Cybersecurity Awareness Month 2022

Hacktober events!

Resources

October is Cybersecurity Awareness Month (aka Hacktober). WaTech's Office of Cybersecurity has several fun events planned to help you stay safe online, and protect information entrusted to the state from cyber threats.

Activities will include a virtual escape room and online quiz games. In addition, there will be weekly presentations by cybersecurity and privacy experts. State employees who attend presentations and participate in events will be entered into weekly drawings for gift cards. There also will be prizes for winners of the escape room and cyber quiz competitions.

Please make daily visits to this page to sign up for events and learn more about the activities. Also, follow us on Twitter for more cybersecurity tips and information.

"Most security breaches start with human error, such as someone falling victim to a phishing email that downloads malware or tricks people into providing their account credentials. Awareness training can help everyone understand the risks associated with their actions, how to identify cyberattacks and stay safe online," said Bill Kehoe, Washington state's Chief Information Officer. "I strongly encourage all state employees to take part in our Cybersecurity Awareness Month events."'

Cybersecurity awareness presentations

*Microsoft Teams links to the presentations will be posted on the day of the event. All presentations will be recorded and available afterward on this page, along with slide decks. (All participants are automatically entered into a weekly drawing for gift cards)

September 30, Noon - 1 p.m.
Cybersecurity Awareness Month Kickoff
State CIO Bill Kehoe

Please join state Chief Information Officer Bill Kehoe for his kickoff presentation. Bill joined Washington Technology Solutions (WaTech) as the Director and State CIO for Washington on Aug. 1, 2021. Prior to WaTech, he was the Chief Information Officer for Los Angeles County in California from 2017-2021, where he managed enterprise security, information management, enterprise architecture and technology consulting services for 37 county departments. Bill has a long history of managing information technology departments in local and state governments, including more than 15 years in Washington state agencies and counties. He holds a Bachelor of Science degree in electrical engineering from Gonzaga University and a project management certificate from the University of Washington. He has also completed Lean Six Sigma training.

October 5, Noon - 1 p.m.
Automated Decision-Making
State Privacy Officer Katy Ruckle

Katy Ruckle, WaTech's State Privacy Officer, will provide an overview of automated decision-making systems (ADS) and algorithm risks. Her presentation discusses the state's current efforts to examine the use of ADS and some of the concerns raised by the technology.

Katy, a licensed attorney admitted to the Washington State Bar Association in 2005, was appointed as the Chief Privacy Officer on Jan. 1, 2020, by the state Chief Information Officer. Since her appointment, Katy has published foundational privacy principles for Washington state agencies to incorporate into their data governance practices and increased training on privacy and data protection through monthly webinars. In 2021, she led the Automated Decision-Making Systems workgroup which culminated in a report to the Legislature. Katy previously served as the Privacy Officer and Information Governance Administrator at the Department of Social and Health Services (DSHS), where she created and implemented the agency's privacy program. She holds certifications from the International Association of Privacy Professionals (IAPP) in US privacy law (CIPP/US) and privacy program management (CIPM). In addition, she is recognized as a Fellow of Information Privacy by the IAPP.

October 6, Noon - 1 p.m.
Why we should use Multi-Factor Authentication (MFA) everywhere we can
John Fox, Department of Licensing

John Fox discusses what Multi-Factor Authentication (MFA) is, what it's not, and why we should use it everywhere possible. John has worked for the state for nearly five years and currently supervises the information security office at the Department of Licensing. Prior to joining DOL, John held networking and security jobs in both the federal and private sectors for organizations ranging from large defense contractors down to a small television station. John has collected an alphabet of certifications over the years but is most thankful for all his experiences. In his off time, John enjoys the beautiful PNW with his family, woodworking, and football. Go Ducks!

October 12, Noon - 1 p.m.
Internet of Things & Industrial Internet of Things
Penny McKenzie, Cybersecurity Engineer at PNNL

Please join state Penny McKenzie for her presentation on the Internet of Things & Industrial Internet of Things. The Internet/Industrial of things (IoT/IIoT) is a technology that is changing the threat landscape for organizations, businesses, critical infrastructure and people that can be used to exploit inherent or unknown vulnerabilities in multiple critical systems. What are some things that you can do to better protect yourself and your organization?

Penny is a cybersecurity engineer at the Pacific Northwest National Laboratory, where she is the founder and lead developer of the PNNL IoT Common Operating Environment. Her specialty is Industrial Control Systems, embedded systems, and IoT cybersecurity.

October 13, Noon - 1 p.m.
From Compliance to Risk Awareness: A Security Agility Journey
Stevens Fox, Deputy CISO for Policy & Program Management

Stevens Fox will give a technical presentation covering WaTech's strategy and tactics for helping state agencies evolve to a risk-informed approach to building responsive security programs. Stevens is the Deputy CISO for Policy & Program Management for WaTech's Office of Cybersecurity. He has more than 15 years of international, government and private sector experience and has worked with organizations including WorkForce Software and the Internal Revenue Service. Stevens leads the cybersecurity governance, risk, and compliance initiatives for OCS, focusing on enabling the missions of our agency customers and the state of Washington overall.

