Podcasts about infosec institute

Shon Gerber from CISSPCyberTraining.com provides the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his extensive expertise in cybersecurity from being a Red Team Squadron Commander; Chief Information Security Officer (CISO); and Adjunct Professor providing superior training from his years of experience in educating people in cybersecurity.  In this episode, Shon will talk about the following items that are included within Domain 5 (Identity and Access Management) of the CISSP Exam: ·         CISSP / Cybersecurity Integration – Identity Governance ·         CISSP Training –  Manage the identity and access provisioning lifecycle (Domain 5) ·         CISSP Exam Question – Username-Password / Preventative Controls BTW - Get access to all my Training Courses here at:  https://www.cisspcybertraining.com Want to find Shon Gerber / CISSP Cyber Training elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber CISSPCyberTraining.com - https://www.cisspcybertraining.com/ Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Quizlet https://quizlet.com/87472460/official-isc-cissp-domain-1-security-and-risk-management-flash-cards/ Infosec Institute https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/identity-and-access-management/#gref Wikipedia https://en.wikipedia.org/wiki/Identity_Governance_Framework Transcript: Hey y'all this is Shon Gerber again from reduce cyber risk And we are in this wonderful state of Kansas and the United States and things are great We just got done with our July 4th weekend here in the United States It's actually been a little while but but Kind of want to talk about that a little bit and had a great time over the July 4th weekend. I had some time with the family and my kids just, I love them but they yeah they drive you crazy So if any of you guys if any of you all have children, you will understand that Yes teenagers are a lot of fun and in my case, They keep me popping Like there is no tomorrow. I've got two that just graduated high school and in the United States that's a big event So one's going off to college So we'd be prepping for college here before long, and then I've got another one who's going to be joining us Probably we're going to be starting up a business My wife is. And so therefore with that with between her business and the kids coming into Scala college and between, I have three others and still in school one more senior. it is a busy busy day. and we've. since we have we we basically have four. Or five, seven children total and of that five of them. our four of them have been adopted And so we are, we're very fortunate It also is add a lot of challenges that are a lot of fun to kind of woGain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.

Shon Gerber from CISSPCyberTraining.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge in cybersecurity from being a Red Team Squadron Commander; Chief Information Security Officer (CISO); and Adjunct Professor providing superior training from his years of experience in educating people in cybersecurity.  In this episode, Shon will talk about the following items that are included within Domain 4 (Communication and Network Security) of the CISSP Exam: ·         CISSP / Cybersecurity Integration – Data Communications ·         CISSP Training –  Implement Secure Communication Channels ·         CISSP Exam Question – Point to Point / OSI Layers BTW - Get access to all my Training Courses here at:  https://www.cisspcybertraining.com Want to find Shon Gerber / CISSP Cyber Training elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber CISSPCyberTraining.com - https://www.cisspcybertraining.com/ Facebook - https://www.facebook.com/CyberRiskReduced/ LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Quizlet https://quizlet.com/87472460/official-isc-cissp-domain-1-security-and-risk-management-flash-cards/ Infosec Institute https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/communications-and-network-security/secure-communications-channels/#gref Wikipedia https://en.wikipedia.org/wiki/Trusted_computing_base https://en.wikipedia.org/wiki/SwIPe_(protocol) https://en.wikipedia.org/wiki/Transport_Layer_Security https://en.wikipedia.org/wiki/Secure_Electronic_Transaction Transcript: Hey y'all is Shon Garrigan was her new cyber risk I hope you're all having a wonderful day today It's a great day in Wichita Kansas A Heartland of America. Basically smack dab in the middle of the United States So yeah there's pretty flat here it's pretty hot here but it's July 8th. Hey just wanted to go over We're going to be talking about in our site. OSI CISSP cybersecurity integration. Data communications. And then on our CISSP training where to get into implement secure communication channels. And then in our exam question where to get to point to point, it's not from like point a to point B it's a different kind of point to point. And then the OSI layers. All right before we get started I want to just throw out a plug there for my C I S S P training that you can find on youtube.com. You can check it out there at a Shawn S H O N Gerber. And I have CIS. training CISSP certification trainGain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.

