This document provides an overview of the CISSP Mentor Program session #1. It introduces Evan Francen and Brad Nigh, who lead the program. It discusses the severe talent shortage problem in cybersecurity, noting projections of millions of unfilled jobs by 2021 and factors contributing to this problem. It also outlines the agenda, schedule, and structure for the mentor program classes, which will cover CISSP domains and preparation for the exam.
2019 FRSecure CISSP Mentor Program: Class OneFRSecure
The document summarizes the first session of a CISSP mentor program. It introduces the instructors and provides an agenda for the session. It discusses the history of the mentor program and the severe talent shortage facing the cybersecurity industry. It notes that while some claim the shortage is overhyped, most estimates indicate there will be millions of unfilled cybersecurity jobs in coming years. The document explores reasons for the shortage, including barriers to entry, lack of educational opportunities, and challenges with acquisition, retention and the male-dominated culture of the industry.
This document summarizes the second session of a CISSP mentor program held on April 10, 2019. The session covered several topics related to CISSP Domain 1 including security concepts like confidentiality, integrity, and availability. It defined key terms like risk, annualized loss expectancy, and return on investment. It also discussed identity and access management concepts such as identity, authentication, authorization, and accountability. The session aimed to help students understand and memorize these foundational information security principles.
2020 FRSecure CISSP Mentor Program - Class 2FRSecure
This document summarizes the key points from session two of a CISSP mentor program. It covers cornerstone information security concepts such as the CIA triad, identity and authentication using the three factors of something you know, something you have, something you are. It also discusses legal systems, risk analysis, types of attackers, and introduces some terms and definitions that are important to memorize for the CISSP exam. The session aims to get participants ready for the journey towards CISSP certification.
This document summarizes key topics from a CISSP mentor program session on Domain 1: Security and Risk Management. It outlines the agenda, which includes cornerstone security concepts, legal and regulatory issues, security and third parties, ethics, governance, access control, risk analysis, and types of attackers. It then defines important terms like CIA triad, identity, risk, annualized loss expectancy, and others. Finally, it discusses foundational security concepts such as the definition of information security, privacy, identity and authentication, authorization, accountability, subjects and objects, due care, and due diligence.
2020 FRsecure CISSP Mentor Program - Class 1FRSecure
The document summarizes a CISSP mentor program session. It introduces the instructors and their backgrounds. It discusses the severe talent shortage problem in cybersecurity, with estimates of over 1 million unfilled jobs in the US currently. It notes that while some claim the shortage is overhyped, most experts agree there is a real shortage. The document aims to help address this problem through the free CISSP mentor program.
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
The document summarizes a CISSP mentor program session that included:
- An instructor-led class discussing questions from chapters 1-7 and covering 115 slides.
- A quiz with 6 multiple choice questions about penetration testing procedures and types of security tests.
- A lecture on incident response methodology, operational preventative and detective controls like IDS/IPS, continuous monitoring, DLP, and honeypots. Asset management and configuration management were also discussed.
2019 FRSecure CISSP Mentor Program: Class NineFRSecure
This document summarizes a CISSP mentor program session from May 13, 2019. It discusses assessing access control and software testing methods. The session covers penetration testing methodology and tools, vulnerability testing, and security assessments. Penetration testing involves planning, reconnaissance, scanning, vulnerability assessment, exploitation, and reporting. Vulnerability scanning checks for issues like missing patches and configuration errors. Security assessments take a holistic approach to evaluating multiple controls across domains.
This document summarizes key points from a CISSP mentor program session on asset security and data classification. It discusses defining assets, classifying data into labels like confidential and internal use, and establishing roles for data owners, custodians and users. The summary also provides an example policy for classifying data into three categories and outlining minimum protection requirements for confidential data.
2019 FRSecure CISSP Mentor Program: Class OneFRSecure
The document summarizes the first session of a CISSP mentor program. It introduces the instructors and provides an agenda for the session. It discusses the history of the mentor program and the severe talent shortage facing the cybersecurity industry. It notes that while some claim the shortage is overhyped, most estimates indicate there will be millions of unfilled cybersecurity jobs in coming years. The document explores reasons for the shortage, including barriers to entry, lack of educational opportunities, and challenges with acquisition, retention and the male-dominated culture of the industry.
This document summarizes the second session of a CISSP mentor program held on April 10, 2019. The session covered several topics related to CISSP Domain 1 including security concepts like confidentiality, integrity, and availability. It defined key terms like risk, annualized loss expectancy, and return on investment. It also discussed identity and access management concepts such as identity, authentication, authorization, and accountability. The session aimed to help students understand and memorize these foundational information security principles.
2020 FRSecure CISSP Mentor Program - Class 2FRSecure
This document summarizes the key points from session two of a CISSP mentor program. It covers cornerstone information security concepts such as the CIA triad, identity and authentication using the three factors of something you know, something you have, something you are. It also discusses legal systems, risk analysis, types of attackers, and introduces some terms and definitions that are important to memorize for the CISSP exam. The session aims to get participants ready for the journey towards CISSP certification.
This document summarizes key topics from a CISSP mentor program session on Domain 1: Security and Risk Management. It outlines the agenda, which includes cornerstone security concepts, legal and regulatory issues, security and third parties, ethics, governance, access control, risk analysis, and types of attackers. It then defines important terms like CIA triad, identity, risk, annualized loss expectancy, and others. Finally, it discusses foundational security concepts such as the definition of information security, privacy, identity and authentication, authorization, accountability, subjects and objects, due care, and due diligence.
2020 FRsecure CISSP Mentor Program - Class 1FRSecure
The document summarizes a CISSP mentor program session. It introduces the instructors and their backgrounds. It discusses the severe talent shortage problem in cybersecurity, with estimates of over 1 million unfilled jobs in the US currently. It notes that while some claim the shortage is overhyped, most experts agree there is a real shortage. The document aims to help address this problem through the free CISSP mentor program.
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
The document summarizes a CISSP mentor program session that included:
- An instructor-led class discussing questions from chapters 1-7 and covering 115 slides.
- A quiz with 6 multiple choice questions about penetration testing procedures and types of security tests.
- A lecture on incident response methodology, operational preventative and detective controls like IDS/IPS, continuous monitoring, DLP, and honeypots. Asset management and configuration management were also discussed.
2019 FRSecure CISSP Mentor Program: Class NineFRSecure
This document summarizes a CISSP mentor program session from May 13, 2019. It discusses assessing access control and software testing methods. The session covers penetration testing methodology and tools, vulnerability testing, and security assessments. Penetration testing involves planning, reconnaissance, scanning, vulnerability assessment, exploitation, and reporting. Vulnerability scanning checks for issues like missing patches and configuration errors. Security assessments take a holistic approach to evaluating multiple controls across domains.
This document summarizes key points from a CISSP mentor program session on asset security and data classification. It discusses defining assets, classifying data into labels like confidential and internal use, and establishing roles for data owners, custodians and users. The summary also provides an example policy for classifying data into three categories and outlining minimum protection requirements for confidential data.
2019 FRSecure CISSP Mentor Program: Class Three FRSecure
This document summarizes session 3 of a 2019 CISSP mentor program. It discusses risk analysis, including qualitative and quantitative approaches. Key terms like asset value, exposure factor, single loss expectancy, and annualized loss expectancy are defined. Examples of risk analysis calculations are provided. The session also covered risk management processes, risk choice options, and included a quiz to test understanding.
