Hi [[ session.user.profile.firstName ]]

MISAC MuniTech Academy IT Staffing & Career

People are IT's most important and expensive resource, but historically they have not been treated accordingly. Staffing for IT and cybersecurity can be difficult. How do you hire the right people? How do you grow your staff? How do you grow our career? In this session we will cover partnering with HR, investing in staff, education, certifications, soft skill development, work environment, flexible work options, professional networks, retention, justifying IT staff and teamwork. Improve your ability to grow, deploy, and manage your team.

Coverage
Career, Human Resources, Staffing, Education, Certification, Talent
Live online Aug 27 5:00 pm UTC
or after on demand 120 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Donald E Hester
Presentation preview: MISAC MuniTech Academy IT Staffing & Career

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • MISAC MuniTech Academy IT Staffing & Career Aug 27 2020 5:00 pm UTC 120 mins
    Donald E Hester
    People are IT's most important and expensive resource, but historically they have not been treated accordingly. Staffing for IT and cybersecurity can be difficult. How do you hire the right people? How do you grow your staff? How do you grow our career? In this session we will cover partnering with HR, investing in staff, education, certifications, soft skill development, work environment, flexible work options, professional networks, retention, justifying IT staff and teamwork. Improve your ability to grow, deploy, and manage your team.

    Coverage
    Career, Human Resources, Staffing, Education, Certification, Talent
  • MISAC MuniTech Academy Talking Cybersecurity with Senior Management Jun 11 2020 5:00 pm UTC 120 mins
    Donald E Hester
    It is mission critical for IT Directors and CIOs to maintain quality communication with senior management and key stakeholders. Quality communication will help to build strong relationships and establish trust. Strong relationships and trust help to pave the way to gaining approval for cybersecurity initiatives and budgets. The factors that contribute to this situation vary from organization to organization. One obstacle to establishing quality communications with senior management is the fact that many local government IT departments don’t have access to senior management. Other issues include business alignment with cybersecurity, soft skills, and senior management. Governance of information and technology is key to help foster communication and engagement between IT and senior management.
    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • MISAC MuniTech Academy ICS SCADA Cybersecurity Apr 21 2020 5:00 pm UTC 120 mins
    Donald E Hester
    Many organizations struggle to protect their Industrial Control Systems (ICS) and SCADA systems. Other organizations struggle with knowing how much cyber risk their organization has. ICSs are often critical systems with low tolerance for interruption, making them very tempting targets for threat-actors especially nation-states. Thus far, incidents have been low but the emergence of proof-of-concept attack software suggests that this trend may not hold for long. Local Governments need to get ready now before they find themselves a victim. Unlike personal computers, which can be reformatted and restored from backup if required, PLCs and other components can be “bricked.” This means that malware could render them completely inoperable and requiring physical replacement. In this session we will cover some of the difficulties with cybersecurity and ICS, including Supply Chain, Vendor Management, Shared Responsibility and going beyond the standards.
    ICS-CERT
    Coverage
    NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • MISAC Ransomware Prevention Recorded: Feb 12 2020 124 mins
    Donald E Hester
    MISAC MuniTech Academy presentation. Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks. In order to help clients effectively combat the current growing cyber-threats, we have created a ransomware readiness checklist from the recent US Federal Government Interagency technical guideline, Cybersecurity and Infrastructure Security Agency (CISA) guidelines, National Cyber Security Centre (NCSC), UK and NIST guidelines. In this session we will cover the items in our checklist and the recommendations on preparation.
  • Ransomware Prevention Part 2 Recorded: Sep 18 2019 77 mins
    Donald E. Hester
    Second in a two-part series on ransomware. Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks. In order to help clients effectively combat the current growing cyber-threats, we have created a ransomware readiness checklist from the recent US Federal Government Interagency technical guideline, Cybersecurity and Infrastructure Security Agency (CISA) guidelines, National Cyber Security Centre (NCSC), UK and NIST guidelines. In this session we will cover the items in our checklist and the recommendations on preparation.

    Coverage
    NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, Firmware
  • Ransomware Prevention Part 1 Recorded: Sep 17 2019 71 mins
    Donald E. Hester
    First in a two-part series on ransomware. Local governments are at high risk for ransomware attack, and the Federal Government and government associations recommend immediate action. A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) states that the cost for recovery tops $5 billion in 2019 year to date. The department of Homeland Security, CISA, MS-ISAC, NGA & NASCIO recommend immediate action to safeguard against ransomware attacks. In this session we will cover what ransomware is, how it works, statistics and common features of the attack. We will also cover the costs of some recent incidents, and a discussion on whether to pay the ransom or not. We will look at the anatomy of a ransomware attack and the criminals behind them.

    NIST CSF, NIST SP 800-53, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, Firmware
  • Security+ Objective 1.5 Recorded: Aug 29 2019 51 mins
    Donald E Hester & Robert DeRoeck
    Our next session in our continuing series of webcast on CompTIA Security+. Objective 1.5. In this session we will explain vulnerability scanning concepts.
    Passively test security controls
    Identify vulnerability
    Identify lack of security controls
    Identify common misconfigurations
    Intrusive vs. non-intrusive
    Credentialed vs. non-credentialed
    False positive
  • Microsoft Azure 2 Virtual Machines Recorded: Aug 22 2019 89 mins
    Donald E Hester & Robert DeRoeck
    Our next session in our continuing series of webcast on Microsoft Azure. In this session we cover virtual machines and virtual machine management. Session will include demos.
    Virtual Machine Planning, Creating Virtual Machines, Virtual Machine Availability, Virtual Machine Extensions
  • Security+ Objective 1.4 Recorded: Aug 15 2019 69 mins
    Donald E Hester & Robert DeRoeck
    In this session we will explain penetration testing concepts.
    Find an exploitable vulnerability.
    Design an attack around it.
    Test the attack.
    Seize a line in use.
    Enter the attack.
    Exploit the entry for information recovery.
  • Security+ Objective 1.3 Recorded: Jul 25 2019 55 mins
    Donald E Hester & Robert DeRoeck
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.3: Explain threat actor types and attributes.
    Types of actors
    - Script kiddies
    - Hacktivist
    - Organized crime
    - Nation states/APT
    - Insiders
    - Competitors
    • Attributes of actors
    - Internal/external
    - Level of sophistication
    - Resources/funding
    - Intent/motivation
    • Use of open-source intelligence
  • Cloud-based Financial Applications Recorded: Jul 10 2019 61 mins
    Donald E Hester
    Good? Bad? Indifferent? I am often asked if it is safe to host financial in the cloud. It depends is almost always the answer. Join this session to learn about the pit-falls and consideration of a cloud-based ERP or financial applications. We will cover; how cloud services change the IT and Financial control environments, the risk of using the cloud, managing the risks, the benefits of using the cloud, and the concept of shared responsibility.
    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, COSO, CSA
    IT, Cloud
  • Current Cyber Scams & Need for Awareness Recorded: Jul 2 2019 76 mins
    Donald E Hester
    A repeat presentation given at Maze Live 2019. In this session we will cover some of the most popular scams we see for local governments and businesses. We will cover the potential impact of successful scams on organizations. We will also cover how to setup a cybersecurity awareness program and some tips and tricks for maturing your awareness efforts.
  • Administering Azure Recorded: Jun 28 2019 51 mins
    Donald E Hester & Robert DeRoeck
    Azure Administration Tools
    In this webinar, you’ll learn tools used by Azure Administrators to manage their Microsoft Cloud infrastructure
    Azure Portal, Cloud Shell, Azure PowerShell, CLI, Azure Mobile App, Resource Manager, and Resource Manager Templates
  • Security+ Objective 1.2 Recorded: Jun 25 2019 130 mins
    Donald E Hester & Robert DeRoeck
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.2: Compare and contrast types of attacks.

    Social Engineering attacks:
    - Phishing
    - Spear phishing
    - Whaling
    - Vishing
    - Tailgating
    - Impersonation
    - Dumpster diving
    - Shoulder surfing
    - Hoax
    - Watering hole attack

    Application/service attacks:
    - DoS
    - DDoS
    - Man-in-the-middle
    - Buffer overflow
    - Injection
    - Cross-site scripting
    - Cross-site request forgery
    - Privilege escalation
    - ARP poisoning
    - Amplification
    - DNS poisoning
    - Domain hijacking
    - Man-in-the-browser
    - Zero day
    - Replay
    - Pass the hash
    - Hijacking and related attacks
    - Clickjacking
    - Session hijacking
    - URL hijacking
    - Typo squatting
    - Driver manipulation
    - Shimming
    - Refactoring
    - MAC spoofing
    - IP spoofing

    Wireless attacks:
    - Replay
    - IV
    - Evil twin
    - Rogue AP
    - Jamming
    - WPS
    - Bluejacking
    - Bluesnarfing
    - RFID
    - NFC
    - Disassociation