Cengage Group is an American educational content, technology, and services company for the higher education, K-12, professional, and library markets. It operates in more than 20 countries around the world.InfoSec Institute is a technology training company. It provides certification-based training courses for security professionals and enterprise-grade security awareness and phishing training for businesses, agencies and technology professionalsCISO's Secrets Podcast is powered by MIND.Visit CISO ACADEMY to access additional learning opportunities for C level executives

Host Karl speaks with Donna Turgeon. In her role as head of channel, Donna will lead Infosec's channel sales team and indirect go-to-market strategy, operations and revenue globally. Donna brings 30 years' experience driving indirect and direct revenue, ensuring customer success, delivering global GTM programs, leading corporate Channel and Distribution strategy, recruiting and onboarding business partners, and building effective Global sales and support teams. Donna is a multiple-year CRN Channel Chief award winner. Before her role at Infosec, she built an excellent indirect and direct sales and Marketing organization as CRO of VIPRE Security Group. She has held various senior leadership roles at various companies, including KnowBe4, Tech Data, InspiredeLearning and AccentHealth. Resources and Links:  http://www.infosecinstitute.com/channel  Email: partners@infosecinstitute.com Sponsor Memo: Acronis  Are you still relying on a frustrating patchwork of legacy solutions. Modernize your cybersecurity and data protection with Acronis Cyber Protect Cloud. It's a single solution that combines backup, anti-malware, and endpoint protection management. As an MSP, you can easily improve clients' security  posture, eliminate complexity, and generate more recurring revenue.  Learn more about Acronis Cyber Protect Cloud at https://Acronis.com  

This episode covers online tools and lab environments that cyber security students and early professionals can use to learn and increase technical skills.  While these environments are usually meant for those that want to get very deep with the technical side of cyber security, non-technical folks can certainly use these as well.  The tools/trainings go as deep as the user wants.  I also go over building a lab at home using Virtual Box or VMWare.  I also provide insight and recommendations for building a Cloud based lab environment in Azure or AWS.  This episode came out of comments made by Adrianus Warmenhove in S4E8 around VPN's and NordVPN.Send comments, questions, and episode ideas to: cybergreybeard@gmail.com RangeforceHack The BoxInfosec Institute SkillsHacker Rank for DevelopersHacktory.aiAzureAWSCloud ComparisonsMITRE ATT&CKKali.org Downloads (Then select “Virtual Machines)Sourceforge Comparison PageFor those interested in supporting Josh, my mentee looking to relocate to Canada and study cyber security, please visit GiveSendGo.

The InfoSec Institute estimates there is a worldwide staffing shortage of nearly three million in the ranks of cybersecurity professionals, with the number rising to 3.5 million by 2021. Expectations are that the shortage will only get worse driven by rising demand for infosec resources for the foreseeable future. A 2013 Frost & Sullivan study estimated that women accounted for 10-12% of the global cybersecurity workforce. In a 2019 research article from Cybercrime Magazine concluded that women accounted for 20% of the global infosec payroll.The interesting bit is that everyone in the C-suite, including HR see the security staffing shortage and in some ways the solution – women in cybersecurity and technology. So why aren't the positions being filled and what's holding back women from taking up the vacancies?In this PodChats for FutureCISO, we are joined by Vicki Batka, senior vice president, sales, APJ, Trellix, to talk about Breaking the cybersecurity glass barrier.Vicki, welcome to PodChats for FutureCISO.1.       It is our understanding that leadership across the C-suite recognises the skills shortage. What are they doing about it?a.       Is this strategy sustainable?2.       There are those that suggest outsourcing or bringing external parties as the answer to the internal skills shortage. a.       What are the benefits of this strategy?b.       What are the possible issues it presents longer term?3.       Do should industry, governments and the academia work together to establish the atmosphere conducive for women with the right disposition to pursue a career in cybersecurity/security?4.       What are the qualities most desirable on which to build upon a career in cybersecurity/security?5.       How can we have more women in cybersecurity? [Where should we start]6.       For women to take on leadership roles in cybersecurity, what needs to happen today?7.       What is your advice for women with aspirations to work in tech and security?

