The IT world seems to be exploding with certifications, with new ones being offered practically every month. How does one chose from all of the options available, and are they worth it?
This session discusses the plethora of Governance, Risk, Compliance, Security and Technology related certifications being offered today. What are the benefits, and which are the most highly valued? Most importantly, which ones are right for you? Can one get too many certifications, and what’s the balance?
Practical tips and recommendations are offered to help the person who decides on attaining certifications. Including, how to select the best certifications, how to plan a roadmap for achieving them, and successfully completing the plan they set out.
Lastly, the benefits of certifications are discussed, and how to maximize their value.
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
IT Security Initiatives create strategic and operational value to all enterprises; however, many IT professionals do not know how to economically quantify and forecast the benefits of IT security. Additionally, the new digital business ecosystem is resulting in rapid business cycles, which require faster speed and agility in all IT areas and IT services. The new ecosystem, largely caused by the Internet-of-Things, mobility and the Cloud, create a challenge for selecting and prioritizing IT security tools and projects. This session will present an overview of principles, models, trends and best practices, which can have been adopted by individuals and organizations to get right IT security initiatives approved.
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
In this session information will be presented on Third Party Risk Governance. The presenter will provide a better understand of the what’s, why’s and how’s of a Third Party Risk Governance program and provide some suggestions on sources for a program as well as some of the typical “gotchas”. This presentation will also provide common objections from the recipients of assessments and how to overcome those objections as well as discuss contract language that can be added to your products and services contracts.
This presentation will explore suggestions for ways Security people in Central Ohio can and do collaborate to improve Security practices within and external to organizations. This will explore ISACs, ISAOs, partnerships such as the Collaboratory, Internships, ISSA, etc.
In 2015, phishing related breaches dominated security news headlines, and will likely remain the leading initial point-of-entry method for 2016. Not surprisingly an upswing in security awareness spending has paralleled the rise in phishing. In this presentation we dive deep into the largest data pool of human phishing susceptibility and also new research about phishing awareness. We will also look at phishing from the attacker’s point of view and look for opportunities to be better defenders.
Let’s examine the evidence and decide if awareness is the problem. Why do users who are aware of phishing continue to fall for it? What are some of the most successful phishing themes? What are some common response rates? And finally, what can conditioned informants (your co-workers) reporting suspicious emails bring to the table?
This presentation is aimed at a technical security audience seeking to advance into a security leadership role. In this interactive presentation, attendees will learn how they need to apply their technical skills in a CISO or security director role. In addition, they will learn the fundamentals of leading people, managing budgets and projects, presenting to an executive audience, and dealing with other challenging issues security leaders face.
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle.
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
From this presentation you will learn:
· A brief history of encryption
· How encryption is now deployed in the enterprise
· Encryption and key management best practices to keep data safe
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
In the spirit of Continuous Improvement, we must ask ourselves - Are we doing the best job we can? In this presentation Gary will present some ideas and concepts that can be used to improve the security posture within your organization. These ideas and concepts are not your typical solutions, rather they will force you to make a fundamental change in your approach to implementing security and underlying assumptions about good security practices. This presentation will challenge conventional thinking about how to build a successful security program. After all, what do you have to lose? Are we really winning the cybersecurity war?
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
IT Security Initiatives create strategic and operational value to all enterprises; however, many IT professionals do not know how to economically quantify and forecast the benefits of IT security. Additionally, the new digital business ecosystem is resulting in rapid business cycles, which require faster speed and agility in all IT areas and IT services. The new ecosystem, largely caused by the Internet-of-Things, mobility and the Cloud, create a challenge for selecting and prioritizing IT security tools and projects. This session will present an overview of principles, models, trends and best practices, which can have been adopted by individuals and organizations to get right IT security initiatives approved.
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
In this session information will be presented on Third Party Risk Governance. The presenter will provide a better understand of the what’s, why’s and how’s of a Third Party Risk Governance program and provide some suggestions on sources for a program as well as some of the typical “gotchas”. This presentation will also provide common objections from the recipients of assessments and how to overcome those objections as well as discuss contract language that can be added to your products and services contracts.
This presentation will explore suggestions for ways Security people in Central Ohio can and do collaborate to improve Security practices within and external to organizations. This will explore ISACs, ISAOs, partnerships such as the Collaboratory, Internships, ISSA, etc.
In 2015, phishing related breaches dominated security news headlines, and will likely remain the leading initial point-of-entry method for 2016. Not surprisingly an upswing in security awareness spending has paralleled the rise in phishing. In this presentation we dive deep into the largest data pool of human phishing susceptibility and also new research about phishing awareness. We will also look at phishing from the attacker’s point of view and look for opportunities to be better defenders.
Let’s examine the evidence and decide if awareness is the problem. Why do users who are aware of phishing continue to fall for it? What are some of the most successful phishing themes? What are some common response rates? And finally, what can conditioned informants (your co-workers) reporting suspicious emails bring to the table?
This presentation is aimed at a technical security audience seeking to advance into a security leadership role. In this interactive presentation, attendees will learn how they need to apply their technical skills in a CISO or security director role. In addition, they will learn the fundamentals of leading people, managing budgets and projects, presenting to an executive audience, and dealing with other challenging issues security leaders face.
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle.
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
From this presentation you will learn:
· A brief history of encryption
· How encryption is now deployed in the enterprise
· Encryption and key management best practices to keep data safe
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoescentralohioissa
This presentation is to provide IT departments who have not leveraged their own data analytics skills for increasing the efficiency and effectiveness of compliance efforts to implement very low-cost solutions while achieving high returns on investment. Focusing on understanding how audit performs testing should assist IT organizations in designing their own compliance testing. Multiple examples will be provided to demonstrate how unlocking the potential of small and/or unstructured data and focusing on data relationships will improve overall data integrity and provide quantifiable measures of operational effectiveness.
