June 1-5, 2026 - FDIC Introduction to Security

This page links to resources that might be interesting or useful during class. It’s not an assignment and nothing here is required reading. But as we move through the week, I’ll post links related to class topics, assignments, and other interesting nuggets.

• My email is matt@hillvt.com, call or text me on 802 899 0704 anytime for help.
• Here’s a link to the class Powerpoint deck.
• Here’s a link to a cheat-sheet / outline that might be useful as you consider taking notes.

Monday June 1

• Just to whet your whistle, Here’s an interesting story about Safepay Ransomware, one of the scarier and more active ransomware groups in current activity. The question for us is: How could a small bank protect themselves against a crew like this?

• Here’s CISA FYI. It’s part of the Department of Homeland Security.

• Lilit mentioned ShinyHunters, and what a trip they are. They got 7-Eleven just a few weeks ago. Instructure (owner of the popular LMS Canvas) was another recent victim, as well as Charter Communications which is a bit close to home for Hill Associates! At least in the Canvas instance, disaster seems to have been averted, but at what cost?

• You may have read of Mansfield Community Fiber on my website if you creeped around a bit. We’re a tiny startup ISP in NW VT. Running an ISP in the sticks is complicated and not very lucrative!

• We mentioned, but didn’t say much about, the need for Post-Quantum Cryptography. All the GPUs in the world aren’t even close to the compute power of what quantum will (someday) provide.

• After class yesterday, Morgan and I dug into the terms Cybersecurity and Information Security because he had a bank question his interpretation of the terms. I dug around for a while last night, and it’s hard to know how to handle a problem like this given the realities of an exam. Here’s what one AI had to say, which I think is pretty fair. But who’s going to argue with the bank about it?

Tuesday June 2

• Here are a few details about the Marquis data breach that’s been mentioned a few times in class. Here are some more, and here are even more. For a quick exercise, have a look, discuss with your table, and see if you can find a place on the Cyber Kill Chain that might have relevance in the analysis of the attack. Each table should be ready to (very briefly) discuss their idea.

• While they weren’t exactly destroyed, AWS data centers in Bahrain were struck in the early phases of the current US-Iran war.

• I guess it’s a good thing that the AWS architecture is so insanely fault-tolerant. It’s a bit complicated, but I’d say almost anyone can understand it if they have the right teacher.

• Crowdstrike has a good primer on the basics of Zero Trust Architectures. If you’re feeling super-human and you want more detail from a federal perspectective, please be my guest.

• Perhaps you’re intrigued by the Cisco zero-day topic we touched on yesterday. I guess the good news is that this little problem apparently only affects the Cisco OS version called IOS XE.

• The FIDO alliance has improved their site, which now does a decent job of explaining how passkeys work.

• I mentioned the movie Zero Days, about the (alleged) Israel/US attempt to cripple Iran’s nuclear weapons program using malware using the Stuxnet virus. It’s a great flick!

• When we talked about Environmental controls, I blanked on historic name for them. They’re called SCADA systems, and while they still exist, they have changed and been “consumerized” a lot in the last couple of decades.

• Garrett and I talked a bit about Pegasus which will drive you crazy if you think too much about it. Who has to worry about this kind of stuff? There are many resouces on the internet about how to detect and combat programs like this.

• Back to passwords for a moment - Hive Systems publishes a nice matrix of how long it would take current computing technology to crack passwords of different length and complexity. Now you see why we’re excited about Q-day.

• I didn’t even realize how old the Mat Honan story was, it’s from 2012! Here’s another telling of his story with perhaps a slightly more even tone. It’s important to note that the procedures used in this hack have changed considerably in the last 15 years, but holes in this cheese still line up sometimes…

Wednesday June 3

• Dinner tonight is here. It’s around the corner. I’ve been many times, it’s great. The hot pot is good, it’s what I always get, but their other dishes seem great too. BTW, if we meet downstairs at 6 and someone wants to take the wheel and say “let’s do something else” we can do that instead. Up to y’all.

• I tried to do quantum computing some justice, but it’s hard. Here are some people who have done a better job than I can! I really like this Luka’s Lab visual explanation of the roots of the technology. I’m also a big fan of 3Blue1Brown’s way of looking at many tech topics. These are both good pop science communicators, but they also get pretty deep, pretty fast.

• If you want your quantum with a bit more personality, you can listen to Michio Kaku paint you a picture. (I’ve constrained his answer to just the ideas about cracking crypto, but he discussed other applications in the video.)

• Maybe all the gee whiz will be quite hard to harness even when we get it!

• Stephanie asked about Magic Links. They’re great and make life easier for users, but depend on the stability and security of the associated email account. Good for lower-risk applications, but perhaps not things needing the highest levels of security.

• Ubiquti is the company that makes the system I demoed for you today with firewall, cameras, and other cool things in one integrated unit. They are not a household name yet, but they will be, I’m sure.

• There are many, many online treatments of cryptography topics. Here are a few decent ones:

  • Symmetric vs Asymmetric Encryption
  • Public Key Infrastructure
  • Here’s a clear and simple discussion of some aspects of Public Key Cryptography from Cloudflare. In fact, if you mouse around a bit on that page, you’ll find many good explainers for various aspects of cybersecurity.

Some of the contents of my “daily” folder

• CyberScoop - general-purpose cyber news
• The Register - cheeky British security writing
• Krebs on Security - Brian Krebs’ in-depth reporting on security issues
• Schneier on Security - Bruce Schneier is a legend in security. His site goes deep. He likes squids.
• Data Breach Today - what bad things happened yesterday
• Bleeping Computer - consumer (client) focus on computer problems

Thursday June 4

• The beautiful video I showed about Spectrum MNE is here

• The awesomely-named Whitfield Diffie is one of the people most responsible for the tech behind PKI.

• Here’s the SonicWall site that allows you to browse their solutions and fool around with their device interfaces.

• Back to Quantum for a moment: Jeff was kind enough to share this excellent article from the WSJ.

• SSLlabs is the crew that have the awsome web server configuration testing tool.

• Here’s the nmap tool I demoed a bit in class. It lets you examine what ports are open on any device on the internet. It’s a very old-skool program but simple and easy to use for quick answers.

• Ashley shared the rather amazing CISA Learning site, which has tons of great tech and security training. I don’t know how you gov’t folks get in, but even as a plain old taxpayer, I was able to use my login.gov credentials to access lots of great stuff.

Friday June 5

• We briefly spoke about the book 1929 by Andrew Ross Sorkin. A great true story about (among other things) why financial regulation is so important.