Company security is not only the job of the network security engineers. Yes, they need training and certifications continually through Inforsec Skills, but Keatron Evans, Principal Security Researcher at Infosec Institute highlights to Don Witt of The Channel Daily News, a TR publication, that it is the job of every company employee. Company attacks are made at every level in a company. Whether it is email, the browser, the unauthorized application access, the endpoint, or the network itself, all the employees need to be knowledgeable security sentries for the company – check out Inforsec IQ. Keatron Evans The supply chain is a totally neglected asset of the company. Keatron goes into great detail about the supply chain and how the company is totally exposed unless certain steps are taken to protect the company. Knowing and securing your supply chain is mandatory to completely secure your company and its data. In order to understand some of the basic supply chain issues and why it is so important, listen in to Keatron providing some of the important facts and details. About: Infosec is a leading cybersecurity education company helping IT and security professionals advance their careers and empowering employees to be cyber safe at work and home. Its mission is to equip individuals and organizations with the knowledge and skills to confidently outsmart cybercrime. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent and teams, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness and phishing training. Follow Infosec on LinkedIn, Twitter, Facebook, Instagram and Infosec's Resources Blog for the latest news, or visit infosecinstitute.com for more information. For more information, go to: https://www.infosecinstitute.com/

Jim Chilton, general manager of InfoSec Institute, joins the podcast from the trade show floor at RSA to talk about different ways the organization is working to close the cybersecurity workforce gap. 

In addition to supply chain challenges and labor shortages, one of the biggest issues emerging from the COVID-19 pandemic for the industrial sector has been the huge uptick in cyberattacks.To make things worse, the Center for Strategic and International Studies, after studying cyberattack trends since 2006, says there is a clear pattern wherein these attacks will increase during the month of October, with five offending countries or entities responsible for the majority of the incidents. Based upon analysis, it is predicted that cyberattacks originating in Russia, China, North Korea and Iran will increase this month.Joining for the first in a series of episodes discussing new and prevailing cybersecurity challenges confronting the U.S. industrial sector is Adam Kohnke from Madison, WI-based Infosec Institute - a leading cybersecurity training and education firm.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

Discussion on cyber security certifications.  Which make sense.  Where to focus.  How to proceed.  I cover certifications from GIAC, ISC2, ISACA, EC-Council, Amazon, Microsoft, Google, CompTIA, and others.  This episode discusses areas to find training and recommendations before taking certification exams.  These are recommendations only and based on my opinion and experiences.  Please do research before investing in any certification or training course.ISC2: https://www.isc2.org/ISACA: https://www.isaca.org/Offensive Security: https://www.offensive-security.comEC-Council: https://cert.eccouncil.org/GIAC: https://www.giac.org/GIAC Roadmap: https://www.giac.org/certifications/get-certified/roadmapAWS: https://aws.amazon.com/certification/12 MS Azure certifications https://cloudacademy.com/blog/microsoft-azure-certifications-which-is-right-for-you-and-your-team/ Google Cloud Certifications: https://cloud.google.com/certification/SANS: https://www.sans.org/Infosec Institute: https://www.infosecinstitute.com/UDEMY: https://www.udemy.com/Cloud Academy: https://cloudacademy.com/

Study after study shows cybersecurity job descriptions lack clarity across most roles and industries — stifling talent recruitment, development and retention efforts. Infosec Institute and Aspen Cybersecurity Workforce Coalition will provide data-backed insights into how organizations are aligning job descriptions and training to tools like the NICE Framework, including what’s working and what’s not. Speakers: David Forscey, Senior Policy Analyst, National Governors Association Megan Sawle, VP of Research & Marketing, Infosec Kacy Zurkus, Content Strategist, RSA Conference

Interview on my background and journey along with discussion on the cyber security profession. Chris Seinko of Cyber Work hosts the Infosec Institute cyber security podcast and we discuss how to help students and early professionals grow in Cyber Security.Catch the video version recorded on Zoom at: Reach out with questions, comments or suggestions for future episodes: cybergreybeard@gmail.com

Meet Christopher Gerg Christopher Gerg is the CISO and VP of Cyber Risk Management at Gillware. He is a technical lead with 20+ years of information security experience tackling the challenges of cloud-based hosting, DevOps, managed security services, e-commerce, healthcare, financial, and payment card industries. He has worked in mature information security teams as well as building secure technical environments – all while working with the boardroom to promote executive understanding and support. Your company does a lot of work with incident response, what is the most common kind of attack that you're seeing right now? I think probably over 95% of what we're seeing is has to do with ransomware and wire transfer fraud. Wire transfer fraud is more of a human problem than is it is a technical problem and it's really just someone tricking someone else into transferring money where they they shouldn't. A lot of people have in their mind what ransomware is, and I think what a lot of people have in their mind is is wrong, frankly, you don't just get something in your email, double click it and then you have ransomware. Ransomware is the last step and kind of a conventional attack and a conventional hack, where they've been in your environment for four to eight months or longer. And they find where I jokingly say the soft chewy center of your company is and and encrypt that so that you're you're almost forced to pay the ransom or face a huge amount of downtime. So what advice do you offer to help organizations protect themselves from these types of incidents? Use multi factor authentication, the little code generator app on your smartphone is a good start. Locking down services that are available to the public internet. Windows remote desktop protocol RDP it's a way to get a remote desktop on a computer and people use that for remote access to their computers from from like trying to work from home. I think the two other things would maybe be make sure everything's up to date with patches. And I think finally, just kind of awareness. I didn't come up with it, but I'm using it a lot more is the human firewall. The people sitting at the desk are a big and important component to your information security program. And so the people sitting at the desk and checking their email and doing your company's business really need to be aware of what to click on what not to click on.  How would you recommend a smaller organization such as my myself, help to educate the other team members and to make sure that they're not clicking on things they shouldn't? There's one that's actually local to me called the InfoSec Institute. They do online information security awareness training, and also phishing testing. They charge by the seat, and so it almost doesn't matter if you're a four person shop or a 3000 person shop. You're paying just a fixed amount, it may be, 10s of dollars a month. But that training is kind of a big deal. And the nice thing too is it's not just information security awareness training there's also kind of the certification training too.  Do you see smaller companies or are these larger corporate entities kind of getting the majority of these attacks? I think it's pretty democratic and how it goes after things. Everyone has a chance of getting it. They really do just scan for vulnerable services and if they find one they get in. The other aspect of this that kind of blew my mind when I started doing this kind of work is, these are organized, essentially companies, that are doing these criminal activities. They've got help desks, they've got websites, they have email addresses. And so they have different teams in that there's some teams that just scan in an automated way the entire internet looking for vulnerable services, if they find one, they try to exploit it usually again, in an automated way. And if they get one it shows up on a list and then they they pass that list to the next phase, the other team and they try to exploit it and if they can exploit it, they get in. Once they're in, either through email or through a vulnerable service. They then download software so that they have more of a foothold in your environment and then just start exploring.  Are there pros and cons from having all of your company documentation on the cloud versus keeping it in an internal server? Well, I think the only risk is one of people take the assumption that someone else is taking care of it. Where they just kind of throw the responsibility for security over the wall to the cloud provider. The reality is that it's someone else's computer in someone else's data center. It's still a computer, whether it's virtual or not, it's still sitting in a rack somewhere. It's still plugged into a network somewhere. And it's still sitting in a building somewhere. And so if you have that in your mind, and you just treat it like you're leasing the machine from a hardware vendor and storing it in a co-location facility your your responsibilities are the same.  Can you help our listeners kind of remove networking fear by sharing one of your favorite networking stories or experiences that you've had? If you've got a chance to go out and have coffee with someone, whether they're in your your field or not, go have coffee with them, or if they invite you out to lunch or whatever. You're going to learn something. You're going to make a connection. In fact, the the job I'm in right now came from an acquaintance of mine that I haven't worked with in 20 years. But we've stayed connected and he heard about an opportunity and gave me a call and said they're looking for someone. So it doesn't have to be hard. How do you stay in front of or best nurture your relationships? I think it takes some effort. You know, it's kind of the curse of the organized person, if I didn't organize get togethers with my friends, they probably just wouldn't happen. I usually seem to be the one to organize it and it's a little bit of a burden, but I get to see my friends and so it's absolutely worth it. I've had a lot of really good times going to some Madison Chamber of Commerce, Greater Madison Chamber of Commerce events. They're well organized and well attended and I meet a lot of really interesting people. And it takes some effort and you need to step away from your desk to do it. But I think I think the benefits outweigh the inconvenience for sure. What advice would you offer the business professional who's looking to grow their network? I think the best advice to growing the community is find organizations that do what you do. Find groups of like minded people. Connections you make that are or aren't related to your your specific job will have benefits. You just need to get to know people face to face. But if you can, if you can find a balance there, where it's also related to stuff you do that's gonna help you professionally as well. Between digital networking and traditional networking, which one do you find more value in? You need the digital side to keep in touch because that's just how people keep in touch. I don't answer my phone, it has to go to voicemail. So even to that degree, people just don't talk on the phone anymore. So you need to go to these in person things, whether it's a conference or a symposium, or it's a meetup group or a community event. I think it's more important to meet people face to face. If you could go back to your 20 year old self, what would you tell yourself to do more of less of, or differently with regards to your professional career? But I think I would have better work life balance. I'm getting my private pilot's license right now. It's something I've wanted to since I was a little kid. I would have told myself 20 years ago to take the time and do it then. So we've all heard of six degrees of separation, who would be the one person that you'd love to connect with? And do you think you could do it within the sixth degree? I would love to sit down and chat with Bill Gates. He's got a lot of incredible insights. And he's doing what I would hope people with his affluence and influence would do. One of the most incredible charity stories there is. And his ability to influence public opinion is is incredible. I'd love to pick his brain. Any final word or advice for our listeners with regards to growing and supporting your network? Don't be afraid to go out there and prioritize it. It is important. Being able to look someone in the eye and talk about what you do and be excited and passionate about it speaks volumes and let's people know how competent you are. How to with Christopher: Website: https://www.gillware.com/ Email: cgerg@gillware.com LinkedIn: https://www.linkedin.com/in/christopher-gerg-8aa0a66a/