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
Global regulations are driving the needs for businesses in all sectors to have cybersecurity programs that are designed to fit the organizations risk profile. At the same time, there is a lack of clarity on how much one should spend on managing these risks and the sophistication and number of risk mitigants that are required to manage these risks.
Company executives and board of directors are held personally liable for having the appropriate oversight and management of these controls and are looking for their CISO and CIROs to provide them assurance that these controls are in place and operating effectively. An attempt to balance the requirements and the expectations is a delicate balance. This presentation will look at the regulatory landscape and how this landscape is affecting client, executive, and board-level expectations for cybersecurity risk management. It will also provide some recommendations on how to approach the development of a cybersecurity risk management program.
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
-The evolution of online advertising tactics
-What cyber criminals find appealing about advertising and profiling
-How advertisers and cyber criminals have worked together in the past
-What psychological tactics are used by cyber criminals in real world attacks
-How to protect yourself from psychological attacks
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
With network data breaches being reported weekly, it appears our implementation of prevention solutions is failing. With the average time to detect a breach being greater than 6 months our detection solutions also appear to be failing. Maybe these solutions and technologies are working correctly and we are just not training our teams how to manage, maintain, and leverage those solutions effectively. In this presentation I will be discussing security testing and validation methodologies that includes Internal/external pentesting, social engineering, and red team/blue team exercises. In addition I will be covering how using these methodologies we can better prepare and build a more robust security environment that will keep your organization off the front page.
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
This presentation will explore tactics to improve organizational control implementations that meet the spirit of organizational risk decisions. An approach that may help to improve the time it takes to see organizational policy reflected in everyday workplace practice and technologies. Starting with clarifying “Who’s On First?”
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
As public and private cloud adoption skyrockets, the number of attacks against cloud infrastructure is also increasing dramatically. Now more than ever, it is crucial to secure your cloud assets and data against advanced threats.
We’ll dig into what it means to be successful in the cloud and what successful organizations do more of (and less of) than their less successful peers. We’ll look across technologies adopted, organizational and operational practices, and vendors embraced.
Recorded webinar: https://youtu.be/Og1-xcc7JNs
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
Presented by: Julie Soutuyo, Tennessee Valley Authority
Abstract: Over the past 40 years, the energy industry has evolved to a position of dependence upon information technology to accomplish its mission. Cyber attacks have become a “way of life”; as the Nation, industry, organizations, and individuals strive to operate safely and securely in cyberspace. Most rely on a compliance-based “whack-a-mole”; approach to cyber defense which presents multiple barriers to hackers, based on the last attack, with efforts to “hit” any that get inside the organization’s defenses. While still valid, this compliance-based approach has significant challenges: stopping intruders, mitigating the problems they create, and positioning an organization to achieve its mission under a cyber attack. Cyber experts across the Nation are increasingly turning to resiliency as a means for fighting through these attacks with the objective of meeting operational and mission requirements in spite of the attacks. This shift is driving organizations to rethink their organizational structures to achieve unity of effort and streamlined decision-making in the face of a fast paced set of operational demands. This presentation will highlight the strategies to promote a cyber resilient organization.
Scrubbing Your Active Directory Squeaky CleanNetIQ
Bytes Technology identified Active Directory issues within their customer base, so they brought in NetIQ as a strategic partner. This deck outlines how scrubbing your environment clean with the right tools and processes will help you keep your Active Directory environment consistent, manageable, auditable and efficient.
How Training and Consulting Companies Can Position CISSP, CISM and CRISCITpreneurs
Interested to sell more security training?
What's covered in the slide deck:
- IT Security Trends
- Overview of CISSP, CISM and CRISC
- Market Potential
- Positioning Security Frameworks
- Relation of CISSP, CISM and CRISC to ISO 27001
- The Need for IT Security Training
What are the latest trends in Information Security training landscape? How to position these well-known certifications of ISC2’s CISSP, ISACA’s CISM and CRISC successfully? How do they relate to the established information security governance standard of ISO 27001.
How to Build a Successful Cybersecurity Program?PECB
How to Build a Successful Cybersecurity Program?
Is your cybersecurity program delivering on its promise? How do you know it works? Cybersecurity programs involve a significant investment in people, technology and time, so you need to ensure they help mitigate cyber risk effectively.
The webinar covers:
• Explain why assurance is so important for managing cyber risk
• Describe the key features of a successful cybersecurity program
• Highlight the role of a cyber assurance program in overall risk management
• Present essential steps required to deliver effective cybersecurity.
Date: November 06, 2019
Recorded webinar:
The on-going emergence of advanced persistent threats (APTs) and other sophisticated attacks have made it more difficult than ever to develop strategies for protecting IT systems. Further, the systems themselves are increasingly complex, increasing the potential for security gaps. In this deck, Garve Hays - Solution Acrhitect at NetIQ, outlines APTs and evaluating effective responses.
Building in-house breach detection and response capabilities is difficult. When chosen right, your managed detection and response service provider actually become your cyber security partner: its capabilities become an extension of your own. One of the biggest reasons why your organization should consider a managed security service instead of an in-house SIEM (security information and event management) deployment for breach detection and response: cost, cost, cost!
Cyber attackers are better funded, more focused, and more successful than ever. Making matters worse, defenders have more IT territory to protect, including public cloud, virtual infrastructure, mobile, Internet of Things, and an expanding list of users, applications, and data. An evolution in security strategies is underway; shifting from a preventive approach to one that is more balanced across prevention, monitoring, and response. In this session, we delve into key innovations that enable a more effective defense and how RSA’s NetWitness suite is delivering many of these innovations.
CISSP Vs. CISA Which is better for you.pptxInfosectrain3
Today, the list and severity of cyber attacks are increasing, and organizations plan to improve their security strategies. On the other side, the demand for qualified and certified cybersecurity professionals grows. Cybersecurity professionals often question which certification is the best for them to choose, and this question is quite common between the CISSP and CISA certifications.
