This 16-hour Information Security training class is targeted for newly appointed or dual-roled (your primary job + security) security professionals within a Small or Medium Business (SMB) or similar sized organization.
SMBs and organizations face unique challenges in Information Security yet are often presented with solutions that may be out of reach due to cost, time, and staffing. We believe Information Security should be accessible and achievable by any organization, regardless of their size.
This course will walk the student through real-world examples, demonstrating how to prevent and defend against these threats, utilizing widely adopted frameworks, while focusing on simpler and more affordable solutions.
The course includes a virtual machine image for hands-on exercises that will contain tools that participants may utilize in their environments after the class.
- Attack trends and challenges related to SMBs
- Navigating security culture
- Internal assessments
- Compliance and privacy obligations
- User, E-mail, and Technical Controls
- Hands-on exercises
WHO SHOULD TAKE THIS COURSE
Those beginning their Information Security journey within an SMB or similar sized organization.
AUDIENCE SKILL LEVEL
People new to information security.
- Solid Internet access
- A computer with at least 8 GB of RAM. 16 recommended
- VMware Workstation, Fusion, or Player is tested and preferred. Player is free. Other desktop hypervisors (VirtualBox, Parallels, etc.) may also work, but are not officially supported.
- A vendor supported Operating System (i.e. Don’t bring Windows XP)
- Full Administrator/root access to the computer or laptop used for the course. We recommend a personally owned device or a spare work-owned device, that is purpose-built for the course and can be wiped/reinstalled without issue. Make backups!
WHAT EACH STUDENT SHOULD BRING
The above computer and a smile!
WHAT STUDENTS WILL BE PROVIDED WITH
- Slide deck and links to all the material and tools needed with instructions.
- VMs with all labs
- Access to two Discord channels for the course
TRAINER & AUTHOR
Bob has been active in information security since 1994. He began his career as a Network Engineer in the United States Air Force and was first introduced into information security when he discovered malicious activities against the infrastructure he was managing. He continued on in various technical roles and eventually became a Lead Information Technology Instructor. For the past 16 years, he has been the CISO for a Software as a Service provider that provides services to charitable foundations and financial institutions and oversees program management, compliance, SOC operations, penetration testing, and privacy. He has also advised numerous organizations on beginning and managing their information security programs and is a frequent presenter on varying topics at information security and financial industry conferences.
He is an advocate that defenders must be capable of blue team functions as well as red team to be successful and maintains the GSEC, GCIH, GPEN, GWAPT, CISSP, and other security and privacy certifications. After 25 years in Information Security, Bob is a firm believer that to be successful we must evolve with the threat landscape by continuing to learn.
Richard’s passion for computers started in middle school, furthering his education and leading him to his career in technology. He started with tech support in college, instilling in him a customer-focused approach to technology. From there, he progressed to systems and network administration, and eventually information security in a variety of tech start-ups, academia and large federal organizations. For Richard, security is just a natural extension to creating reliable systems and networks that organizations rely upon.
Growing up in a family of educators, Richard believes in life-long learning. He has a BS in Computer Science, has taken many SANS courses over the years, and continues to seek out new data, methods, and research on information security risk management. Richard is previously a SANS instructor who has led classes in SEC401, SEC504, SEC506, FOR508, and SEC560, as well as previously the CISO at SANS. Richard is currently the Director of IT Security at a fin-tech firm.