Welcome to the CISSP Mentor Program! What is the CISSP Mentor Program • History: 1st class was 2010; 6 students • Today’s class; 80 students. Why do we do it • Success Stories • Heck, it’s free! If you aren’t satisfied, we’ll refund everything you paid us. We need MORE good information security people!
2019 FRSecure CISSP Mentor Program: Class EightFRSecure
This document summarizes an 8th session of a 2019 CISSP Mentor Program. It includes an agenda for the Identity and Access Management domain, covering authentication methods, access control technologies, and models. A quiz is given on firewalls, WAN protocols, wireless security, and Bluetooth restrictions. Lectures then cover the three basic authentication methods (something you know, have, are), and passwords in further detail such as hashing, cracking, and dictionary attacks.
2018 FRSecure CISSP Mentor Program Session 8FRSecure
This document summarizes key points from session #8 of a CISSP mentor program. It includes a quiz with multiple choice questions on firewalls, WAN protocols, wireless security protocols, and Bluetooth security. The session also covered access control models and authentication methods, focusing on passwords as a type 1 authentication method involving something you know. Password hashing, dictionary attacks, and brute force attacks were discussed as methods for cracking passwords.
2020 FRSecure CISSP Mentor Program - Class 10FRSecure
This document summarizes a CISSP mentor program session covering various topics:
1. The session reviewed chapters 1-3 of the curriculum and asked participants how many had read them and if they had any questions.
2. The presentation covered security models, incident response methodology, operational preventive and detective controls like IDS, honeypots, and asset/configuration management.
3. A quiz was given covering topics like appropriate responses during a penetration test and types of security tests. The session concluded with a discussion of vulnerability management and asset management principles.
2020 FRSecure CISSP Mentor Program - Class 4FRSecure
This document summarizes a CISSP mentor program session on April 22, 2020. It discusses housekeeping for the online chat, reviews material covered in previous chapters, and begins covering the topic of security engineering from the CISSP common body of knowledge. Specific technical concepts summarized include computer bus architecture, the central processing unit components, and pipelining. The session includes a short quiz on memory types.
2019 FRSecure CISSP Mentor Program: Class ElevenFRSecure
The document summarizes the notes from session 11 of a 2019 CISSP mentor program. It includes quizzes on topics like incident response backups, disaster recovery planning goals, and backup types. It also covers lectures on executive succession planning, disaster recovery plan approval, backups and availability options, software escrow, disaster recovery plan testing, and different types of disaster recovery plan tests.
This document summarizes a CISSP mentor program session on security assessment and testing. It includes a 10 question quiz on topics like regression testing, fuzzing, static vs dynamic testing, and types of penetration testing. It also discusses a scenario about hiring a security firm to conduct a security assessment and penetration test of a bank's new web application. Key points covered include using a "flag" file instead of real data in a penetration test, the benefits of partial knowledge vs zero knowledge tests, and the proper response if an active compromise is discovered during a test.
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
Organizations get penetration tests year after year, yet companies still get breached because they’re STILL missing the basics.Traditional penetration tests are failing to prepare organizations for the threats they actually face. They’ve become a commodity of compliance and box-checking. Remediation steps rarely include management objectives. General lack of excitement for Blue Team functions. Red team is sexy, but just a tool. Do you even have a JBOSS server? (Then why are you seeing alerts for it?)
FRSecure 2018 CISSP Mentor Program Session 10FRSecure
This document summarizes key points from a CISSP mentor program session. It discusses responding to signs of compromise during a penetration test, types of tests that can be done without source code access, and the most efficient penetration test approach. It also covers incident response methodology steps, operational preventative and detective controls like IDS/IPS and SIEM, asset management techniques like configuration hardening and vulnerability management.
2020 FRSecure CISSP Mentor Program - Class 5FRSecure
The document summarizes key points from a CISSP mentor program session on April 29, 2020. It provides instructions for participating in an online study group and feedback forum. It also previews the agenda for covering symmetric encryption, cryptographic concepts and attacks as part of the security engineering domain. Sample questions are asked to check understanding of topics like cryptographic models, cloud service levels and nonrepudiation.
2020 FRSecure CISSP Mentor Program - Class 3 FRSecure
This document summarizes the third session of a 2020 CISSP Mentor Program. It provides housekeeping reminders for the online chat, checks in with participants, and reviews content from the previous sessions. The session then discusses risk analysis in more depth, including qualitative vs. quantitative analysis, risk choices, and risk management processes. The document concludes with a quiz to test participants' knowledge.
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
2017年12月10日 - Birds of a Feather ( 簡稱BoF ),語意上是指鳥類會與相同類型的鳥群一起飛翔,之後衍伸為讓志同道合的人們聚集在一起或舉辦非正式聚會。
https://hitcon-girls.blogspot.tw/2017/12/Birds-of-a-Feather.html
This document summarizes a CISSP mentor program session that covered network architecture and design concepts such as defense-in-depth, network segmentation, and the NSA methodology for adversary obstruction. It included quizzes and discussions of fundamental network topics like the OSI model, circuit switching vs. packet switching, LANs/WANs/MANs, and analog vs. digital communications. The session aimed to help students understand secure network principles in domain 4 of the CISSP exam.
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...HITCON GIRLS
This document discusses principles of threat attribution through analyzing artifacts left behind by threat actors. It explains that attribution is difficult as there are usually multiple possible explanations but outlines approaches like examining metadata, anomalies, targeting patterns, and mistakes over time. Specific case studies are presented on a hacking back of a command and control server, using stolen certificates to attribute Lazarus, and clues in timestamps and encoding errors that point to Lazarus having Korean origins.
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...2-sec
Tim Holman, CEO of 2-sec, presents his average day including work on data breaches, penetration testing and security audits. He also discusses the skills gap in the information security industry and how ISSA-UK is attempting to coordinate training across the industry to improve the problem.
Cyber Security for the Employee - AFP Annual Conference 2016Brad Deflin
This document outlines a proposed employee-based cyber security training and education program. It begins by establishing the need for such a program, noting that cyber risk is increasing and now poses an existential threat. It argues that the human element remains the weakest link for enterprises. The goals of the program are to instill long-term cultural and behavioral changes across the enterprise to better manage cyber risk. The program aims to inform employees about cyber threats, educate them on security frameworks, and empower them with skills for life-long cyber security. It would involve interactive workshops, online awareness training, testing, and attack simulations to train and assess employees.
2019 FRSecure CISSP Mentor Program: Class Three FRSecure
This document summarizes session 3 of a 2019 CISSP mentor program. It discusses risk analysis, including qualitative and quantitative approaches. Key terms like asset value, exposure factor, single loss expectancy, and annualized loss expectancy are defined. Examples of risk analysis calculations are provided. The session also covered risk management processes, risk choice options, and included a quiz to test understanding.
Welcome to the CISSP Mentor Program! What is the CISSP Mentor Program • History: 1st class was 2010; 6 students • Today’s class; 80 students. Why do we do it • Success Stories • Heck, it’s free! If you aren’t satisfied, we’ll refund everything you paid us. We need MORE good information security people!
2019 FRSecure CISSP Mentor Program: Class EightFRSecure
This document summarizes an 8th session of a 2019 CISSP Mentor Program. It includes an agenda for the Identity and Access Management domain, covering authentication methods, access control technologies, and models. A quiz is given on firewalls, WAN protocols, wireless security, and Bluetooth restrictions. Lectures then cover the three basic authentication methods (something you know, have, are), and passwords in further detail such as hashing, cracking, and dictionary attacks.
2018 FRSecure CISSP Mentor Program Session 8FRSecure
This document summarizes key points from session #8 of a CISSP mentor program. It includes a quiz with multiple choice questions on firewalls, WAN protocols, wireless security protocols, and Bluetooth security. The session also covered access control models and authentication methods, focusing on passwords as a type 1 authentication method involving something you know. Password hashing, dictionary attacks, and brute force attacks were discussed as methods for cracking passwords.
2020 FRSecure CISSP Mentor Program - Class 10FRSecure
This document summarizes a CISSP mentor program session covering various topics:
1. The session reviewed chapters 1-3 of the curriculum and asked participants how many had read them and if they had any questions.
2. The presentation covered security models, incident response methodology, operational preventive and detective controls like IDS, honeypots, and asset/configuration management.
3. A quiz was given covering topics like appropriate responses during a penetration test and types of security tests. The session concluded with a discussion of vulnerability management and asset management principles.
2020 FRSecure CISSP Mentor Program - Class 4FRSecure
This document summarizes a CISSP mentor program session on April 22, 2020. It discusses housekeeping for the online chat, reviews material covered in previous chapters, and begins covering the topic of security engineering from the CISSP common body of knowledge. Specific technical concepts summarized include computer bus architecture, the central processing unit components, and pipelining. The session includes a short quiz on memory types.
2019 FRSecure CISSP Mentor Program: Class ElevenFRSecure
The document summarizes the notes from session 11 of a 2019 CISSP mentor program. It includes quizzes on topics like incident response backups, disaster recovery planning goals, and backup types. It also covers lectures on executive succession planning, disaster recovery plan approval, backups and availability options, software escrow, disaster recovery plan testing, and different types of disaster recovery plan tests.
This document summarizes a CISSP mentor program session on security assessment and testing. It includes a 10 question quiz on topics like regression testing, fuzzing, static vs dynamic testing, and types of penetration testing. It also discusses a scenario about hiring a security firm to conduct a security assessment and penetration test of a bank's new web application. Key points covered include using a "flag" file instead of real data in a penetration test, the benefits of partial knowledge vs zero knowledge tests, and the proper response if an active compromise is discovered during a test.
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
Organizations get penetration tests year after year, yet companies still get breached because they’re STILL missing the basics.Traditional penetration tests are failing to prepare organizations for the threats they actually face. They’ve become a commodity of compliance and box-checking. Remediation steps rarely include management objectives. General lack of excitement for Blue Team functions. Red team is sexy, but just a tool. Do you even have a JBOSS server? (Then why are you seeing alerts for it?)
FRSecure 2018 CISSP Mentor Program Session 10FRSecure
This document summarizes key points from a CISSP mentor program session. It discusses responding to signs of compromise during a penetration test, types of tests that can be done without source code access, and the most efficient penetration test approach. It also covers incident response methodology steps, operational preventative and detective controls like IDS/IPS and SIEM, asset management techniques like configuration hardening and vulnerability management.
2020 FRSecure CISSP Mentor Program - Class 5FRSecure
The document summarizes key points from a CISSP mentor program session on April 29, 2020. It provides instructions for participating in an online study group and feedback forum. It also previews the agenda for covering symmetric encryption, cryptographic concepts and attacks as part of the security engineering domain. Sample questions are asked to check understanding of topics like cryptographic models, cloud service levels and nonrepudiation.
2020 FRSecure CISSP Mentor Program - Class 3 FRSecure
This document summarizes the third session of a 2020 CISSP Mentor Program. It provides housekeeping reminders for the online chat, checks in with participants, and reviews content from the previous sessions. The session then discusses risk analysis in more depth, including qualitative vs. quantitative analysis, risk choices, and risk management processes. The document concludes with a quiz to test participants' knowledge.
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
2017年12月10日 - Birds of a Feather ( 簡稱BoF ),語意上是指鳥類會與相同類型的鳥群一起飛翔,之後衍伸為讓志同道合的人們聚集在一起或舉辦非正式聚會。
https://hitcon-girls.blogspot.tw/2017/12/Birds-of-a-Feather.html
This document summarizes a CISSP mentor program session that covered network architecture and design concepts such as defense-in-depth, network segmentation, and the NSA methodology for adversary obstruction. It included quizzes and discussions of fundamental network topics like the OSI model, circuit switching vs. packet switching, LANs/WANs/MANs, and analog vs. digital communications. The session aimed to help students understand secure network principles in domain 4 of the CISSP exam.
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...HITCON GIRLS
This document discusses principles of threat attribution through analyzing artifacts left behind by threat actors. It explains that attribution is difficult as there are usually multiple possible explanations but outlines approaches like examining metadata, anomalies, targeting patterns, and mistakes over time. Specific case studies are presented on a hacking back of a command and control server, using stolen certificates to attribute Lazarus, and clues in timestamps and encoding errors that point to Lazarus having Korean origins.
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...2-sec
Tim Holman, CEO of 2-sec, presents his average day including work on data breaches, penetration testing and security audits. He also discusses the skills gap in the information security industry and how ISSA-UK is attempting to coordinate training across the industry to improve the problem.
Cyber Security for the Employee - AFP Annual Conference 2016Brad Deflin
This document outlines a proposed employee-based cyber security training and education program. It begins by establishing the need for such a program, noting that cyber risk is increasing and now poses an existential threat. It argues that the human element remains the weakest link for enterprises. The goals of the program are to instill long-term cultural and behavioral changes across the enterprise to better manage cyber risk. The program aims to inform employees about cyber threats, educate them on security frameworks, and empower them with skills for life-long cyber security. It would involve interactive workshops, online awareness training, testing, and attack simulations to train and assess employees.
Ed Adams discusses addressing the cybersecurity skills shortage and diversity imbalance. He outlines that there will be 3.5 million unfilled cybersecurity jobs by 2021 according to a Cybersecurity Ventures report. However, PCI standards have been influential in improving security and could help address these issues. If more groups like minorities and women are trained through PCI certification programs, it could help fill many open jobs. Diversity in the workplace also provides cultural and business benefits, with research showing diverse teams outperform less diverse peers. Speakers provide tips on successful diversity initiatives like mentorship programs, partnering with universities, and ensuring all groups feel included and supported in technical fields.
Slide Deck - CISSP Mentor Program Class Session 1FRSecure
This document summarizes a presentation given as part of a CISSP mentor program. It discusses the history and structure of the mentor program, as well as an introduction to the CISSP certification. Key points include:
- The mentor program started in 2010 with 6 students and has grown significantly. Classes follow a typical structure of recapping content, questions, quizzes, lectures, and homework assignments.
- The CISSP certification is maintained by ISC2 and tests knowledge across 8 security domains. Becoming certified requires passing the exam as well as relevant work experience.
