LLNL takes on leadership role in web security training
Computer security training heats up at Cyber Fire

Computer Security Training Heats up at Cyber Fire

Friday, May 12, 2017

Lawrence Livermore National Laboratory can now add Cyber Fire, a Department of Energy (DOE)–sponsored series of regional and national cyber security training sessions, to its growing list of co-hosted events. Previously organized solely by Los Alamos National Laboratory, Cyber Fire recently welcomed LLNL along with Idaho National Laboratory into partnership roles for the regional session known as Cyber Fire 8 West. The event was held on February 6–10, 2017, in Denver, Colorado, with more than 100 participants.

Cyber Fire is designed for cyber security professionals at the DOE, national laboratories, other government agencies, and associated contractors. Participants explore issues in network operations, information protection, and cyber security policy. Six employees attended from the Laboratory’s Cyber Security Program: Amy Mayer, Laquinn Nimmons, and Patrick Stevens from Computation’s Information Technology Solutions division, and Pablo Arias, Mark DeSantis, and Chris Lawson from Global Security Computing. Lawson performed additional duties as part of the organizing team.

During the first three days of the week-long event, participants choose one of five training tracks: (1) As an introductory track, Entry Point provides an overview of incident response strategies. (2) Incident Coordination prepares participants to coordinate multiple teams and agencies in response to a large-scale cyber security event. (3) Network Archaeology trains security personnel to detect security breaches. (4) With a focus on Windows systems, Host Forensics teaches participants how to investigate and retrieve malicious software. (5) In the Malware Analysis track, trainees learn how to use static and dynamic analysis techniques to protect against malware. The next two days are spent putting training into practice with realistic exercises. Participants form teams to tackle challenges in areas such as malware reverse engineering, JavaScript de-obfuscation, and forensic analysis.

As Livermore’s cyber security operations leader, Stevens was keen to enhance his day-to-day skills via the Network Archaeology track. “We learned more refined techniques for interrogating data and de-obfuscating malicious packets sent over networks,” he explains. “You don’t know what the packet content is, and you have to reverse engineer the packet capture. It’s ‘archaeology’ because you try to go back in time to figure out what happened.” During the two-day exercises, his team participated in—and nearly won—a Spycraft-like digital competition that combined puzzles, a scavenger hunt, and other clue-based tasks. Stevens states, “Teams had to leverage individuals’ expertise to solve problems. It was a fun way to further hone our security skills.”

Assisted by Arias, Lawson and DeSantis led a half-day training session on web security vulnerabilities. “Participants learned about the most common vulnerabilities, such as how they work, famous real-world examples, and how to mitigate them,” notes Lawson. “Wherever possible, we gave the attendees a chance to execute an actual attack on a purposefully vulnerable web application to reinforce the understanding of these vulnerabilities and to make the exercise more challenging.”

The Laboratory’s global and national security missions depend on a multidisciplinary computer security workforce well versed in the latest technology and trends. As leadership opportunities continue to arise in this area, Livermore scientists look forward to future Cyber Fire involvement and are developing a two-day Network Archaeology course. Lawson acknowledges the importance of collaborative events for strengthening both cyber defense education and the professional community. He explains, “Most people attend the Cyber Fire series to develop their technical skills, but making contacts and forming relationships with others across the DOE cyber security community is arguably even more valuable.” Stevens agrees: “Knowledge transfer with the community—learning what others are doing and sharing information—is the best part of Cyber Fire.”