How to Build a Winning Cybersecurity Team
Download as PPTX, PDF2 likes425 views
The document emphasizes that cybersecurity is fundamentally a people problem rather than a technology issue, highlighting the importance of an educated workforce in combating cyber threats. It outlines the need for specialization within cybersecurity roles, detailing various functions such as architecture, incident response, and compliance. Additionally, the document presents a career progression framework for different levels of expertise in cybersecurity.
How to Build a Winning Cybersecurity Team
- 1. Building a Winning Cybersecurity Team
- 2. © Global Knowledge Training LLC. All rights reserved. Page 2 Defenseᵌ: Human Element and 3D Defense PROCESS PEOPLE TECHNOLOGY More than “Defense in depth,” organizations need Defenseᵌ because cyber attacks happen across three dimensions. Cyber attacks are people attacking people, not machines attacking machines, so an educated workforce is critical.
- 3. © Global Knowledge Training LLC. All rights reserved. Page 3 Building a Winning Team Acknowledge the people problem Address the human element Understand the specialties
- 4. © Global Knowledge Training LLC. All rights reserved. Page 4 Cybersecurity is a people problem, not a technology problem • Every cybersecurity attack ever performed was initiated by a human • Every cybersecurity defense was designed and deployed by humans Cybersecurity is people attacking people • Humans write security policies • Humans design security architecture • Humans configure and deploy security technology • Humans initiate cybersecurity threats The People Problem “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology” - Bruce Schneier
- 5. © Global Knowledge Training LLC. All rights reserved. Page 5 The Human Element Perimeter Perimeter Perimeter Phase 1 • Firewall technology defense • Intruders blocked by perimeter policy • Internal users checked by virus scan • All credentialed users “trusted” Phase 2 • Firewall technology defense • Intruders blocked by perimeter policy • Intruders monitored by IPS/IDS • Internal network scanned for outside threats • Credentialed users “trusted” Phase 3 • Firewall and IPS/IDS technology defense • Intruders blocked by perimeter policy • Internal users checked by virus scan • Credentialed users “trusted” on “need-to-access” policies DiD ZTE “We have met the enemy and they are us” – Walt Kelly
- 6. © Global Knowledge Training LLC. All rights reserved. Page 6 Sophisticated operations now have specialists • Mechanics have transmission specialists, electrical specialists, fuel injector specialists, etc. • Doctors have internal specialists, orthopedic specialists, neuro specialists, etc. Modern cybersecurity organizations generally require specialization, as well • Architecture and Policy • Governance, Risk, and Compliance • Data Loss Prevention • Incident Response • Identity and Access Management • Penetration Testing • DevSecOps • Secure Programming The Cybersecurity Specialties
- 7. OUR CYBERSECURITY PORTFOLIO – THE “CROWN” AND “CASTLE” SKILLS MATRIX
- 8. © Global Knowledge Training LLC. All rights reserved. Page 8 The “Crown” Organizational Map/Career Progression How many employees are at each level in the organization? Has career progression been planned? SKILLS DEVELOPMENT CERTIFICATION PREP ARCHITECTURE Senior Architect, Compliance Auditor MANAGEMENT CISO TECHNICAL SME, Lead Engineer TECHNOLOGY SOLUTIONS NEW TO ROLE MID-CAREER “CASTLE” SPECIALIZATION SENIOR LEADERSHIP IT FOUNDATIONS CYBERSECURITY FOUNDATIONS
