The State of Security in 2017:

Similar documents
Housekeeping. Unmute your speakers. Use Chrome if you have issues Enable Flash: Chrome://settings/content flash settings enabled

SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH

Certification and Career Guide

October 21 22, 2014 Introduction to CompTIA, Communities, and ITSS

Cybersecurity and the Board of Directors

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

Defensible and Beyond

Sage Data Security Services Directory

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Combating Cyber Risk in the Supply Chain

UKCC CompTIA Webinar: Upskilling your Partners to sell your Solutions Leveraging the CompTIA Playbooks

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

BRING EXPERT TRAINING TO YOUR WORKPLACE.

CompTIA IT Fundamentals:

Chapter 12. Information Security Management

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

GOVERNMENT IT: FOCUSING ON 5 TECHNOLOGY PRIORITIES

Angela McKay Director, Government Security Policy and Strategy Microsoft

Thinking Outside the Box on Disaster Recovery

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Emerging Technologies The risks they pose to your organisations

9 TH SOUTHERN INDIA INFORMATION TECHNOLOGY FAIR (SIITF) THEME : EMERGING TECHNOLOGIES TO CREATE NEWER MARKETS

Gomex Institute of Technology. COMPTIA TRAINING PROGRAMMES JANUARY JUNE 2016 Proposed Dates

State of the Cyber Training Market January 2018

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Cybersecurity and Nonprofit

You ve Been Hacked Now What? Incident Response Tabletop Exercise

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

IaaS Buyer s Checklist.

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

DeMystifying Data Breaches and Information Security Compliance

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Disaster Recovery and Business Continuity

Cyber Attack: Is Your Business at Risk?

Governance Ideas Exchange

INTELLIGENCE DRIVEN GRC FOR SECURITY

Career Paths In Cybersecurity

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

IT Services. We re the IT in OrganIsaTion.

Move Up to an OpenStack Private Cloud and Lose the Vendor Lock-in

Disaster Recovery Is A Business Strategy

A Guide to Ensuring Security and Resiliency

ACTIONABLE SECURITY AWARENESS: CONVERT THE WEAKEST LINK INTO THE SAFETY FORCE

Securing Digital Transformation

Managing complexity and rapid change in 2019

Y O UR BUS I N E SS IS ONL Y A S S TR ON G A S YO U R CONNEC T I O N T HE I M P ORTANCE OF R ELI ABLE CO NNECTIVITY W HAT S IN SIDE:

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

The Value Of NEONet Cybersecurity. Why You Need To Protect Your The Value Of NEOnet Cybersecurity. Private Student Data In Ohio

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Sales Presentation Case 2018 Dell EMC

Cybersecurity Session IIA Conference 2018

Policy Session 4 Identifying Risk: An abundance of Potential Shock Waves

Must Have Items for Your Cybersecurity or IT Budget in 2018

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Transforming the utilities industry. How our insight and infrastructure can help you thrive in a changing world

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Virtualization. Q&A with an industry leader. Virtualization is rapidly becoming a fact of life for agency executives,

HOSTED SECURITY SERVICES

Which Side Are You On?

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE

THALES DATA THREAT REPORT

A guide to CompTIA training and certification DDLS Australia Pty Ltd

Best wishes for 2018! Bryan Ware, CEO. Haystax Technology INSIDER THREAT PREDICTIONS FOR

2018 Edition. Security and Compliance for Office 365

Mobile Security and Public Networks

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Neustar Security Solutions Overview

Give Students Limitless Opportunities with Linux Courses

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Expand Your Cyber Expertise. Secure Your Future.

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Welcome to the HP Institute

Hearing Voices: The Cybersecurity Pro s View of the Profession

A guide to CompTIA training and certification DDLS Australia Pty Ltd

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

IT SECURITY FOR NONPROFITS

Security-as-a-Service: The Future of Security Management

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Strengthening Capacity in Cyber Talent sans.org/cybertalent

Cloud Communications for Healthcare

American Society for Quality

The Future of Business Continuity & Resiliency

CyberSecurity Matters: The Human Factor

E-Guide CLOUDS ARE MORE SECURE THAN TRADITIONAL IT SYSTEMS -- AND HERE S WHY

Credential Awarding Body Timing Before, During or After Apprenticeship. hardware vendors

ESSENTIAL, QUALITY IT SUPPORT FOR SMALL AND MEDIUM BUSINESSES

Transcription:

