RCR 036: Data Centers & Server Closets - CISSP Study and Training!

Description:

Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career.  Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity. 

In this episode, Shon will talk about the following:

·         CISSP / Cybersecurity Integration – 2.5 Million Jobs

·         CISSP Training – Wiring Closets and Intermediate Distribution Facilities

·         CISSP Exam Question – Most important purpose of employee exit interview

Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet?

LinkedIn – www.linkedin.com/in/shongerber

ReduceCyberRisk.com - https://reducecyberrisk.com/

Facebook - https://www.facebook.com/CyberRiskReduced/

LINKS: 

·         Business News Daily

o    https://www.businessnewsdaily.com/10743-how-to-become-cissp.html

·         ISC2 - Information Security Certifications

o    https://www.isc2.org/Certifications/

TRANSCRIPT:

  welcome to reduce our risk Podcast May 13th 2019 episode 36 reduce cyberis podcast where we provide you the training and tools you need to pass the cissp exam while enhancing your cyber-security career hi my name is Sean Gerber and I'm your host for this action-packed informative podcasts each week cuz I provide the information you need to grow your cybersecurity knowledge so that you're better prepared to pass the cissp exam all right reduce cyber risk and we have a wonderful podcast plan for you this week is incredible just ask myself that question mark. something like that okay with you guys so just want to talk to you about some changes we're making a reduce cyber risk and so we're going to just do a little bit of a pivot just a tiny one around some of the things as we deal with cyber security and how it works with what we call the certification for the cissp so we're going to provide I need to pass the cissp exam to all my cyber-security career is that they are intertwined the cissp and cybersecurity are all intertwined in work together so the whole purpose of this is to provide you that Level Training you need not your person as a business owner you'll still enjoy some of the cissp training to provide help your business be more secure so the good part about all this is that they work hand-in-hand but the focus is going to be primarily on the cissp and now we're going to have three main focus pacifically I said Focus three times in one sentence that's pretty amazing actually I didn't know you could actually do that probably if you're an English major out there you're probably going no you can't do that but I just did RCR Focus happy and cybersecurity integration you know basically how do you work from the cissp and how do you integrate that with cyber-security we're also going to focus on cissp training very specific training to pass the certification for the cissp exam at reduce Everest have got training out there on the cissp exam as well as you're going to be getting weekly trainings on how to pass the exam now is that disclaimer nothing I provide you can guarantee any sort of passing from the exam however it is a great tool to be able to get you to the next level and to help you during that testing exam testing other last thing is going to be providing cissp exam questions what are some questions that you could see on the cissp exam and so we're also going to talk about strategies around the exam and some of the things that people have run into the big thing with that exam is yeah it just tried to trick you in many cases and just see if you're actually paying attention to the actual test all right Zoe get started that we talked about the three Focus areas first one is going to be the cissp in cybersecurity integration now as I talk about that I got a news article from Business News Daily Now the thing that they put this out there is back ending in April of 2019 and the purpose of this article is to talk about the cissp and what are some different things that you can expect while they're basically talking about the shortage of cyber security security skilled professionals so if you want to study for cissp and we talked about this at length in my course and also we've talked about it before on the actual Ruby Severus podcast but the bottom line is you have to have 5 years experience to be a cissp they have some opportunities for you to get into that that profession or into the certification early but they expect Security Professionals who have had a lot of time to be working on their cissp now the point of that though is that there's a shortage of skilled Professionals in that you do not have how to be a cissp to do that you can actually just beyond the security analyst and I suggest is that you can work your way up into the that exam but the bottom line is a shortage of cyber skill to cybersecurity Skilled professionals and they're singing United States was about a half a million that will be short by the year 2022 is what I saw not vary wildly I just perfectly honest tri-states about a half-million but I heard just read from the business news daily article that they they are expecting almost 4 million globally and and that's the highest two-and-a-half and our slowest 2 and 1/2 in his hide now is 4 million globally so it it's a huge gap that's going to be growing in the cybersecurity space so if you're going to be a good time to get in there almost daily on the major what it called around cybersecurity so again good good time to be getting involved but you're going to look to the key thing to do as you're trying to get into these careers is that the cissp in many cases especially for the senior level role is a requirement to have so it if you are looking to get down this path I would recommend that you start studying for it now or start least planning for introduced at risk is a good way to help you with that but even if you are just that you're working as a security analyst and you don't think that at this point you can take your cissp reduce Everest can help you with just kind of getting getting ready for that test the one thing to consider also as you have to be endorsed by a cissp if you want to go for that exam and this is Ken with a talked about is that you need to preparing to pass it and you need to be endorsed by a certified information security professional they also mentioned in their article that there's other certifications becoming a cissp and these are ones that I actually recommend have been certified in these as well and they are a really good enhancement to getting the overall certification there's a plus certification which deals with Hardware security plus obviously security network plus which deals the networking aspect and then I also recommend that you get the certified ethical hacker course having that course actually provide you a level of knowledge around what the hell does a hacker think so as you become a senior person within an organization understanding how the hacker would approach a situation and what do they do I think is very very valuable might my years working in the red Deseret Timur was very very valuable and I believe as a security person Within I was also the systems security certified professional which is CC cscp now this is kind of a lower level below the cissp and it would have does it has many of the same demands that you would get in the cissp exam so kind of set you up for success and we'll talk about that and reduce our risk long as well as in the CC to CI sscp insula domains around that and maybe some of the Integrations that roll into that certification looking for the cissp there's also some concentrations that you can focus on others of the add-on aspects of that certification there's the ISS alpha papa so the India Sierra Sierra alpha papa India Sierra Sierra Echo Papa and India Sierra Sierra Mike Papa Mike Pappas his architecture engineering and management those are different concentrations that you can focus has a cissp does a great article, talk about what you needed working through the cissp exam and highly recommend you check it out at at the article that will be posted almost show notes within the podcast what is Rolanda training where is the cissp training is going to be domain 3 wiring closets and enter distribution facilities alright so you're dealing with a wiring closet and then this objective you'll see us in the cissp exam there's there's a different kind of take away is it considered as you're dealing with all of this now what are some key points around wiring closets is the fact that they contain the most critical aspect of your business and so therefore it's imperative that you do things to properly protect them so one of the things that would come into plays that you have the the proper airflow you have the proper air conditioning and as if you've probably figured out and you've probably been in this world for a while and especially you dealing with the cissp you probably had to manage some level of security or some level of network Administration for your organization is that proper air conditioning an air flow for these highly processing systems that create a lot of heat and if they create a lot of heat therefore they get warm and they get warm and they get too warm they shut down so it's imperative that you have the proper air conditioning air flow within the wiring closet that you may have the information that are your computer systems that 6's that's one of the things you'll see from an auditing standpoint to be real time it could be recorded but at the end of the day there is video recording so it works as a as a way to keep people out or keep to let people know what you are watching I'm also it does provide some level of providing an audit or oven the fact that there is an event you can go back and look at that video recordings he's just a couple that you need a really highly consider and with wire closet object if there's one objective in the cissp is server rooms and data centers takeaways around that is again we talked about having air conditioning and air flow but another one is raised floors and cable trays in many cases that you is wise to have raised floors set up specifically for your data or Data Center and the simple fact of it is you all the wiring can run down below underneath the the wiring cabinets okay the purpose of that though is also has to get air flow if you have air flow is really underneath the the flooring as well as air flow is inside that all other huge help for keeping the temperature down in that room now you also want to avoid trying to put anything on the ground floor where possible the reason is that if you have flooding you have any of those aspects you can cause a massive issues cuz I seen it where in the case were there basement and then a right next to the water supply well what happens the water supply has a leak when I get your toes highly recommended you do not put those on the ground floor or in the basement some aspects around the wiring cause you to also consider as you're dealing with cable trays and so forth is how do you have the wiring above the thing I've seen aware you instead of having underneath you'll have the cable trays will be above the actual server rooms or the wiring cabinets and the power what are the the connectivity will roll down through above you and then down into the wiring cabinets so there's a lot of different ways around that you can set it up depending upon your situation also recommend you have an uninterrupted power supply which is considered what they call a UPS typically with these are as it's like a huge battery or a bank of batteries and they are not designed to keep your system up and running for a long. Of time there they're designed a hat like you have a controlled shutdown of your power of your computer system so that in the event that there's a power outage you can go in there you can make him keep enough for a very short. Of time if it's just kind of a spike but if it's not you gives you the ability to go in and shut these things down versus having them just have a hard shutdown and as we all know hard shutdown computer systems are always an option OK Google server rooms and data centers there and there are various security mechanisms in place one is a smart card debadge and it can contain information for Access now is very similar to your proximity reader that we'll talk about it next but it's it can have information on your access and you can plug it into something and typically the smart cars will have like a chip or something along those lines and you can design it to have a pen or not to have a Pandora kind of comes down to you and your organization and how its setup but that usually like a chip that you would have on your credit card it it reads that little chip that's there and verifies are you the person who you say you are and that's kind of what happens with credit cards right now is all that ship really does is it verifies that you have physical access to the to the car itself and then the pin that's on that chip will verify that if you know that pain so it's just something to consider around that now you deal with these are RFID radio-frequency identification devices they were are a passive control to physical access and basically what it comes down to is you have your card you hold it up to a little pad and I called the beat beat and what it does is it beeps at let you in and then from there you can just keep on my great man and a lot of times I'll put these in place of or in lieu of or in addition to a man-trap which would be you would beat to get in and then went the door go in the door closed behind you and then it would allow you in over a. Of time so these are those are proximity readers and they you can get these a lot of times also oh in that they use them from a data protection standpoint are physical theft standpoint where they will put those on DVDs clothing of high-value they'll put these RFID tags inside the case or inside the clothing that's when you walk through a field that you can't you basically can't throw it over the the field it'll go off it goes and makes a bunch of noise example front door my house well it's an expensive door handle so wasn't expensive door handle they have a little beep beep inside it and they don't want people walking off with it and it's not very pretty small you could be relatively easy to walk out of the the building with it so therefore they have that RFID tag on or inside the box that keep people from physically stealing it all right so now on to the cissp exam questions this is domain 1 what is the most important purpose of an employee exit interview alright so the question is is this what is the most important purpose of an employee exit interview and we're going to go through a couple different options Alpha is confirm your job description is accurate b-bravo ensure that your on-board off boarding process is correct Charlie ensure that exiting employee has personal belongings and Delta review the standing non-disclosure agreement so you probably will ask yourself the point of this is one you want to bring a job description is accurate will be on your exit interview what do you think probably not because of your job description is you're leaving I guess it comes down to his HR person may I ask a is this really correct so cuz we're at a higher your back so long that one now that's not that's not the correct one operating process is correct North are a good resource to help you during that you're off boarding process if it's correct they may just tell you what you want to hear just so they can leave Charlie as you ensure the exit employee has personal belongings will that was kind of a given right you're going to make sure if I'm leaving a company I'm going to make sure I got my stuff right I'm not going to leave my stuff for you so that's the most important part of a personal or of an exit interview and Delta review the standing non-disclosure agreement that was probably the most appropriate all of those may have some level of truthfulness you know cuz you could help you with your onboarding off boarding process you can help you with your personal belongings and also help with the job description if they're really really helpful but bottom line is as you want to review the not the standing non-disclosure agreement and the question is why information and we don't want you going to share it with other people now in many cases this may not be the case of you may not have to do this because one maybe the information is not that sensitive to you know it's really not that big of a deal but it's also I think important for HR folks to to go and make a comment to the individuals around going hey even though you created some more product for us working for this company X you know you that is company X's work product and you can't go and take that someplace else not a special deal with highly sensitive information before where you had a situation where they are at deal with R&D and they have access to very very sensitive information then they need to have a non-disclosure agreement in place and they need to make sure that they're aware of it there's a got you if your ass working on your cissp you need people to have a non-disclosure agreement you better consider it especially with her in sort and some sort of sensitive information now disclosure agreements can be worked through and I've seen it happen already but it still is important to do that and have that in place okay in this scenario we're going to talk about the employee contractor working for a company and the scenarios cut design the fact that it's going to walk you through what you need to be aware of as it relates to having someone working for you and did this is an interesting part is that you this is things that I've run into our heard of the people running to so it uses if you're working on your cissp this is a great way for you to kind of get an idea of what you should be considering with the company's you get started with so in this scenario you have an employee or contractor working with company X and they build or create a widget of some kind of this widget could be intellectual property from a physical something that you would patent to as simple something as simple as just a process by which you do business all of these things I need to be considered as some sort of work product or in it maybe like an example like the guy that created the LEDs the most recent one of the highest viewing LEDs right they the Reds and the greens and I think the blues one of those but they finally got what I could do white and that was a huge deal that want an LED that can actually do white well this was actually he may have gotten some money off of that but that IP that he created that patent is work as for the company who helped create the LED is not his depending upon how you sign up your contracts and that's the way it works in most cases so it but what happens as employees and contractors will feel at the day that they worked on was created by them and therefore it belongs to them that's not the case in many cases now you get us not always but you need to work with your security with your intellectual property team to understand that now we got employee or contractor XO who's in approached by somebody as a recruiter on LinkedIn will write most people are on LinkedIn and these recruiters go out and they will fish for people well now they approached him in this guy goes yeah man it sounds great is that possible you know this is ever is a recruiter are as the individual able to take their IP with them well in most like I said before most cases that's cannot be the case so in the case of an NDA if you have an NDA during the interview it's a great way to reaffirm the situation that hey Billy Bob you have an Indian place and you're not supposed to go talk to people about this or you may have a time frame on that that's what you need to work out because again if you make an indefinite they probably can shoot holes and stuff like that but I begin I'm not a lawyer you talk to your lawyers around this but an NDA is a good aspect to have in place now in DEA training during the year is also a great way to supplement the employee knowledge around this topic highly recommend you do that don't just wait till the end and bring it up if you keep telling people about this and making it in the Forefront of your mind it's a great way to kind of Stave off disaster we had today at i c squared training Study Guide April 2018 great resource for you also Business News Daily it's a great place there we got that to article around the cissp and all the jobs that are being created all right I hope you enjoy this train was reduce cyber risk check us out online thanks so much for joining me today on my podcast if you like what you heard please leave a review and iTunes is I would greatly appreciate your feedback also check out my cissp videos that are on YouTube just search for Sean as Shon Gerber and you'll find it exam Leslie head over to reduce cyber risk and look at the Cornucopia of free cissp materials available to all my email subscribers thanks again for listening