Current skills gap for capable CTI analysts: Training for forensics & analysis

Similar documents
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Way to new challenges

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Package of initiatives on Cybersecurity

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

Cyber Security School

RSA ADVANCED SOC SERVICES

UCD Centre for Cybersecurity & Cybercrime Investigation

CTI Capability Maturity Model Marco Lourenco

Implementation Strategy for Cybersecurity Workshop ITU 2016

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS

Hearing Voices: The Cybersecurity Pro s View of the Profession

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

RSA INCIDENT RESPONSE SERVICES

Fintech District. The First Testing Cyber Security Platform. In collaboration with CISCO. Cloud or On Premise Platform

locuz.com SOC Services

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

CyberSecurity Internships The Path to Meeting Industry Need

INTELLIGENCE DRIVEN GRC FOR SECURITY

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

RSA INCIDENT RESPONSE SERVICES

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

MN CYBER STATEWIDE INSTITUTE FOR CYBERSECURITY, FORENSICS, AND IOT

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Security in Today s Insecure World for SecureTokyo

Strategic and operational threat analysis at Europol's EC3

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

Sage Data Security Services Directory

Defining cybersecurity.

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

CompTIA Cybersecurity Analyst+

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Awareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB

4/13/2018. Certified Analyst Program Infosheet

Water Information Sharing and Analysis Center

भ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Bradford J. Willke. 19 September 2007

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

Keeping Your SOCs Full. May 26, Strengthening Capacity in Cyber Talent sans.org/cybertalent

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

Cybercrime Capacity Building a cooperative process

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Cyber Analyst Academy. Closing the Cyber Security Skills Gap.

CYBER RESILIENCE & INCIDENT RESPONSE

deep (i) the most advanced solution for managed security services

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Sharing What Matters. Accelerating Incident Response and Threat Hunting by Sharing Behavioral Data

Enhancing the cyber security &

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Les joies et les peines de la transformation numérique

THREAT HUNTING REPORT

ACHIEVING FIFTH GENERATION CYBER SECURITY

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Certified Cyber Security Analyst VS-1160

Cybersecurity Auditing in an Unsecure World

Itu regional workshop

Digital Forensic Science: Ideas, Gaps and the Future. Dr. Joshua I. James

PROJECT RESULTS Summary

Creating a Cybersecurity Culture: (ISC)2 Survey Responses

GDPR: An Opportunity to Transform Your Security Operations

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Cyber Security in Europe

Integrated, Intelligence driven Cyber Threat Hunting

CYBERSECURITY RESILIENCE

BUILDING AND MAINTAINING SOC

PROVIDING INVESTIGATIVE SOLUTIONS

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Professional Training Course - Cybercrime Investigation Body of Knowledge -

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

CYBER SECURITY TRAINING

POSITION DESCRIPTION

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

Forensics and Active Protection

Global Cybercrime Certification

Background FAST FACTS

Workshop IT Star IT Security Professional Positioning and Monitoring: e-cfplus support

NATO MultiNational Smart Defence Project on Cyber Defence Education & Training (Project 1.36)

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

Cyber Security Strategy

The New Era of Cognitive Security

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

What matters in Cyber Security

Bachelor of Information Technology

Transcription:

Current skills gap for capable CTI analysts: Training for forensics & analysis WORKSHOP CTI EU Bonding EU Cyber Threat Intelligence 30-31 October, Link Campus University, Rome, Italy Ing. Selene Giupponi Cyber Security Advisor & Senior Digital Forensics Consultant

Who am I? Cyber Security Advisor & Senior Digital Forensics Consultant Computer Engineering Degree + Master in Computer Forensics & Digital Investigations Active Member of the IT Engineer Commission, Engineers Association of the Latina Province General Secretary and Member @ IISFA (INFORMATION SYSTEM FORENSICS ASSOCIATION, ITALIAN CHAPTER) Consultant for Law Enforcement Advisor @European Courage Focus Group Cyber Terrorism & CyberCrime ITU Roster of Experts HTCC HIGH TECH CRIME CONSORTIUM Member Founder at Security Brokers ScpA Founder ECSO (European Cyber Security Organization) selene@giupponis.it 2

Who s the «IT Forensics expert», today?!? selene@giupponis.it 3

* Forensics Fields (Digital) Forensics Host Forensics MS Windows *NIX/Linux Mainframe Network Forensics Mobile Forensics SCADA Forensics Autmotive Forensics GPS Forensics Drones Forensics IoT Forensics selene@giupponis.it 4

