Cryptogeddon – Coming Soon!

cryptogeddon - logoI’d like to give you a heads up on a project that I’ve been working on called Cryptogeddon. I am passionate about infosec and Cryptogeddon is about to become my muse in the infosec space.

In a nutshell, Cryptogeddon is an online cyber security war game. The game consists of various missions, each of which challenges the participant to apply infosec tools to solve technology puzzles – an online scavenger hunt, if you will. Each mission comes with a solution that teaches the participant which tools to use and how to apply the tools to solve the mission.

Each Cryptogeddon Mission Pack consists of the following:

  1. Mission Cover - templatea synopsis – this introduces the mission, provides some background info and sets the stage for the work that needs to be done;
  2. Objective(s) – this clearly articulates the tasks that need to be done to complete the mission;
  3. Asset list – each mission starts with at least one digital asset that you will need in order to complete the mission. The asset list provides an inventory of your starting assets, along with instructions to obtain those assets;
  4. Tools – this section contains potential spoilers. It lists all of the tools that are required to complete the mission. Only read this section if you need help or if you want to review how you did at the end of the mission;
  5. Support services – this section details how you get help with your mission if you get stuck, if the instructions or solution are unclear and/or if you find errors with the mission pack;
  6. Solution – This section outlines the steps to complete the mission. Some people will ignore this section until they’ve completed the mission. Others might need to take a peek to help get through a particularly tricky part of a mission. And others might rely on the solution as a training device to help walk them through the entire mission.

Each mission touches on one or more of the following infosec topics:

  • security architecture and design
  • network security
  • secure coding
  • cryptography
  • operations security
  • access management
  • physical security
  • IT governance and risk management

And, missions require the use of various infosec tools, including but not limited to:

Mission packs will be sold individually, with a possible “combo pack” available once I get sufficient missions available for sale. I haven’t settled on final pricing yet, but each mission will be $4.99 or less.

I am launching this game within the next week or so – I am just applying the finishing touches to my first missions and finalizing the public facing website for this product.

In the near future, I will be speaking about Cryptogeddon at a couple of local events:

  • Software HamiltonSoftware Hamilton: I will be providing an overview of the game at Software Hamilton’s Demo Camp 13 on Sep 24 2013. At DemoCamp 13, I will be giving a 5 minute overview of this project, followed by 5 minutes of Q&A. You’ll be able to pick up some swag (Cryptogeddon logo stickers) at the event as well.
  • sector-logoSector: I have been invited to speak at Sector (Canada’s Premier IT Security Conference) on Oct 8 & 9 to share this project. At Sector, I will be giving a 1 hour talk where I walk the audience through “Cryptogeddon: Sector 2013 edition” – a special mission for Sector that anyone will be able to download for free. At this session, I will walk the audience though the mission, demonstrating the various infosec tools needed to solve the challenges presented in the mission. And, in addition to my “Cryptogeddon: Sector 2013 edition” talk, all Sector attendees will receive a Cryptogeddon logo sticker in their conference bags.

I encourage you to sign up for the mailing list at, follow @cryptogeddon on Twitter and check out the first missions as soon as they are released. And, I encourage you to come out to Software Hamilton’s DemoCamp 13 to show your support and to hear from some other interesting local speakers with some great products to share. And, I highly recommend that you register to attend Sector – there will be a lot of bright infosec minds in attendance – I always come away from Sector with a ton of great learnings. Sector is definitely my favourite infosec activity each year.

Stay tuned for more info on Cryptogeddon in the coming days!



WordCamp Hamilton 2013 – My presentation

WordCamp Hamilton 2013As a follow up to my last post about WordCamp Hamilton 2013, here are the slides from my presentation.

Conference Name: WordCamp Hamilton 2013
Date: Sun June 23 2013
Location: The Art Gallery of Hamilton

Let me know if you have any questions, comments or concerns.

Talk soon!



WordCamp Hamilton 2013 – A Summary

WordCamp Hamilton 2013I participated in WordCamp Hamilton 2013 this past weekend. It was a great event and I want to share my experiences. So, here goes…

Conference Name: WordCamp Hamilton 2013
Date: Sun June 23 2013
Location: The Art Gallery of Hamilton

Overall summary:
What a fun event! The speakers were good (not speaking for my own presentation here – haha), the content was current, relevant and helpful, the facilities were perfect for the size of the conference and the catering was well done. And, the price was hard to beat: $20 got you all of this:

  • Continental breakfast
  • Catered lunch
  • Event t-shirt
  • 7 talks from great WordPress speakers on a variety of topics
  • Panel Q&A session with the speakers at the end of the day
  • Complimentary beverage at the after party location (Radius Cafe)
  • Free WiFi internet access at the venue
  • “Swag bag” with WordPress and sponsor goodies

And, participants helped to encourage and support a great community of developers in the Hamilton area.

It was a fantastic event and I look forward to attending and possibly participating again in next year’s event.

Here’s my play by play of the day’s activities:

Kevin Browne9:45am – Keynote – Kevin Browne (@hamiltonkb):
Kevin spoke about communities and the strength and resiliency of networks. I really liked Kevin’s summary of M. Scott Peck’s four stages of community building:

  • Pseudocommunity – superficial interactions
  • Chaos – initial member interaction leads to conflict
  • Emptiness – Apathy gives way to understanding of what’s important
  • True community – healthy team interaction

Kevin’s keynote offered great insight into the potential that exists for the Hamilton development community. Kevin encouraged the audience to get involved and help lead the numerous events and activities that can draw us closer together. One particularly relevant example was the do an “introduction to wordpress” event.

Great presentation Kevin – Very inspiring!

Joey Coleman10:15am – Joey Coleman (@joeycoleman):
Joey talked about how he grew his editorial career. Great story – great example of hard work and being in the right place at the right time!

I was particularly interested in Joey’s summary of the Creative Commons license types. I’ve always known about these, but have never spent a lot of time understanding them. I was particularly appreciative of Joey’s principles pertaining to content sharing. He subscribes to the “Attribution | Share Alike” license, and he shared a story where he was asked to share some content with CBC on the condition that he change his licensing terms for the content he was asked to share. He stuck to his guns and refused to change his licensing terms, in spite of offers for compensation. I like it – it’s always good to see people who stand up for what they believe in.

Thanks for the summary Joey. Entertaining and informative talk!

Kristin & Seema11:05am – Kristin Archer (@ihearthamilton) & Seema Narula(@thismustbeseema):
Kristin and Seema have an infectious enthusiasm about sharing and community building. Their presentation was an awesome example of how to roll your sleeves up and start doing!

Kristin and Seema offered their expertise about interacting with and building an audience. Their tips and techniques were helpful and are required reading for anyone that is interested in building a community around an interest or location that interests you. Some of the topics that they covered included:

  • Consistency in voice (be authentic, honest)
  • Frequency of posts (regular posts)
  • Categories – use them!
  • Personality
  • Connect w/ the blogging community
  • Social Media
  • Accessibility

They have done a fantastic job as cheerleaders of the Hamilton area, of which they should be rightly proud.

Thanks Kristin and Seema for your lessons about building an effective niche blog and for promoting my hometown!

Richard Rudy11:55am – Richard Rudy (@thezenmonkey):
Richard shared his expertise designing and building for mobile. I really liked the stats that he shared comparing the number of babies born in 2011 and 2012 compared to the number of mobile devices that were “born” during that same time. I didn’t capture the exact numbers, but there were a heck of a lot more mobile devices born than people during that period of time!

Richard shared the main models for developing for mobile and the pros and cons of each. I really liked his answer when he was asked, “which model is best?” and he replied that it depends on the use case. That is perfect, as it really does depend on the use case – you want to make sure the solution matches what you’re trying to accomplish and each situation will be different.

My main takeaways were to check out some mobile frameworks (the developer in me is a bit rusty on mobile frameworks):

Thanks for the great overview Richard. Very educational! And, I really like your website: – it is very unique, creative and cool!

Al Davis2pm – Al Davis (@adavis3105):
Al has a very relaxed presentation style – the stage is like a second home to him. And, he came prepared with two presentations – the audience voted to see which topic he would present on. We, the audience, decided to listen to him talk about “10 things to do after the install”.

The slides went by quick at times, but I think I captured all of the items (I missed a couple of slides, then I Googled a previous presentation of his to try and piece together what I missed):

  1. Change default admin
  2. Security: check out ‘wordfence” plugin as a security plugin.
  3. Edit permalinks: Al doesn’t like using date in posts as it might be construed as old and irrelevant.
  4. Akisment: enable it!
  5. SEO: Install WordPress SEO by Yoast.
  6. Activate Google Analytics
  7. Categories: Add them
  8. Change your blog tagline
  9. Install a theme:
  10. Back it up!

