Name: "What exactly do you do here?”: Defining Cybersecurity Roles with NIST NICE.
Start: 2020-03-11T11:00:00Z
End: 2020-03-11T11:00:30.000Z
Location: BrightTALK
Rating: 4.3

We empower organizations to increase, measure and demonstrate human capabilities in every part of their cybersecurity.

Cybersecurity experiences must be constant to be effective. Like gamers, security experts are curious, creative individuals with a penchant for problem solving; our industry never stops moving, and neither should your team’s skill levels.
Now more than ever organizations are facing a challenge to keep their employees motivated. Cybersecurity CTFs are the way to go: there are prizes, it's fun, and at the end of it you gain kudos for getting the token first.
But how do you turn a CTF event into a learning experience? How can organizations benefit from CTF events and ingrain them in their cybersecurity strategy?
Join Immersive Labs on 11th February at 3PM GMT (10AM ET) for our "Cybersecurity CTFs: The Power of Competition in Building Attack-ready Humans" webinar, and discover how you can tool up your team with a hacker mindset.

Cybersecurity CTFs: The power of competition in building attack-ready humans

In a world built on software, the fallout from Sunburst is an example of the importance of a secure SDLC. With a few more checks and balances, nation-state actors might not have been able to weaponize the SolarWinds application and bend it to their will and compromise everything from Government entities to tech companies.
  
Join our Director of Cyber Threat Research, Kev Breen, and Sean Wright, Lead Application Security SME, as they demonstrate a series of labs on this unprecedented threat to organizations.  By starting with foundational concepts and moving through to detailed hands-on simulations, you will learn firsthand the critical lessons underlined by the attack on Solarwinds. Using the gamified Immersive Labs platform, you will be guided through a five-part series, featuring: 

1) Compromising SolarWinds NMS – Theory: What is an NMS, why is it a target and how was it attacked? 
2) Who is Cozy Bear – Theory: Using MITRE, understand how the infamous UNC2452 threat actor operates 
3) Build Server Investigation – Practical: Our experts use our platform to simulate being a threat hunter and show how to review a build server and pipelines to identify malicious code injects 
4) IOC Investigation – Practical: We walk through the indicators of compromise to demonstrate how to review your NMS host and identify if it has been infected 
5) Malware Investigation – Practical: Kevin and Sean step into the shoes of a threat hunter, analyse the Sunburst malware to understand further IoCs, and discern what suspicious network activity looks like

You can access these practical hands-on experiences for yourself from Immersive Labs Community here: https://community.immersivelabs.online/browse/category/cyber-threat-intelligence/sunburst-supply-chain-compromise

Experience Sunburst first hand with the experts

Should you ever pay the ransom? What if it were a matter of life and death?

In the peak of a brutal winter and a global pandemic, power distribution company EXCEL gets hit by not one, but two Netwalker ransomware attacks, causing power-outs across the country. It’s up to you to prioritise tasks, appoint leaders, push out comms, and of course decide whether to pay the malicious hackers. Most importantly, will you be able to prevent fatalities?

In our final Cyber Crisis Simulator webinar of 2020, you’ll work with Chris, Paul and Kev from Immersive Labs to get EXCEL’s systems back up and running again as quickly – and efficiently – as possible. Using Immersive Labs’ Cyber Crisis Simulator and technical labs, you’ll be a part of the life or death decision-making process that will determine whether this year’s holiday season is dark and cold or merry and bright.

Outcomes:

- See the impact of the human element in incident management and response
- Gain a greater understanding of how decisions in a breach scenario have a business-wide impact
- Experience Netwalker via one of our technical labs

Out in the Cold: The Cyber Nightmare Before Christmas

People often assume that application security, or AppSec, focuses solely on the security involved in the development of an app or service. 
Wrong! Sure, this is a vital part of it, but there are several other areas that are just as important as the code used in development:

-Design
-Operations
-Testing
-Deployment
-Maintenance 

AppSec ultimately covers the security of an app from inception to deployment, use and maintenance; it’s a process spanning the application’s lifetime and you must be there every step of the way.
Join our webinar on 25th November at 3pm GMT to find out what Immersive Labs has to offer for Development and Engineering teams in your organization.

Hear from Chief Cyber Officer, Max Vetter, Lead Application Security SME, Sean Wright, and Senior Content Engineer, Taylor Mowat, as he shows us around the new lab formats for Application Security.

You’ll emerge with an understanding of:

-The challenges of building secure applications
-The risks in getting the balance between productivity and security wrong
-How Immersive Labs is bridging the gap between cyber and engineering teams
-What is on our roadmap for AppSec

Intro to Immersive Labs for Development and Engineering

The tightrope between security and usability is nothing new, but recent events have propelled it to the fore. When the corporate world was forced out of offices and into kitchens, studies and bedrooms, businesses had to peer under every rug for the remote working policies and plans they should have made. Now, as the second wave of *you know what* begins, it’s clear that balancing remote working and cybersecurity is a perennial issue – and it’s here to stay. 

In Immersive Labs’ latest crisis simulation, your organization faces an imminent switch to 100% remote working – and it’s up to you to make it happen. As Head of IT for a wealth management firm, you have to balance the cybersecurity needs of the business with operations and efficiency, while preparing a workforce that has never worked remotely to make the switch. Join Chris Pace, Tech Advocate, and Paul Bentham, Chief Product Officer, as they navigate the balancing act that businesses around the world are now facing. 

For many, lockdown was a trial by fire – and it’s *still* not over. While the world is tentatively opening its doors again, governments are ready to slam them shut at any moment. Short term fixes must now face the test of time as offices fall quiet once more. 

In this webinar, we turn those short-term band-aids into long-term solutions. When your IT estate is scattered across kitchen tables and sofas, how do you keep it safe and secure? When team members can’t see IT about a dodgy email, how do you encourage best-in-class security practices? When your workforce has never worked remotely, how do you balance productivity with security? 

As the scenario unfolds, you’ll get your say on how the team should prepare. You’ll see the impact of your decisions on factors like operational effectiveness, security and comms quality. You’ll emerge with an understanding of: 

- The challenges facing businesses and security teams
- The risks in getting the balance wrong
- The importance of communication

Threats at the Kitchen Table: Balancing Security & Usability In Remote Workforce

As you might have guessed from the title, the Twitter hack is the focus of this episode – specifically, the kids behind the attack. Why are youngsters so much more likely to turn to cyber crime? How can we guide them onto a more ethical path, while still giving them the opportunity to explore their incredible cyber talents? 

Kev shares a blast from the past and tells us about his path to cyber. Buckle up, because it’s a good’un! Of course, he maintains that he’s stayed firmly away from any shades of grey during his early cyber years. We totally believe you, Kev! 

We couldn’t cover the Twitter hack story without discussing the somewhat salacious interlude during the court case. How is it that Max can’t even share his screen on Zoom due to security restrictions, but someone can get onto a major court case and share porn? 

Finally, and most importantly, we puzzle over why these kids merited an entire task force when there are entire criminal organizations out there monetizing malware and doing real harm. Tune in to find out! 

***

About the Cyber Humanity Podcast

Our podcast takes a not-so-serious look at issues in security from a human point of view. Covering social engineering to hacker motivations and everything in between, we chat through security stories and themes and what they mean to us: the oft-neglected humans behind the screen. Apart from Kev, Kev is a cyborg. 

These weekly podcasts come in two main flavors. We’re either ranting about themes close to the heart of us security types, or we’re discussing threats and vulnerabilities that have hit headlines – or slipped under the radar – in recent weeks. 

Join Chris Pace, Kev Breen, Max Vetter, and Paul Bentham as they wend their way through the murky world of Cyber Humanity.

Episode 16: The Kids That Took Twitter | Cyber Humanity Podcast

Another day, another breach. Businesses have never been more acutely aware of the increased likelihood of data being compromised as a result of a cyberattack. Formulating response plans and crafting policies are top of mind for security and risk professionals, but these efforts can never really factor in the human element when the worst happens. How do time and pressure impact on decision-making? How can organizations be sure that the right people are involved in breach response and know what the wider business impact is?

This webinar replays an incident simulation based on a recent real-world cyberattack. Attendees were in control of how a fictional company reacted to technical, business and risk challenges in near real-time. This session was designed to simulate the tightrope to be walked in responding to a breach when dealing with technical attribution, public relations, legal obligations and more.