Threats Source: Raoul Chiesa, Security Brokers selene@giupponis.it 5

In every organization that uses Cyber Threat Intelligence, it is necessary to establish an interchange among those teams involved in Digital Investigations and Threat Intelligence analysis..is that «enough»?? selene@giupponis.it 6

Cybersecurity Skills Gap Size of the problem At least 1.5M cybersecurity jobs will be left vacant by 2019 1 in 5 organization receives fewer than 5 candidates for each advertised security position and 37% of the organisations lament that fewer than 1 in 4 of the candidates they do receive are actually qualified for the job! The cybersecurity skills shortage creates tangible risks to organizations, individuals and the nations Lack of certified professionals The security job market has big gaps with regards to security certifications The cost of training and cerfication is one of the underlying causes of the cybersecurity skills gap Niche needs? High-value skills in critically short supply: Intrusion detection Secure software development Attack mitigation Other desired skills include: malware analysis skills, familiarity with commercial tools and feeds, knowledge of adversaries campaigns and the ability to write correlation rules to link security events. selene@giupponis.it 7

Overall recap + Recommendations Challenge Recommendations Target Government Lack of Competence Building Support Increasing government expenditure on cyber security training through matched funding and/or financial incentives; Pushing for more cyber security programs in school and higher education. Lack of cyber security in Academia Partner with professional cyber security training vendors to offer extra extra-curriculum professional certifications and hands-on experience; Organize Cyber Security Games and Competitions and/or facilitate students to participate. Academia Security Competition and Exercise Promoting gaming and technology exercises Government Companies Do not Invest Enough in Staff Training Shift spending from security systems to people and processes; Develop better competence building programmes, which can be delivered by competent in-house staff and pay for staff certification attempts. Cost of Training and Certifications Develop better competence building programmes, which can be delivered by competent in-house staff and pay for staff certification attempts. Organizations Government, Academia and Organizations Lack of Adequate Training Prioritize formal and structured training over online/self-learning especially to begin with Young Professional Not Doing It Right! Follow a goal-oriented approach to produce tangible deliverables at every step of the learning process ALL Individuals

CTI Analysts vs Forensics Analysts Investigations and Evidences Proactive vs Post Incidents CTI is a useful source of information to support Digital Forensics Analysts

Let s brainstorm! CTI Feeds Cyber Threat Intel Analysis Cyber Threat Intel Collection

Let s brainstorm! Incident Response / Digital Forensics CTI Feed CTI Feed Observables Intel Producing Intel Consuming Cyber Threat Intelligence Analysis Cyber Threat Intelligence Collection Correlation Enrichment Filtering Searching Contextualization

Let s brainstorm! Intel Production Through Digital Investigation we can identified and detect the compromised elements. These observable, if sent to Threat Intelligence analysis, can be contextualized and provide more information to extend (make it more efficient) the scope of the investigation. In this case, Digital Forensics Team will produce Threat Intelligence. IR/ DF Artefacts Observables Indicators Report Intel Analyst

Let s brainstorm! Intel Consuming Starting from intelligence analysis, key information can be provided to teams called to do triage activities to investigate on possible compromises. In this case, the Digital Forensics team uses Cyber Threat Intelligence for investigation. Incident Response Intel Analyst Course of Action (CTI Process Involved) Triage Digital Forensics Threat Hunting

The challenge of Corporate Training Inadequate levels of Training Companies often decide not to train their staff for fear they may leave once the training is over. Companies prefer to invest in systems and technologies under the belief those will remain as an asset to the company even after the employees leave. ROI on security training is difficult to measure. Training costs money, period! Lack of continuous training on business procedures and processes prevents the best team collaboration and does not allow to enhance the internal skills to deal effectively a risk.

The challenge of Corporate Training Not all organizations in which CTI has been introduced have jointly developed processes integrating operations and communications between Secure operation teams and CTI teams. The ways of disseminating within the teams involved in CTI processes need to be improved. Digital Forensics analysts do not yet have a clear understanding of the integration of Threat Intelligence information into Digital Forensics methodologies. Digital Forensics analysts should be trained on the main forms of Intelligence information representation in order to make dissemination faster and more effective CTI Analysts and Forensics Analysts training program together into the same Organization.

Contacts Eng. Selene Giupponi selene@giupponis.it Twitter: @SeleneGiupponi Linkedin: https://it.linkedin.com/in/selenegiupponi PGP Key ASK ME! selene@giupponis.it 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback