Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
Note: There is an updated version of this slide deck available on SlideShare at
https://www.slideshare.net/DallasHaselhorst/cybersecurity-awareness-training-presentation-v11
--
Do you want an cybersecurity awareness training you can present at *your* business or in *your* community? Awesome!
We spent months putting together this training presentation on cybersecurity awareness. We then presented it multiple times and continued modifying the presentation based on feedback from attendees as well as feedback from those in the information security community. We are now releasing this in the hope it is a call to action for others in their communities.
The slides are available for download on our website. Download it and please present it in your own communities, e.g. at your local library, business events, co-working spaces, schools, etc. We also have a free cybersecurity quiz available on the site that is also based on the material.
Download the latest version as a Microsoft PowerPoint presentation (.pptx) or 'Make a Copy' in Google Slides.
https://www.treetopsecurity.com/slides
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Cybersecurity Awareness Posters - Set #2NetLockSmith
Posters for National Cyber Security Awareness Month. All are from government entities and free for use (Unmarked ones are from the Montana state government.)
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
Note: There is an updated version of this slide deck available on SlideShare at
https://www.slideshare.net/DallasHaselhorst/cybersecurity-awareness-training-presentation-v11
--
Do you want an cybersecurity awareness training you can present at *your* business or in *your* community? Awesome!
We spent months putting together this training presentation on cybersecurity awareness. We then presented it multiple times and continued modifying the presentation based on feedback from attendees as well as feedback from those in the information security community. We are now releasing this in the hope it is a call to action for others in their communities.
The slides are available for download on our website. Download it and please present it in your own communities, e.g. at your local library, business events, co-working spaces, schools, etc. We also have a free cybersecurity quiz available on the site that is also based on the material.
Download the latest version as a Microsoft PowerPoint presentation (.pptx) or 'Make a Copy' in Google Slides.
https://www.treetopsecurity.com/slides
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Cybersecurity Awareness Posters - Set #2NetLockSmith
Posters for National Cyber Security Awareness Month. All are from government entities and free for use (Unmarked ones are from the Montana state government.)
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
KnowBe4 helps you keep your network secure with Kevin Mitnick security awareness training. You are able to send simulated phishing attacks before and after the training. Created ‘by admins for admins’, a minimum of time is needed with visible proof the security awareness training works. Find out what your email attack footprint looks like and ask for our free Email Exposure Check.
Based on Kevin’s 30+ year unique first-hand hacking experience, you are now able to train employees with next-generation web-based training and testing, to quickly solve the increasingly urgent security problem of Social Engineering.
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "What is Cyber Security" gives an introduction to the Cyber Security world and talks about its basic concepts. You get to know different kinds of attack in today's IT world and how cybersecurity is the solution to these attacks. Below are the topics covered in this tutorial:
1. Why we need Cyber Security?
2. What is Cyber Security?
3. The CIA Triad
4. Vulnerability, Threat and Risk
5. Cognitive Cyber Security
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
Information Security & Data Security about the internet, daily life usages. The behavior of employees and contractors with access to data affects information systems and assets. The human factor (what employees do or don’t do) is the biggest threat to information systems and assets.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
KnowBe4 helps you keep your network secure with Kevin Mitnick security awareness training. You are able to send simulated phishing attacks before and after the training. Created ‘by admins for admins’, a minimum of time is needed with visible proof the security awareness training works. Find out what your email attack footprint looks like and ask for our free Email Exposure Check.
Based on Kevin’s 30+ year unique first-hand hacking experience, you are now able to train employees with next-generation web-based training and testing, to quickly solve the increasingly urgent security problem of Social Engineering.
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "What is Cyber Security" gives an introduction to the Cyber Security world and talks about its basic concepts. You get to know different kinds of attack in today's IT world and how cybersecurity is the solution to these attacks. Below are the topics covered in this tutorial:
1. Why we need Cyber Security?
2. What is Cyber Security?
3. The CIA Triad
4. Vulnerability, Threat and Risk
5. Cognitive Cyber Security
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
Information Security & Data Security about the internet, daily life usages. The behavior of employees and contractors with access to data affects information systems and assets. The human factor (what employees do or don’t do) is the biggest threat to information systems and assets.
