Users don't pay attention to your security guidance and they tune out during those training programs you bought because it's all just so boring. But learning "how to be a hack" is interesting, so I've turned cyber security education into an exercise in doing evil. This presentation will discuss why and how I've designed training classes that teach average users how to do some very bad things. I teach people ranging from software engineers to accountants how to carry out specific attacks, crack passwords, social engineer their way to fame and fortune, and so on. Furthermore, the talk discuss how you too can raise general security awareness in so doing. It will comprise a discussion of my general philosophy on teaching evil, instructional design, classes I teach regularly, and topics for classes that are still on the drawing board.
Chris Niemira is AOL veteran who once spent over seven years running the front door to one of the world’s largest email systems just so he could kick spammers in their digital pants. He's done time in the banking and pharmaceutical industries, as well as some bubble-era dot-coms that we won’t talk about. Today he survives in the Northern Virginia Underground as an SRE and security enthusiast who spends his days hands-on helping product owners make their code faster, more stable, and safer. Either that or sitting in meetings. Depends on the day, really. He's been designing and teaching security training classes for the past year, so he probably thinks he knows more than he does about it. He also speaks at conferences from time to time, has directed off-Broadway theater, and enjoys retro video games.