• See the impact of the human element in data breach response
• Gain a greater understanding of how decisions in a breach scenario have a business-wide impact
• Examine missteps in responses to recent highly publicized breaches
• And more

Discover more about Immersive Labs' Cyber Crisis Simulator at https://www.immersivelabs.com/labs-and-content/cyber-crisis-simulator/

Cyber Crisis Simulator: You're in control

An attacker's first-move advantage clearly comes down to their rapid innovations, meaning security teams always have to operate reactively. Like forest fires, cyber-attacks are devastating and unpredictable; and like firemen, defenders can only race to the scene. But by the time they arrive, the damage is usually done.

But what if you could flip the script? What if the defenders were empowered to innovate as rapidly as the attackers to stay ahead of the threat?

In this webinar, Max Vetter, Chief Cyber Officer at Immersive Labs, explores this topic and number of others, including:
- How human readiness can be mapped to the risks that organizations face
- The advantages of skills content that incorporates real threat intelligence, real tools and real techniques
- The importance of a "security-first" approach to upskilling teams across many roles, including IT, DevOps, project management

View this webinar today and discover strategies to stay one step ahead of the threats

Hackers Have First-Move Advantage - How Can We Equip To Respond?

When the worst happens not even the best incident response plans can account for the human element. You might know how your tech will work under pressure but what about you and your people?

Immersive Labs Cyber Crisis Simulator throws decision-makers into an emerging attack scenario. You’ll be able to experience how human psychology plays its part in an evolving crisis and see the impact of decisions made under pressure in real time.

Introducing Cyber Crisis Sim: A live scenario

At the dawn of 2020, foreign exchange company Travelex had something of a New Year cyber nightmare. In this episode we discuss what happened, how they responded and whether paying the ransom is ever the right thing to do.

About Cyber Humanity
There's a lot of cool techy stuff going down in cybersecurity, and we love it. But you can't deny that a lot of the time we humans get forgotten. Our podcast takes a not-so-serious look at issues in security from a human point of view. Covering social engineering to hacker motivations and everything in between, we chat through security stories and themes and what they mean to us: the oft-neglected humans behind the screen. Apart from Kev, Kev is a cyborg. 

These weekly podcasts come in two main flavors. We’re either ranting about themes close to the heart of us security types, or we’re discussing threats and vulnerabilities that have hit headlines – or slipped under the radar – in recent weeks. 

Join Chris Pace (tech advocate and keeper of the coloring pencils), Kev Breen (pro blue teamer, also known as 'Mr Nothing to CVE here...'), Max Vetter (former dark web detective and pretty cool guy), and Paul Bentham (ex-gov. type and Immersive Labs product guru) as they wend their way through the murky world of Cyber Humanity. Tune in for more episodes here: https://www.immersivelabs.com/resources/podcast/

Episode 1: Travelex: A post-mortem | Cyber Humanity Podcast

Why, despite the rapid pace of threats, do we still measure skills with paper?

We’re part of an industry that wears its rapid pace of change as a badge of honour. There’s no question that cybersecurity demands a constantly evolving skill set.

Current predictions put the number of open security roles at 3.5 million by 2021; it’s impossible for all of those individuals to attend days of classroom training to validate their knowledge. At the other extreme, googling the latest breach currently qualifies as training in thinly spread teams.

The Cybersecurity Certifications Paradox

It’s been too easy in recent times to lay the recruitment struggles of the cybersecurity industry at the door of the so-called skills gap. The real challenge is more complex. Businesses looking to recruit, for example, may be averse to paying top dollar for a self-taught ‘hacker’ with no college degree. The same applies to those aspiring to move into entry-level roles who may have taken useful and effective hands-on training but have no way of differentiating themselves when they lack formal experience.

To address some of these issues, the US National Institute of Standards and Technology (NIST) has built the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. It can improve the way organizations identify, recruit, develop and nurture cybersecurity talent by helping them to interpret their workforce and identify skill gaps. In this webinar, we’ll introduce the framework and talk about the advantages of implementing it in forward-thinking security teams.

"What exactly do you do here?”: Defining Cybersecurity Roles with NIST NICE.

Cyber Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful finance insights for your business. Connect with experts and colleagues to get the most up-to-date knowledge that will help you to determine which financial factors build or erode value in your organization.

Finance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

"What exactly do you do here?”: Defining Cybersecurity Roles with NIST NICE.

Presented by

About this talk

More from this channel