On April 2nd, ASI held its first invitation-only CIO Summit — on Data Security in a Mobile World in downtown Washington, DC, exclusively for not-for-profit CIOs. The event brought together the best and brightest minds from the association, non-profit, and business communities to address the current data security threats they're facing, particularly in this increasingly mobile world.
How to develop an AppSec culture in your project 99X Technology
Cyber attack is the greatest threat to every profession, every industry and every company in the world. Here are slides which will help you learn the challenges, prevent, detect and respond to Cyber threats and help safeguard the organization from every increasing security breaches.
This slide set describes developing an AppSec culture in your projects. This includes how to implement security risk assessment program, threat modeling and security designs and tools for security Automation.
CISSO Certification | CISSO Training | CISSOSagarNegi10
Our CISSO Certification course is designed for forward-thinking security professionals that want the advanced skill set necessary to manage and consult businesses on information security.
Cyber Security is the most important constituent of Information Technology
that protects all kinds of information systems, (personal or professional) against
all the vulnerabilities and potential attacks via the internet.
ASEAN-JAPAN Cyber Security Seminar: How to fill your team gaps with trainingAPNIC
APNIC Senior Security Specialist Adli Wahid presents on identifying skill gaps and how to meet them at the ASEAN-JAPAN Cyber Security Seminar, held online on 11 August 2021.
Because many organizations don't perform security unless they have to, more than 80% of all web applications are being exposed to vulnerabilities. In comes regulation. There are a number of different industries other than financial and healthcare that deal with PII and PHI but are either not regulated at all or are regulated very loosely. This presentation will discuss the various regulations (PCI, SOX, HIPAA, etc.) and what each does to address web application security, if any, as well as the shortcomings of each. Finally, it will further address industries that need to be more strictly regulated in order to better protect personal information.
Andrew Weidenhamer, Senior Security Consultant, SecureState
Andrew Weidenhamer, Senior Security Consultant, joined SecureState in January 2008. As a former member of the Profiling Team, Andrew performed technical security assessments on a weekly basis. These assessments included Internal and External Attack and Penetration Assessments, Wireless Penetration Assessments, Web Application Security Reviews, Physical Penetration Tests, and Social Engineering Assessments.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
By the end of this webinar you should be able to understand
Top five skills needed to break into a career in information security analysis
Tips and tricks to study for the CS0-001
IDS, Firewalls, etc CompTIA Cybersecurity Analyst (CSA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CSA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.
Learn all about the Latest CompTIA Security+ SYO-701 Exam in 2 minutes! Swipe through the slides to discover the new updates in this latest version, its course content, target audience, exam details, career scope, and more.
𝐒𝐭𝐚𝐫𝐭 𝐲𝐨𝐮𝐫 𝐥𝐞𝐚𝐫𝐧𝐢𝐧𝐠 𝐣𝐨𝐮𝐫𝐧𝐞𝐲 𝐧𝐨𝐰! 👉 https://www.infosectrain.com/courses/comptia-security/
In the ever-evolving cybersecurity landscape, the latest version of the CompTIA Security+ (SY0-701) training course from InfosecTrain is your gateway to mastering the core skills necessary to secure data and information systems in the digital age.
The CompTIA Security+ SY0-701 course from InfosecTrain, provides a comprehensive and expert-led training experience, covering five key domains that are essential for understanding and excelling in the field of information security. Participants will delve into general security concepts, threats, vulnerabilities, mitigations, security architecture, security operations, and security program management. The course features practical exercises and hands-on labs to develop participant’s skills, ensuring that participants are well-prepared for the SY0-701 certification exam.
Unlock essential cybersecurity skills with InfosecTrain's latest CompTIA Security+ (SY0-701) course. Master core competencies in data and information system security, covering the latest threats, automation, zero trust principles, IoT security, and risk management. Be exam-ready and secure success on your first attempt.
Learn all about the 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦 in 2 minutes!
