CompTIA - IT Pro Webinar 041917

HOST
James Stanger, PhD

Sr. Director Product Development
CompTIA
The business
of security: GUEST SPEAKERS
Gary Fildes
InfoSec and Cyber Security
Inspector
Office for Nuclear Regulation
A report from the field Manchester, UK
David Hagedorn
Knowledge Management
Officer
Army Space Personnel
Development Office
Ian Trump
Global Cyber Security
Strategist at SolarWinds
We will begin at the top of the hour!

T h e v o i c e o f t h e w o r l d ’ s i n f o r ma t i o n t e c h n o l o g y ( I T ) i n d u s t r y
and over 1.5 million IT pros.
CERTIFICATIONS ASSOCIATION PHILANTHROPY ADVOCACY

Largest Provider of Vendor- 4,000+ IT Channel Creating IT Futures Public Policy & Reform
Neutral IT Certifications Providers & Partners Foundation
 Higher Salaries A non-profit trade association with A 501(c)(3) charitable organization Our advocacy division encourages
 Growing Demand
 Verified Strengths
more than 4,000 members and that creates on-ramps for successful collaboration and advancing of
 Universal Skills business partners. Our members IT careers, serving individuals who legislation that allows the private
drive our programs through their are underrepresented in IT and sector to develop new products and
“Three of the “Top 10 participation in CompTIA lacking in opportunities to be services, find solutions and sell
Certifications That Help IT
communities, research studies, successful in IT, including veterans, them in the global marketplace.
Workers Get Jobs” are CompTIA
certifications.”* events, sharing of best practices and youth, and the unemployed.
more.
* Source: The Dice Report, February 2012

2
Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
COMPTIA CERTIFICATIONS
A Quick Overview
BEST PRACTICES MASTERY LEVEL
IT Fundamentals CompTIA CSA+

CyberSecure CompTIA Advanced
Security Practitioner
(CASP)
PROFESSIONAL-LEVEL SPECIALTY
A+ Network+ CTT+
CDIA+ Project+ Cloud Essentials
Cloud+ Security+
Linux+ Server+
3
COMPTIA CERTIFICATIONS
A skills-based look at the roadmap

We certify essential skills for the entire IT department “ecosystem”
Security Engineer
Help Desk Security+ Security Analyst
IT Support Technician
Field Technician
A+ CSA+
CASP
IA Technician
Cloud Systems Analyst

Cloud+ Cloud Engineer
Operating Server+
system support Linux+
Project Manager
For all workers, both inside
Project+ and outside CE
Network
Technician Network+
4
What does it mean to put security on a paying basis?
We’ll discuss practical advice on managing networks in the midst of Distributed

Denial of Service (DDoS) attacks, ransomware, and other disasters that confront
Agenda
IT professionals.
We’ll also discuss how project management and soft skills are now required for
Introduction to the panel
1 More about the collective decades of experience that our
security. The industry has found that it’s not enough to conduct a penetration
test or engage in user behavior analytics alone. It’s vital for IT pros to know how panel brings to the able
to conduct long-term projects, as well as how to turn technical reports into
practical, strategic plans for improving overall security. Understanding today’s security issues
2
Ransomware, DDoS attacks, and BEC attacks.. How do we
mitigate them? How do we create a more resilient response?
Essential technical skills

3 Know your networking – TCP/IP v4 and v6. Know your layers –
and what to do in each. Analytics, as well as project
management.
The importance of soft skills and project
4 management in security
Really? Why is this so important when conducting audits, and
in Security Information and Event Management?
5 Q&A
(1) CEU credit towards A+, Network+, Security+, CSA+, CASP, and Cloud+: You will receive a
confirmation email along with instructions on how to add the credit to your certification account
within 48 hours.
5
Our Guest Speakers
Gary Fildes Dave Hagedorn Ian Trump

InfoSec and Cyber Security Inspector Knowledge Management Officer Global Cyber Security
Office for Nuclear Regulation Army Space Personnel Strategist
Development Office SolarWinds
Manchester, UK
AUTHORITIES IN:
Risk management Threat hunting Multifactor Encryption Project Complex Industrial

Data privacy
authentication management architectures networks
Security Systems
Security Information and Have acted as CompTIA Subject
Risk management frameworks and Event Management (SIEM)
communication and
Data visualization Matter Experts for our exams
regulations control
6
WELCOME!
A Little housekeeping
Continuing Survey & Feedback

Recording
Education
This webinar is good for (1) CEU credit towards A+, This webinar is being recorded. We want your feedback! Please
Network+, Security+, Cloud+ and CASP. complete brief survey at the completion
You are muted by default, please ask all of the webinar.
After the webinar, you may click on the "Proof of questions in the Q&A section.
Participation" widget to download a certificate Tweet with Us! @CompTIA
which may be uploaded to your candidate account #ITProStateOfSecurity, #CompTIA
for activity credit. #CompTIAWebinar, #CompTIAcertified
On-Demand Q&A & Group Chat
Webinar presentation slides and Got a question? Use the Q&A widget
recording link will be available
tomorrow. Also, you can chat with other event
attendees in the Group Chat widget!
(1) CEU credit towards A+, Network+, Security+, CSA+, CASP, and Cloud+: You will receive a
confirmation email along with instructions on how to add the credit to your certification account
within 48 hours.
7
Understanding today’s major issues
Business Email Compromise (BEC)
9
Ransomware/Malware
Ransomware – one of the