All images and links for this episode can be found on CISO Series (https://cisoseries.com/open-this-email-for-an-exclusive-look-at-our-clickable-web-links/) You'll be dazzled by the clickability of our web links on this week's episode of CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week Aanchal Gupta (@nchlgpt), head of security for Calibra, Facebook. Aanchal Gupta, Head of Security for Calibra, Facebook, Mike Johnson, Co-Host, CISO/Security Vendor Relationship Podcast, David Spark, Producer, CISO Series Thanks to this week's podcast sponsor Expel. Expel is flipping today’s managed security model on its head (Ouch!) for on-prem and cloud, taking a technology-driven approach that lets analysts focus on what humans do best: exercise judgment and manage relationships. The company offers 24x7 monitoring through its security operations center-as-a-service, using the security tools customers already have. On this week's episode Hey, You're a CISO, what's your take on this? Last month, Brian Krebs reported a breach from the 6th-largest cloud solutions provider PCM Inc. which let intruders rifle through Office365 email/documents for a number of customers. In response, listener Alexander Rabke, Unbound Tech, asked, "Would CISOs continue to do business with ‘security’ companies that are breached?" What's your recommendation for sales people who are at such an organization? How should they manage news like this? Ask a CISO We know there are plenty of pros and cons of telecommuting. I'm eager to hear from both of you how security leaders value telecommuting. What are the challenges to a CISO of managing a virtual staff? What's Worse?! We've got two extreme scenarios you'd never see in the real world. Why is everybody talking about this now? Mike, on LinkedIn you ranted about the term DevSecOps that it was a distraction and that "It's really no different (at a high level) than building security into an Agile development process, or a Waterfall process." I agree but I would argue that when DevOps was introduced it was about getting two groups working in tandem. At the time it was a mistake to omit security. Last year at Black Hat I produced a video where I asked attendees, "Should security and DevOps be in couples counseling together?" Everyone universally said, "Yes", but I was taken aback that many of the security people responded, "that they should just listen to me." Which, if you've ever been in couples counseling knows that the technique doesn't work. I argue that the term DevSecOps was brought about to say, "Hey everybody, you have to include us as well." Mike recommends Kelly Shortridge and Nicole Forsgren presentation at Black Hat 2019, "The Inevitable Marriage of DevOps and Security". Companies continue to take advantage of the economies of scale offered by multi-tenant cloud services, but complacency is dangerous. Multi-tenant cloud is often described as being like a big apartment building, but the big difference is that the walls that separate tenants from each other are not solid, but software. Software is built by humans which closes the circle: unpredictable humans in an unpredictable world. I’m not just talking about hacking here. What about compliance? GDPR’s austere and perhaps old-world view that data on a German citizen must stay in Germany, is nonetheless the law, and carries substantial fines for transgression. This requires data centers to be run from multiple countries, but so long as they’re connected by a cable no data is ever truly isolated. Future regulations affecting health records or patents or blockchain transactions might find themselves in limbo when it comes to coming to rest in a certain section of a certain cloud. For the moment, companies are focusing mostly on the cost-efficiencies of shacking up with other tenants in the same building, but very soon, this too might not be enough. Check out lots more cloud security tips sponsored by OpenVPN, provider of next-gen secure and scalable communication software. OpenVPN Access Server keeps your company’s data safe with end-to-end encryption, secure remote access, and extension for your centralized UTM. The great CISO challenge Lauren Zink of Amtrust posted an article from Infosec Institute asking, "What are you to do with repeat offenders in social engineering exercises?" The article offers some helpful suggestions. In the discussion, there was some pointing fingers at security training designed to purposefully trick employees. Have either of you had to deal with repeat offenders? What did you do? What's your advice for other security leaders... and HR?  

  Description: Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will talk about the following items that are included within Domain 5 (Identity and Access Management) of the CISSP Exam:   CISSP / Cybersecurity Integration – Identity Governance CISSP Training –  Manage the identity and access provisioning lifecycle (Domain 5) CISSP Exam Question – Username-Password / Preventative Controls   BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/   LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Quizlet https://quizlet.com/87472460/official-isc-cissp-domain-1-security-and-risk-management-flash-cards/ Infosec Institute https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/identity-and-access-management/#gref Wikipedia https://en.wikipedia.org/wiki/Identity_Governance_Framework

Description: Shon Gerber from ReduceCyberRisk.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.    In this episode, Shon will talk about the following items that are included within Domain 4 (Communication and Network Security) of the CISSP Exam:   CISSP / Cybersecurity Integration – Data Communications CISSP Training –  Implement Secure Communication Channels CISSP Exam Question – Point to Point / OSI Layers   BTW - Get access to all my CISSP Training Courses here at:  http://reducecyberrisk.com/cissp-training/ Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet? LinkedIn – www.linkedin.com/in/shongerber ReduceCyberRisk.com - https://reducecyberrisk.com/ Facebook - https://www.facebook.com/CyberRiskReduced/   LINKS:  ISC2 Training Study Guide https://www.isc2.org/Training/Self-Study-Resources Quizlet https://quizlet.com/87472460/official-isc-cissp-domain-1-security-and-risk-management-flash-cards/ Infosec Institute https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/communications-and-network-security/secure-communications-channels/#gref Wikipedia https://en.wikipedia.org/wiki/Trusted_computing_base https://en.wikipedia.org/wiki/SwIPe_(protocol) https://en.wikipedia.org/wiki/Transport_Layer_Security https://en.wikipedia.org/wiki/Secure_Electronic_Transaction