Swipe through the slides to discover the new updates in this latest version, its course content, target audience, exam details, career scope and more..
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
Similar to Career Guidance on Cybersecurity by Mohammed Adam (20)
This slide deck covers the automated & manual static code discovery of Android Application using opensource tools, Reverse engineering of apk file and Secure code review
This slide deck contains the requirement for Android Penetration testing using some open source tools and techniques. And it also cover OWASP TOP 10 Mobile, MSTG and MASVS guidelines for Mobile Application Penetration testing
In this slides deck, we gonna look into Wireless penetration testing requirements like hardware & software, Various IEEE standards. and also deep dive into WEP, WPA, WPA2 & its Security threats & Security best practices.
The Slides deck contains Network penetration testing requirements & Tools used in real world pentesting. For Demo purposes, I had used a vulnhub machine called Metasploitable 2 for testing purposes. Looking into various Ports and Services Vulnerabilities using Kali open source tools.
This slide deck covers Networking Fundamentals, Various Penetration testing standards, OWASP TOP 10 Vulnerabilities of Web Application and the Lab Setup required for Penetration testing.
Golden Ticket Attack - AD - Domain PersistenceMohammed Adam
A Golden Ticket attack is a kind of cyberattack targeting the access control privileges of a Windows environment where Active Directory (AD) is in use.
Evading Antivirus software for fun and profitMohammed Adam
Antivirus evasion techniques are used by malware writers, as well as by penetration testers and vulnerability researchers, in order to bypass one or more antivirus software applications.
Android Application Penetration Testing - Mohammed AdamMohammed Adam
Android Penetration Testing is a process of testing and finding security issues in an android application. It involves decompiling, real-time analyzing and testing android application for security point of view. This Slides covers real-time testing of android applications and some security issues like insecure logging, leaking content providers, insecure data storage and access control issues.
Vulnerability assessment & Penetration testing Basics Mohammed Adam
In these days of widespread Internet usage, security is of prime importance. The almost universal use of mobile and Web applications makes systems vulnerable to cyber attacks. Vulnerability assessment can help identify the loopholes in a system while penetration testing is a proof-of-concept approach to actually explore and exploit a vulnerability.
Network Security, What is security?
Why do we need security?
Who is vulnerable? Common security attacks and countermeasures, Firewalls & Intrusion Detection Systems
Denial of Service Attacks
TCP Attacks
Packet Sniffing
Social Problems
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
2. #WHOAMI
2
4+ Experience in cyber security
Worked for 150+ projects in
various aspects of cyber security
Have 50+ hall of fames
Independent Consultant
Foss Activist in VGLUG
Bike rider
3. TOPICS
3
• Define Cybersecurity
• Define Pivoting
• Demand for Cybersecurity Professionals
• Cybersecurity Fields & Careers
• Technical, Physical, and Administrative Controls
• You May Already Be Involved in Cybersecurity
• Training Resources
• Certifications
• Networking
• Professional Reading
• Resumes & Applicant Tracking Systems
4. WHAT IS
CYBERSECURITY?
4
• Cybersecurity encompasses a broad range of practices, tools and
concepts related closely to those of information and operational
technology security. Cybersecurity is distinctive in its inclusion of the
offensive use of information technology to attack adversaries.“
Gartner “Definition: Cybersecurity”, 07 June 2013
• "Measures taken to protect a computer or computer system (as on
the Internet) against unauthorized access or attack.“
Merriam-Webster
https://www.merriam-webster.com/dictionary/cybersecurity
5. WHAT IS
PIVOTING?
5
• Pivoting is the exclusive method of using an instance also known by
‘foothold’ to be able to “move” from place to place inside the
compromised network. It uses the first compromised system
foothold to allow us to compromise other devices and servers that
are otherwise inaccessible directly.
https://resources.infosecinstitute.com/pivoting-exploit-system-
another-network/
6. DEMAND FOR
CYBERSECURITY PROFESSIONALS
6
• Demand for Cybersecurity Talent Soars, Study Finds
– 25 percent gap between demands for cyber talent and qualified workforce
– Predicts a shortfall of 3.5 million cybersecurity professionals by2021
– Using existing talent
–Closing the gap with “new collar workers”
https://securityintelligence.com/news/demand-for-cybersecurity-talent-soars-study-finds/
• Demand for Cybersecurity Jobs Doubles Over Five Years, But Talent Gap
Remains
https://www.prnewswire.com/news-releases/demand-for-cybersecurity-jobs-
doubles-over-five-years-but-talent-gap-remains-300874877.html
• The 10 highest-paying cybersecurity jobs
https://www.techrepublic.com/article/the-10-highest-paying-cybersecurity-jobs/
9. CAREERS IN
CYBERSECURITY
9
• SecurityAnalyst
• SecurityArchitect
• Security Software Developer
• Security Systems Engineer
• SecurityAdministrator
• Security Consultant
• Forensics Examiner
• Penetration Tester
• Cryptographer
• Cryptanalyst
• Information System Security
Manager
• Sales
• QualityAssurance
• Law
• Insurance
References:
“Learn How to Become”
https://www.learnhowtobecome.org/computer-careers/cyber-security/
“Cyber Security Jobs: Opportunities for Non-Technical Professionals”
https://onlinedegrees.sandiego.edu/non-technical-cyber-security-jobs/
“Getting Started in Cybersecurity with a Non-Technical Background”
https://www.sans.org/security-awareness-training/blog/getting-
started-cybersecurity-non-technical-background
10. TECHNICAL, ADMINISTRATIVE, AND
PHYSICAL CONTROLS
• Technical - Hardware or Software Solutions
– Firewalls
– Intrusion Detection or Prevention Systems (IDS / IPS)
– BiometricAuthentication
– Permissions
– Auditing
• Administrative – implemented with policies and procedures
– Fulfill legal requirements
• Customer Privacy
– Password Policy
• Length, Complexity, Frequency of Change
– UserAgreement
• Physical – protect assets from both hackers and traditional
threats https://www.asisonline.org
10
– Guards
– Locks
– Cameras
– Fire Protection
Oriyano, S. (2014) Hacker Techniques,
Tools, and Incident Handling, 2nd Edition,
Burlington, MA: Jones & Bartlett Learning
11. YOU MAY ALREADY BE
INVOLVED IN CYBERSECURITY!
11
• Most computer vulnerabilities can be traced to:
– Poorly implemented software
• Failure to sanitize inputs
– Incorrectly administered systems
• Failure to disable inactive user accounts
– Poorly designed systems
• Meltdown and Spectre
– Poor “cyber hygiene”
• Lack of patch updates
If your job involves designing or administering information systems
or developing software, you are effectively supporting cybersecurity
efforts.
12. CYBERSECURITY
TRAINING
12
• College Degree versus Technical Certification
• Many, but not all, positions require a four year degree
• However, an additional degree may not be the best route to transition to cybersecurity
– Depends on your original degree
– Video: Success in the New Economy
https://vimeo.com/67277269
• National Centers of Academic Excellence in Cyber Defense 2-Year Education
(CAE-2Y)
https://www.iad.gov/NIETP/reports/cae_designated_institutions.cfm#C
• There are three community colleges in Southern California with this designation
– Coastline, Cypress, and Long Beach City College
• There are also four 4-year colleges in the area with the CAE designation
– Cal Poly Pomona, CSUSB, UCI , Webster University
• Many positions also require specific certifications
– e.g. Personnel administering DoD systems require the CompTIA Security+
certification at a minimum
Technical training & certifications can provide you with the needed skills faster
13. TRAINING RESOURCES
FOR VETERANS
13
• FedVTE
The Federal Virtual Training Environment (FedVTE) provides free online
cybersecurity training to U.S. government employees, Federal contractors,
and veterans.
