
On Writing Well
In addition to sharing his list of resources, Woerner delivered a piece of advice he says cybersecurity professionals must take seriously: Learn how to write. A security pro can develop the best technique, but if he or she cannot communicate it through good writing, the message is bound to get lost.
Cybersecurity pros can watch a similar presentation delivered by Woerner at an RSA Conference by clicking here. In addition, Congress attendees can access his slide presentation through the (ISC)2 Security Congress mobile app.