Kim Crawley: We Need a Diversity of Brains in this World The National Autism Association states that Autism is a bio-neurological developmental disability that generally appears before the age of 3. Autism impacts the normal development of the brain in the areas of social interaction, communication skills, and cognitive function.  Since autism was first diagnosed in the U.S. the incidence has climbed to a rate of 1 in 59 children in the U.S. According to pop culture… it may be a super power as well. There seems to be a lot of Doctors on TV now who are on the Autism Spectrum like Dr. Temperance Brennan on Bones or Dr. Sheldon Cooper from The Big Bang Theory We also get the occasional action herosuch as Ryan Gosling’s The Driver or Lisbeth Salander from The Girl With the Dragon Tattoo. And of course, the classic American underdog heroes Raymond Babbitt and Forrest Gump Out here in the real world… people on the Autism Spectrum are all around you. Most of them do not have Salander like superpowers, but rather are every day Janes and Joes who go to work, do their jobs and live their lives.  Ever wonder what’s it’s like to chat with someone on the Autism Spectrum? You shouldn’t… if CDC statistics are accurate, there are nearly 6.8 MILLION people on the Autism Spectrum in the United States In this week’s episode of InSecurity, Matt Stephenson sat down with respected security writer Kim Crawley to talk about the current state of the cybersecurity world, some of the issues with locking down IoT, drumming… and Kim’s recent diagnosis as being on the Autism Spectrum. Take a walk with Kim as she shares her experience in the security industry and why being on the Autism Spectrum is just another facet of her personality. For more information on Autism, go to www.autisticadvocacy.org and look for #ActuallyAutistic on Twitter About Kim Crawley Kimberly Crawley spent years working in consumer tech support. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. By 2011, she was writing study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. She’s since contributed articles on information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine. Her first solo-developed PC game, Hackers Versus Banksters, and was featured at the Toronto Comic Arts Festival in May 2016. She now writes for Tripwire, AT&T and BlackBerry Cylance. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at BlackBerry Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, iTunes/Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts! Make sure you Subscribe, Rate and Review!

Eric Stevens, vice president of engineering and principal architect at ProtectWise, discusses the current state of artificial intelligence in cybersecurity and the company's recent report on the topic, "The State of AI in Cybersecurity." Learn more about the report: https://www.protectwise.com/post/new-research-shows-benefits-limitations-and-evolving-questions-of-ai-in-cybersecurity/. Special offer for CyberSpeak with InfoSec Institute listeners: https://www.infosecinstitute.com/podcast.

Kathleen Hyde, chair of cybersecurity programs at Champlain College online, discusses a topic that's a big part of InfoSec Institute's initiative for the coming years — finding new and innovative ways of closing the cyber skills gap. Get infosec training: http://infosecinstitute.com/. Special offer for CyberSpeak with InfoSec Institute listeners: https://www.infosecinstitute.com/podcast.

Joshua Knight, cybersecurity business leader at Dimension Data, discusses his career journey as well as the steps you can take to move your career towards the path of a chief information security officer (CISO). Get infosec training: https://www.infosecinstitute.com/. Special offer for CyberSpeak with InfoSec Institute listeners!: https://www.infosecinstitute.com/podcast.

For this conversation, I am joined by Sean Martin and our guests is: Kelvin Coleman | National Cyber Security Alliance Executive Director What’s the title of today’s story? January 28 is Data Privacy Day. The remaining 364 days of the year are Data Privacy Days. Here is what it is about: Data Privacy Day 2019 Reminds Businesses and Consumers About the Value of Personal Data and the Need to Protect It In this new era of privacy, the National Cyber Security Alliance will underscore the value of personal information by informing businesses about the critical need to respect consumer privacy and safeguard data. New Era in Privacy: Monday, Jan. 28 at 2 p.m. to 5 p.m. PSTNCSA will host a timely event – entitled  A New Era in Privacy ‒ streamed live from LinkedIn in San Francisco, CA on Monday, Jan. 28. Join us via livestream to learn about timely issues from leading privacy experts that impact both business and consumers. Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe and is officially led by NCSA in North America. Verizon and Visa are Contributing Sponsors of the 2019 privacy awareness campaign. VISA and Verizon are Contributing Sponsors of the 2019 privacy awareness campaign. Yubico, Mozilla and Trend Micro are Participating Sponsors. The hashtag for NCSA’s privacy campaign efforts is #PrivacyAware. The National Cyber Security Alliance (NCSA) is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society. NCSA’s primary partners are DHS and NCSA’s Board of Directors, which includes representatives from ADP; Bank of America; CDK Global, LLC; CertNexus; Cisco; Cofense; Comcast Corporation; ESET North America; Facebook; Google; InfoSec Institute; Intel Corporation; Marriott International; Mastercard; Microsoft Corporation; Mimecast; NXP Semiconductors; Raytheon; Salesforce; Symantec Corporation; Visa and Wells Fargo. NCSA’s core efforts include National Cybersecurity Awareness Month (October); Data Privacy Day (Jan. 28); STOP. THINK. CONNECT.™, the global online safety awareness and education campaign co-founded by NCSA and the Anti-Phishing Working Group with federal government leadership from DHS; and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information on NCSA, please visit staysafeonline.org/about-us/overview/. We truly enjoyed this conversation with the new NCSA Executive Director Kelvin Coleman. He is a great guy and an experienced leader that we are happy to follow and support here at ITSPmagazine. Enjoy the conversation and do not forget to fight the good fight with us. Let’s listen. ___ For more Podcasts about The Cyber Society and to know more about what is happening at the intersection of IT security and society: https://www.itspmagazine.com/the-cyber-society

Learn about the path to becoming a network admin and what a potential career may entail in this discussion with Elias Papatestas, an InfoSec Institute instructor who has extensive history in the IT industry dating back to the 1980s. View our collection of free resources on networking and network administration: https://www2.infosecinstitute.com/network-admin

Passwords remain at the heart of many cybersecurity issues, and this week we take a deep dive into the topic with Susan Morrow, who has worked in numerous areas of the IT security industry since the early 1990s. Morrow discusses the new NIST password guidelines, how organizations are lagging behind, and variety of other password-related topics. The InfoSec Institute security awareness series highlights the importance of security education across all levels of an organization. For more on security awareness and anti-phishing solutions, check out SecurityIQ by InfoSec Institute: https://www2.infosecinstitute.com/security-awareness

Earning your PMP certification can increase your earnings by as much as 20 percent. A Project Management Professional (PMP) certification proves to employers that you know what it takes to manage projects efficiently, within budget and on-schedule. InfoSec Institute instructor Chris Danek and sales manager Jarrod Mayes discuss how the PMP certification process works and how it can help build your credibility in any industry. Kristin Zurovitch, director of marketing at InfoSec Instiute, helps guide the discussion and takes listener questions. If you would like to learn more about obtaining a PMP certification, check out our PMP training course page: https://www2.infosecinstitute.com/pmp

Learn about the path to becoming an incident responder and what a potential career may entail in this discussion with Keatron Evans, InfoSec Institute instructor and managing consultant at KM Cyber Security, LLC. Evans discusses his path to incident response, what kinds of interests can translate into a successful incident response career, and what a day in the life as an incident responder is like. For more information on how to become an incident responder: https://www2.infosecinstitute.com/incident-responder

Business email compromise (BEC) attacks are expected to cost businesses $9 billion by the end of 2018, according to Trend Micro estimates. In this discussion with Roger Sels, VP information security at DarkMatter, and Jack Koziol, CEO of InfoSec Institute, you'll learn more about BEC attacks and measures you can take now to protect your organization. Kristin Zurovitch, director of marketing at InfoSec Instiute, helps guide the discussion and takes listener questions. If you would like a free copy the InfoSec Institute e-book, Introducing BEC: The Great White Shark of Social Engineering, which includes a downloadable BEC attack tip sheet, check out this link: https://www2.infosecinstitute.com/bec

This weeks episode has Ronnie and Greg sitting down with Security guru, pentester,trainer,entrepreneur and author Keatron Evans.Keatron is the author of the Hackers/Pen-testing book "Chained Exploits:Advanced Hacking Attacks From Start to Finish". He has sold close to 7000 copies and is highly regarded in the Information Security world. Keatron is also a penetration tester and business owner. His business Blink Digital Security, based out of Chicago, specializes in pen testing, security training, and vulnerability assessments. Keatron is also the lead instructor and courseware developer for Infosec Institute which provides high quality information security training and has been in operation since 1998.

This weeks episode has Ronnie and Greg sitting down with Security guru, pentester,trainer,entrepreneur and author Keatron Evans. Keatron is the author of the Hackers/Pen-testing book "Chained Exploits:Advanced Hacking Attacks From Start to Finish". He has sold close to 7000 copies and is highly regarded in the Information Security world. Keatron is also a penetration tester and business owner. His business Blink Digital Security, based out of Chicago, specializes in pen testing, security training, and vulnerability assessments. Keatron is also the lead instructor and courseware developer for Infosec Institute which provides high quality information security training and has been in operation since 1998.