    Cryptographic attacks:
    - Birthday
    - Known plain text/cipher text
    - Rainbow tables
    - Dictionary
    - Brute force
    - Online vs. offline
    - Collision
    - Downgrade
    - Replay
    - Weak implementations
  • Security+ Objective 1.1 Recorded: Jun 17 2019 59 mins
    Donald E Hester & Robert DeRoeck
    In this webinar we are going to cover CompTIA’s SY0-501 Security+ certification exam objective 1.1: Given a scenario, analyze indicators of compromise and determine the type of malware.
    Viruses, Crypto-malware, Ransomware, Worm, Trojan, Rootkit, Keylogger, Adware, Spyware, Bots, RATs, Logic Bombs, Backdoors, Cryptojacking, Formjacking, Doxware
  • Who should setup access in the ERP (Financial Application)? Recorded: May 16 2019 63 mins
    Donald E. Hester; Robert DeRoeck; Ron Puccinelli
    As an IT auditor for local governments, one of the most often asked I get during audits is who should setup user access in the financial application. There is a debate of whether it should be IT or finance staff that create accounts and setup access. As with any professional my answer is it depends. It depends upon other controls that might be in place. What I like to do with clients is walk them through the needs and risks to help them design and understand the process they come up with. Let’s walk thought the logic and see what might be the best answer for your organization. Plus, we will answer a question from a listener on hacking Instagram accounts.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, COSO
    IT, Cloud
  • IoT / OT and the Death Star Part 2 Recorded: May 6 2019 71 mins
    Donald E Hester & Robert DeRoeck
    In the iconic Science Fiction classic Star Wars a New Hope the mightily Death Star was destroyed by the rebels exploiting the vulnerability of a small thermal vent. Similarly, the massive Target data breach was made possible by a remote maintenance connection to their cooling system. Internet of Things (IoT) and Operational Technology (OT) devices have positive impacts on organization efficiency however, they are often overlooked when performing risk and vulnerability assessments. Security systems, environmental controls, automation, SCADA, plant technology, robots, and artificial intelligence all have vulnerabilities. In this session we will explore some of the risks related to IoT & OT and what can be done to mitigate the risks.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • IoT / OT and the Death Star Part 1 Recorded: Apr 12 2019 58 mins
    Donald E Hester & Robert DeRoeck
    In the iconic Science Fiction classic Star Wars a New Hope the mightily Death Star was destroyed by the rebels exploiting the vulnerability of a small thermal vent. Similarly, the massive Target data breach was made possible by a remote maintenance connection to their cooling system. Internet of Things (IoT) and Operational Technology (OT) devices have positive impacts on organization efficiency however, they are often overlooked when performing risk and vulnerability assessments. Security systems, environmental controls, automation, SCADA, plant technology, robots, and artificial intelligence all have vulnerabilities. In this session we will explore some of the risks related to IoT & OT and what can be done to mitigate the risks.

    Coverage
    NIST CSF, NIST SP 800-53, PCI DSS, COBIT, ISO 27001, ISA 62443, COSO, AWWA G430-14
    IT, OT, IoT, Cloud, AI
  • Why is PCI compliance like the Death Star? Recorded: Mar 18 2019 61 mins
    Donald E Hester & Robert DeRoeck
    If you think you are PCI compliant you’re probably not. A single thermal vent allowed the rebel to destroy the death star. What seemingly insignificant hole do we have that will lead to a payment card data breach? Can we plug every small hole? Why is PCI compliance so difficult for local governments and small to medium sized businesses? Lessons from the Jedi can help us understand PCI compliance. Join this session to here from an auditor what are some of the pitfalls and what can be done to achieve and maintain PCI compliance.

    Coverage
    PCI DSS, COBIT, COSO
    IT, Cloud
  • RSA Conference 2019 Recap Recorded: Mar 11 2019 75 mins
    Donald E Hester & Robert DeRoeck
    Join Don and Rob as they cover the highlights of the 2019 RSA Conference. If you missed the conference you can hear about some of the things you missed. If you plan on going to 2020 we will have some advice for you. We will cover sessions, expo hall, student day, advice for newbies, and the night time activities. Join us and give us you feed back.
Working together to make the world cyber safe.
Covering cybersecurity focused on the issues surrounding the challenges of small organizations and local governments. We will be covering issues related to compliance, PCI, NIST, audit findings, IT governance & management, disruptive technologies, current risks, common vulnerabilities, and suggested remediation.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: MISAC MuniTech Academy IT Staffing & Career
  • Live at: Aug 27 2020 5:00 pm
  • Presented by: Donald E Hester
  • From:
Your email has been sent.
or close