Ads 468x60px

Featured Posts

1 March 2021

Cybersecurity Training

If you want to learn about cybersecurity, you can take training for free at FEVAL in Extremadura. This year is the fourth edition and there will be six courses. Moreover, the training is online and I’m the teacher. It’s great! Fantastic! I’m happy! In fact, there will be virtual lessons where I’m going to talk about security, systems, networks, forensics and lots of good tech things. Therefore, if you like cybersecurity, go ahead, I’m waiting for you!

Cybersecurity Training Schedule

The first two modules are about Security on Networks and Systems. I’m talking about security awareness, methodologies and tools in the basic course. For instance, we have been talking about ISO 27001 and we have also configure a virtual firewall. On the other hand, we’ll talk about Information Security Governance in the advanced course but there will also be labs with Web Application Firewall, Wireshark and web debugging proxy. Actually, I like to talk about the security stuff I’m working on.

If you love security, you can continue with the Hacking courses. There will be two modules about hacking where you can learn technical skills such as vulnerability assessment, DoS attacks or Buffer Overflow. There will be lots of labs with Kali Linux, Greenbone and the Social-Engineering Toolkit (SET). We will even develop a malicious WhatsApp Messenger where students are going to test their own malware into the smartphone. Therefore, I think these hacking training courses are for people who love attacking and protecting systems.

If you really love security, you maybe would also like learning about Forensics. Students will learn methodologies, procedures and techniques to look for electronic evidences in this course. We are going to use forensics tools such as FTG Imager, fcrackzip or exiftool. In addition, students will search CTF (Capture The Flag). I have some CTF ready for them. What’s more, we are going to dig into a Fileless Malware. It will be amazing!!

Finally, this fourth edition has a new course about Mobile Device Security. Students will learn concepts and techniques to secure mobile devices such as smartphones and tablets. In addition, they are going to learn tools to connect to remote networks and servers. We will also learn mobile architectures as well as risks and threats. I think, this is a course with lots of new interesting things where students will enjoy learning security.

To sum up, there is a cybersecurity training waiting for you. There are lots of labs, attacks and techniques ready for you in these lessons. This is maybe the beginning of your career as a security consultants. As a result, you will realise there are still lots of thing for learning. I hope see you soon in the virtual lessons.

Have a nice day! Keep studying!

22 February 2021

Cybersecurity Services

I came across an RFP last week about Cybersecurity Services for a spanish public administration which, I think, is really interesting because the RFP addresses the main cybersecurity services to protect data and services of citizens. However, these cybersecurity services can also be applied to protect data and services of any company. What’s really interesting is the well-written of the RFP where there are only cybersecurity services and not other kind of services. Therefore, cybersecurity companies can applied easily to this RFP.

First of all, the National Security Scheme, or ENS in spanish, has to be implemented as well as the General Data Protection Regulation (GDPR). As a result, ENS requires to write the adaptation plan, security policy, risk analysis, incident response plan, security awareness, etc. On the other hand, GDPR requires data protection impact assessments, record of processing activities, etc. In addition, GDPR requires a Data Protection Officer (DPO). All of these tasks are mandatory and are really important before taking the plunge to technical tasks.

The IT Security Audit should be the next step to know the security status of the organization. This is the best way to have the security measures which have to be implemented. What kind of security audit is required? A pentesting is mandatory as well as a networking audit to know the vulnerabilities of all assets connected to the network. In addition, they require IDS/IPS, NAC and VPN appliances to control all devices which are going to be connected to the network.

There is a big chapter about monitorization and protection where there are network firewalls and web application firewalls (WAF) as well as web monitorization to know availability of web applications. What’s more, there is a DNS Security service to block access to malicious websites at the DNS layer. In addition, all of these appliances and services will protect users and services from malicious attackers.

Finally, the RFP requires an Incident Response Service, Security Assessment and Training. I think these services are important to be up to date in cybersecuirty subjects because they are going to be able to ask advice of any security matter as well as they are going to have an incident response team to investigate network intrusions and mitigate data loss. Moreover, this chapter includes a SIEM appliance to get all security logs and improve security visibility.

To sum up, you can see here an overview of an RFP. You can see all services and appliances you can require. It’s up to you to require all of these services, or even include more security services or devices, but it’s highly recommended to ask only security things instead of requiring other kind of services which are not security things, because if you mix security with something else, most cybersecurity companies will not able to apply to your RFP.

Have a nice day my friends! Drop me a line with the first thing you are thinking!

Related Posts Plugin for WordPress, Blogger...

Entradas populares