- Presenter Evan Francen has over 20 years of security experience and emphasizes the importance of listening, not assuming expertise, and focusing on security
CyberSecurity has multiple facets. This talk will cover the various aspects. This talk will also highlight the fundamental problems in the space; from the technical, policy and personnel perspectives. A diverse agenda with a singular, focused mission needs to have multiple voices and cultures at the table. Thus, this talk will focus heavily on bias and ways of addressing them in the effort of creating a world class cybersecurity program.
Cyberskills shortage:Where is the cyber workforce of tomorrowStephen Cobb
I created this presentation, "Cyberskills shortage:Where is the cyber workforce of tomorrow" for a webinar to raise awareness of the need to educate more people about cybersecurity. The webinar recording is here: https://www.brighttalk.com/webcast/1718/106371
How to Boost your Cyber Risk Management Program and Capabilities?PECB
The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity.
Main points covered:
• Information Security maturity
• ROPI
• Risk Management
• Incident Response
• Forensic Readiness
• Table Top Exercises
• Training
• Legislation
Presenter:
Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’.
Link the the YouTube video: https://youtu.be/aREo4l-pDgc
Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.
Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.
This document provides information about an upcoming HDI Capital Area event. It includes details about the event such as date, location, speakers, agenda, and registration information. It also lists the chapter officers and provides announcements about upcoming HDI events, training opportunities, and programs. The main presentation will be on a simple approach to security and how to assess security risks and implement basic protections.
Cyber attacks have been hitting the headlines for years; but in spite of the risks, the reputational damage and the rising cost of fines, there is still an endless stream of businesses being exposed for security failings.
The scale of the problem is vast: Accenture’s recent 2016 Global Security Report highlighted “an astounding level of breaches” with the organisations surveyed facing more than 80 targeted attacks every year, of which a third were successful. Much has been made of the evolving threat landscape and increasing sophistication of attacks. But whilst there is evidence to support the growing complexity of the challenge, all too often the analysis of these high-profile attacks determines basic, foundational security principles were ignored.
Some commentators argue that the persistence of failings is a direct reflection of organisational priorities, and that while businesses may talk a good game, security is not yet given the attention that it requires at board level. This leaves CISOs and IT leaders fighting a losing battle to secure adequate attention and investment for an area of the business which does not generate revenue.
This conference will look at raising security standards across the business, exploring some of the most persistent problems from IT infrastructure to staff engagement. Amidst a backdrop of perpetual media hysteria, turbulent markets and looming regulatory change, it can prove difficult to establish a coherent picture of the threat, never mind what action to take. The conference will help contextualise the challenging landscape and discuss how to deliver meaningful improvements and end to end organisational resilience.
Social Engineering Audit & Security AwarenessCBIZ, Inc.
The document provides information about a social engineering audit and security awareness presentation. It includes details about the presenters from CBIZ MHM, an accounting firm, learning objectives around social engineering and security awareness, and descriptions of different types of social engineering like phishing and pretexting. It also discusses what makes security awareness programs successful or fail, and how social engineering could be used internally by an audit department to test security controls.
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
Cyber security is an important and growing field due to increasing threats from cybercriminals. The document discusses why cyber security is needed to protect national security, public health and safety, and economic well-being from issues like hacking of devices like insulin pumps. It notes that many systems and devices are now connected but not sufficiently secured. The document encourages pursuing cyber security as a career path due to the growing number of jobs and need for professionals in the field. It provides tips on how to launch a career in cyber security such as getting educated and certified in important skills.
Computer Usage Policy
Password Policy
Email Usage Policy
Social Media Policy
Remote Access Policy
Data Classification and Handling Policy
Incident Response Policy
Business Continuity and Disaster Recovery Policy
These policies help protect business assets and define expected
employee behavior. They should be reviewed and updated regularly.
This document discusses information security for small businesses. It begins by introducing the author and their background and outlines an agenda covering key topics like the importance of information security, what information security entails, components of an information security architecture, cybercrime statistics, business continuity planning, identifying critical assets, and recommended security practices. The document emphasizes that information security is important for protecting a small business, its information, technology, and reputation from various threats.
The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
What is Information Security and why you should care ...James Mulhern
An interactive introduction to Information Security and Cyber Security for BTEC students studying IT at Swindon College in the UK. The session illustrates the breadth and diversity of the subject and opportunities it can offer. The session illustrates things might not always be as they seem and the impacts can be far more reaching than at first imagined.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma delivered this presentation on April 9, 2019, at the Oklahoma State University 4th Annual Cyber Security Conference in Oklahoma City, Oklahoma.
In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of cybersecurity and data breach cases that have helped him understand the real-world risks companies face and the practical things they can do to prioritize their resources and effectively manage cyber risk. In this presentation, he will share his experience on issues such as:
· Why cybersecurity is an overall business risk issue that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and how to personalities and psychology can impact that team
· The most likely real-world risks that most companies face
· How to prioritize limited resources to effectively manage the most likely real-world risks
· What is reasonable cybersecurity
· How to develop, implement, and mature a cyber risk management program
· Why cyber insurance is a critical component of the cyber risk management process
Similar to 2018 CISSP Mentor Program Session 1 (20)
2019 FRSecure CISSP Mentor Program: Class SevenFRSecure
This document contains notes from a CISSP mentor program session on May 1, 2019. It discusses the agenda for the session, which includes finishing chapter 5 of the book and covering network architecture and design topics like WAN technologies and protocols. A quiz with multiple choice questions is also included to test participants' knowledge.
2019 FRSecure CISSP Mentor Program: Class SixFRSecure
This document summarizes a CISSP mentor program session from April 29, 2019. It discusses completing chapters 1-4 of the curriculum, switching to questions from other sources, and covering network architecture and design topics like network defense in depth, fundamental network concepts of simplex/half-duplex/full-duplex communication, baseband/broadband, analog/digital, LANs/WANs/MANs/GANs/PANs, and circuit-switched vs. packet-switched networks. The session included quizzes and 134 slides to go over these topics.
2019 FRSecure CISSP Mentor Program: Class FourFRSecure
This document summarizes a CISSP mentor program session covering security engineering concepts. It discusses the session agenda which included security models, evaluation methods, secure system design concepts like layering and abstraction, the ring model, and secure hardware architecture like system units, motherboards, CPUs and memory addressing. It also included a quiz to test knowledge of topics covered so far in the first three chapters.
2018 FRSecure CISSP Mentor Program Session 11FRSecure
This document summarizes key points from a CISSP mentor program session on business continuity planning and disaster recovery. It discusses topics like executive succession planning, plan approval, backups, testing plans, training, and frameworks for BCP/DRP like NIST SP 800-34 and ISO/IEC-27031. It also notes common mistakes like lack of testing and keeping plans up to date.
2018 FRSecure CISSP Mentor Program Session 9FRSecure
This document summarizes key points from a CISSP mentor program session on security assessment and testing. It discusses penetration testing, including different types like network, wireless, and physical tests. It also distinguishes between black hat, white hat, and gray hat hackers, noting white hats perform authorized penetration tests to improve security. Social engineering techniques are described that combine with other attacks. War dialing to find modems and bypass security controls using human psychology are also summarized.
This document appears to be from a CISSP mentor program session discussing communication and network security topics. It includes a quiz on network protocols and technologies like UDP, TCP ports, OSI layers, and IPv6 tunneling. It also summarizes wired WAN protocols like T1/E1 lines, Frame Relay, X.25, ATM, MPLS, and storage protocols like FCoE, FCIP and iSCSI. The session aims to help students studying for the CISSP exam.
This document summarizes session #5 of a CISSP mentor program. It provides an overview of symmetric encryption techniques like DES, AES, and their modes of operation. It also discusses the history and weaknesses of DES, as well as how Triple DES aims to strengthen it. The session includes quizzes on these topics and cryptographic concepts.
The document summarizes session 4 of a CISSP mentor program. It provides a check-in on the chapters covered so far in domains 1 through 3. It then includes several quiz questions to test knowledge as well as continuing the discussion on secure system design concepts and secure hardware architecture, covering topics like CPU components and memory protection methods.
Build applications with generative AI on Google CloudMárton Kodok
We will explore Vertex AI - Model Garden powered experiences, we are going to learn more about the integration of these generative AI APIs. We are going to see in action what the Gemini family of generative models are for developers to build and deploy AI-driven applications. Vertex AI includes a suite of foundation models, these are referred to as the PaLM and Gemini family of generative ai models, and they come in different versions. We are going to cover how to use via API to: - execute prompts in text and chat - cover multimodal use cases with image prompts. - finetune and distill to improve knowledge domains - run function calls with foundation models to optimize them for specific tasks. At the end of the session, developers will understand how to innovate with generative AI and develop apps using the generative ai industry trends.
06-18-2024-Princeton Meetup-Introduction to MilvusTimothy Spann
06-18-2024-Princeton Meetup-Introduction to Milvus
tim.spann@zilliz.com
https://www.linkedin.com/in/timothyspann/
https://x.com/paasdev
https://github.com/tspannhw
https://github.com/milvus-io/milvus
Get Milvused!
https://milvus.io/
Read my Newsletter every week!
https://github.com/tspannhw/FLiPStackWeekly/blob/main/142-17June2024.md
For more cool Unstructured Data, AI and Vector Database videos check out the Milvus vector database videos here
https://www.youtube.com/@MilvusVectorDatabase/videos
Unstructured Data Meetups -
https://www.meetup.com/unstructured-data-meetup-new-york/
https://lu.ma/calendar/manage/cal-VNT79trvj0jS8S7
https://www.meetup.com/pro/unstructureddata/
https://zilliz.com/community/unstructured-data-meetup
https://zilliz.com/event
Twitter/X: https://x.com/milvusio https://x.com/paasdev
LinkedIn: https://www.linkedin.com/company/zilliz/ https://www.linkedin.com/in/timothyspann/
GitHub: https://github.com/milvus-io/milvus https://github.com/tspannhw
Invitation to join Discord: https://discord.com/invite/FjCMmaJng6
Blogs: https://milvusio.medium.com/ https://www.opensourcevectordb.cloud/ https://medium.com/@tspann
Expand LLMs' knowledge by incorporating external data sources into LLMs and your AI applications.
Did you know that drowning is a leading cause of unintentional death among young children? According to recent data, children aged 1-4 years are at the highest risk. Let's raise awareness and take steps to prevent these tragic incidents. Supervision, barriers around pools, and learning CPR can make a difference. Stay safe this summer!
We are pleased to share with you the latest VCOSA statistical report on the cotton and yarn industry for the month of May 2024.
Starting from January 2024, the full weekly and monthly reports will only be available for free to VCOSA members. To access the complete weekly report with figures, charts, and detailed analysis of the cotton fiber market in the past week, interested parties are kindly requested to contact VCOSA to subscribe to the newsletter.
[VCOSA] Monthly Report - Cotton & Yarn Statistics May 2024
2018 CISSP Mentor Program Session 1
1. CISSP® MENTOR
PROGRAM SESSION #1
BRAD NIGH, DIRECTOR OF CONSULTING SERVICES, FRSECURE
EVAN FRANCEN, CEO & CO-FOUNDER,FRSECURE
2018 – CLASS #1
2. CISSP® MENTOR PROGRAM – SESSION #1
Just kidding! This will be awesome!
CISSP® MENTOR PROGRAM
3. CISSP® MENTOR PROGRAM
Welcome!
• What is the CISSP Mentor Program?
• History
• 2010 – 1st Class – 6 students
• Today – 9th Class – 300+ students!
• Why do we do it?
• Success stories
• Heck, it’s free! What have you got to lose?
We have a severe talent shortage problem in our industry. Good news for you…
CISSP® MENTOR PROGRAM
4. CISSP® MENTOR PROGRAM
Agenda
• Introduction
• Our severe talent shortage problem…
• Mentor Program Schedule & Class structure
• What is a CISSP?
• The book.
• Chapter 1 – Introduction (the other one).
CISSP® MENTOR PROGRAM
5. INTRODUCTION – ABOUT EVAN
• Co-founder of FRSecure.
• Co-inventor of SecurityStudio®, FISA™, FISASCORE® and Vendefense™
• Member of the Forbes Technology Council
• 25+ years of “practical” information security experience (started as a Cisco Engineer in the
early 90s).
• Worked with 100s of companies; big (Wells Fargo, US Bank, UHG, etc.) and small.
• Written more than 750 articles about information security.
• Developed the FRSecure Mentor Program; six students in 2010/ 163 in 2017/ 300+ in 2018.
• Dozens of television and radio appearances; numerous topics.
• Advised legal counsel in very public breaches (Target, Blue Cross/Blue Shield, etc.).
A much better picture of me
Sorry that I can’t be here in person today. I’m traveling.
CISSP® MENTOR PROGRAM
6. INTRODUCTION – ABOUT EVAN
BOOK ANNOUNCEMENT
Just finished the draft…
The Information Security Industry is Broken
Publishing in June.
CISSP® MENTOR PROGRAM
7. INTRODUCTION – ABOUT BRAD
• Not as much cool stuff as Evan but….
• Director of Consulting Services at FRSecure
• Assessment Team, HITRUST, PCI, SOC2, vCISO
• Started in IT doingY2K updates (and asset inventory) with a floppy disk
• Volunteer for ISC2 Safe and Secure Online program and Wayzata Schools
Compass program for CyberSecurity
• Lots of public speaking
• FRSecure CISSP Mentor Program
• FRSecure Workshop Series
• Information Security Training & Awareness for clients
Available most days for class.
CISSP® MENTOR PROGRAM
8. INTRODUCTION – ABOUT FRSECURE
• Information Security Consulting and Management company. It’s all we do.
• Our core services include:
• HIPAA Risk Analysis – using FISA™
• Social Engineering Services
• Penetration Testing Services
• PCI QSA Services
• Incident Management Services
• HITRUST Services
• SOC2 Preparation Services
• Information Security Training & Awareness
• vServices (vCISO, vISO, and vISA)
• Methodology fanatics, mentoring champions,and product agnostic.
CISSP® MENTOR PROGRAM
9. INTRODUCTION – ABOUT FRSECURE
• 55+ Unicorns.
Here are some of them
CISSP® MENTOR PROGRAM
10. OUR SEVERE TALENT SHORTAGE PROBLEM…
• Chapter 10 – Too Many Few Experts.