The State of Security in 2017: A report from experts in the field February 22, 2017 Ryan Frillman Director, Information Security & Compliance, Spire Energy Joey Smith Chief Information Security Officer, Schnuck Markets Gary Harbison Chief Information Security Officer (CISO) Monsanto Information Security Office James Stanger, PhD Sr. Director Product Development CompTIA

The voice of the world s information technology (IT) industry and o ver 1.5 million IT pros. CERTIFICATIONS Largest Provider of Vendor- Neutral IT Certifications ASSOCIATION 4,000+ IT Channel Providers & Partners PHILANTHROPY Creating IT Futures Foundation ADVOCACY Public Policy & Reform Higher Salaries Growing Demand Verified Strengths Universal Skills A non-profit trade association with more than 4,000 members and business partners. Our members A 501(c)(3) charitable organization that creates on-ramps for successful IT careers, serving individuals who Our advocacy division encourages collaboration and advancing of legislation that allows the private Three of the Top 10 Certifications That Help IT Workers Get Jobs are CompTIA certifications. * drive our programs through their participation in CompTIA communities, research studies, events, sharing of best practices and more. are underrepresented in IT and lacking in opportunities to be successful in IT, including veterans, youth, and the unemployed. sector to develop new products and services, find solutions and sell them in the global marketplace. * Source: The Dice Report, February 2012 2

C O M P T I A C E R T I F I C A T I O N S A Quick Overview BEST PRACTICES IT Fundamentals CyberSecure PROFESSIONAL-LEVEL MASTERY LEVEL CompTIA CSA+ CompTIA Advanced Security Practitioner (CASP) SPECIALTY A+ CDIA+ Cloud+ Linux+ Network+ Project+ Security+ Server+ CTT+ Cloud Essentials 3

C O M P T I A C E R T I F I C A T I O N S A skills-based look at the roadmap We certify essential skills for the entire IT department ecosystem Help Desk IT Support Technician Field Technician A+ Security+ CSA+ CASP Security Engineer Security Analyst IA Technician Operating system support Server+ Linux+ Cloud+ Cloud Systems Analyst Cloud Engineer Network Technician Network+ Project+ Project Manager For all workers, both inside and outside CE 4

For some time, we ve taken note of the spike in security issues reported world-wide. Agenda These issues include ransomware, DDosS attacks, privacy issues, as well as how to secure increasinglysensitive information derived from today s increasingly-sophisticated networks. Today, individuals and companies alike present an increased attack surface that hackers can exploit. Today, we re going to hear from expert, management-level individuals about how they address these issues. We ll be discussing security trends, the steps and strategies that today s CIOs and security experts are taking, and the essential skill set needed in the industry. (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 1 2 3 4 5 Introduction to the panel More about the collective decades of experience that our panel brings to the able Today s security issues What are they? What are they going to be? Let s hear some war stories. What are we doing to resolve them? What are the things our panel are doing to address today s issues? What wisdom can they provide for us? Essential security skills What are the ideal skill sets needed in today s security workers? Q&A 5

The State of Security AUTHORITIES IN: Ryan Frillman Director, Information Security & Compliance, Spire Energy Joey Smith Chief Information Security Officer, Schnuck Markets Gary Harbison Chief Information Security Officer (CISO) Monsanto Open source Security Web technologies Networking E-commerce Project management Complex architectures Industrial networks Ensuring Four 9s and Five 9s solutions for e- commerce, agriculture, and the energy industry These guys get the 3 a.m. call when something happens Have acted as CompTIA Subject Matter Experts for our exams 6

W E L C O M E! A Little Housekeeping Continuing Education This webinar is good for (1) CEU credit towards A+, Network+, Security+, Cloud+ and CASP. After the webinar, you may click on the "Proof of Participation" widget to download a certificate which may be uploaded to your candidate account for activity credit. Recording This webinar is being recorded. You are muted by default, please ask all questions in the Q&A section. Survey & Feedback We want your feedback! Please complete brief survey at the completion of the webinar. Tweet with Us! @CompTIA #ITProStateOfSecurity, #CompTIA #CompTIAWebinar, #CompTIAcertified On-Demand Q&A & Group Chat Webinar presentation slides and recording link will be available tomorrow. Got a question? Use the Q&A widget Also, you can chat with other event attendees in the Group Chat widget! 7

What do our panel members do?

