October is National Cybersecurity Awareness Month! This year’s theme is Mind Games & Machines – Social Engineering Defense & AI Safety Strategies. The month was originally created through a collaboration with the National Cyber Security Alliance and the Department of Homeland Security. Feel free to check out the events and resources listed below.
Events
UCI Security Booth on Ring Road (Wednesday, 10/8, 12pm-2pm)
Come visit us on Ring Road to learn more about National Cybersecurity Awareness Month! Stop by to spin the wheel for the chance at a prize, play a fun “phishing” game, and to learn more about the events planned for later this month. Make sure to also pick up a bookmark and some candy while you visit.
ISC2 Representative and COO of Quantum eMotion America: John Young – Q-Day, the Inevitable Quantum Storm (Tuesday, 10/14 @ 2:00pm)
Description: What is Q-Day, and why is the government preparing for it now? The day that quantum computers can crack current digital encryption, and plainly read our most valuable secrets, has been tagged as Q-Day. Every government, business, and individual on Earth can be negatively affected, and the question is, even if there are post-quantum solutions available, is there time to put them in place?
Biography: Ever see the movie “Catch Me If You Can”? As a teenager, for 3 years John Young and a friend successfully hacked the AT&T network, until the FBI scared him straight into a 40 year cybersecurity career.
The former network director of McDonnell Douglas’s $41 billion C-17 program, John later retired after decades at IBM, and then became one of only 11 cybersecurity experts worldwide to earn all nine ISC2 certifications.
Named to the board of directors at Quantum eMotion, John recently became COO for its new US subsidiary based in Irvine, Quantum eMotion America.
It’s mission; to use our cutting edge technology to save lives, protect data, and prepare industries for the onslaught of the dreaded, but inevitable, Q-Day…the day when every digital lock on Earth can be broken by quantum computers.
Data Disposal Day (Wednesday, Oct. 22nd @ Lot 12A, 8am-12pm)
1Password Global Advisory CISO: Dave Lewis – Humans, Hackers, and Hallucinations: AI, Social Engineering, and the Future of Cybersecurity (Tuesday, Oct. 28th @ 1:00pm)
Abstract: Artificial intelligence has quickly shifted from a promising tool to a disruptive toddler running with scissors. While AI enables defenders to detect threats faster and automate response, it also gives attackers new ways to deceive, manipulate, and exploit. From deepfake audio convincing an employee to transfer millions, to AI-written phishing campaigns that bypass filters, the game has changed.
This session will explore the intersection of AI and social engineering, revealing how threat actors leverage machine learning to craft convincing attacks and where defenders can push back. We’ll also examine the emerging cybersecurity trends to watch in the coming year, from the rise of synthetic identities to AI-driven security operations. Most importantly, we’ll ground the discussion in practical advice: how individuals and organizations can stay vigilant, adapt defenses, and avoid becoming the next case study.
By the end of the talk, participants will walk away with a deeper understanding of the risks and opportunities AI presents, as well as actionable strategies to build resilience in an age where the line between human and machine manipulation is increasingly blurred.
Biography: Dave has 30+ years of industry experience. He has extensive experience in IT security operations and management. Dave is the Global Advisory CISO for 1Password.
He is the founder of the security site Liquidmatrix Security Digest & podcast. Dave also hosts the Chasing Entropy Podcast. He was a member of the board of directors for BSides Las Vegas for 8 years. He currently serves on the advisory boards of Byos.io and Knostic.ai. Dave has previously worked in critical infrastructure for 9 years as well as for companies such as Duo Security, Akamai, Cisco, AMD and IBM. Previously he served on the board of directors for (ISC)2 as well as being a founder of the BSides Toronto conference.
For fun he is a curator of small mammals (his kids) plays bass guitar, grills, is part owner of a whisky distillery and a soccer team.
Demo – Authentic or Artificial? (Thursday, October 30 @ 2:00 PM)
Presented by UCI’s cybersecurity club, Cyber@UCI
Cyber@UCI offers a variety of competitive teams for members looking to dive deep into different subfields of cybersecurity. These include blue teaming, red teaming, penetration testing, SecDevOps, IT, forensics, reverse engineering, application security, and more. Their mission is to provide a platform for students to learn and engage with cybersecurity, regardless of their prior experience.
The club actively collaborates with the security division, OIT teams, and various academic units, demonstrating their commitment to fostering a deeper understanding of cybersecurity within the student community. Notable projects include AI penetration testing, presentations at UC Tech, and organizing past Cybersecurity Awareness Month events.
A major highlight from this past year was the club’s impressive 1st place finish at the National Collegiate Cyber Defense Competition. In this challenging competition, top teams from nearly 200 colleges and universities across the US faced off in a mock corporate environment. The club’s talented and resilient team exceeded expectations, defeating top contenders like Dakota State University and the University of Virginia—three-time national champions—on their way to victory. Way to go, team!
