Director of Cyber Security
Jose is a Senior Cyber Security and Information Security Professional with a knack for understanding and transforming information from incidents, attacks, forensics and security audits into actionable cyber threat intelligence ensuring the development of solid scalable countermeasures, security requirements & security controls for a sustainable security posture with sensible deployment. Jose has spoken as a subject matter expert at conferences and symposiums across EMEA and has worked hand in hand with vertical CEO/CSOs from Energy, Finance, Pharmaceutical, and Transportation companies minimizing impacts across the globe. Jose holds an MBA in Computer Resource and Information Management along with having held industry certifications to include CISM, CISSP, MBCI, CEH, CISO, MCP, Prince2, ITIL. He also led Strategic Cyber initiatives at the National levels across many nations to include Estonia, Latvia, Lithuania, Ukraine, Germany, Moldova, United Kingdom, Germany, Greece, Netherlands, Morocco, Tunisia, Chili, Fiji.
Information Risk Management
In this course, you will learn about the general information security risk management framework and its practices and how to identify and model information security risks and apply both qualitative and quantitative risk assessment methods. Understanding this framework will enable you to articulate the business consequences of identified information security risks. These skills are essential for any successful information security professional.
- Security strategies relating to issues such as privacy, legal and regulatory compliance, social and geopolitical impacts, national security and evolving technologies
- Best practices for protecting mobile workforces, developing security metrics, managing electronic evidence, handling e-crime and e-discovery, and securing information in the cloud
- How to develop and maintain risk assessments and risk management plans
- Standards for business continuity and disaster recovery planning
- Techniques for designing information assurance strategies
Network & Perimeter Security
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
- Define areas of security concern, discuss network security, and identify network risks.
- Distinguish between and define internal and external threats to data and services.
- Describe the vulnerabilities of various media (susceptibility to wiretaps or eavesdropping).
- Secure access to resources on the network using passwords, permissions, and access control lists (ACLs).
- Evaluate various anti-virus software programs, software firewalls, and hardware firewalls.
- Define and identify types of firewalls, including Network Address Translation (NAT).
- Discuss weaknesses of various operating systems and known and recommended fixes (patches).
- Detect unauthorized attempts to access resources by monitoring (auditing).
- Install and configure intrusion detection programs; analyze reports and recommend responses.
- Provide solutions for known vulnerabilities in communications: email, remote access, file transfer, and electronic commerce.
- Provide end-to-end security for the transmission of data between hosts on the network.
- Describe vulnerabilities inherent in wireless technologies and present suggested solutions.
Monitoring, Detection & Analysis
Learn modern, powerful techniques to inspect and analyze network traffic, so you can quickly detect abuse and attacks and respond to them. Firewalls and antivirus are not enough to protect modern computer networks–abuse and attacks are common and cannot be prevented. Instead, networks are now monitored to detect security incidents, and security teams respond to them to limit the harm they cause. This class prepares students for jobs in monitoring and incident response, providing skills that are in high demand
- Explain the importance of network security monitoring and compare it to other types of defenses, such as firewalls
- Implement and configure Security Tools to detect abuse and attacks on networks
- Detect intrusions on the server-side and client-side of networks, and respond effectively to limit the damage they cause
Incident Response & Management
When computer networks are breached, incident response (IR) is required to assess the damage, eject the attackers, and improve security measures so they cannot return. This class covers the IR tools and techniques required to defend modern corporate networks. This course provides current and future managers of computer security incident response teams with a practical view of the issues that they will face in operating an effective team. The course provides insight into the work that CIRT staff may be expected to handle. The course also provides prospective or current managers with an overview of the incident handling process and the types of tools and infrastructure needed to be effective.
- Incident management process
- Developing CIRT policies and procedures
- Requirements for developing CIRT services
- Building and managing the CIRT infrastructure
- Coordinating response & handling major events
- Working with law enforcement
- Evaluating CSIRT operations
- Incident management capability metrics
Cyber Threat Intelligence
This course will introduce students to the topic of cyber threat intelligence and provide them with a background on common frameworks & tradecraft skills leveraged by government & private enterprise intelligence operations when profiling cyber adversaries, specifically the APT. An emphasis will be placed on topics including but not limited to the intelligence cycle, levels of intelligence, analysis of competing hypothesis (ACH) and the diamond model for intrusion analysis. Students will be trained on various open source methods to collect, analyze and produce technical threat intelligence reports that can be utilized by incident responders and C-level executives alike to reduce risk across an organization.
- Stages of the Intelligence Cycle
- Levels of Intelligence
- Sources of Intelligence Collection
- Cyber Kill Chain Model
- Diamond Model for Intrusion Analysis & Threat Modeling
- ATT&CK Matrix
- Analysis of Competing Hypothesis (ACH)
- Cyber Threat Information Sharing
- Adversary Infrastructure Enumeration
- Malware Analysis & Threat Hunting
- Open Source Intelligence Analysis (OSINT) Techniques