- 9. © Global Knowledge Training LLC. All rights reserved. Page 9 The “Castle” Functional Specialization ARCHITECTURE and POLICY DATA LOSS PREVENTION GOVERNANCE, RISK, and COMPLIANCE INDENTITY and ACCESS INCIDENT RESPONSE and FORENSIC ANALYSIS PENETRATION TESTING SECURE DEVOPS SECURE SOFTWARE DEVELOPMENT Designs and implements secure architectures, translates standards, business processes, and frameworks into internal policies Deploys and manages security applications such as malware detection on endpoints and servers Measures and quantifies risk, performs internal audits against best practices and standards, develops plans for business continuity and disaster recovery Manages identification, authorization, and permissions across all systems Detects and analyzes security events and correctly responds Intentionally attacks systems to expose vulnerabilities and probe weaknesses, Red Team Securely installs, configures, and operates systems and software Develops applications with minimal vulnerabilities, application security testing NIST FRAMEWORK Identify, Protect Protect, Detect Identify, Respond, Recover Protect Detect, Respond, Recover Protect Protect, Defend, Detect Protect
- 10. © Global Knowledge Training LLC. All rights reserved. Page 10 ARCHITECTURE and POLICY DATA LOSS PREVENTION GOVERNANCE, RISK, and COMPLIANCE INDENTITY and ACCESS INCIDENT RESPONSE and FORENSIC ANALYSIS PENETRATION TESTING SECURE DEVOPS SECURE SOFTWARE DEVELOPMENT SENIOR LEADERSHIP (Expert) 9719: CSFI: Introduction to Cyber Warfare and Operations Design 1638: CISSP Certification Prep Course 2951: CompTIA Advanced Security Practitioner (CASP) Prep Course 9803: CISSP Certification Prep Course 3796: Certified Information Privacy Technologist (CIPT) Prep Course 8251: Information Security Expert 8001: Privacy and Data Protection Practitioner - SECO 2951: CompTIA Advanced Security Practitioner (CASP) Prep Course 9803: CISSP Certification Prep Course 3796: Certified Information Privacy Technologist (CIPT) Prep Course 8283: Business Continuity Expert 8274: Business Continuity Practitioner 9803: CISSP Certification Prep Course 2951: CompTIA Advanced Security Practitioner (CASP) Prep Course 3401: Computer Hacking Forensic Investigator (CHFI) v9 9803: CISSP Certification Prep Course 8291: Crisis Management Expert 3617: Certified Ethical Hacker 9803: CISSP Certification Prep Course 1642: SSCP Certification Prep Course 9803: CISSP Certification Prep Course 1697: CSSLP Certification Prep Course 9803: CISSP Certification Prep Course MID-CAREER “CASTLE” SPECIALIZATION (Practitioner) 6972: Cybersecurity Specialization: Architecture and Policy 6864: Risk Management Framework (RMF) Implementation 4.0* 7437: PECB ISO 270001 Foundations 1697: CSSLP Certification Prep Course 8000: Information Security Practitioner 3404: CompTIA Security+ Prep Course 4935: Certified Network Defender (CND) 4495: Certified Information Privacy Professional Europe (CIPP/E) Prep Course** 5867: Cybersecurity Analyst+ (CySA+) Prep Course 7999: Data Protection Foundation 4935: Certified Network Defender (CND) 4495: Certified Information Privacy Professional Europe (CIPP/E) Prep Course** 5867: Cybersecurity Analyst+ (CySA+) Prep Course 9871: CISM Prep Course 7437: PECB ISO 270001 Foundations 8015: Business Continuity Foundation - SECO 6974: Cybersecurity Specialization: Governance Risk and Compliance 4935: Certified Network Defender (CND) 5867: Cybersecurity Analyst+ (CySA+) Prep Course 3404: CompTIA Security+ Prep Course 8018: Crisis Management Practitioner 2180: CyberSec First Responder: Threat Detection and Response 5867: Cybersecurity Analyst+ (CySA+) Prep Course 1967: Hacking Methodologies for Security Professionals 4935: Certified Network Defender (CND) 8300: CompTIA PenTest+ Prep Course 3404: CompTIA Security+ Prep Course 3404: CompTIA Security+ Prep Course 4935: Certified Network Defender (CND) 5867: Cybersecurity Analyst+ (CySA+) Prep Course 2046: Introduction to Python Scripting for the Security Analyst 1123: Securing Java Web Applications 8005: Secure Programming Foundation - SECO NEW TO ROLE (Foundation) CYBERSECURITY FOUNDATIONS 9701: Cybersecurity Foundations 4277: Introduction to Cybersecurity IT FOUNDATIONS 3150: Understanding Network Fundamentals 9025: TCP/IP Networking 3291: CompTIA Network+ Certification Prep (N10-007) = coming soon!
