Cybersecurity Training
I'm Google Cyber Security Professional Certified, but I very much appreciate how I.T. isn't everyone's thing, and even for the pros Cybersecurity is a complex, often confusing, and ever-changing morass of trade-offs and risk management. Because it's not always easy to grasp, it's not easy to see why we should care.
Aside from falling short on motivation, in a lot of the cyber-awareness training I've received (or been hired to deliver) in the past, the focus was always on home network and family safety or basic password protocol. Now I'm a lot further down the road, I'm keen to deliver thorough, exciting training. Training that is both more enjoyable for the audience and provides practical, immediately actionable advice. Before I teach any subject, I make clear exactly why it's worth studying. Scroll down for of a list of subjects I cover in my daily 5.5 hour classes.
"So Amazon, FaceBook and TikTok have my data, big whoop.
Why would that bother me?"
This attitude is all too common, and completely overlooks the real nature of the threat. As ever, the detail's in the data.
In crypto-crime alone more than $4 billion was stolen by hackers in 2019 (source: Forbes) and it's getting a whole lot worse due to recent changes in all our working practices.
Now more than ever businesses need to up their cybersecurity game yet many companies currently fail to prioritise regular cyber-awareness training. As individuals, we're even less careful when it comes to our own security. As the line between work and home life increasingly blurs, cybercrime is becoming a critical threat to both.
Most threats fall into one of three categories; Ethics, Privacy or Crime.
1) Ethics
Online we are all being constantly influenced in ways we are largely unaware of and it's about far more than which brand of soap we buy. Whichever way you voted, you'll probably remember Cambridge Analytica's role in BREXIT. Today the hidden influence of data-miners is a bigger threat to democracy than ever, as evidenced by recent events in America. Cybercrime, Big Data and covert monitoring can all harm civil liberties. Good cybersecurity doesn't just protect our civil liberties, it also safeguards against many other kinds of ethical threat.
2) Privacy
Have you heard the Target Teen Pregnancy story?
An irate father complains that US chain, Target, are inappropriately sending his daughter pregnancy marketing in the post. Only it turns out she is pregnant and the embarrassed father apologises. Target's data harvesting detected the girl's pregnancy from her search and spend behaviours and accidentally gave away her secret.
It's a sensational story but the real impact of data harvesting may already be affecting you. From time to time we may all be suffering from "Data Discrimination", discrimination based on tracking codes & cookies recording your age, interests, web history, race, etc. Joy Buolamwini (@jovialjoy on Twitter) has some research on this, as does Cat Hallam (@CatHallam1).
Data Discrimination might stop you from getting jobs, insurance and more. Today the majority of employers use social media to screen candidates and, as we'll see, there are many more reasons to take your own privacy seriously.
We all get Face Book, G-Suite, Twitter, etc for free but, if you're not paying for something then, as Carlotta Fay Schoolman and Richard Serra put it in their 1973 broadcast:
"You are the end product"
3) Crime
So how do we keep ourselves safe online?
Well, these attackers love going after the low-hanging fruit, the soft targets. For most of us, there’s only one thing we can do and it's surprisingly easy;
Don't be the easiest house on your street to burgle
You really don't need to become an IT specialist to protect yourself. I aim to walk learners through the most important issues they can address for themselves, immediately. With adequate, inspiring and entertaining cyber-awareness training, even the worst post-apocalyptic nightmare of a digital footprint can become an impregnable cyber-fortress! Get in touch with me today to find out more.
Subjects Covered
-
Foundations of Cyber Security
-
Core cyber security concepts, like CIA, PoLP, RBAC, etc
-
Consequences and implications
-
Core terminology
-
Good vs Bad actors and how they impact cyber security (plus basic Ethics)
-
Computer Science
-
Terminology
-
Hardware; I/O devices, cables, chips, CPU, GPU, USB, Motherboard, etc
-
Windows Registry, NTFS, Boot Sector, Master Boot Record, Operating Systems (basics)
-
Open Source, BIOS & UEFI, Kernels, Architecture
-
Memory: Hard drives, SSD, RAM, ROM, Virtual Memory
-
Firmware vs Software
-
VMs (Virtual Machines)
-
Logic, coding, pseudocode and languages
-
How the Internet works and who runs it
-
Routers, Modems, Switches, Firewalls
-
MAC & IP Addresses
-
Websites, HTTPS, SSL/TLS, SFTP, DNS, Server
-
Databases, SQL, MySQL
-
The Internet of Things
-
KALI Linux and its tools
-
Word, PowerPoint, Excel; practical training
-
Threats and vulnerabilities
-
Threats, exploits and risks
-
Key sectors that need protection
-
Threat intelligence cycle
-
Open-source intelligence and data reliability
-
Threat model and analysis and evaluation
-
Malware
-
Types of malicious software and how they work
-
The motivations behind malware
-
Human factors involved
-
Social engineering
-
Resolving malware issues
-
Detection and Response
-
Creating an incident postmortem
-
Incident response lifecycle
-
ISO standards
-
Testing & Controls
-
Different types of cyber security testing
-
Different cyber security frameworks
-
How to apply cyber security controls
-
Web, Web Application & OS Security
-
Common attacks against web applications
-
Access Controls
-
Identification and authentication failure
-
Cryptography, and cryptographic failures
-
Authentication and passwords
-
OS Security: What OSs do and their known vulnerabilities
-
Network security
-
The Cyber Kill Chain
-
Intrusion Prevention & Detection Systems (IDS, IPS & IDPSs)
-
HIDS and NIDS
-
Virtual Private Networks (VPNs)
-
Network Layer Models
-
TCP/IP vs OSI
-
Digital forensics
-
Digital forensics process
-
Forensic Artefacts
-
Public-sector investigations
-
Private-sector investigations
-
Forensic Artefacts
-
The Scientific Method
-
Tools used in Digital Forensics
-
Security Operations Centres (SOCs)
-
The role of an SOC (aka SOC), and the roles within it.
-
Professional conduct expected in Cyber
-
Compliance, Ethics and correct behaviours within the SOC and cyber in general.
-
AI; its impact, usage and ethics
-
Employability
-
A cyber security project to include different cyber security protocols
-
CV support
-
Interview techniques (including practice)
-
Cyber careers
Further Reading
This page of my site is based on articles I wrote over at LinkedIn.
If you've enjoyed reading, this you might like to read the original, and some of my other articles on LinkedIn on the subjects of Webdesign and Cybersecurity: