Note: You will need to provide everyone with Internet access for this seminar.

During this "lunch & learn" seminar we will:

1. Dissect a web site's structure and content. Grab a copy of someone's entire web site. Learn how students re-created their school's web site to get a day off.
2. Explore what's actually inside a web page. View HTML, CSS, and JavaScript source code. Learn how web pages are constructed and customized "on the fly".
3. Engage in some quick "URL Hacking" and "Google Hacking". Find hidden or obsolete web pages. Gain direct access to raw web server files.
4. Watch Facebook execute software on your computer when you surf to CNN. Dissect Facebook's software source code to see what it does.
5. Examine the "guts" of e-mail messages. Learn how clicking a link for Chase.com can take you to EvilHackers.com instead.
6. Determine what is your public Internet address. "Ping" other people's Internet addresses. (You did know that everyone has a public Internet address, right?)
7. Locate people's home computers—and iPhones!—on the Internet. Geo-locate their Internet addresses.
8. Take a tour of wireless home networks in your neighborhood. And in neighborhoods around Orlando or Beverly Hills. Locate homeowners' Facebook pages.
9. Watch live video of a conference room somewhere in Moscow. (They probably don't know it's visible from, say, Illinois.)
10. Learn how Angry Birds is programmed to upload your entire address book to a third party web server. Learn why IBM has outlawed "Siri".
11. View print jobs and scanned documents in other organizations' office copiers/printers/scanners/FAX machines.
12. Download confidential spreadsheets containing employee names, positions and salaries. Find other types of sensitive documents, too.
13. Take some detours specific to your organization!

During this "lunch & learn" seminar we will:

1. Bring into focus security and privacy issues affecting individuals and organizations. What are the risks, and how do you mitigate them?
2. Itemize boring, tedious, and unimaginative aspects of InfoSec that really pay off. Review how InfoSec applies to old, non-digital information, too.
3. Learn how the "Digital Underground Economy" spurs criminal software developers to create tools and malware. How did you and your organization become their targets?
4. Analyze how malware gets into your computers and USB devices (prepare to be surprised). Discuss why today's malware is designed to be unobtrusive and short-lived.
5. Discover how anti-virus products are both useless and useful. Learn about other lines of defense that will work better for you.
6. Explore common ways your computers, software, staff, and data are being attacked right now. Find out about what you can—and cannot—defend against.
7. Identify how your data is leaking out of your organization to third parties. How does this place you at risk? How can you stop these leaks? And what is "meta-data"?
8. Learn how security awareness training and new organizational policies will reduce your risks. Discover why "ROI" calculations don't justify InfoSec. What does?
9. Examine technological solutions and their shortcomings. Why don't firewalls stop hackers from accessing your computers? What is "BYOD" and what should you do about it?
10. Penetrate the buzz surrounding cloud computing. Does InfoSec apply to cloud computing, or does cloud computing make InfoSec obsolete?
11. Take some detours specific to your organization!

Note: Attendees will need to bring a laptop or netbook computer to this seminar. You will also need to provide everyone with Internet access. We'll provide the network cables, peripherals, and equipment required for "hands-on" work. It won't be necessary to connect anything to your wired network.

During this "lunch & learn" seminar we will:

1. Review historic networks that used couriers, signal flags, and Morse Code to send information. Yes, each of these corresponds to parts of a modern digital network.
2. Learn networking concepts in a simple, non-threatening way. For example, all computers need to have a unique "address" on the network.
3. Define a bare minimum of common networking terms. Examples: "ping", "Ethernet", and "packets".
4. Discover why information must be broken into pieces before being transmitted to its destination. Obviously, all the pieces are re-assembled afterwards!
5. Explore the concept of how data is routed from one place to another, eventually arriving at its destination.
6. Consider the concept of a Local Area Network (LAN) and compare it to a Wide Area Network (WAN).
7. Learn why most data flowing in a LAN shouldn't (and doesn't) get on the Internet.
8. Examine the concepts of "router" and "gateway", which connect various networks together.
9. Take some detours specific to your organization!

During the "hands-on" portion of this seminar, attendees will exercise their new knowledge as follows. Don't worry, you'll understand all these "buzzwords" and concepts before you start plugging cables into equipment!

1. Create a small wired network using Ethernet cables, network switches, and a DHCP server. If your computer doesn't have an Ethernet jack you'll create one with a simple USB adapter.
2. Use the "ping" command to verify network connectivity between computers on your new network.
3. Convert your wired network to use "static" network addresses instead of "dynamically-assigned" ones.
4. Create an "ad-hoc" wireless (Wi-Fi) network, which doesn't require any cables, software, or equipment.
5. Create a typical wireless (Wi-Fi) network using a Wi-Fi router.
6. Configure the Wi-Fi router through its administrative interface.
7. Learn why your small network doesn't allow your computers to access the Internet. Then, learn what it would take to accomplish this.
8. Connect your computers to your organization's normal Wi-Fi network, and "ping" Internet web sites such as Google.

Note: Attendees will need to bring two items to this seminar: an Ethernet cable, and a laptop (or netbook) with an Ethernet adapter. It will be necessary to connect their computers to your wired network. We will need your permission to sniff packets and run scans on your network. You will also need to provide everyone with Internet access.