• No shortage of stories about our impending doom.
CISSP® MENTOR PROGRAM
11. OUR SEVERE TALENT SHORTAGE PROBLEM…
23%
25%
46%
45%
51%
0%
10%
20%
30%
40%
50%
60%
2014 2015 2016 2017 2018
Survey Respondents Claiming to Have a "Problematic" Shortage of Security Talent
Source: 2017 ESG & ISSA Research Report – “The Life and Times of Cybersecurity Professionals”
CISSP® MENTOR PROGRAM
12. OUR SEVERE TALENT SHORTAGE PROBLEM…
• Chapter 10 – Too Many Few Experts.
• No shortage of stories about how to fix things either.
CISSP® MENTOR PROGRAM
13. OUR SEVERE TALENT SHORTAGE PROBLEM…
The Truth
Source: CyberSeek – www.cyberseek.org
CISSP® MENTOR PROGRAM
14. OUR SEVERE TALENT SHORTAGE PROBLEM…
The Truth
Source: CyberSeek – www.cyberseek.org
CISSP® MENTOR PROGRAM
15. OUR SEVERE TALENT SHORTAGE PROBLEM…
The Truth
Source: CyberSeek – www.cyberseek.org
Source: United States Census Bureau
CISSP® MENTOR PROGRAM
16. OUR SEVERE TALENT SHORTAGE PROBLEM…
The Truth
• Report from Cybersecurity Ventures estimates there will be 3.5 million
unfilled cybersecurity jobs by 2021, up from 1 million openings last year.
• ISACA predicts there will be a global shortage of two million cyber security
professionals by 2019.
• National Association of Software and Services Companies (NASSCOM)
estimates India will need 1 million cybersecurity professionals by 2020.
• Cyber crime is expected to cost the world $6 trillion by 2021.
CISSP® MENTOR PROGRAM
17. OUR SEVERE TALENT SHORTAGE PROBLEM…
The Truth
• One of the most in-demand cyber security roles is security analyst.
• In 2012 there were 72,670 security analyst jobs in the U.S., with median
earnings of $86,170.Three years later, there were 88,880 such analysts
making $90,120.
• Compensation for the most senior roles in cyber security, like chief
information security officer, can reach $400,000.
CISSP® MENTOR PROGRAM
18. OUR SEVERE TALENT SHORTAGE PROBLEM…
The Truth
• 70 percent of cybersecurity professionals say the cybersecurity skills
shortage has had an impact on their organization.
• More than two-thirds (67 percent) of cybersecurity professionals claim they
are too busy with their jobs to keep up with skills development and training.
• 49 percent of cybersecurity professionals are solicited to consider other
cybersecurity jobs by various types of recruiters at least once per week.
CISSP® MENTOR PROGRAM
19. OUR SEVERE TALENT SHORTAGE PROBLEM…
The Problems (too many to list them all)
• Bad Advice – most with good intentions, some with bad.
• “Good” Security Talent – we don’t even agree on what “good” security
talent is.
• Supply and Demand - acquisition, retention, and our culture.
• National and Economic Security
CISSP® MENTOR PROGRAM
20. OUR SEVERE TALENT SHORTAGE PROBLEM…
Bad Advice
• There is no shortage of bad advice, and some of it can be attributed to the
“talent” shortage.
• “Information security training and awareness is a waste of time and resources”
• “An information security risk assessment is not necessary for a well-run
security program”
• “You must get an information security degree to become a good information
security professional”
• “Information security is an IT issue, not a business issue”
CISSP® MENTOR PROGRAM
21. OUR SEVERE TALENT SHORTAGE PROBLEM…
Bad Advice
Consider the source
CISSP® MENTOR PROGRAM
22. OUR SEVERE TALENT SHORTAGE PROBLEM…
“Good” Security Talent
• What makes a “good” information
security professional?
• Recent backlash from the Equifax
Breach, noted that Susan Mauldin
(former Chief Security Officer) had a
music degree; therefore, she must have
been unqualified.
“a problem emerges: according to LinkedIn,
Mauldin’s stated educational background has no
security or technology credentials, and consists
of.... a bachelor’s degree in music composition
(magna cum laude) and a Master of Fine Arts
degree in music composition (summa cum laude),
both from the University of Georgia. Once again,
this is the person who was in charge of keeping
your personal and financial data safe — and
whose failure to do that have put 143 million at
risk from identity theft and fraud.”
(Source: https://www.zerohedge.com/news/2017-09-15/another-
equifax-coverup-did-company-scrub-its-chief-security-officer-was-
music-major)
CISSP® MENTOR PROGRAM
23. OUR SEVERE TALENT SHORTAGE PROBLEM…
“Good” Security Talent
• What makes a “good” information
security professional?
• Recent backlash from the Equifax
Breach, noted that Susan Mauldin
(former Chief Security Officer) had a
music degree; therefore, she must have
been unqualified.
When Congress hauls in Equifax CEO Richard
Smith to grill him, it can start by asking why he put
someone with degrees in music in charge of the
company’s data security.
And then they might also ask him if anyone at the
company has been involved in efforts to cover up
Susan Mauldin’s lack of educational qualifications
since the data breach became public.
It would be fascinating to hear Smith try to explain
both of those extraordinary items.
(Source: https://www.marketwatch.com/story/equifax-ceo-hired-a-
music-major-as-the-companys-chief-security-officer-2017-09-15)
CISSP® MENTOR PROGRAM
24. OUR SEVERE TALENT SHORTAGE PROBLEM…
“Good” Security Talent
• What makes a “good” information security professional?
• Some people believe that you cannot be “good” without a technical degree,
others believe that you cannot be “good” without certifications like a CISSP,
CISM, etc.
• There are thousands of awesome security practitioners who have no
information security degree whatsoever.
CISSP® MENTOR PROGRAM
25. OUR SEVERE TALENT SHORTAGE PROBLEM…
Defining “Good”
• At FRSecure we “grow unicorns”.
• There are three things that make a unicorn:
• Intangibles – the things you can’t teach.
• Education – the “book smarts”. Education can come in a variety of forms; degree
programs, books, in-person instruction, mentorship, certification preparation, etc.
• Experience – the “street smarts”.The best way to gain experience is by doing.
• The three ingredients are not mutually exclusive and there is no one “right” way.
CISSP® MENTOR PROGRAM
26. OUR SEVERE TALENT SHORTAGE PROBLEM…
Supply and Demand - acquisition, retention, and our culture
• Supply – we don’t have enough information security people.
• Acquisition – we can’t find enough good information security people for
ourselves.
• Retention – we can’t keep good information security people for ourselves
(and in some cases, in our industry).
• Culture – we have a “bro culture” problem that isn’t helping.
Now it gets hard…
CISSP® MENTOR PROGRAM
27. OUR SEVERE TALENT SHORTAGE PROBLEM…
Supply and Demand - acquisition, retention, and our culture
• Two sources; people willing to change careers, and younger people entering the
workforce.
• Career Changers - If you were interested in getting into our field, where would you start?
• A bachelor’s degree in cyber security will cost somewhere between $20,000 - $60,000, or more.