October 19, Noon - 1 p.m.
Remote work and the threat of social engineering
Danton Thompson, Department of Health

Danton Thompson with the Office of Innovation & Technology at the Department of Health will provide helpful tips for remote workers against two of the biggest threats facing the mobile workforce today: Social engineering and proper password hygiene. Danton, the PCI DSS (Payment Card Industry Data Security Standards) program administrator for DOH, uses his background in education and news writing to present technical information to a broad audience through the bi-weekly Washington State Department of Health Daily Dose column, Security@Health. He is a veteran of the United States Army where he served as an Information Technology Specialist supporting tactical operations centers throughout South Korea and Alaska.

October 20, 1 - 2 p.m.
How I Can Easily Attack You Through Email and Completely Compromise Your Organization
Roger Grimes, KnowBe4

Roger Grimes, with KnowBe4, discusses attacks including password hash theft, password spray attacks, multi-factor authentication by-pass, rogue URL attacks, and much more in a fast-paced presentation. Roger is the author of 13 books and over 1,200 articles, specializing in host security and preventing hacker and malware attacks. He is a frequent speaker at national computer security conferences and was the weekly security columnist at InfoWorld and CSO magazines between 2005 - 2019. He has worked at some of the world's largest computer security companies, including Foundstone, McAfee, and Microsoft. Roger is frequently interviewed and quoted in the media including Newsweek, CNN, NPR and WSJ.

October 26, Noon - 1 p.m.
Scammers and scams, just part of our modern lives
Erich Kron, KnowBe4

Erich Kron, Security Awareness Advocate at KnowBe4, discusses the security problems we all face, the different types of scams and how we can defend ourselves and our organizations. Erich is a veteran information security professional with over 25 years' experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the U.S. Army's 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, SACP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in Information Security.

Questions? Please contact the Office of Cybersecurity.

Events!

Escape room: Born Secure: Jacob has been selected for a top-secret program that trains new recruits on how to become the world's best cybersecurity operatives. However, first, he must pass a test known by the community as the "Entrance Exam."

State employees can sign up for WaTech's virtual cybersecurity escape rooms. This will be a competitive event for state agencies. Create a team with your co-workers (must be four to eight players), a date and time that works for you, and have fun! Each team gets one game. A leaderboard will be maintained and linked on this page. The top three teams from different agencies with the fastest times will have a run-off in a different virtual escape room during the final week of October to determine the Hacktober champ! Winners get a custom-designed background for Microsoft teams and state bragging rights! (All participants are automatically entered into a weekly drawing for gift cards)

  • Days: Monday - Friday,
  • Time: 8 a.m. to 4 p.m.

How to reserve a room:

  • Click on this signup link.
  • A box will pop up asking for your email. Enter your state government email only.
  • You will go to the sign-up page. On the calendar, navigate to the day you want to play and then complete the sign-up process.
  • Important: Signups are on a first-come, first-serve basis. Each participant must sign up individually. Please coordinate with your team members on a date and time that you want to play, and then sign up as a team individually. If you see that a room already has people signed up who are not on your team, please pick a different time and date. Teams must be a minimum of four players.

* If you run into issues accessing the sign-up page, please check with your IT department to ensure the site is not being blocked.

Participant Tips:

  • When you sign up for a session, you will receive a confirmation email with everything you need. Double-check your date and time, and enter gameplay through the video conferencing link in the email. You will also receive a calendar invite to download.
  • Need to change your reservation? Go back to your confirmation email to do so.
  • Please allow yourself a few extra minutes to sign in and load the escape room.
  • Pay close attention to the introduction!
  • Don't get too technical. Stay with the team and follow along with one puzzle at a time. Everything you need to solve the puzzles lives in the Evidence Locker or Exam Guide.
  • There will be a total of nine sessions each day starting at 8 a.m. and up to eight people can play each game, which generally takes under an hour to complete. We encourage state employees to create teams to compete against each other for the best times. WaTech will maintain a leaderboard and announce the teams with the best times on Nov. 1.
  • The escape rooms have a series of questions or puzzles that must be solved to advance through the game. Each player will have the opportunity to take the lead in solving a puzzle while the rest of the players shout out possible solutions. This is a cooperative team-building exercise.

Questions? Please contact Rob Gestewitz at WaTech.

Kahoot! Quiz games

WaTech's Office of Cybersecurity will host a cybersecurity quiz competition on Microsoft Teams each week. Your host, Jessie Wachter, will be on hand to guide players through the quiz and answer questions at the end. A Security Engineer at WaTech's Office of Cybersecurity by day, wanna-be quizmaster by night, Jessie is excited to be hosting the Hacktober Kahoot! quizzes again this year. Jessie said the game combines two things she really enjoys, cybersecurity and quizzes! Providing the knowledge to make good cybersecurity choices can help everyone, whether in the work environment or at home. "I really hope to see everyone at the live events, to be held on every Tuesday in October," Jessie said. "If you can't make that, a link will be provided that allows access to the quiz from Wednesday morning to the end of day Friday."

This year, Jessie will also be creating a leaderboard for participants which will be updated weekly on the Kahoot! game page. The state employee with the highest cumulative score (from all the quizzes hosted on Tuesdays) at the end of October will receive a $25 gift card, and bragging rights as the state quiz champ! (All participants are automatically entered into a weekly drawing for gift cards)

Play this week's game on your own!