During this "lunch & learn" seminar we will:

1. Download and install Wireshark (a packet sniffer and much more).
2. Learn the basics of configuring and starting Wireshark. Watch network data communications in real-time.
3. Explore captured data in full detail down to the "bit" level. Find the needle in the haystack (or maybe an SQL query).
4. Decode and interpret network protocols such as HTTP, SMB, ARP, and DHCP. Wireshark understands 1,300 network protocols!
5. Discuss basic techniques for troubleshooting common "network issues", such as failing to connect, or "hung" connections.
6. Save the captured data so it can be examined later or shared with colleagues and customers.
7. Export captured data to CSV and plain text.
8. Get a behind-the-scenes look at someone surfing the web. Extract some JPG image files from the web pages they visited.
   
   
   We will also:
   
   
9. Download and install Nmap (a port scanner and much more).
10. Locate and identify computers and devices connected to the network. The things we discover may surprise you.
11. Discover what ports are open and what network services are running on a target computer or device.
12. Identify manufacturers, operating systems, and server software for a target.
13. Use the Internet to find more information about open ports and network services.
14. Find "rogue" computers, devices, and software on the network. Such as a personal Wi-Fi access point, or pcAnywhere.
15. Locate home computers out on the Internet. Find out what ports they have open (they may have a web server running).
16. Take some detours specific to your organization!

During this class we will:

1. Begin with completely non-technical concepts and examples to build an understanding of basic database principles. Explain why we need to store and organize data.
2. Evolve our understanding to encompass computerized databases. We'll split the concept of a database into two parts: client and server.
3. Describe how a database contains an engine, whose job it is to manage data and respond to user requests.
4. Build data storage concepts such as tables, rows, columns, and data types.
5. Develop the notion of a standard command language that can be understood by any database engine.
6. Introduce SQL (Structured Query Language) and define its basic syntax. Examine the semantics that drive SQL's behavior.
7. Define SQL's symbols and operators, which provide a standard way to process and display data stored in a database.
8. Explore basic SQL queries, and explain how these can be used to sort, filter, and display stored data.
9. Take a quick tour of standard SQL functions, which are used to manipulate stored data.
10. Highlight how we can visually format stored data so that it's clearer and easier to look at. This will lead us to the concept of database reports.
11. Take some detours specific to your organization!

During this class we will:

1. Discuss data types and literals. Describe what NULL means and how it's an important concept in SQL databases.
2. Illustrate how comments can be placed in SQL statements. Demonstrate common ways to format SQL statements for greater readability.
3. Define additional SQL operators and functions. Introduce the concept of operator precedence. Show how parenthesis can override natural precedence.
4. Explain table aliases. What are these used for?
5. Evolve the idea of subqueries and show how these can make building and testing complicated queries easier.
6. Present grouping operations that can organize our stored data in a much better or more appropriate way.
7. Examine the mechanics of joins, and identify the various kinds.
8. Introduce the Data Description Language (DDL) and define its common commands.
9. Develop the concept of database views, and illustrate how these are useful.
10. Explain primary keys and foreign keys, which are used to link together data stored in databases.
11. Explore how triggers can cause automatic data operations to occur within a database.
12. Learn about indexes and explain how these can greatly speed up database operations.
13. Discuss sequences and identify common ways these can be used to organize data.
14. Evolve the concept of transactions and explain how these help to guarantee that data remains consistent across a database.
15. Demonstrate how web-based database reports can be generated. Show how SQL queries can assist in making web reports.
16. Take some detours specific to your organization!

During this class we will:

1. Present a formal definition of the field of information security. List its objectives and scope.
2. Show how information security is a risk management process. Illustrate various worldwide standards for managing information security risks.
3. Describe how written security policies help organizations to increase security. Take a quick tour of laws and regulations that apply to information security.
4. Develop the concept of "best practices" in information security. Introduce various organizations that publish "best practice" guidelines.
5. Introduce cybercrime and show how this is enabled by malware such as worms, viruses, spyware, adware, ransomware, trojans, and rootkits.
6. Discuss anti-virus software and its limitations. Describe zero-day exploits and identify how these are much harder to defend against.
7. Explain zombies and botnets, and what cybercriminals use these for.
8. Review networking concepts. List common network and Internet threats (including wireless threats).
9. Describe how network diagnostic software, port management, and firewalls can be used to increase security.
10. Identify safe computing habits relating to: PDF threats; multimedia threats; passwords; user IDs; e-mail; and voicemail.
11. Provide examples of social engineering and show how this completely circumvents technological protections.
12. Cover "boring" topics such as data backup and restoration; storage of backup media; facility security; property theft; equipment disposal and repair; paper files; uninterruptible power supplies; and shredders.
13. Introduce data leaks and meta-data. Show how these affect privacy and security. Explain how meta-data can cause ruin or triumph in lawsuits.
14. Explain how encryption works, and how it can be defeated.
15. Describe how security is degraded by mobile devices, flash drives, and external hard drives.
16. Take some detours specific to your organization!