This might get you an entry-level job. A master’s degree will cost much more. (Source:
https://www.onlineu.org/most-affordable-colleges/cyber-security-degrees)
• Certification? Training to pass the CISSP® exam can range from $3,000 - $5,000, or more, and the
exam itself will set you back another $699.
• Cost is a barrier to entry. Most people don’t have this amount of money lying around.
• Younger People – Not enough education options (getting better, but not fast enough).
Now it gets hard…
This is all education related too, remember that
education is only one of the three ingredients.
CISSP® MENTOR PROGRAM
28. OUR SEVERE TALENT SHORTAGE PROBLEM…
Supply and Demand - acquisition, retention, and our culture
• Early Education – schools are starting programs, and they’re working. Many examples.
• Free Education
• FRSecure’s Mentor Program (https://frsecure.com/cissp-mentor-program/)
• SANS Cyber Aces Online (http://www.cyberaces.org/courses/)
• Cybrary (https://www.cybrary.it/catalog/)
• Cyber Degrees (https://www.cyberdegrees.org/)
• Mentorship – no single dominant program; this requires more of us giving back.
• Hire Intangibles – and train/educate for the rest. Can be a good acquisition strategy too.
• Internships – becoming more popular, but we need more.
Now it gets hard…
CISSP® MENTOR PROGRAM
29. OUR SEVERE TALENT SHORTAGE PROBLEM…
Supply and Demand - acquisition, retention,
and our culture
• Our industry culture is not always conducive to
attracting and retaining talent.
• Some of the results of our culture are gender
inequity and minority inequity.
• Women make up 49.56% of the world’s
population, but only make up 11% of the
information security workforce.
• 26% of our workforce is non-Caucasian (or
“white”) male.
Now it gets hard…
“In a survey of 580 scheduled attendees of the
Black Hat 2017 conference to be held in Las Vegas,
Black Hat found that 71% of respondents felt their
companies lacked sufficient staff to defend itself
against current cyberthreats. And, although less
than half of respondents (45%) were "concerned"
about the shortage of women and minorities in
the information security”
CISSP® MENTOR PROGRAM
30. OUR SEVERE TALENT SHORTAGE PROBLEM…
Supply and Demand - acquisition, retention, and our culture
• Since our industry is so male dominated, there’s a “bro culture” that exists.
• “It’s a very male-dominated culture.”“It can be a little more crass,a little bit more rough and maybe some
… females don’t like that,and it is off-putting.”– Ellison Anne Williams, Ph.D., founder and chief
executive of Enveil, a Fulton, Md., data security company.
• It’s not only the people in our industry that contribute to the problem. Customers, clients, and
other normal people also assume that information security is a male sport.
• “They have clients who won’t speak directly to them,It’s the assumption that the woman is not the lead on
the project.They just default to speaking to the men.”- Leah Figueroa, lead data engineer at Gravwell, a
data analytics company out of Coeur D’Alene, Idaho (Source: http://www.govtech.com/workforce/Why-Are-So-Few-
Women-in-Cybersecurity.html)
• This culture didn’t start in our industry and it’s not exclusive to our industry either.
Now it gets hard…
CISSP® MENTOR PROGRAM
31. OUR SEVERE TALENT SHORTAGE PROBLEM…
Supply and Demand - acquisition, retention, and our culture
• Promote and participate in more diversity initiatives and programs.
• Studies prove the more diverse work groups produce more creative a better results.
• A partial list of resources for women:
• SANS CyberTalent Immersion Academy for Women -
https://www.sans.org/cybertalent/immersion-academy
• Computer Science for Cyber Security (CS4CS) Summer Program for High School Women -
http://engineering.nyu.edu/k12stem/cs4cs/
• Women’s Society of Cyberjutsu (WSC) - http://womenscyberjutsu.org/
• Women in Cyber Security (WiCyS) - https://www.wicys.net/
Now it gets hard…
CISSP® MENTOR PROGRAM
32. OUR SEVERE TALENT SHORTAGE PROBLEM…
Supply and Demand - acquisition, retention, and our culture
• Promote and participate in more diversity initiatives and programs.
• Studies prove the more diverse work groups produce more creative a better
results.
• Arguably the leading resource for information security professionals is the
International Consortium of Minority Cybersecurity Professionals (ICMCP)
(Source: https://icmcp.org/).
• Our industry will benefit greatly through a more inclusive and diverse
workforce.
Now it gets hard…
CISSP® MENTOR PROGRAM
33. MENTOR PROGRAM SCHEDULE & CLASS
STRUCTURE
Syllabus (not really), but close.
CISSP® MENTOR PROGRAM
34. MENTOR PROGRAM SCHEDULE & CLASS
STRUCTURE
Class Schedule
CISSP® MENTOR PROGRAM
Date Class Lead Onsite Remote Notes
4/10/2018 Course Introduction/Q&A Brad Brad Evan
4/12/2018 Domain 1: Security and Risk Management Brad Brad Evan
4/17/2018 Domain 2: Asset Security Evan Evan, Brad
4/17/2018 Domain 3: Security Engineering Evan Evan, Brad
4/19/2018
4/24/2018 Domain 3: Security Engineering (cont.) Evan Evan, Brad (tentative)
4/26/2018 Domain 3: Security Engineering (cont.) Evan Evan, Brad
5/1/2018 Domain 4: Communication and Network Security Evan Evan, Brad
5/3/2018
5/8/2018 Domain 4: Communication and Network Security (cont.) Evan Evan
5/10/2018 Domain 5: Identity and Access Management Brad Evan, Brad
5/15/2018 Domain 6: Security Assessment and Testing Evan Evan, Brad
5/17/2018 Domain 7: Security Operations Evan Brad Evan
5/22/2018 Domain 7: Security Operations (cont.) Evan Evan, Brad (tentative)
5/24/2018
5/29/2018 Domain 8: Software Development Security Brad Evan, Brad
5/31/2018 CISSP Exam Final Preparation & Practice Testing Evan Evan, Brad
BREAK
BREAK
BREAK
2018 CISSP Mentor Program Schedule
35. MENTOR PROGRAM SCHEDULE & CLASS
STRUCTURE
Class Schedule
• There is a boatload of information to memorize for the exam, and you’ll
appreciate the breaks; we’ve built in three of them.
• Evan and/or Brad will lead all classes, switching things up to keep things
fresh.
• We’re easing into things this first week; only this introduction and one
domain (Domain 1: Security and Risk Management).
CISSP® MENTOR PROGRAM
36. MENTOR PROGRAM SCHEDULE & CLASS
STRUCTURE
Class Structure
• Every class is structured similarly, starting with a brief recap of the previous
content/session, then:
• Questions.
• Quiz.
• Current Events.
• Lecture.
• Homework (you’ll appreciate the breaks…)
CISSP® MENTOR PROGRAM
37. MENTOR PROGRAM SCHEDULE & CLASS
STRUCTURE
Class Structure
• We are here to help!
• If you have any questions, at any time, please send them to
CISSPMentor@frsecure.com
• We are willing to help facilitate a study group too.Whatever it takes to give
you the confidence to take (and pass) the exam and build a career!
• Content will be made available to all students, including slides, handouts,
and video recordings.
CISSP® MENTOR PROGRAM
38. WHAT IS A CISSP?
The Certified Information Systems Security Professional (or “CISSP”)
• Maintained by the International Information Systems Security Certification
Consortium (or (ISC)2®
)
• Tests your knowledge (or memorization) of the Common Body of
Knowledge (or “CBK”).