Panel member responsibilities 9

The job of ensuring uptime Uptime definition the five 9s? Data and service replication techniques Traditional / Enterprise Cloud Network downtime solutions Redundant hardware Redundant software DNS Protocol SDN? Additional systems Server downtime solutions Virtualization (traditional, containers) Backups / RAID Cloud? War stories when networks get hacked, and why PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 10

Uptime metrics Essential services Essential assets Mean time to recovery Recovery Point Objective (RPO) The maximum targeted period in which data might be lost from an IT service due to a major incident. Recovery Time Objective (RTO) The maximum tolerable length of time that a computer, system, network, or application can be down after a failure or disaster. What other metrics do you use? What about compliance? PCI, other regs... PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 11

T R O U B L E S H O O T I N G Y O U R C A R E E R Issues confronting the industry Attacks DOS, DDOS Botnets Advanced Persistent Threats (APT) Motives Ideology Espionage as a ruse for the real attack End users Insider attack disgruntled employees Mistakes Lack of planning Lack of funds How possible is it for a group of hackers not particularly wellequipped to take out an entire power grid? PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 12

S E C U R I T Y Complicating factors for security Some things to consider - CIOs are worried about what they don t know - We need to think outside the box - Workers need multiple skills in order to secure systems - Creativity is essential in successful workers Growing organization of hackers Greater tech interconnectivity Sophistication of security threats Greater availability of hacking tools Rise of social networking Volume of security threats More reliance on internet applications Continued use of legacy systems Challenges with security expertise Consumerization of IT 54% 52% 52% 48% 45% 45% 44% 38% 35% 35% 13

T R O U B L E S H O O T I N G Y O U R C A R E E R Making the most with a limited budget Cost savings Open source? Better-trained individuals? Cloud services? Better planning Employee education? PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 14

Burning issues today

Ransomware / malware Ransomware one of the biggest stories lately How it gets in What it can do to a company How to address it Training Removal / payment Creating a resilient presence PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 16

Relates to various issues Ransomware Privacy issues The latest methods you ve seen How do you combat it? Training Technology? End users and social engineering PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 17

Major attacks in the news Characteristics Can last for hours From botnets IoT and DDoS Solutions? DDoS attacks new perspectives PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 18

Privacy issues Companies are collecting data, and creating information Predictive analytics Highly-sensitive data How is it stored? How do you make sure it stays private? At what point does a hacked company turn criminal? Initially a victim But what if they don t report the hack properly? Survey: Biggest problems with big data Turn it data into actionable information 51% Managing the database 16% Handling the volume and velocity of data 10% Securing the systems 12% Privacy concerns 4% Legal issues 7% Do these percentages/responses make sense in 2017? PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 19

The Advanced Persistent Threat (APT) Addressing the problem Is it still about stopping the hacker? Or, is there a newer approach Creating a resilient network Compartmentalization Automation Redundancy / failover / recovery Metrics to consider Planning Malware Introduction Command & Control Lateral Movement What else? Target Identification Exfiltration (Attack Event) Retreat PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 20

What are we doing to address these issues? Some war stories...

Going beyond signature-based, traditional hardware/software models. Beyond hardware and software to wetware Signature-based (firewalls, IDS, antivirus) table stakes, at best Traditional pen testing Security and the help desk PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 22

User Behavior Analytics (UBA) PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 23

Creating security baselines / thresholds PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 24

Where companies and organizations provide detailed information concerning successful attacks How can it work? Why is it considered important? Information sharing PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 25

What are some of the novel education programs? Does end user education work? What is the best type of education? Hands-on Live lab Other? Education PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 26

Essential best practices Security and return on investment Justifying expenses to the boss CEO Board Accounting Showing ROI what questions do they ask? How do your reports justify expenses to you? PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours. 27

The ideal skill set advice from our panel

I T I N D U S T R Y T R E N D S Essential skills an overview Security analytics #1 #6 Business continuity Risk analysis Security infrastructure knowledge #2 #3 Top Ten Skills #7 #8 Traditional and cloud-based backup solutions Server downtime solutions Strong analytical abilities - Visio #4 Are these in the right order? #9 Data service replication techniques Network planning - Failover/redundancy #5 What tools do you use every day? What skills do you look for in a potential employee? #10 Compliance 29

Lightning round and audience Q&A

Lightning round... and audience questions Continuing education: What conferences do you like to attend? And what books / journals / sites do you read carefully? What advice do you have for the ITPro members in terms of skills that they need to learn? What are some of the next big technologies on the horizon that are going to change your world? 31

Thank You! Certification.CompTIA.org PLEASE NOTE: (1) CEU credit towards A+, Network+, Security+, Cloud+, CASP, and CSA+: You will receive a confirmation email along with instructions on how to add the credit to your certification account within 48 hours.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback