RCR 033: Personal Safety and Security - CISSP Study and Training!
Apr 22, 2019
Description:
Shon Gerber from ShonGerber.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience.
In this episode, Shon will talk about recent Security News:
- Cyber Fast Track
- OPM Final Rule – Direct Hire for Cyber
- Motel 6 – Leaving the Light On For ICE
- GAO – Identity Theft Protection Not Enough
Our Cybersecurity Training for the Week is: Personal Safety And Security Concerns – Domain 7 – CISSP
As always, utilize Shon’s cybersecurity training to help fulfill your Continuing Education credits for your CISSP or other security certification.
Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet?
ReduceCyberRisk.com – https://reducecyberrisk.com/
Facebook – https://www.facebook.com/CyberRiskReduced/Paragraph
Show Links:
- Cyber Fast Track
- FCW
- SC Magazine
- Nextgov
- ISC2 Training Study Guide
- US State Department / USA.gov
Transcript:
Welcome to the new Cyrus podcast 2019 episode 33 welcome.to.the reduce cyber risk podcast provide you the training and tools you need for your cybersecurity career hi my name is Sean and I’m your host for this action-packed informative podcast join me each week as I provide you the information you need to grow your cybersecurity knowledge while taking practical and actionable steps to protect your business from the evil hacker horn all right real song ever get with reduce cyber-risk how y’all doing today is beautiful wonderful day that we’ve got going on we got some awesome things coming up on the cybersecurity space round some cyber security news and some key aspects you guys consider if you’ve got a business and also if you are in the cybersecurity space and really neat ideas if you are looking to get some knowledge around that also in the service crew training piece of this we’re going to get into personal safety and some security aspects around that as well and that would directly impact your business and how you protect your employees and or if you are working on your certification it’s a great aspect that you’re going to need when you go to study for your certifications that are in this cyber security space especially as it relates to the cissp follow up I apologize I was awful last week end up having to deal with some nasty mess as far as my allergies go and I just took me out along with the fact that I had to head out of the country for business so I apologize for being a little bit late the last and you’re really enjoying all right let’s get into the cyber-security news first Pizzarama cyber-security news it’s really not so much news that’s in the invite going on at want to get into cyber security and then the product is called cyber Fast Track and what it really is it’s it’s a really cool way for people to get involved with cyber-security that really don’t know how to break into the market and I’ve had numerous people ask me that in the past of global how do I break into this Market that’s so potentially lucrative and or growing in an area that I really really enjoy but I don’t know what to do what’s the first step came up with this I work as some others obviously to get to this point but it’s a cybersecurity or cyber Fast Track and what they call it and it’s designed to improve the quality and preparation of students that want to get into the cybersecurity feel it’s designed for people not high school students per se but people that have had going on at college that I graduated from high school that want to expand their Horizons what are the three reasons that they’re utilizing us they’re putting this out there because of the recent statistics that came out and I’ll have to look at where they came from but this came from Sam’s and it’s on their website you can check it out where they’re cyber fast-track is going what is in 2021 they’re saying about three and a half million that’s Global a 3.5 million jobs going unfilled and I’ll take from personal experience on that there is no doubt in my mind that it’s a very significant number I don’t know 43.5 the bottom line though is it there’s a great opportunity in this space I know I am constantly being inundated with the skills that we need food to help evaluate cybersecurity wrist to business and to the various instant Industries and the point comes into is that if you understand the risk and you understand cybersecurity a good position to to set yourself up for future business land or job growth another qualifications around this is that you have to be 18 years or older you have to be a us resident sorry not sorry learn and create your own programming your own company I need to be registered as a student in a community college and which in United States to take a two-year post high school or inside plethora of states that are part of this group I’m not real sure why they don’t have the what other states are not a locked at all 50 United States are actually included in this list so there must be some negotiations are working with each of the individual State as this moves on but there’s a great opportunity here especially for people that are looking to try to break into the market what is a registration fee that you have to get in you have to do that first off the bat and then once you get that registration fees done and they get the pre-qualifications done then at that point you go into the cyberstart assess and what they’re looking to do is get in your attitude your problem solving skills and then they want to see if you actually can think like a cyber person right and it’s not all swordfish where you’re trying to hack into the some without getting hacked up or getting shot in the head with a gun I know it’s not like the movie Swordfish at all but it’s basically in a virtual environment so I’m a 3D virtual environment you kind of think spatially that’s got a cyberstart game which basically challenges based on skills knowledge and it happens during the assessment phase they talk about research technique security flaws and then you dissect how cybercriminals might be going down a digital path so it’s just it’s a weight up its gamification of how this whole process works and how you I need to think about it the interesting part though is not all cyber people are the same so if you have a problem with some areas it doesn’t necessarily mean that that’s bad because I know plenty of people that really understand the technical aspects and they get into that really hard because other people like myself that are technical but at the same time I understand the bigger picture so it’s it’s just a really cool game to help walk you through stuff like that EverStart Essentials which is 50 + module for foundational in Essential Knowledge these are the things that you’re going to need to know for cyber security and I mean I would say all the things that they talk about it about some form shape or another and this the foundational essential part that you need to know around cybersecurity so core Technologies networking programming so all of those things that you need to know to have the foundation in cybersecurity so this is pretty cool it’s a great place to start if you’re really trying to break into this feeling you really don’t know what to do and who dementia unit movie on salt is that there’s any cybersecurity knowledge and they’re going to take college courses sprouts sprouting up everywhere so I can help you dramatically with that it’s also for the top-performing students that are in their upper echelon they have a scholarship to continue learning introductions to employers I eat a good experience on for your resume and it’s funny in India this past week and they talk about resume and I couldn’t understand what they were saying resume mock interviews and with leading companies and internship opportunities so there’s lots of opportunities there for you too if you’re a top-performing student to get your foot in the door as a relates to cybersecurity so it’s pretty cool stuff Honors Academy scholarship for the higher-performing students free training from Sand and it’s viable to put in perspective to go to a week-long course just a course alone is probably run 10,000 US dollars so that’s about a minimum so it’s big money in it and it will help you and it a lot of things is my dad always told me this was very wise and some very strong Business Leaders of said the same it’s not what you know it’s who you know and you can be the smartest guy in the room but if you don’t know the right people opportunity will not be presented to you so it’s imperative that you put yourself in a position to win in this is a great way of doing that w202 receive a $5 scholarship for college and they have a base tan prize drawings how they figure that out so fast as a safety mechanism in some cases so that there is a little bit of nepotism going on where someone’s going to get my buddy over there I’m going to hire him restrictions are people faster and not have to go through so many bureaucratic oversight so get abused probably a little bit yeah that’s just human nature right but hopefully it’ll be it’ll help with their severe demanded they’ve got a severe shortage of it management employee so they’re they’re having a hard time finding managers good managers the hard problem everywhere is to find good it security managers just because they mean that their career is so new it’s exploding and finding people that understand it or security can be a challenging and managing people as well direct tires for a four-year period with a possible for your extension so basically Billy Bob can come in and say I’m the best cyber security guy in the world the person can go inside you look good and then put them on for your tour Without Really any oversight with a possible for your extension so you get eight years and I think it’s good they’re going to have to remove these barriers I get the reason why we have Burgers like this from two to protect from the hiring a but at the same time is with the with Adam and the way it is going to have to happen again within 10 days of hiring which and then if they have a lot of people hiring Ethiopian going to do much about it well that really because they reducing the restrictions anyway so not really part of a whole issue with that I think it’s just going to have to happen some more people worried about the skirting of the principles and you know do they have the actual creds to do it you just hiring Billy Bob because it’s a good GS job and he’s a cyber security guide he doesn’t know he’s doing but you know that’s going to happen and he’s going to happen right from cronyism standpoint however I think the numbers will be smaller in that space and they will be the ones that actually doing it for the right reasons cuz at the end of the day if you don’t do it right that chicken will come home to roost at some point and you it will burn yourself but I don’t think that they’re actually going to occur at this the level that they possibly could okay now this next piece of information Motel 6 known I was a kid growing up old crusty guy that’s been around like forever when rocks were soft and dinosaurs roam the Earth they had a statement on a ad that was called what Todd beaudet and it was it’s a really really good for you text is going to leave the light on for ice and this is this is how this kind of came out now what it would end up happening here it’s kind of interesting is Isis set to pay $12 to the state of Washington and the reason is that an employee was was going to share information without a warrant so then ice employee they had people illegals that were in this motel in this very spot Elsa routes in the state of Washington and they had an employee was sharing information about people now wear their people caught up in this that were in the United States illegally yes it was yes their work they basically around 80,000 guess over a. Of 2 years now the interesting part about this is is it to get into politics in the United States immigration has a hold of you say when you get together with family and friends is don’t ever talk about religion or politics right cuz I can go Sunday right they have to work through in there’s there’s pros on both sides of the house and there’s people that are with the fact of hoping everything out there people that are closed everything down bottom line is they’ve got issues and they’ve got to work through it and that’s where the politicians have got to figure this piece out because you can’t allow just everybody in without wedding people at the same time as you got a great country so we should have set up for opportunity for people to succeed so that being said that was the sad part is that Motel 6 trying to do something at thought was good and helping the Country Inn and the red white and blue and all of that which is awesome ways of doing it that you have to do it correctly and not an incorrect fashion so basically what happened is Motel 6 at 7 location shared guestlist with ice in it that just makes your hair stand up right cuz you know they were trying to do is on the right thing to help the country but at what point does that stop right so then the end of the really sad part this is the part that’s even scarier honestly is it cannot goes back to the days of World War II is you don’t even have to have any proof you just kind of go to use a Latino sounding name and push a button and send it to ice the Phoenix New Times September 2017 so that’s not good and so therefore thank goodness it came up people are addressing it and now ice is set to have to pay money to state of Washington because of the situation getting better with your politics are the bottom line is if people are targeting based on your name or ethnicity or some other aspect like that real quickly can get down the path of that you have a Jewish sounding name and we’re going to send you over here not good at all so imperative that we have processes in place to protect people the innocent and the guilty because you know what you don’t want to be putting guilty people in a situation where you’re putting them In Harm’s Way as well so it just kind of interesting Motel 6 leave the light on for ice okay this next piece weren’t chocolate GAO which is a government accounting office and its identity theft protection is there stating is not enough so what it comes down to is that they are saying that you’re the genius you should reconsider identity theft Insurance requirements for significant breeches and example I gave earlier about opium of the office of personnel management is around the 22 million people that were affected by that Reese that breach that happened 6 years ago or something like that but it affect a lot of people it was 420 million dollars that was set aside during that brief is that how many people actually utilize the money that was set aside and I mean I’ve had my identity compromised numerous times right and insult it comes right down to it says that you have to put Protections in place help for that challenge and it’s so anybody relying on something another company to store their data especially in the the pre breach years breach notification years you have to be prepared to just have your data exposed that’s just a given and if you haven’t considered that your date has been exposed right now while you’re probably not the right person listens podcast where that is your cells probably compromised but the GAO wants any agencies white amount of identity theft Insurance this basically came down to his identity theft Insurance does not alleviate the data breach risk and I’ve seen this time and again and you see this with all these different companies where they will say you’re just going to give you data breach insurance and you know the four other poultry we’re sorry you didn’t mean to have I want to have something to Gator McGee the risk so what happened at that foreign 21 million it was set aside they basically at 61 people receive payouts from claims that they submitted from identity theft and each of those was about $1,800 each and the interesting part of that is only 61 people claimed some sort of payout from this and the fact that I think it’s interesting is that it didn’t really effect or in affect a lot of people but people probably just didn’t know what to do in many cases and they just kind of moved on with it so all that money was set aside to protect these people but it really didn’t do anything right so as you get data breach notifications now people say will put you up for monitoring but so what it really it tells you after the fact one two then you got to try to go through and get your credit back and then if you could have stolen and you have to deal with all the issues along with that there’s no easy way and that can affect you for years before it finally gets worked out now most companies will offer some level of complimentary service and I say this in the fact that if you ever do deal with breaches and your information is compromised you need to but my number one thing is lock your credit shut it down do not allow people access to your credit and you better have multi-factor authentication and getting into it because and they Credit Agencies have ways to do that to protect you but ReliOn Credit Service monitoring services to protect you if it really they I mean they have products that can help you but like life Locker whatever that one of those companies are there their they’re good in providing some level of protection but it is not a Panacea it will not protect everything you need may I look at its primitive pussy-bow it’s going to just keep people happy in and do something for them rather than nothing but at the end of the day once your credit once your information is out there you got to do everything you can to just keep that Genie out of the bottle free credit monitoring if someone else is paying for it but realistically and we all know this Identity Theft Protection yeah it’s just not cutting it train topic personal Safety and Security concern what does p supplement stuff that I put out in this is under domain 7 and now you is your business so you might be thinking well what the heck is this right so we have typically introduce cyber risk if you’ve been at a long time listener or a short time we have been around if you are a business owner you need cyber security experience if you need expertise on helping you what would I put out as I put out cybersecurity supplements and these supplements are designed the training that will help business owners that are working on their cyber security certifications on how to best protect their businesses that they work for or if your business owner how to best protect your business and the goal is to put these in layman’s terms and down-to-earth that you can utilize and take him and do whatever you need to do with them so the first thing is that personal security needs to be considered when you’re dealing with cybersecurity and and how you’re dealing Personnel security is IU keep people in from getting an access I shouldn’t how do you have proper exit to protect your people out from keeping people getting into your building that don’t deserve to be there when you’re also when you’re traveling how do you do with Wi-Fi monitoring devices secure Communications all those pieces need to be considered as you’re dealing with security for your business and your employees that are working for you as an example out of country recently and I have very specific Criterion how I access the internet where I access the internet what type Nativity if you have laptops or Isis how do you connect in use VPN to use other services such as a great product called zscaler zpa or private access you have different ways that you can do that to one is to protect yourself right cuz everybody’s watching you and nobody’s listening so don’t don’t ever think that you can go someplace and just kind of turn on your Wi-Fi and be anonymous not everybody knows they’re monitoring everything guys and so you need to be prepared for that and it’s best especially for dealing with the business and you deal with proprietary data or anything that would help give up a competitor different advantage over you you need to make sure that you have a good process in place to protect your information and your people now you’re traveling and key aspects to consider when that and you integrate this with physical security if possible not giving example applications through my email saying that the airline that I was going to be using the company was actually going to be filing for bankruptcy so I had to Migrate move while they also send me notifications when I was in Paris right before about yellow vest and then other things that happened so the thing is he’s a really cool items that can be that give you good indications and help you with your traveler so if your business owner consider signing up for these for your employees as a great way that they can protect them and it’s a blend of the physical security but at the same time it is a cybersecurity piece because I got push notifications through my email and through my app that I had on my phone so those are good aspects around that and that’s that also helps your employees to keep him out of trouble and if it did have your data or they’re sensitive they can also keep the dead knowledge away from potential areas where could cause your conflicts and challenges now as far as you and you’re dealing with sensitive data protection you need to always look at how do you encrypt your data where do you put your cloud storage is that country if you’re traveling or person than one location can I get access to the cloud Samsung Wi-Fi within the next within a hotel are you going to a different location of Business location consider those different aspects but what you need to think about as you’re looking at security for your company is that the perimeter of the cloud is everywhere in the past that you’d have to VPN in to get into the network and get your data those days are kind of are moving away pretty quickly so you need to consider that everywhere you have an endpoint is the perimeter it is that the network consider throwaway devices consider devices that you know what if the guys using a laptop that’s a so what how do I protect in cases you just need to look as far as how do you monitor devices in the physical behind that understand travel locations and expect them if you have people going out there knowing full well that they’re going to be watched a watch from a physical camera perspective they’re going to be monitored under audio phone calls all of those things but you need to teach your people that as well that be careful what they say on the cell phones even though the encryption is in place on these communication Concepts the keys are always kept within that controlled environment sometimes at Western cultures week protectable and it’s hard for anybody to listen to government can listen to anything especially the country you lose property that you don’t want lost an electron property take the laptop with you when you go to eat do not leave it in your hotel room because especially if it’s worth anything people will take it a hotel and free Wi-Fi be buyer beware okay so again we talked about it you get anything free for reason you’re going to open up yourself to potential monitoring very quickly on if you’re going to do it how do you have on your methods and mechanisms to protect the data Walton Transit and and why are utilizing it you’ll eyes VPN where possible or something similar to it and now the thing is the VPN will not be all-encompassing cuz you’re going into China the great firewall will still negotiate and read through that so it’s it’s a great aspects a great protection but just know again I get kind of can’t help on this enough that if somebody wants to get your data they’re going to get it if you don’t want them to get your data. Then don’t take that in country and don’t take a traveling look at ways to remotely access it in a secure manner nastri awareness training there’s some interesting need to create a training program for your imp and this is this is a great ass back if you can do this for your employees that helps out immensely you also need to create a train there’s plenty of free free resources out there that you can gather from US state department usa.gov for passports international travel and these things you could set this up specifically just saying hey all I got all our employees I want you to go to these three locations go to the training and I’ll give you some knowledge around this but I have to come from the leader has to come from the security leader or ask him from the business owner saying You must go do an emphasized the importance of it yourself and do take it yourself because it’s imperative that you see this information what your employees are working on electronic I believe she had just a website set up specifically is what you need to do Step 1 2 3 4 5 and then get that out to your people those are great ways that they’re small and not a big deal that real simple but their ways that you can help your employees and provide best practice documents on physical and electronic security there are plenty of free resources out there available for you on this even reduce the risk of that stuff out there as well as available and the point of it is is that you want to get them as best educated as they possibly can around protecting their data for these thumb drives all that stuff but we’re in the case if I had thumb drives and I would I would purposely dropped thumb drive for people to pick them up put them in their computers and then they would install malware on their system so that I can have access to their computer and ineffective getting USB drives when they’re on a training Mission or going we don’t break free stuff go to the trade show and give you all was thinking that stuff in your computer potentially can incorporate malware and different kinds of things into your varmint so you can’t do that secrete products and practice best practices to help educate people now as far as Emergency Management you need to also have response plans in place to help people with this and this helps organize provide guidance during emergency is an example I’m flying over to Indian the end up getting stopped in Paris of the Charles de Gaulle Airport in Saint Charles de Gaulle and then for whatever reason DACA did not happen these yellow vest protesters show up at the airport and I just wrote traffic well if you have it away the emergency respond to that through email and it’s a fast communication method out there or not you know but just electronic you can help avoid some of these situations or you can help say hey avoid this terminal because there’s a yellow vest thing going on at this terminal that that could be available and very valuable for people so again that’s personal safety security especially after a disaster as well as in most cases cell towers in his previous life in the military we can still stand up cell towers in no time at all so emergency response you can get cell connectivity relatively quickly so it’s important if you have plans in place you can utilize that for your employees as well not an example of tornadoes in the Midwest do they do come right by hurricanes typhoons earthquakes tornadoes hurricanes But as time goes on because why it has lots of power in the news media and it also gets detention and can have significant impact without physically killing people in many cases cases more of a psychological attack and psychological operations in affecting people psyche is a huge way of getting people to do things you want them to do without physically hurting them and then this is kind of an interesting aspect is also key thing is what it’s used for employees are alone or separated you should have some way that you haven’t arrest signaled for people this will come down to your liking a large Manufacturing where someone could be in a situation where they would be could be hurt or there’s hundreds of Acres of what is address where we used to have in the military address word to know if there was potentially you were you were compromised you had a word that would alert people that hate is a bad guy on the base and I don’t want him to know that is that I know that he’s a bad guy so I got to dress work and I’m going to use and only certain people knew what that word was but is it could be what is there a flare that fired up when somebody’s and in the rest is also electronic or physical panic button action facilities they’ll have like a panic button that you hit this thing and it’s like the little thing wrapped around your neck so that a commercial on that where I’ve fallen and I can’t get up you push that panic button and then it sends it like the calvary to come save you is also guard walking around your facilities watching for anything that’s going on the great physical protection from outside entities with also a great way to see how the employees are doing and if they find anything that’s going on and we can talk about the rest words and how this would affect military and high-risk facilities especially where you could have some sort of terrorist attack those things around the duress aspect of it well that’s all the training I have four hour cissp supplement stuff and this is also the end of our podcast for reduces cyber-risk you can go check out my website and we’ve got some great stuff is links out there on the website on the show note that will go over all of the different locations that we went through today and all the different places we talked about hope you guys enjoyed it again if you got some expertise and knowledge that you need to be successful in your cybersecurity career and as protecting your business from the evil hacker alright thanks a lot have a great day will catch you on the flip side thanks so much for joining me today on my podcast if you like what you heard please leave a review on iTunes I would greatly appreciate any and all feedback got my videos are on YouTube search for Sean at sa Joanne Gerber and you’ll find a plethora of content to help secure your business Wesley head to reduce cyber risk and look for the free stuff lots of free stuff and it’s only available for our email subscribers is growing each and every day thanks again for listening
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!
