© Mapbox, © OpenStreetMap


Michael Galde

Michael Galde

University of Arizona, Assistant Professor

Tucson, Arizona, United States

Michael Galde seamlessly weaves together the worlds of academia, industrial application, intelligence operations, and contemporary research. With a career rich in vulnerability assessments, reverse engineering, tool development, and technical forensic analysis, Michael stands as a dedicated Cyber Operations and Cybersecurity Engineer.

Presently serving as an assistant professor of practice in the cyber operations program at the College of Applied Science and Technology (CAST) at the University of Arizona, Michael has been instrumental in shaping the curriculum. Michael has pushed the development and introduction of courses like Introduction to Industrial Controls Systems Security, Networking Security, and Malware & Reverse Engineering. These courses are designed with foresight, addressing the evolving challenges in the cybersecurity arena and preparing students to navigate them effectively.

Before joining the University of Arizona in 2020, Michael showcased his skills as a cybersecurity engineer at the Nebraska Applied Research Institute (NARI). His earlier endeavors also saw him as an intelligence analyst with the Defense Intelligence Agency (DIA), innovating digital tools and strategies for the agency's critical mission. Currently, Michael's research spotlight shines on the Industrial Asymmetric Environment Surveillance (IAES) project, a reflection of his commitment to the field of passive network monitoring and the protection of crucial infrastructure.

With academic foundations in a Master's in Cybersecurity and a Bachelor's in Political Science from the University of Nebraska, Michael holds notable credentials including the Global Industrial Cyber Security Professional (GICSP) and GIAC Response and Industrial Defense (GRID).

Area of Expertise

  • Information & Communications Technology


  • cyber security
  • Cybersecurity Threats and Trends
  • cyber forensics
  • cyber attacks
  • cybersecurity awareness
  • Cyberthreats
  • Industrial Security
  • malware analysis

IAES: Guarding the University of Arizona's Heartbeat – The Watchful Eye on Critical Infrastructure

Dive into the cutting-edge world of passive network monitoring with the Industrial Asymmetric Environment Surveillance (IAES) research project, a beacon at The University of Arizona in the vast sea of digital threats. As the digital age advances, the demand for vigilant systems grows, systems that detect even the faintest hints of compromise, misconfiguration, or misuse in vital network infrastructures. Our initial focus is the power generation environment. Discover how IAES expertly navigates through network control data across a myriad of hardware and software landscapes. Uncover the strategies IAES employs to safeguard the University of Arizona's core services, ensuring that the rhythm of daily operations remains undisturbed. Join us as we delve into the intricacies of identifying, mitigating, and staying a step ahead in the dynamic world of digital security.

Who's Watching Who - Hacking IP Cameras

The Internet of Things (IoT) can be referred to as, “A system of interrelated, internet-connected objects that are able to collect and transfer data over a wireless network without human intervention” (Aeris, 2021). IoT devices can be broadly categorized into five categories: Consumer, Commercial, Industrial, Infrastructure, and Military (Maayan, 2020). Billions of devices are installed across these categories globally. It is estimated that there will be more than 75 billion connected devices by 2025 (Maayan, 2020). This represents a 10x increase since 2018. IoT devices generate an estimated 500 zettabytes of data annually and is expected to grow exponentially (Liton, 2018). These devices have been plagued with security issues since inception due to weak, guessable or hardcoded passwords, unsecure network services, insecure ecosystem interfaces, unsecure and outdated components, and a variety of other security problems (Stahie, 2020). These factors present a unique opportunity for a workshop to present these concepts and teach participants how to identify vulnerabilities and how they would be used in an attack against unsecure devices. This workshop is tailored to beginner to intermediate participants.

Below is our proposed outline for our workshop factoring in 10 minute breaks each hour. Content and exercises will be packaged for distribution to all CactusCon participants.

Workshop Outline: 4 hour (50 minutes with 10 minute breaks)

Hour 1 – The first hour of the workshop will focus on concepts, terminology, and foundation setting for advanced concepts and hands on in later sections.
- Pentesting concepts and overview - Students will review the basics for pentesting and how a pentest would be conducted at a high level.
- Security Architecture Discussion - Students will then learn about security architectures and how to implement within small businesses and enterprise networks. This is to demonstrate the defensive aspects of cybersecurity and its interaction with offensive operations. It will also provide the specific architecture of our “lab environment” that students will interact with.
- IoT Devices Overview – Students will learn about IoT devices across the various categories of devices, the common protocols these devices use for networking, and specific protocols and nuances to these devices.
Hour 2 – Focus on this session will be on how to identify information and vulnerabilities associated with IoT devices. Students will be introduced to Shodan, Google Searching, and other reconnaissance techniques. From these results students will evaluate vulnerabilities and how they may be used to carry out attacks on the environment or a specific device.
- Reconnaissance – Students will be introduced to reconnaissance tools and techniques associated with pentesting in general and then use tools and resources more specific to IoT devices.
- Vulnerability Identification and Analysis – Students will learn how to analyze IoT vulnerabilities and determine which are viable options to begin the attack phase.
- Attack Methodology – Students will learn what an attack methodology is, the different components, and how to develop the methodology to improve chances of success during an engagement.
Hour 3 – Focus of this section will be developing the tools necessary to carry out the attack on the device. This will include three different options (Logging In / Default Passwords, Phishing, Malware / Script) and focus at a high level considering the time constraints.
- Scripting – Students will receive a basic introduction on scripting and use that to develop an attack that will allow the attacker to control the cameras.
- Conducting the Attack – Students will use the tools, techniques, and script learned during the workshop to impact the target environment.
Hour 4 – The final hour will focus on exfiltration, effects, and actions on objectives. During this time we will discuss what the access has allowed us to do and what the potential impacts are. This will lead to a review and key takeaways.
- Exfiltration / Effects / Actions on Objectives – Students will learn what valuable information could be obtained from this type of attack. Additionally, students will understand the specific information that can be obtained from these devices and how they can possibly be a pivot point into other systems within the environment.
- Review / Key Takeaways / Q&A – The workshop will wrap up with a review of the material covered, key takeaways and answer any student questions.

Aeris (2021). What is IoT? Defining the Internet of Things (IoT). Aeris. https://www.aeris.com/what-is-iot/.
Liton, M. (2018, February 7). How Much Data Comes From The IoT? Sumo Logic. https://www.sumologic.com/blog/iot-data-volume/#:~:text=IoT%20data%20is%20measured%20in,to%20grow%20exponentially%2C%20not%20linearly.
Maayan, G. (2020, January 13). The IoT Rundown For 2020: Stats, Risks, and Solutions. Security Today. https://securitytoday.com/articles/2020/01/13/the-iot-rundown-for-2020.aspx.
Stahie, S. (2020, October 19). Lack of Security in IoT Devices Explained. What Can We Do About It. Security Boulevard. https://securityboulevard.com/2020/10/lack-of-security-in-iot-devices-explained-what-can-we-do-about-it/#:~:text=Weak%2C%20guessable%20or%20hardcoded%20passwords,services%20are%20another%20big%20issue.

Michael Galde

University of Arizona, Assistant Professor

Tucson, Arizona, United States

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top