biggest stories lately
– How it gets in
– What it can do to a company
How to address it
- Training
- Removal / payment
- Creating a resilient
presence
PLEASE NOTE:
(1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and
CSA+: You will receive a confirmation email along with instructions
on how to add the credit to your certification account within 48
hours.
10
DDoS attacks
Not just for script kiddies
anymore
 Hacktivism
 Misdirection
Managing DDoS
 Network resilience
 Traffic patterns
 Attack traffic
 Control
 How do you manage
the “hits”
11
Sample of a DDoS attack map
• The Dyn attack heat map - waged from IoT devices

• Just an example of what can – and will – happen worldwide
12
Where attacks tend to occur
• The interstices: Where one technology connects with another – the
“in between” places
• Examples
– Where “meat space” and
“cyber space” converge
• That evil television . . . Or notebook . . .
Or phone
• Business E-mail Compromise
• Coding issues
• Physical access to a building
– Wireless access points (unencrypting data on the device)
– SMS/mobile/ and Web technologies: Facebook
– SQL and Web servers (SQL injection)
13
Additional issues?
 Privacy: Companies are collecting data, and creating information
– Predictive analytics
– Highly-sensitive data
 How is data stored?
 How do you make sure it stays private?
 How to respond to an attack:
– At what point does a “hacked” company turn
criminal?
 Initially a victim
 But what if they don’t report the hack properly?
14
Essential technical skills
Networking knowledge
 Know your network technologies
– The TCP/IP suite – essential protocols
 V4
 V6
– Layers 1, 2, 3, and 7
 Wireless technologies
 Switching
 Routing
 Application-layer
 In between: Encyrption
– IoT issues
 Radio networks
 Mobile
 Traditional
PLEASE NOTE:
hours.
16
Creating resilient networks
What is a “resilient network?”
• Ability to maintain an acceptable level of service
• Fault tolerance
• Attack tolerance
Industrial networks and tolerance
Techniques
• Multiple connections (e.g., “redundancy”)
• Multi-factor authentication
• Automation
• Intrusion detection
• Threat modeling
Cloud tips, tricks and traps to avoid covert channels and downtime
The help desk and security: Another way to ensure resilience

PLEASE NOTE:
(1) CEU credit towards A+, Network+, Security+, CSA+, CASP and
Cloud+: You will receive a confirmation email along with
instructions on how to add the credit to your certification account
within 48 hours.
17
Analytics
 User behavior analytics (UBA)
 Network behavior analytics
 Security Information and Event
Management (SIEM)
PLEASE NOTE:
(1) CEU credit towards A+, Network+, Security+, CSA+, CASP and
within 48 hours.
18
Creating security baselines / thresholds
PLEASE NOTE:
hours.
19
Information sharing
 Where companies and organizations
provide detailed information
concerning successful
attacks
 How can it work?
 Why is it considered important?
PLEASE NOTE:
hours.
20
The importance of soft skills and project management in
security
Soft skills
 Translating “tech talk” into “board talk”

 Mapping business needs to technical
implementations
PLEASE NOTE:
hours.
22
Essential best practices
 Security and return on investment

– Justifying expenses to the boss
 CEO
 Board
 Accounting
– Showing ROI – what questions do they ask?
– Reporting to the CIO, CTO, and CEO
 How do your reports justify expenses to you?
PLEASE NOTE:
hours.
23
Project management
 The importance of project

management in security
– Conducting audits
– Making improvements
 What is expected of a
security worker today?
– Implementing software
– Making policy a reality
PLEASE NOTE:
hours.
24
Lightning round and audience Q&A
Some questions
What skills are you looking to upgrade yourself?
What are the types of things that keep you up at night?
What are the critical skills that you look for in an individual when
you’re hiring?
26
Thank you!
Certification.CompTIA.org
PLEASE NOTE:
(1) CEU credit towards A+, Network+, Security+, CSA+, CASP, and
within 48 hours.

CompTIA - IT Pro Webinar 041917

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CompTIA - IT Pro Webinar 041917

Uploaded by

Copyright:

Available Formats

HOST

James Stanger, PhD

We will begin at the top of the hour!

CERTIFICATIONS ASSOCIATION PHILANTHROPY ADVOCACY

* Source: The Dice Report, February 2012

BEST PRACTICES MASTERY LEVEL

IT Fundamentals CompTIA CSA+

A skills-based look at the roadmap

Cloud Systems Analyst

We’ll discuss practical advice on managing networks in the midst of Distributed

Essential technical skills

Gary Fildes Dave Hagedorn Ian Trump

Risk management Threat hunting Multifactor Encryption Project Complex Industrial

Continuing Survey & Feedback

On-Demand Q&A & Group Chat

Ransomware – one of the

• The Dyn attack heat map - waged from IoT devices

The help desk and security: Another way to ensure resilience

 Translating “tech talk” into “board talk”

 Security and return on investment

 The importance of project

What skills are you looking to upgrade yourself?

What are the types of things that keep you up at night?

You might also like