Al offered a great overview of some top things to do as you begin with a new WordPress site. Thanks for sharing your knowledge and entertaining the crowd, Al!

Laurie Rauch2:50pm – Laurie Rauch (@lauriemrauch):
Laurie is a hard core geek! She codes for a living. And, when I complimented her on the look of her sites ( and, she modestly told me that she couldn’t take credit for the look and feel as she didn’t do the design work on her site. Then, she went on to do a presentation where she showed us how to create child themes and manipulate css and such. My suspicion is that she knows what she’s doing and that she’s being modest so that she doesn’t lose any of her hard-earned geek coder cred. 🙂

Here are my very high level notes from her presentation (my notes don’t do justice – her presentation slides go into great detail about these items):

In a nutshell:

  • To create a child theme, you create a child theme folder
  • The child theme folder will override anything in the parent theme
  • You can override css, functions, etc.

The best tip that I got out of her presentation was to use Firebug to change code on the fly – this allows you to experiment. Then, you take that code that you’ve changed in Firebug and paste it into your child theme.

Thanks Laurie for the in-depth session – very informative!

Todd Dow3:40pm – Todd Dow (@toddhdow):
I had the final presentation slot of the afternoon. I think my presentation went well. The audience seemed attentive and there were plenty of questions and lots of discussion. I enjoyed the session and the interaction with the audience. I’ll be posting a summary of my presentation in my next blog post.

4:20pm – All-speaker panel:
This was fun – interesting questions and interaction with the audience and the rest of the panel. This was a great way to finish the day.

We had a wrap up and an after party at Radius Cafe. It was a long day, but a very valuable day.

Much thanks to the organizing committee – you put on one heck of an event. I’m looking forward to seeing what you do for an encore!

  • Dale Mugford
  • Roz Allen
  • Martin Kuplens-Ewart
  • Nick Tomkin
  • Geoff Campbell
  • Kevin Browne
  • Shanta Nathwani
  • Jacqueline Norton
  • Carolynn Reid
  • Michael Canton

And great work to all of the presenters and to everyone else that made this event happen. I look forward to attending and participating again next year!

Let me know if you have any additional information or if you think I’ve misrepresented or neglected to mention anything.

Talk soon!



SC Congress – Day 2 – 3:55pm – “Software security: Automation to scale your secure SDLC”

Security CompassDay 2 – Wed June 12 2013:
3:55pm – “Software security: Automation to scale your secure SDLC”, by Nish Bhalla, founder, Security Compass

Nish provided an overview of project lifecycles and how each requires unique approaches to quality management, specifically relating to security.

Nish provided a quick overview of the following project lifecycle approaches:

  • Waterfall (long planning)
  • Agile (Iterative)
  • Continuous Integration (no process / ticket at a time)

For all models, security requirements are inserted at the beginning of the project and/or product feature backlog. Security requirement verification occurs during regression testing.

I really liked his presentation as it related security to the project management lifecycle, something that is often neglected when thinking about security (as security is often seen as a bolt-on for infrastructure or after the fact work).

One interesting thing to note: Nish was extremely casual with his presentation, venturing into the audience to present. I was sitting in the front row and for much of the presentation, he was located in the middle of the room speaking to the back half of the room, which required me to turn in my seat to pay attention.

I was really impressed with the large library of security requirements that Nish displayed during the presentation. He directed us to where we can find an exhaustive security guidance guide, amongst other resources available on that site.

As well, Nish directed us to additional resources at:

Overall, this was a great presentation and the resources that Nish suggested are quite valuable.


SC Congress – Day 2 – 1:20pm – “Detecting modern malware in your environment”

Day 2 – Wed June 12 2013:
1:20pm – “Detecting modern malware in your environment”, by Iain Patterson, information security officer, Trillium Health Partners

This presentation offered a high level survey of how to mitigate, detect, handle and remove malware from computer systems. The bulk of the presentation was fairly high level, discussing process, concepts and best practices.

The last couple of slides were quite valuable, as they identified the tools that are helpful in detecting and mitigating malware. Iain offered two sets of tools:

The “Security on a budget” list:

Iain also offered a great list of bigger budget tools. Unfortunately, I couldn’t get the list. I’ll be watching for the slides, at which point I’ll update my list.

Ian’s final slide highlighted some great tools for malware analysis:

Very valuable resources!