Interested in learning more about cybersecurity or joining the club? You can follow them on social media via cyberuci.com, or drop by The HackerLab in the Interdisciplinary Science and Engineering Building (ISEB) to see what they’re all about.
Want to know how AI deepfakes are being weaponized for scams and phishing — and what we can do about it? The club breaks it down. Be sure to tune into their upcoming demo on Thursday, October 30th at 2:00 PM!
Cybersecurity Starbucks Drink (10/1 – 10/31)
The featured UCI Cybersecurity Awareness Month Starbucks drink, the “Java Chip Securi-ccino”, will be available at all three Starbucks locations on Campus during the month of October.
Security Quiz Raffle (10/1 – 10/31)
Complete the security quiz and be entered into a drawing for one of three $25 Amazon gift cards! Winners will be picked at random at the end of the October and contacted through email. Participants must input a UCI email address and can only enter in once. You do not have to get all the questions right in order to participate in the drawing and you must be UCI-affiliated to win. You must do the quiz in order to be entered into the raffle.
UC Systemwide Calendar of Events
Check out the UCOP calendar for UC systemwide events you can attend as well!
Security Topics
Verify that emails are coming from a trusted source. Individuals posing as the sender may create a sense of urgency in the emails or have the email address be close in spelling.
Social engineering refers to the deceptive ways used to have someone reveal sensitive information they shouldn’t be revealing. Be aware of the different types of tactics used by individuals to gain access to your data. Some of these types include phishing (e-mail), spear phishing (targeting specific individuals/groups), smishing (SMS/text message), vishing (phone calls, voicemail), etc.
Be mindful of the type of information entered into AI chatbots. This information can be stored and increases the chances of data leakage.
Double-check any photos and videos you may suspect to be AI. Assess the image or video in question such as the shapes, shadows, lightings, and detail errors.
Listed below are some security resources available from UCI:
- Visit the IT Security website “How To…” page for guidance on security practices.
- 1Password – password management tool to securely store passwords and personal information.
- Securely shred sensitive electronic and paper data at Data Disposal Day.
- If you are a UCI employee, you can head over to uclc.uci.edu and access the Security Snapshots videos.
- Report potential information security incidents to security@uci.edu.
Zoom Backgrounds
Previous Years
Security Media List
Books
- Spam Nation: The Inside Story of Organized Cybercrime – Brian Krebs
- Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World – Bruce Schneier
- Social Engineering: The Science of Human Hacking – Christopher Hadnagy
- Infosec Rock Star: How to Accelerate Your Career Because Geek Will Only Get You so Far – Ted Demopoulos
- Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker – Kevin Mitnick
- The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data – Kevin Mitnick
- Ready Player One – Ernest Cline
- The Hacker’s Playbook – Peter Kim
- ISC2 CISSP Official Study Guide – Mike Chapple, James Michael Stewart, and Darril Gibson
- CEH Certified Ethical Hacker All-in-One Exam Guide – Matt Walker
- Black Hat Python: Python Programming for Hackers and Pentesters – Justin Seitz and Tim Arnold
- IT Security Metrics – Lance Hayden
- Offensive Countermeasures: The Art of Active Defense – John Strand, Paul Asadoorian, Ethan Robish, and Benjamin Donnelly
- CISA – Certified Information Systems Auditor Study Guide – Hemang Doshi
- CISM Certified Information Security Manager Study Guide (Sybex Study Guide) – Mike Chapple
- CISM Certified Information Security Manager All-in-One Exam Guide, Second Edition – Peter H. Gregory
Movies/Shows
- The Matrix (Rated R, viewer discretion is advised)
- The Matrix Reloaded (Rated R, viewer discretion is advised)
- Blackhat (Rated R, viewer discretion is advised)
- Snowden (Rated R, viewer discretion is advised)
- Mr. Robot (Rated TV-Mature Audiences, viewer discretion is advised)
- Swordfish (Rated R, viewer discretion is advised)
- WarGames (Rated PG)
- Hackers (Rated PG-13)
- Sneakers (Rated PG-13)
- Ghost in the Shell (Rated TV-Mature Audiences, viewer discretion is advised)
- The Net (Rated PG-13)
- Mission: Impossible – Dead Reckoning Part One (Rated PG-13)
- Leave the World Behind (Rated R)
- Zero Day (Rated TV-Mature Audiences, viewer discretion is advised)
Podcasts
Gamified Cybersecurity
Other Resources
- CISA: National Cyber Security Awareness Month
- DHS: Department of Homeland Security Be Cyber Smart
- NIST: National Institute of Standards and Technology (Cybersecurity)
- NIST Education: Free and Low Cost Online Cybersecurity Learning Content
- SANS: SysAdmin, Audit, Networking, and Security
- SANS: Artificial Intelligence – What to Tell Your Workforce
- AI Password Cracker Checker
- IBM: What is Social Engineering?
- Krebs on Security
- FTC Recognizing and Avoiding Phishing Scams
- Secure Our World Cybersecurity Puzzles