https://fedvte.usalearning.gov/
• Splunk Pledge (Veterans and other groups)
https://workplus.splunk.com/
• AWS Educate (Veterans)
https://aws.amazon.com/education/awseducate/veterans/
• LinkedIn for Veterans
– Free one year Premium Careers subscription, including access to
LinkedIn Learning
https://www.linkedin.com/help/linkedin/answer/14803/linkedin-for-
veterans-free-premium-career-subscription-and-eligibility?lang=en
14. CYBERSECURITY
CERTIFICATIONS
14
• Purpose is to demonstrate a minimum set of skills
• Many positions also require specific certifications
– e.g. Personnel administering DoD systems require at a minimum the CompTIASecurity+
certification
• Search career websites for the certifications
– Dice
– Indeed
– Monster
15. CYBER WORKFORCE
MANAGEMENT PROGRAM
15
• Cyber Workforce Management Program
DoDD 8140.01 & DoD 8570.01-m for DoD related programs
• Applies to DoD and Contractors
• Positions dictate which certifications are required
https://public.cyber.mil/cwmp/dod-approved-8570-baseline-certifications/
https://public.cyber.mil/cwmp/
16. COMPTIA
CERTIFICATIONS
16
• Security+
• Network+
• Cybersecurity Analyst (CySA+)
• Advanced Security Practitioner
• Pentest
• Linux+
• Cloud+
https://certification.comptia.org/certifications
https://www.businessnewsdaily.com/10718-comptia-certification-
guide.html
Note: Many of these certifications can be obtained at low cost
through your local community college
17. INTERNATIONAL INFORMATION
SYSTEMS SECURITY CERTIFICATION
CONSORTIUM (ISC2)
17
• Certified Information Systems Security Professional (CISSP)
– One of the most widely recognized cybersecurity certifications
– Tests security-related managerial skills
• Usually more concerned with policies and procedures
– Requires that you demonstrate five years of professional experience
• Reduced to 4 years if you have a Bachelor’s degree
• Can receive the CISSA if you pass the CISSP exam but do not have
sufficient experience
• Certified Secure Software Lifecycle Professional (CSSLP)
• Several other certifications also offered
• Web site:
– https://www.isc2.org/
– https://www.isc2.org/credentials/default.aspx
18. SANS
INSTITUTE
18
• Highly technical and hands-on training
– Learn today and apply tomorrow philosophy
• SysAdmin, Audit, Network, Security (SANS) Institute
– Offers training and over 20 certifications through Global Information
Assurance Certification (GIAC)
http://www.giac.org/certifications/get-certified/roadmap
– Also offers Master’s Degrees and Certificates in Cyber Security
http://www.sans.edu/
• Top 20 Critical Controls
– One of the most popular SANS Institute documents
– Details most common network exploits
– Suggests ways of correcting vulnerabilities
http://www.sans.org/security-resources/
• Join the SANS.org community to subscribe to NewsBites & receive
free posters https://www.sans.org/account/create
19. SANS CYBERTALENT
IMMERSION ACADEMIES
19
• An intensive, accelerated training program that provides SANS world class training
and GIAC certifications to quickly and effectively launch careers in cybersecurity
• 100% scholarship-based and no cost to participants
• VetSuccess - open to transitioning veterans and those transitioned in the last five
years and not currently working in cybersecurity in a civilian role.
• Women's Academy - this Academy is open to career-changers and college seniors
with a background in IT, but not currently working in cybersecurity roles.
• Cyber Workforce Academy - these Academies are made possible by grants,
sponsors and organizations looking to hire cybersecurity talent or help advance the
field by bringing in new talent. Academy eligibility requirements and curricula will be
based on the specific focus and needs of the sponsors.
• Diversity Cyber Academy - SANS and International Consortium of Minority
Cybersecurity Professionals (ICMCP) are partnering to create the SANS - ICMCP:
Diversity Cyber Academy - DCA, combining efforts to increase the career
opportunities for minorities and women in the cybersecurity field.