• “a mile wide and two inches deep” (or maybe just an inch deep).
• 2015 CBK, updated in April, 2015
• CBK consists of eight domains… next page
CISSP® MENTOR PROGRAM
39. WHAT IS A CISSP?
Domain Changes
CISSP® MENTOR PROGRAM
Previous CISSP Domain Name New CISSP Domain Name
Domain 1: Security and Risk Management Domain 1: Security and Risk Management
Domain 2: Asset Security Domain 2: Asset Security
Domain 3: Security Engineering Domain 3: Security Architecture and Engineering
Domain 4: Communications and Network Security Domain 4: Communication and Network Security
Domain 5: Identity and Access Management Domain 5: Identity and Access Management (IAM)
Domain 6: Security and Assessment Testing Domain 6: Security Assessment and Testing
Domain 7: Security Operations Domain 7: Security Operations
Domain 8: Software Development Security Domain 8: Software Development Security
40. WHAT IS A CISSP?
DomainWeights
CISSP® MENTOR PROGRAM
Major Domains Weightings (Percentage)
Domain 1: Security and Risk Management 15%
Domain 2: Asset Security 10%
Domain 3: Security Architecture and Engineering 13%
Domain 4: Communication and Network Security 14%
Domain 5: Identity and Access Management (IAM) 13%
Domain 6: Security Assessment and Testing 12%
Domain 7: Security Operations 13%
Domain 8: Software Development Security 10%
Total 100%
CISSP Domain Refresh FAQ
https://www.isc2.org/Certifications/CISSP/Domain-Refresh-FAQ
41. WHAT IS A CISSP?
The Certified Information Systems Security Professional (or “CISSP”)
• For the latest (and official) information about the CISSP, refer to the (ISC)2
website; https://www.isc2.org/Certifications/CISSP
• The four steps to the CISSP:
1. Meet CISSP Eligibility
2. Schedule the Exam
3. Pass the Exam
4. Agree to the Code of Ethics and get endorsed.
CISSP® MENTOR PROGRAM
42. WHAT IS A CISSP?
Meet CISSP Eligibility
CISSP® MENTOR PROGRAM
43. WHAT IS A CISSP?
Schedule the Exam
CISSP® MENTOR PROGRAM
44. WHAT IS A CISSP?
Pass the Exam
CISSP® MENTOR PROGRAM
45. WHAT IS A CISSP?
Code of Ethics and endorsement
CISSP® MENTOR PROGRAM
47. THE BOOK.
CISSP Study Guide – Third Edition
• ISBN: 978-0-12-802437-9
• Syngress publications
• Eric Conrad, Seth Misenar, Joshua Feldman are the authors
• If you don’t have it, you can get it in a variety of place; Amazon, Elsevier,
Borders, etc.
• I prefer the book in Adobe Acrobat format; easy reference and copy/paste
capabilities.
CISSP® MENTOR PROGRAM
49. CHAPTER 1 - INTRODUCTION
EXAM OBJECTIVES IN THIS CHAPTER
• How to prepare for the Exam
• How to take the Exam
• Sticking with it!
CISSP® MENTOR PROGRAM
50. CHAPTER 1 - INTRODUCTION
How to prepare for the Exam
• The Mentor Program is here to facilitate and get you through this…
• Preparation (bunches of ways)
• Note Cards
• 3x Book Read (Evan’s method)
• Read the book once fast, confusion is expected, but fight through it.
• Read the book again, focus on structure and concepts.
• Read the book the third time, focus on mastery and memorization.
CISSP® MENTOR PROGRAM
51. CHAPTER 1 - INTRODUCTION
How to take the Exam
• Used to be six hours and 250 questions.
• Now it’s three hours and 150 questions! (not in the book)
• Computer-based testing (“CBT”) at Pearson Vue, used to be paper and pencil (Evan’s
old!)
• Two (sort of four) types of questions:
• Multiple Choice (four options, two are almost obviously wrong)
• “Advanced Innovative”
• Scenario
• Drag/Drop
• Hotspot
CISSP® MENTOR PROGRAM
52. BONUS – INFORMATION SECURITY
FUNDAMENTALS
What is Information Security?
• This is a question for you.
• This is a question that our industry still struggles with.
• Don’t forget this…
CISSP® MENTOR PROGRAM
Information security is managing risks to the confidentiality,
integrity, and availability of information using administrative,
physical and technical controls.
53. BONUS – INFORMATION SECURITY
FUNDAMENTALS
What is Information Security?
• This is a question for you.
• This is a question that our industry still struggles with.
• Don’t forget this…
CISSP® MENTOR PROGRAM
Information security is managing risks to the confidentiality,
integrity, and availability of information using administrative,
physical and technical controls.
54. BONUS – INFORMATION SECURITY
FUNDAMENTALS
What is Information Security?
• This is a question for you.
• This is a question that our industry still struggles with.
• Don’t forget this…
CISSP® MENTOR PROGRAM
Information security is managing risks to the confidentiality,
integrity, and availability of information using administrative,
physical and technical controls.
55. BONUS – INFORMATION SECURITY
FUNDAMENTALS
What is Information Security?
• This is a question for you.
• This is a question that our industry still struggles with.
• Don’t forget this…
CISSP® MENTOR PROGRAM
Information security is managing risks to the confidentiality,
integrity, and availability of information using administrative,
physical and technical controls.
56. BONUS – INFORMATION SECURITY
FUNDAMENTALS
What is Risk?
• This is a question for you.
• This is a question that our industry still struggles with.
• Don’t forget this…
CISSP® MENTOR PROGRAM
57. BONUS – INFORMATION SECURITY
FUNDAMENTALS
What is Risk?
• This is a question for you.
• This is a question that our industry still struggles with.
• Don’t forget this…
CISSP® MENTOR PROGRAM
Risk is the likelihood of something bad happening and the
impact if it did.
58. BONUS – INFORMATION SECURITY
FUNDAMENTALS
Ten Information Security Principles
1. A business is in business to make money.
2. Information Security is a business issue.
3. Information Security is fun.
4. People are the biggest risk.
5. “Compliant” and “secure” are different.
CISSP® MENTOR PROGRAM
59. BONUS – INFORMATION SECURITY
FUNDAMENTALS
Ten Information Security Principles
6. There is no common sense in Information Security.
7. “Secure” is relative.
8. Information Security should drive business.
9. Information Security is not one size fits all.
10. There is no “easy button”.
CISSP® MENTOR PROGRAM
60. THAT’S IT. NEXT?
That’s it for today…
• We’re very excited that we get to be a part of your information security
career journey!
• This will be a rewarding experience.
• It will be hard at times, but don’t give up!
CISSP® MENTOR PROGRAM
61. THAT’S IT. NEXT?
That’s it for today…
• Homework for Thursday (4/12):
• Please get the book if you haven’t already.
• Please read Chapter 1 (pages 1 – 10).
• We will be covering Chapter 2 Domain 1: Security and Risk Management (e.g.,
Security, Risk, Compliance, Law, Regulations, Business Continuity) on Thursday.
CISSP® MENTOR PROGRAM
See you Thursday!