- 11. © Global Knowledge Training LLC. All rights reserved. Page 11 Cybersecurity Specialties Job Roles Define Functional Areas • Architecture and Policy Designs and implements secure architectures and forms policies • Governance, Risk, and Compliance Measures risk, perform auditing, plan for business continuity • Data Loss Prevention Deploys and manage security applications • Incident Response Runs Security Operations Center (SOC), perform threat detection • Identity and Access Management Manages identification, authorization, and permissions • Penetration Testing Intentionally attacks systems to expose vulnerabilities • DevSecOps Manages, installs, configures, and operates systems and software in the data center • Secure Programming Develops and test applications to have minimal vulnerabilities
- 12. © Global Knowledge Training LLC. All rights reserved. Page 12 Senior Leadership 9719: CSFI: Introduction to Cyber Warfare and Operations Design 9803: CISSP Certification Prep Course Mid-Career Specialization 2-3 years growth 6864: Risk Management Framework (RMF) Implementation 4.0* 7434: PECB ISO 270001 Foundations 6972: Cybersecurity Specialization: Architecture and Policy – New! 1697: CSSLP Certification Prep Course New to Role Cybersecurity Foundations 1 year growth 9701: Cybersecurity Foundations 4277: Introduction to Cybersecurity IT Foundations 0-3 Years growth 3150: Understanding Network Fundamentals 9025: TCP/IP Networking 3291: CompTIA Network+ Certification Prep (N10-007) Architecture and Policy
- 13. © Global Knowledge Training LLC. All rights reserved. Page 13 Senior Leadership 2951: CompTIA Advanced Security Practitioner (CASP) Prep Course 9803: CISSP Certification Prep Course 3796: Certified Information Privacy Technologist (CIPT) Prep Course 8251: Information Security Expert – Coming Soon 8001: Privacy and Data Protection Practitioner - SECO Mid-Career Specialization 2-3 years growth 8000: Information Security Practitioner 3404: CompTIA Security+ Prep Course 4935: Certified Network Defender (CND) 4495: Certified Information Privacy Professional Europe (CIPP/E) Prep Course* 5867: Cybersecurity Analyst+ (CySA+) Prep Course 7999: Data Protection Foundation New to Role Cybersecurity Foundations 1 year growth 9701: Cybersecurity Foundations 4277: Introduction to Cybersecurity IT Foundations 0-3 Years growth 3150: Understanding Network Fundamentals 9025: TCP/IP Networking 3291: CompTIA Network+ Certification Prep (N10-007) Data Loss Prevention
- 14. © Global Knowledge Training LLC. All rights reserved. Page 14 Senior Leadership 2951: CompTIAAdvanced Security Practitioner (CASP) Prep Course 9803: CISSP Certification Prep Course 3796: Certified Information Privacy Technologist (CIPT) Prep Course 8283: Business Continuity Expert – Coming Soon 8274: Business Continuity Practitioner – Coming Soon Mid-Career Specialization 2-3 years growth 3404: CompTIA Security+ Prep Course 4935: Certified Network Defender (CND) 4495: Certified Information Privacy Professional Europe (CIPP/E) Prep Course* 5867: Cybersecurity Analyst+ (CySA+) Prep Course 9871: CISM Prep Course 8015: Business Continuity Foundation - SECO 6974: Cybersecurity Specialization: Governance Risk and Compliance – Coming Soon New to Role Cybersecurity Foundations 1 year growth 9701: Cybersecurity Foundations 4277: Introduction to Cybersecurity IT Foundations 0-3 Years growth 3150: Understanding Network Fundamentals 9025: TCP/IP Networking 3291: CompTIA Network+ Certification Prep (N10-007) Governance, Risk, and Compliance (GRC)
- 15. © Global Knowledge Training LLC. All rights reserved. Page 15 Senior Leadership 2951: CompTIA Advanced Security Practitioner (CASP) Prep Course 9803: CISSP Certification Prep Course Mid-Career Specialization 2-3 years growth 3404: CompTIA Security+ Prep Course 4935: Certified Network Defender (CND) 5867: Cybersecurity Analyst+ (CySA+) Prep Course New to Role Cybersecurity Foundations 1 year growth 9701: Cybersecurity Foundations 4277: Introduction to Cybersecurity IT Foundations 0-3 Years growth 3150: Understanding Network Fundamentals 9025: TCP/IP Networking 3291: CompTIA Network+ Certification Prep (N10-007) Identity and Access Management
- 16. © Global Knowledge Training LLC. All rights reserved. Page 16 Senior Leadership 3401: Computer Hacking Forensic Investigator (CHFI) v9 9803: CISSP Certification Prep Course 8291: Crisis Management Expert – Coming Soon Mid-Career Specialization 2-3 years growth 8018: Crisis Management Practitioner – Coming Soon 3404: CompTIA Security+ Prep Course 2180: CyberSec First Responder: Threat Detection and Response 5867: Cybersecurity Analyst+ (CySA+) Prep Course New to Role Cybersecurity Foundations 1 year growth 9701: Cybersecurity Foundations 4277: Introduction to Cybersecurity IT Foundations 0-3 Years growth 3150: Understanding Network Fundamentals 9025: TCP/IP Networking 3291: CompTIA Network+ Certification Prep (N10-007) Incident Response and Forensic Analysis
- 17. © Global Knowledge Training LLC. All rights reserved. Page 17 Senior Leadership 3617: Certified Ethical Hacker 9803: CISSP Certification Prep Course Mid-Career Specialization 2-3 years growth 3404: CompTIA Security+ Prep Course 4935: Certified Network Defender (CND) 1967: Hacking Methodologies for Security Professionals 8300: CompTIA PenTest+ Prep Course – Coming Soon New to Role Cybersecurity Foundations 1 year growth 9701: Cybersecurity Foundations 4277: Introduction to Cybersecurity IT Foundations 0-3 Years growth 3150: Understanding Network Fundamentals 9025: TCP/IP Networking 3291: CompTIA Network+ Certification Prep (N10-007) Penetration Testing
- 18. © Global Knowledge Training LLC. All rights reserved. Page 18 Senior Leadership 1642: SSCP Certification Prep Course 9803: CISSP Certification Prep Course Mid-Career Specialization 2-3 years growth 3404: CompTIA Security+ Prep Course 4935: Certified Network Defender (CND) 5867: Cybersecurity Analyst+ (CySA+) Prep Course New to Role Cybersecurity Foundations 1 year growth 9701: Cybersecurity Foundations 4277: Introduction to Cybersecurity IT Foundations 0-3 Years growth 3150: Understanding Network Fundamentals 9025: TCP/IP Networking 3291: CompTIA Network+ Certification Prep (N10-007) 4666: CompTIA A+ Certification Prep Secure DevOps
- 19. © Global Knowledge Training LLC. All rights reserved. Page 19 Senior Leadership 1697: CSSLP Certification Prep Course 9803: CISSP Certification Prep Course Mid-Career Specialization 2-3 years growth 2046: Introduction to Python Scripting for the Security Analyst 1123: Securing Java Web Applications 8005: Secure Programming Foundation – Coming Soon New to Role Cybersecurity Foundations 1 year growth 9701: Cybersecurity Foundations 4277: Introduction to Cybersecurity IT Foundations 0-3 Years growth 3150: Understanding Network Fundamentals 9025: TCP/IP Networking 3291: CompTIA Network+ Certification Prep (N10-007) Secure Software Development
Editor's Notes
- #8: At Global Knowledge, we deliver a skills solution to the cybersecurity challenge that is three-dimensional and built on the unique insight we’ve gained as the point of convergence for cybersecurity expertise. Our Crown and Castle Skills Matrix helps organizations address the human element of defense through dedicated learning paths across each cybersecurity function and at every career level.
- #9: Simplifying skills development planning, the “Crown” provides a high-level view for managers, directors and any other leaders responsible for cybersecurity people management and/or professional development. The “Crown” outlines and organizes cybersecurity career progression from foundational IT skills all the way up through the three branches of cybersecurity senior leadership. Leaders can use the “Crown” to measure, track, and develop optimal depth and breadth of skills within their department or team, while individual contributors can use “the Crown” to define and evaluate their personal career goals.
- #10: Designed to be implemented along with the “Crown”, the “Castle” describes the discrete functions within cybersecurity. These are the individual pieces that make up the cybersecurity whole and one job role may cover several functions or one function might be manned by several professionals depending on the size and scope of the organization. As Cybersecurity professionals reach the Mid-Career Specialization level in the “Crown,” the “Castle” helps focus activity on for maximum return on training investments.
- #13: *6867 is the DoD version of 6864 … teaches the same content as (ISC)2 Certified Authorization Professional (CAP)
- #14: *Most relevant GDPR course
- #15: *Most relevant GDPR course