CISA Live Online Training from Mercury Solutions is an engaging, instructor-led course that enhances the employment opportunities of the professionals in COVID and post COVID era.
Carolyn Engstrom - IT Data Analytics: Why the Cobbler's Children Have No Shoescentralohioissa
This presentation is to provide IT departments who have not leveraged their own data analytics skills for increasing the efficiency and effectiveness of compliance efforts to implement very low-cost solutions while achieving high returns on investment. Focusing on understanding how audit performs testing should assist IT organizations in designing their own compliance testing. Multiple examples will be provided to demonstrate how unlocking the potential of small and/or unstructured data and focusing on data relationships will improve overall data integrity and provide quantifiable measures of operational effectiveness.
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
Global regulations are driving the needs for businesses in all sectors to have cybersecurity programs that are designed to fit the organizations risk profile. At the same time, there is a lack of clarity on how much one should spend on managing these risks and the sophistication and number of risk mitigants that are required to manage these risks.
Company executives and board of directors are held personally liable for having the appropriate oversight and management of these controls and are looking for their CISO and CIROs to provide them assurance that these controls are in place and operating effectively. An attempt to balance the requirements and the expectations is a delicate balance. This presentation will look at the regulatory landscape and how this landscape is affecting client, executive, and board-level expectations for cybersecurity risk management. It will also provide some recommendations on how to approach the development of a cybersecurity risk management program.
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
-The evolution of online advertising tactics
-What cyber criminals find appealing about advertising and profiling
-How advertisers and cyber criminals have worked together in the past
-What psychological tactics are used by cyber criminals in real world attacks
-How to protect yourself from psychological attacks
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
With network data breaches being reported weekly, it appears our implementation of prevention solutions is failing. With the average time to detect a breach being greater than 6 months our detection solutions also appear to be failing. Maybe these solutions and technologies are working correctly and we are just not training our teams how to manage, maintain, and leverage those solutions effectively. In this presentation I will be discussing security testing and validation methodologies that includes Internal/external pentesting, social engineering, and red team/blue team exercises. In addition I will be covering how using these methodologies we can better prepare and build a more robust security environment that will keep your organization off the front page.
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
This presentation will explore tactics to improve organizational control implementations that meet the spirit of organizational risk decisions. An approach that may help to improve the time it takes to see organizational policy reflected in everyday workplace practice and technologies. Starting with clarifying “Who’s On First?”
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
As public and private cloud adoption skyrockets, the number of attacks against cloud infrastructure is also increasing dramatically. Now more than ever, it is crucial to secure your cloud assets and data against advanced threats.
We’ll dig into what it means to be successful in the cloud and what successful organizations do more of (and less of) than their less successful peers. We’ll look across technologies adopted, organizational and operational practices, and vendors embraced.
Recorded webinar: https://youtu.be/Og1-xcc7JNs
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
Presented by: Julie Soutuyo, Tennessee Valley Authority
Abstract: Over the past 40 years, the energy industry has evolved to a position of dependence upon information technology to accomplish its mission. Cyber attacks have become a “way of life”; as the Nation, industry, organizations, and individuals strive to operate safely and securely in cyberspace. Most rely on a compliance-based “whack-a-mole”; approach to cyber defense which presents multiple barriers to hackers, based on the last attack, with efforts to “hit” any that get inside the organization’s defenses. While still valid, this compliance-based approach has significant challenges: stopping intruders, mitigating the problems they create, and positioning an organization to achieve its mission under a cyber attack. Cyber experts across the Nation are increasingly turning to resiliency as a means for fighting through these attacks with the objective of meeting operational and mission requirements in spite of the attacks. This shift is driving organizations to rethink their organizational structures to achieve unity of effort and streamlined decision-making in the face of a fast paced set of operational demands. This presentation will highlight the strategies to promote a cyber resilient organization.
Scrubbing Your Active Directory Squeaky CleanNetIQ
Bytes Technology identified Active Directory issues within their customer base, so they brought in NetIQ as a strategic partner. This deck outlines how scrubbing your environment clean with the right tools and processes will help you keep your Active Directory environment consistent, manageable, auditable and efficient.
How Training and Consulting Companies Can Position CISSP, CISM and CRISCITpreneurs
Interested to sell more security training?
What's covered in the slide deck:
- IT Security Trends
- Overview of CISSP, CISM and CRISC
- Market Potential
- Positioning Security Frameworks
- Relation of CISSP, CISM and CRISC to ISO 27001
- The Need for IT Security Training
What are the latest trends in Information Security training landscape? How to position these well-known certifications of ISC2’s CISSP, ISACA’s CISM and CRISC successfully? How do they relate to the established information security governance standard of ISO 27001.
How to Build a Successful Cybersecurity Program?PECB
How to Build a Successful Cybersecurity Program?
Is your cybersecurity program delivering on its promise? How do you know it works? Cybersecurity programs involve a significant investment in people, technology and time, so you need to ensure they help mitigate cyber risk effectively.
The webinar covers:
• Explain why assurance is so important for managing cyber risk
• Describe the key features of a successful cybersecurity program
• Highlight the role of a cyber assurance program in overall risk management
• Present essential steps required to deliver effective cybersecurity.
Date: November 06, 2019
Recorded webinar:
The on-going emergence of advanced persistent threats (APTs) and other sophisticated attacks have made it more difficult than ever to develop strategies for protecting IT systems. Further, the systems themselves are increasingly complex, increasing the potential for security gaps. In this deck, Garve Hays - Solution Acrhitect at NetIQ, outlines APTs and evaluating effective responses.
Building in-house breach detection and response capabilities is difficult. When chosen right, your managed detection and response service provider actually become your cyber security partner: its capabilities become an extension of your own. One of the biggest reasons why your organization should consider a managed security service instead of an in-house SIEM (security information and event management) deployment for breach detection and response: cost, cost, cost!
Cyber attackers are better funded, more focused, and more successful than ever. Making matters worse, defenders have more IT territory to protect, including public cloud, virtual infrastructure, mobile, Internet of Things, and an expanding list of users, applications, and data. An evolution in security strategies is underway; shifting from a preventive approach to one that is more balanced across prevention, monitoring, and response. In this session, we delve into key innovations that enable a more effective defense and how RSA’s NetWitness suite is delivering many of these innovations.
CISSP Vs. CISA Which is better for you.pptxInfosectrain3
Today, the list and severity of cyber attacks are increasing, and organizations plan to improve their security strategies. On the other side, the demand for qualified and certified cybersecurity professionals grows. Cybersecurity professionals often question which certification is the best for them to choose, and this question is quite common between the CISSP and CISA certifications.
CISA Live Online Training from Mercury Solutions is an engaging, instructor-led course that enhances the employment opportunities of the professionals in COVID and post COVID era.
CISSO Certification | CISSO Training | CISSOSagarNegi10
Our CISSO Certification course is designed for forward-thinking security professionals that want the advanced skill set necessary to manage and consult businesses on information security.
This blog explains the list of the top cybersecurity certifications which is must for any enthusiasts, students or professional who is in the field of cybersecurity.
What Cybersecurity Certifications Make You The Most Money Today.pptxinfosec train
Security is more vital than ever before in today’s digitally interconnected world. The surge in cybercrime has increased the demand for cybersecurity experts.
https://www.infosectrain.com/courses/cissp-certification-training/
Computer & Network Administration, Cyber Security IT Training Course Programs...CCI Training Center
CCI provide online Computer & Network Administration, Cyber Security IT Training in Dallas & Arlington. That will enable you to launch your career in networking, security,installation & maintenance, Linux & Cloud Technologies. https://www.ccitraining.edu/computer-network-administrator/
CISSO Certification| CISSO Training | CISSOSagarNegi10
You will gain practical knowledge regarding a range of aspects in the INFOSEC community as part of the CISSO Certification program. It will teach you how to secure assets, monitor them, and comply with data security policies.
This is the brochure created as part of the 2013 ISACA certification campaign to encourage new and current members to maintain their ISACA certifications up to date.
Learning Objective: Discover which professional development learning path is better for your career.
The increasing rate of technology innovation and the expansion of globalization has led to a significant increase in the level of competition in STEM fields. Whether you’re new to IT, a recent STEM graduate, or an industry veteran there will always be a need to be relevant in order to move your career forward. The ongoing debate regarding the values placed on industry certifications versus a degree remains a topic of discussion with employers and employees alike. The results of these debates often lead to the unfulfilling answer of “it depends”. This interactive discussion will review some of those dependencies, debunk hiring myths, and provide real-world examples of how each professional development path can impact your career.
At the end of this seminar, participants will:
• Understand the demand signals that drive the need for new skills
• Debunk myths that occur during the hiring process and how value is attributed to candidates
• Identify methods to differentiate your resume in a pool of competitive candidates
• Review the ideas surrounding mastery vs. knowledge and how each is viewed
Computer & network administration, cyber security it training course programs...CCI Training Center
CCI provide online Computer & Network Administration, Cyber Security IT Training in Dallas & Arlington, Tx. That will enable you to launch your career in networking, security,installation & maintenance, Linux & Cloud Technologies.
https://www.ccitraining.edu/computer-network-administrator/
20230717 ARMA Canada How to Select the Right IM Certifications for You.pptxJesse Wilkins
This presentation, delivered on July 17, 2023, at the ARMA Canada Information Conference, compared and contrasted the various IM and IM-adjacent certifications. Attendees also learned how to determine the right certification for them based on their career goals.
The Ultimate Roadmap For CompTIA Training & CertificationsCalvin Sam
CompTIA is considered one of the leading organizations globally for its technical and cybersecurity certifications. CompTIA certifications are vendor-neutral and are designed to build and validate your teams’ skill sets as per their job roles and help them advance their career path by staying updated with the latest technology, increasing their efficiency, and securing your organization’s security stance.
Obtaining industry-recognized certifications will increase your team’s credibility and establish them as skilled IT professionals. To succeed in an IT job, it is important to keep up with the ever-changing IT industry by upskilling your teams with the best certifications.
CompTIA is the leading training destination for tech-driven teams and tech-engaged organizations. More than 2.5 million CompTIA certifications have been issued in cybersecurity, networking, cloud computing, and technical assistance.
The NICE framework is published by the U.S. National Institute of Standards and Technology (NIST). It provides a common ground for organizations in the public, private, and academic sectors to define professional cybersecurity work requirements. Many CompTIA certifications are mapped to the NIST/NICE frameworks. These certifications are beneficial to government employees to verify their cyber knowledge and skills while fulfilling government directives like FISMA and DoD 8570/8140. Let us explore the advantages of upskilling your IT teams with CompTIA training and certifications.
CompTIA Cybersecurity Analyst, commonly known as CYSA+, is one of the highly preferred IT certifications that prepare the individual to enter into the professional world with the right knowledge and experience.
https://www.infosectrain.com/courses/comptia-cysa-certification-training/
Mike Spaulding - Building an Application Security Programcentralohioissa
Application Security in many organizations is a simply a 'wish list' item, but with some staff and some training, AppSec can be a reality, even for a small organization. This talk will discuss the best practices, strategies and tactics, and resource planning to build an internal AppSec function - enterprise to 'mom & pop' operations will all benefit from this talk.