https://www.sans.org/cybertalent/seekers
20. EC-COUNCIL
20
• International Council of Electronic Commerce Consultants
(EC-Council)
• Organization’s most recognized certification is the
Certified Ethical Hacker (CEH)
– Current certification is CEH v10
– Based on 20 domains (subject areas)
• Also offers other certifications
– Forensic Investigator, Application Security Engineer
• BS and MS in Cyber Security
https://www.eccouncil.org/
21. OFFENSIVE
SECURITY
21
• Creators of Kali Linux
• Penetration Testing and IT Security Training & Certifications
• Offensive Security Certified Professional (OSCP)
• Offensive Security Certified Expert (OSCE)
• Offensive Security Certified Web Expert (OSWE)
• Offensive Security Certified Exploitation Expert (OSEE)
• Offensive Security Certified Wireless Professional (OSWP)
https://www.offensive-security.com/
22. EMPLOYER TRAINING & COLLABORATION
RESOURCES
22
• If you are currently employed, utilize available educational benefits and
training resources.
– Not just educational reimbursement programs
– Some companies offer access to resources such as lynda.com or degreed.com
• Collaborate – many companies have an internal version of LinkedIn
– Post your skills internally
– Join groups that are related to cybersecurity
• Find the cybersecurity personnel at your employer and ask them for advice
– They’re typically really friendly people!
Pivot to a cyber security position with your current employer
23. OTHER TRAINING
RESOURCES
23
• LinkedIn Learning (formerly Lynda.com)
– Paid subscription
https://www.linkedin.com/learning/
– How to Access LinkedIn Learning for free through public libraries
– Possibly available through your school
• Cybrary - Free cybersecurity and IT training
https://www.cybrary.it/
• Splunk Pledge (Veterans and other groups)
https://workplus.splunk.com/
• Public Libraries
– LinkedIn Learning
– Access to online books
24. FOR THE MORE “EXPERIENCED”
WORKERS AMONG US…
24
• Stop throwing away those letters from AARP!
• How Older Workers Can Learn New Job Skills
https://www.aarp.org/work/job-search/info-2018/work-skills-resume-fd.html
• Learn@50+
https://learn.aarp.org/
• Poor Training, Lack of Skills Leave Older Workers Behind: Study
https://insights.dice.com/2019/07/02/skills-older-tech-professionals/
25. NETWORKING
25
• Invest in & market yourself
– Information System Security Association (ISSA) https://www.issa.org
– Open WebApplication Security Project (OWASP) https://www.owasp.org
– Women’s Society of Cyberjutsu (WSC) https://womenscyberjutsu.org/
– Women in Cyber Security https://www.wicys.org/
– Reverse Shell Corporation https://www.revshellcorp.org/
– Null Space Labs https://032.la/
– Search for local groups on http://meetup.com
• LETHAL, Null Space Labs
• Attend conferences
– DEF CON https://defcon.org
– BSides http://www.securitybsides.com
– Grace Hopper Celebration https://ghc.anitab.org/
– ShellCon https://shellcon.io
– LayerOne https://www.layerone.org/
– AppSec California https://2020.appseccalifornia.org/
26. PROFESSIONAL READING &
PODCASTS
26
• 7 Must-Read Blogs for Information Security Professionals
(Capella University)
https://www.capella.edu/blogs/cublog/top-blogs-for-infosec-
professionals/
• The Top Cyber Security Blogs and Websites of 2019
https://onlinedegrees.sandiego.edu/top-cyber-security-blogs-websites/
• SANS Internet Storm Center
https://isc.sans.edu/
• SANS Newsbites
https://www.sans.org/newsletters/newsbites/
• DoD Cyber Exchange – Public
https://public.cyber.mil/
27. A QUICK WORD ON RESUMES AND
APPLICANT TRACKING SYSTEMS
27
• Resumes
– An art form
– Everyone who reviews your resume will have a different opinion
– You should always have one ready
– Update it on a regular basis
• You should maintain your resume in two different formats
– Human readable for individuals and smaller companies
– Longer, more detailed resume for larger companies which utilize…
• Applicant Tracking Systems
– Resume is scanned and placed in a database
– Interviewers rarely see your original resume
– Database is searched on key words to find qualified applicants
• Use a website such as Jobscan (www.jobscan.co) to evaluate your resume
against a position description
– You will be surprised how poorly your resume scores
– Plural forms of words is a common problem (e.g. firewalls vs firewall)