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
In January, the FDA has draft recommendations for medical device security after the sale. Among other things, the recommendations tell manufacturers how to evaluate security risks, how to build a program for coordinated vulnerability disclosure program, and how to intake vulnerability reports from researchers. While the security of medical devices is especially important given the potential consequences, we can learn from the FDA recommendations regardless of our industry. Any recommendations adopted by the FDA for medical devices are likely to be implemented across other verticals for their IoT devices as well. Whether you manufacture, purchase, integrate, implement, or generally try to run away from IoT devices, there’s plenty to take away from this session while learning about the future of IoT device security.
Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them.
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
Corporate cybercrime is usually blamed on outsiders, but sometimes, your employees can represent the biggest threat to your organization’s IT security. In this presentation, Kaspersky Lab’s Mark Villinski, will provide practical advice for educating your employees about cybersecurity. Attend to learn:
• How to create efficient and effective security policies
• Overview and statistics of the current threat landscape
• The importance of keeping your employees updated about the latest threats and scams
• Security solutions that can help keep your systems updated and protected
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
By 2014, medical facilities nationwide implemented Electronic Health Records (EHR) as mandated by congress. Today, most of these systems are still using shared kiosk Windows accounts. This talk explores the risks of shared accounts, and alternatives that can provide much greater security and accountability, while maintaining ease of access.
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we’ve covered all contingencies. We think we’ve trained all the appropriate players. We’ve tested. We’ve re-tested. We think we’re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray.
This presentation focuses on three real-world plans, each of which with a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
Many security research reports show that phishing is significant contributing factor to data breaches. Verizon data breach investigations report (DBIR) shows that attackers used phishing as their entry point in two third of the security incidents, especially in cyber espionage category. Although the phenomenon of phishing is nothing new, the attackers are enhancing their techniques and using phishing more effectively.
The good news is that understanding the phishing attack chain helps in stopping these attacks, break the phishing chain, and avert a data breach. This session is to understand different phases of phishing attacks and developing a comprehensive strategy to manage risk associated with these attacks.
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
For the past several years, software-defined networking (SDN) has been a popular buzz word in the networking industry. In many ways, networking has always been defined by software. Software is pervasive within all of the technology that impacts our lives and networking is no different. However, networks have been constrained by the way software has been configured, delivered and managed—literally within a box, updated monolithically, managed through command lines that are reminiscent to the days of minicomputers and DOS in the 1980’s. Well, almost.
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...centralohioissa
We call it security awareness training, but all we ever give our employees is regurgitated knowledge. Their passwords suck, public wifi is bad, and email is deceiving. Mix in some yearly reviews of policies and procedures and you have the perfect recipe for an employee who stopped listening hours ago. You don't truly learn something until you understand "why" and that comes when employees are engaged and motivated. This is my take on how to engage through gaming and why it works.
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
What is Threat Intelligence? It's more than raw source feeds and technical information.
If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence.
We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
Say incident response to 10 people and odds are you'll get 10 different opinions on how to do it right. When evaluating tools and procedures for enterprise Incident Response it's helpful to understand how to approach this in a way that will cause the adversary maximum pain. This talk will review the essential requirements for IR tools and procedures in a vendor / tool neutral approach. Find out the right questions to ask and the strategies to make sure you get the most out of your incident response team.
Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing...centralohioissa
Securing an enterprise is never easy, especially if the organizations culture and orthodoxy does not accept change easily. Covering lessons learned from the perspective of an information security practitioner who has spent her career building security programs, we will look at the lessons learned on challenges and opportunities associated with implementing an information security program, addressing technical, security and business risks.
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
Modern elastic cloud infrastructure is fundamentally breaking traditional security approaches. Public cloud has no natural perimeter and network segmentation leaving individual cloud servers exposed. In private cloud, malicious East-West traffic inside the network is a serious threat. As new workloads are added and retired dynamically, change control is difficult, and updating granular firewall rules and security policies becomes a risky, manual process. Join us and learn the 6 Critical Criteria to secure your public, private or hybrid cloud – on-demand, anywhere, at any scale.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
William Diederich - Security Certifications: Are They Worth the Investment? And if so...Which One(s) are Right for You?
1. Are They Worth the Investment?
and if so…,
Which One(s) are Right for You??
William Diederich
BS MS CISSP CISM CISA CRISC HCISPP FLMI ATP
President, CIO for You, LLC
whd@cioforyou.com
www.cioforyou.com
www.teksystems.com
Security Certifications
2. Overview
• Formalities – Introduction (ok, let’s keep it short):
• 25+ years in IT, ….
• 15+ years as a CIO / CTO / CISO in Mid-Cap companies….
• Education:
• B.S. Management Engineering
• M.S. Management & Administration
• Certifications – CISSP, CISM, CISA, CRISC, HCISPP, FLMI, ATP
• What I’m going to cover
• What I’m not going to cover
• What you can hope to get out of this presentation
• What you should get out of this presentation!
• Most importantly - this presentation is meant to be educational,
enlightening and entertaining!
• Caveat Emptor – Your Mileage May Vary (YMMV) - And a disclaimer: I’m
not representing any Organization(s) offering Security Certifications….
3. Types of Certifications (overview)
• Business or Company Based (optional or required):
• … must successfully complete the “Security Manager Certification training course
(#12345) in order to qualify as a Enterprise Security Manager (ESM).”
• Vendor or Product Based:
• Cisco – CCNA Security
• Microsoft – MS Security Essentials (MTA / MSCE)
• Professional Certifications & Licenses (potentially required by Code, Statute,
Industry, etc.): PE / RN / ATP
• Industry Associations (both Non-Profit & For-Profit) in no particular order:
• ISSA – A not-for-profit, international organization of information security
professionals and practitioners
• ISACA – Incorporated in 1969, 140K professionals
• (ISC)² – Over 25 years of service in information security
• GIAC – Founded in 1999 to validate the skills of InfoSec professionals
• SANS – Established in 1989 now with more than 165,000 security professionals
around the world
• EC-Council – Supports and enhances the role of individuals and organizations
who design, create, manage or market Security and E-Business solutions
• CompTIA – CompTIA, a non-profit trade association, is the voice of the world’s
information technology (IT) industry
4. How tough can it be to successfully
complete a Security Certification?
It’s tough, but not as tough as learning to fly a Gulfstream
(and a lot less expensive); plus InfoSec jobs pay a lot more!
5. What are two of the fastest growing
professions today?….
• Aviation:
• Boeing predicts 558,000 pilots worldwide over the next 20 years,
including 95,000 in North America
• But we’re not here to talk about being a pilot…..
• Information Security, Cybersecurity and Information Assurance:
• Jobs and salaries in cybersecurity are booming
• Demand for information security professionals is growing
exponentially
• Cybersecurity skills shortage demands new workforce strategies
• IT careers: Security talent is red-hot | Computerworld
• 7 Startling Stats on the Cyber Security Skills Shortage
6. 7 Startling Stats on the Cyber Security
Skills Shortage*
• 44 percent of organizations are short on staff with strong cyber security and
networking knowledge—ESG, “Network Security Trends in the Era of Cloud and
Mobile Computing”
• 35 percent of organizations are unable to fill open security jobs, despite the fact
that 82 percent expect to be attacked this year—ISACA and RSA, “State of
Cybersecurity: Implications for 2015”
• The demand for information security analysts will grow 37 percent from 2012-
2022—S. Bureau of Labor Statistics
• Between 2007 and 2013, postings for cyber security jobs rose 74 percent, more
than twice the rate of IT jobs as a whole—Burning Glass, “Job Market
Intelligence: Report on the Growth of Cybersecurity Jobs”
• The average senior security analyst in the US makes $103,226, more than double
the national average—Glassdoor.com
• 64 percent of high school students do not have access to computer science
classes that would help prepare them for a Cybersecurity career—Raytheon &
National Cyber Security Alliance, “Preparing Millennials to Lead in Cyber Space.”
• By 2017, there will be a shortage of 2 million cyber security jobs worldwide—
Digital Skills Committee
• *Swimlane - By Cody Cornel, July 30, 2015, Security Operations Weekly
7. Today’s Security Landscape
(in no particular order)
Types of Threats:
• Sabotage / Terrorism
• Espionage
• Revenge
• Blackmail
• Data Theft
• Services Theft
(Phone-fraud, File
Distribution, etc.)
Security Incidents:
• WikiLeaks / Snowden
• Tesla / Nissan Leaf
• Office of Personnel
Management
• Stuxnet
• Target / Anthem
• IOT attacks (many)
• Sony*
*Who saw the 60 Minutes “Sony Hack” Exposé?
8. Just in 2016 alone (to-date)!
• 48 Breaches have been made public in 2016 to date
• 282,360 Records (many breaches had ‘unknown’ loss of records)
• Examples include:
• The IRS……
• HCA / Hollywood Presbyterian / BCBS of California
• JB Autosports, Time Warner Cable, Kicky Pants, Inc.
• 896MM Records Breached From 4,790 Data Breaches Made Public
Since 2005* - Source: Privacy Rights Clearinghouse -
https://www.privacyrights.org/data-breach/new
9. How Important are Certification(s)?
• Certification, training, and experience are three of the top four most
important characteristics when selecting a candidate for a more
advanced positions
• Certifications help establish both the professionalism and the
competence of an employee and can help differentiate the employee
from other candidates for a promotion or an opportunity
• Employees with certifications earn more - organizations reported that
certified staff members earn 15% more on average than staff without
certification
• More responsibility - organizations reported that certified IT staff
members are given more responsibility than noncertified staff members
and are sometimes given responsibility for managing and supervising
noncertified staff members
• More opportunities for advancement - Additional responsibilities
create more opportunities for advancement within organizations. In
addition, IT managers expressed a sense that earning certification
reflects an employee’s interest in career advancement.
10. 15 Top-Paying Certifications for 2015*
Notable Trends:
• Six of the top 15 certifications pay $100,000 or more, nine are under $100,000
• Five are in security (1, 2, 3, 5, and 13)
• Two are in virtualization and cloud computing (8 and 14)
• Three are in business (4, 6, and 12), Three are in networking (7, 9, and 10)
Certified in Risk and Information Systems Control (CRISC) $119,227
Certified Information Security Manager (CISM) $118,348
Certified Information Systems Security Professional (CISSP) $110,603
Project Management Professional (PMP®) $109,405
Certified Information Systems Auditor (CISA) $106,181
Certified ScrumMaster $101,729
Cisco Certified Design Associate (CCDA) $99,701
Citrix Certified Professional - Virtualization (CCP-V) $97,998
Cisco Certified Network Professional (CCNP) $97,038
Juniper Networks Certified Internet Associate - Junos $96,734
Microsoft Certified Systems Engineer (MCSE) $96,198
ITIL v3 Foundation $95,434
Certified Ethical Hacker (CEH) $95,155
VMware Certified Professional - VCP-DCV $94,181
Certified Novell Engineer (CNE) $93,856
*2015 IT Skills and Salary Survey conducted by Global Knowledge in the fall of 2014
About the Author: John Hales, VCP, VCP-DT, VCAP-DCA, VCI, is a VMware instructor at Global Knowledge
11. 15 Top-Paying Certifications for 2016*
Notable Trends:
• All but two of the top 15 certifications pay $100,000 or more
• Six are in security (2, 3, 4, 6, 10 and 13)
• Three are in virtualization and cloud computing (1, 12 and 15).
• Three are in business (5, 11 and 14), Three are in networking (7, 8 and 9)
*2016 IT Skills and Salary Survey conducted by Global Knowledge in the fall of 2015
About the Author: John Hales, VCP, VCP-DT, VCAP-DCA, VCI, is a VMware instructor at Global Knowledge
AWS Certified Solutions Architect - Associate $125,871
Certified in Risk and Information Systems Control (CRISC) $122,954
Certified Information Security Manager (CISM) $122,291
Certified Information Systems Security Professional (CISSP) $121,923
Project Management Professional (PMP®) $116,094
Certified Information Systems Auditor (CISA) $113,320
Cisco Certified Internetwork Expert (CCIE) $112,858
Cisco Certified Network Associate (CCNA) Data Center $107,045
Cisco Certified Design Professional (CCDP) $105,008
EC-Council - Certified Ethical Hacker (CEH) $103,297
Six Sigma Green Belt $102,594
Citrix Certified Professional - Virtualization (CCP-V) $102,138
Cisco Certified Networking Professional (CCNP) Security $101,414
ITIL® v3 Foundation $99,869
VMware Certified Professional 5 - VCP5-DCV $99,334
12. Article on IT Compensation from
CIO Magazine
Security
Data Security Analyst: $113,500 - $160,000 (+ 7.1%)
System Security Administrator: $105,500 - $149,500 (+ 6.1%)
Network Security Administrator: $103,250 - $147,000 (+ 5.3%)
Network Security Engineer: $110,250 - $152,750 (+ 6.7%)
Information Systems Security Manager: $129,750 - $182,000 (+ 6.2%)
13. Employer’s Perspective (CIO Magazine
IT Certification Hot List - 2015)*
• 65 percent of employers use IT certifications to differentiate between
other equally qualified candidates
• 72 percent of employers use IT certifications as a requirement for
certain job roles
• 60 percent of organizations often use IT certifications to confirm a
candidate's subject matter knowledge or expertise
• 66 percent of employers consider IT certifications to be very valuable -
- a dramatic increase from the 30 percent in 2011
*By Rich Hein, CIO | CIO Magazine Mar 3, 2015
14. CIO Magazine - IT certifications that
paid off the most in 2015*
*By Rich Hein, CIO | CIO Magazine Nov 16, 2015
17. CIO Magazine
10 Highest-Paying IT Security Jobs*
*By Sharon Florentine, CIO | CIO Magazine Jun 9, 2015
Lead Software Security Engineer $233,333
Chief Security Officer $225,000
Global Information Security Director $200,000
Security Consultant $198,909
Chief Information Security Officer $192,500
Director Of Security $178,333
Cyber Security Lead $175,000
Lead Security Engineers $174,375
Cybersecurity Engineer $170,000
Application Security Manager $165,000
18. Indeed Sample of Required or Desired
Security Certifications in Job Postings
• Security certifications preferred / preference to candidates with a CISSP
• Security+ certification would be a plus
• CISSP, Security+, or relevant vendor security certifications
• Certification - One or more of the following: CISSP, IAM, IEM, SAN Certs
• Information security management qualifications such as CISSP or CISM
• Hold at least one certification, i.e.: CISSP, CEH, CSIH, CISM, CISA, GIAC...
• IT security certifications (CISSP, CISA, CISM) a plus (or preferred)
• Masters degree in Business, Computer Science, or equivalent work
experience; Security Certifications – CISSP, CISM
• Certifications in CISSP, CCSP, CCIE-Security, or CEH highly desirable
• CISSP required, CISM preferred, GISM or CCSP certification a plus
• Professional certification such as CISSP, CISM, CISA, CRISC, or other
security credentials, is preferred - Multiple listings (similar wording)
19. Reasons for Security Certifications
(Employee)
Employees benefit from professional certifications in several ways:
• Skills validated and acknowledged by an independent third party
• Differentiates individuals from others in the hiring process
• Facilitates the ability to command higher pay
• Helps individuals remain competitive and employable
• Enables job proficiency more quickly (getting up to speed)
• Shows dedication to the individuals career
• Can enable an IT professional not currently in Information Security to
retool and potentially change to Information Security career paths
• Certification necessitate staying current, continuously learning new skills,
and networking with peers while staying engaged in, and committed to,
the field of Information Security
20. Reasons for Security Certifications
(Employer)
Employers also benefit from professional certifications:
• Professional certification is a quality marker that helps an employer
gauge the effectiveness and qualifications of a potential hire
• Employers want their hires to stay current and continue to grow in their
profession
• They are a driver of continuing education and training
• Employers can use achievement of professional certification as a
requirement for advancement or pay increases as well
• Certified professionals with proven knowledge and competency will
contribute more to an organization
• Investing in Security training and certifications can increase employee
satisfaction and retention
21. What are not Good Reasons to get
Security Certifications?
• If Certifications are so great, why would a person not get a Security
Certification?
• There are many benefits, but here are some reasons not to:
• Assuming an expectation that the Certification will result in an
increase in one or more of these areas *:
• Compensation
• Responsibilities
• Marketability
• Job satisfaction
(*i.e. Have realistic expectations of the outcome)
• Just for the sake of having a Certification – there must be a purpose
• For any nefarious activities (most if not all associations have a
required code of conduct, passing the requirements may be difficult
or impossible with such an intent)
22. Choosing the Right One(s) for You?
It depends…….
• What are your career goals and objectives?
• What are you trying to accomplish with a Certification(s)?
• If it’s just about money – one could choose the one highest in demand
– but it should be more than that
• Do you have a roadmap that will help you achieve your short and
long-term career goals? – If not, plan one:
• Security Technical Expert (hands-on)
• Security Architect (hands-on)
• Risk and Compliance Expert (administrative role)
• Team Leader or Managerial (administrative role)
• Start with a certification within your wheelhouse rather than taking
the most challenging one available as your first certification
23. Are all Security Certifications Created
Equal?
This is a tricky question…
• A number of Security Certifications have only recently become
available riding the demand for Certified Security Professionals but
may not have the reputation of mature certifications
• Some require formal classroom training or highly encourage formal
training, or make it difficult to pursue self-study options
• And some are just downright extremely expensive
So….
• Stick with the more well known Organizations (mentioned during the
introduction) and their associated Security Certifications
• There’s always time down the road to complete the most demanding
certifications or dabble in more esoteric ones
24. Are Certifications Expensive?
• Certifications can range in cost from a few hundred dollars to many
thousands (particularly if formal classroom training is utilized)….
• Structured training expenses:
• Formal classroom training can cost up to $5,000 for a week
• Online training programs range from several hundred dollars up to
several thousand
• Self-study training expenses can include:
• Books, study guides, CBT’s, etc. from $200 to $1,000
• Exam-prep, test-question databases, etc. can add another $50-$200
• The exam itself is typically around $500 or more
• The actual application for Certification can add $50 to $100
• And, if you want the fancy wood engraved plaque, that’s an extra $99
• My rule of thumb: plan on $1000 per certification
25. How to Pay for a Security Certification?
• Self-funded including:
• Self-study, personally paying for exam and cost for the certification…
(hopefully a worst case scenario)
• May be necessary if you’re in a hurry
• At least it may be a tax deduction (YMMV)
• Partially Company Funded – many companies support this:
• Paying for study materials
• Or reimbursing for an exam after successfully passing it
• 100% Company Sponsored – obviously the best case scenario
(fortunately more companies are undertaking this commitment)
26. Certification Requirements
What it takes….
• Experience – Meeting minimum requirements (hours or years)
• Comprehensive Examination – Multiple choice (60 to 250 questions, 2
hours to 6 hours)
• Application for Certification including 3rd party verification of work
experience by someone attesting to your qualification for Certification
(ex. A manager or existing Certificate holder)
• Rigorous review of your application, and Association board approval
• Fees (Application & recurring Annual maintenance)
27. What if I don’t meet the
Requirements?
• There are entry level Certifications – such as the (ISC)2 SSCP®
(Systems Security Certified Practitioner) or CompTIA Security+
• Some Certifications allow for a candidate to sit for an examination
and then to complete the experience requirements at a later date
(within an allowable, defined, period)
• There is no penalty for studying the materials even if you don’t sit for
the exam (though course materials typically change regularly -
annually or every couple of years)
• A vendor certification may make sense as these typically don’t have
defined experience requirements (such as a MCSE or CCNA)
28. Alternatives to Certification
• Experience, Experience, Experience….
• Company training programs (formal or informal)
• Join a local Security Chapter such as ISSA, ISACA, SMBA/(ISC)², OWASP,
etc. and Attending Meetings
• Reading – always a good idea and necessary to stay on top of a rapidly
evolving Security landscape
• Articles, White papers, Reports
• Books (including Cert Prep books even if you don’t intend to take the
certification)
• Podcasts, Youtube, Webcasts
• Vendor demos and presentations
• College Degrees: Undergraduate (Associate or Bachelors) or Graduate
(though Certifications are a lot less expensive, and perhaps better value)
• Did I happen to mention experience – “Advanced degrees and sound
technical certifications can help to establish professional credibility, but
there is no substitute for real-world experience.”*
*TECH CRUNCH NETWORK - The Horizon For Information Security Jobs
29. Preparing for a Certification
• Don’t kid yourself, it’s a significant investment (of time & potentially
money)
• Plan on at least 100 hours of study (doing 2 hours a week could mean
a year of study or more)
• Join a study group
• Lay out a schedule and stick to it
• You have to really want to complete the certification, you can’t just
think ‘it would be nice to have one….’
30. Sitting for a Certification
Do:
• Prepare as best as humanly possible
• Have a positive attitude (reinforced with preparation)
• Get plenty of rest the night before
• Show up early and be ready
• Pace yourself, it’s important to know how long you have for each
question
• Complete the exam and review your answers (time permitting)
Don’t:
• Second guess yourself or get stuck on questions
• Relate or compare test questions to your world, keep it theoretical
Results:
• Some tests score the exam immediately – so you know your results
• Others can take 5 to 8 weeks to get the results
31. Building Knowledge versus
Point of Diminishing Returns
• To some extent the course materials from one exam can facilitate passing
another – Example:
• ~100 hours of study for the ISACA CISM, passed first time
• Which helped prepare for the CISSP (and only ~60 hours of study)
• But too many certifications can potentially lower their value:
• There is such a thing as too many certifications - you don’t want to be
known as a Certification hound
• In fact, it may not be wise to display all your certifications, or at least
target the most applicable to whatever opportunity you’re seeking
• You may even let some outdated certifications lapse
• It might make more sense to pursue an advanced degree, such as a
Cybersecurity degree, rather than another Certification
• Keep in mind the cost of maintaining all the certifications can be
prohibitive (that is unless some reimbursement or subsidy is involved)
• It’s most important for people to be able to recognize for your capabilities
• The right balance of Certifications (no more, no less) can do that….
32. Two Real-World Examples
• A personal case – why I got my certifications and
the results….
• A former employee successfully completed
several security certifications and landed the
Chief Information Security Officer job they
wanted (and a lot more money)!
33. In Summary: Are Security
Certifications Worth the Investment?
• Statistically – Absolutely (but don’t necessarily expect it):
• More (and better) opportunities
• Within your existing organization
• Or, on the other hand, if you do decide to make a move
• Higher Compensation
• More responsibility
• Personally – Yes
• A merit badge and achievement to be proud of
• Better understanding of the subject matter
• The ability to contribute more meaningfully
• A member of an elite group
• Honestly, if you’re not getting certifications in today’s world
you’re falling behind
34. Q & A
AND THANK YOU!
(also feel free to see me after the presentation or email me)