1 00:00:30,210 --> 00:00:39,600 so welcome to the talk before lunch this 2 00:00:34,290 --> 00:00:42,089 is about security certifications so come 3 00:00:39,600 --> 00:00:43,730 on in and sit down I know we just barely 4 00:00:42,090 --> 00:00:45,989 got done with the other one but we have 5 00:00:43,730 --> 00:00:48,870 some time to talk about security 6 00:00:45,989 --> 00:00:52,169 certifications and I was talking to one 7 00:00:48,870 --> 00:00:54,780 of the attendees here at st. Cohn and 8 00:00:52,170 --> 00:00:56,640 they were saying well I can see you 9 00:00:54,780 --> 00:00:58,050 already got have certification so I know 10 00:00:56,640 --> 00:01:02,010 what your talk is gonna be about I said 11 00:00:58,050 --> 00:01:03,899 well there's more to that actually I can 12 00:01:02,010 --> 00:01:07,110 partly blame my first search security 13 00:01:03,899 --> 00:01:09,540 certification my cissp on pizza because 14 00:01:07,110 --> 00:01:12,479 when I work for Symantec we would get 15 00:01:09,540 --> 00:01:15,690 together for study groups and we would 16 00:01:12,479 --> 00:01:19,740 prepare for the CISSP so we would order 17 00:01:15,690 --> 00:01:21,929 pizza and that was part of my motivation 18 00:01:19,740 --> 00:01:24,869 for going there but once I had my sort 19 00:01:21,930 --> 00:01:27,030 of security certification and I moved to 20 00:01:24,869 --> 00:01:28,920 HP they kept giving me more security 21 00:01:27,030 --> 00:01:30,750 work because I had the security 22 00:01:28,920 --> 00:01:33,539 certification even though I wasn't 23 00:01:30,750 --> 00:01:34,890 originally doing security work so let 24 00:01:33,539 --> 00:01:36,680 that be a lesson to you if you want to 25 00:01:34,890 --> 00:01:40,440 get into security get a certain 26 00:01:36,680 --> 00:01:42,810 certification and then security things 27 00:01:40,440 --> 00:01:44,310 will come your way so we're going to 28 00:01:42,810 --> 00:01:46,439 talk about the benefits of a security 29 00:01:44,310 --> 00:01:48,930 certification we're going to talk about 30 00:01:46,439 --> 00:01:50,279 your career path a little bit because 31 00:01:48,930 --> 00:01:55,310 everybody has a little bit different 32 00:01:50,280 --> 00:01:59,430 career path I started out as a developer 33 00:01:55,310 --> 00:02:02,009 and and I got into security when I 34 00:01:59,430 --> 00:02:04,290 worked for Symantec and now I do 100% 35 00:02:02,009 --> 00:02:07,170 security so there you go 36 00:02:04,290 --> 00:02:09,360 community so the saint's con is a 37 00:02:07,170 --> 00:02:12,140 community that you guys have chosen to 38 00:02:09,360 --> 00:02:15,140 come and participate in great community 39 00:02:12,140 --> 00:02:17,790 network security and security in general 40 00:02:15,140 --> 00:02:21,089 there are other communities as you work 41 00:02:17,790 --> 00:02:22,980 on certifications we'll will talk about 42 00:02:21,090 --> 00:02:26,459 that because that's a really important 43 00:02:22,980 --> 00:02:28,200 part of it passing the exam I'll let you 44 00:02:26,459 --> 00:02:30,000 know some of the tips and tricks that I 45 00:02:28,200 --> 00:02:33,510 had for passing the exams that I've 46 00:02:30,000 --> 00:02:35,220 taken and then continuing education so 47 00:02:33,510 --> 00:02:38,399 if you want to continue insecurity and 48 00:02:35,220 --> 00:02:41,370 stay up with with the the things then 49 00:02:38,400 --> 00:02:43,500 you want to do that okay so what's 50 00:02:41,370 --> 00:02:44,849 talk about the benefits of a security 51 00:02:43,500 --> 00:02:48,330 certification first of all you're making 52 00:02:44,849 --> 00:02:50,730 a commitment to the security field so 53 00:02:48,330 --> 00:02:55,769 this sends a signal out to those who 54 00:02:50,730 --> 00:02:58,260 know you at work generally other people 55 00:02:55,769 --> 00:03:00,510 too but you've made a commitment to say 56 00:02:58,260 --> 00:03:04,679 yes I believe in security and I'm in it 57 00:03:00,510 --> 00:03:07,109 for the long haul career security so not 58 00:03:04,680 --> 00:03:09,569 only will you have job security which 59 00:03:07,110 --> 00:03:12,920 means you can keep your current job but 60 00:03:09,569 --> 00:03:16,170 if you need to move or evolve your 61 00:03:12,920 --> 00:03:19,140 career you'll be able to move to other 62 00:03:16,170 --> 00:03:22,160 places that will help you to learn the 63 00:03:19,140 --> 00:03:25,260 things that you want to in your career 64 00:03:22,160 --> 00:03:29,069 specialization if you want to stand out 65 00:03:25,260 --> 00:03:31,470 to people in the from the other 66 00:03:29,069 --> 00:03:34,108 candidates that are interviewing your 67 00:03:31,470 --> 00:03:37,459 security certification can do that okay 68 00:03:34,109 --> 00:03:40,890 someone put it back team validation so 69 00:03:37,459 --> 00:03:42,629 sometimes I take a dribble occations 70 00:03:40,890 --> 00:03:46,888 from my team and that's just part of the 71 00:03:42,629 --> 00:03:50,099 thing but it's also it does validate you 72 00:03:46,889 --> 00:03:51,840 and then peer networking like 73 00:03:50,099 --> 00:03:54,569 conferences like this you can meet 74 00:03:51,840 --> 00:03:57,419 like-minded people and learn things that 75 00:03:54,569 --> 00:04:00,839 will be useful and share your 76 00:03:57,419 --> 00:04:03,030 experiences so I've told you a little 77 00:04:00,840 --> 00:04:06,209 bit about my career path what is your 78 00:04:03,030 --> 00:04:09,389 career path it may or may not include 79 00:04:06,209 --> 00:04:11,069 getting a certification it may be just 80 00:04:09,389 --> 00:04:12,870 coming to st. Conn once a year and 81 00:04:11,069 --> 00:04:15,660 getting the badge to work you know it's 82 00:04:12,870 --> 00:04:19,500 just kind of violent fun to do but if 83 00:04:15,660 --> 00:04:22,349 you want to really kind of manage your 84 00:04:19,500 --> 00:04:26,220 own career then you want having a 85 00:04:22,349 --> 00:04:29,280 certification and will help you to meet 86 00:04:26,220 --> 00:04:32,639 your goals what kind of community are 87 00:04:29,280 --> 00:04:34,229 you joining so before you get a 88 00:04:32,639 --> 00:04:37,260 certification you need to do your 89 00:04:34,229 --> 00:04:39,180 homework on you know what is this 90 00:04:37,260 --> 00:04:43,020 organization that provides to this 91 00:04:39,180 --> 00:04:45,720 certification because when you work to 92 00:04:43,020 --> 00:04:48,210 get your certification you become joined 93 00:04:45,720 --> 00:04:50,310 with this community and so it's 94 00:04:48,210 --> 00:04:52,469 important for you to see what kind of 95 00:04:50,310 --> 00:04:55,410 benefits you get from that Association 96 00:04:52,469 --> 00:04:57,780 and also when you report 97 00:04:55,410 --> 00:04:59,310 if you do continuing education and you 98 00:04:57,780 --> 00:05:02,159 report it back to this community you're 99 00:04:59,310 --> 00:05:05,190 interacting with that community and so 100 00:05:02,160 --> 00:05:08,910 this certificate providers become part 101 00:05:05,190 --> 00:05:10,050 of your community now I am currently 102 00:05:08,910 --> 00:05:12,420 work 103 00:05:10,050 --> 00:05:13,830 I have several certifications so I'm 104 00:05:12,420 --> 00:05:17,220 associated with this certification 105 00:05:13,830 --> 00:05:19,800 providers but I also part of a wasp so 106 00:05:17,220 --> 00:05:21,890 that's a open web application of 107 00:05:19,800 --> 00:05:24,260 security projects and so it's another 108 00:05:21,890 --> 00:05:27,180 security area that I'm that I've 109 00:05:24,260 --> 00:05:29,820 participate in and then what is your 110 00:05:27,180 --> 00:05:32,340 passion well this may be a little bit 111 00:05:29,820 --> 00:05:34,770 overused you know what's your passion 112 00:05:32,340 --> 00:05:38,010 you know but really it takes some effort 113 00:05:34,770 --> 00:05:41,960 and commitment to be able to stay with 114 00:05:38,010 --> 00:05:44,039 the program to study for a certification 115 00:05:41,960 --> 00:05:46,650 review the things that you've studied 116 00:05:44,040 --> 00:05:49,260 and be able to pass the exam 117 00:05:46,650 --> 00:05:53,460 it takes some real commitment some time 118 00:05:49,260 --> 00:05:55,320 it takes some resources it's at the cost 119 00:05:53,460 --> 00:05:59,340 of a lot of these certification tests 120 00:05:55,320 --> 00:06:01,170 are are high so it's good if your 121 00:05:59,340 --> 00:06:03,780 employer you can get your employer to do 122 00:06:01,170 --> 00:06:05,280 to sponsor you but you've got to have 123 00:06:03,780 --> 00:06:09,690 the passion to kind of follow through 124 00:06:05,280 --> 00:06:11,609 and and move forward in your career so 125 00:06:09,690 --> 00:06:12,840 I'm gonna talk about a few career paths 126 00:06:11,610 --> 00:06:15,780 that you can take and a few 127 00:06:12,840 --> 00:06:18,590 specializations here and this is not 128 00:06:15,780 --> 00:06:21,030 meant to be you know all-encompassing 129 00:06:18,590 --> 00:06:22,679 we're just talking about pen testing 130 00:06:21,030 --> 00:06:27,390 certs if you want to be a white hat 131 00:06:22,680 --> 00:06:29,580 hacker security architect so more or you 132 00:06:27,390 --> 00:06:31,740 could say security manager in some of 133 00:06:29,580 --> 00:06:34,109 the cases but if you're designing 134 00:06:31,740 --> 00:06:38,040 products and you want security in there 135 00:06:34,110 --> 00:06:39,240 then there's certain certifications that 136 00:06:38,040 --> 00:06:41,160 will help you do that and then there's 137 00:06:39,240 --> 00:06:42,420 specializations such as the cloud who 138 00:06:41,160 --> 00:06:44,790 hasn't heard of the cloud you know 139 00:06:42,420 --> 00:06:47,670 everybody interacts with a cloud but if 140 00:06:44,790 --> 00:06:50,550 you deploy your applications in the 141 00:06:47,670 --> 00:06:53,070 cloud then knowing everything knowing 142 00:06:50,550 --> 00:06:55,320 how to make do it securely will help you 143 00:06:53,070 --> 00:06:59,400 stand out and then privacy has been big 144 00:06:55,320 --> 00:07:01,130 of not just with you know individual 145 00:06:59,400 --> 00:07:04,650 privacy but the gdpr 146 00:07:01,130 --> 00:07:07,500 looms large in in the industry that I 147 00:07:04,650 --> 00:07:10,080 work in and so that's been 148 00:07:07,500 --> 00:07:13,280 some of the areas where you can you can 149 00:07:10,080 --> 00:07:16,560 specialize there's also some very 150 00:07:13,280 --> 00:07:19,950 specific technical Circe that I've 151 00:07:16,560 --> 00:07:22,440 talked with some people about the Cisco 152 00:07:19,950 --> 00:07:25,380 the Microsoft certs that you work on and 153 00:07:22,440 --> 00:07:27,390 and they can have their place as well 154 00:07:25,380 --> 00:07:29,340 especially if you're in IT and you're 155 00:07:27,390 --> 00:07:30,960 trying to specialize in those areas but 156 00:07:29,340 --> 00:07:33,599 I'm going to kind of deal with a little 157 00:07:30,960 --> 00:07:35,070 more general certifications so we're 158 00:07:33,600 --> 00:07:39,360 gonna we're going to talk about the 159 00:07:35,070 --> 00:07:42,530 pentesting search first the one that so 160 00:07:39,360 --> 00:07:44,610 I work with a pen testing group and 161 00:07:42,530 --> 00:07:48,750 they're one of those that are a little 162 00:07:44,610 --> 00:07:52,470 bit skeptical until I lead pen tester to 163 00:07:48,750 --> 00:07:55,110 go get his OSC P so that's offered by 164 00:07:52,470 --> 00:07:57,720 offensive security the makers of Kali 165 00:07:55,110 --> 00:08:03,200 Linux so they provide the training and 166 00:07:57,720 --> 00:08:06,300 then they give you 48 hours to basically 167 00:08:03,200 --> 00:08:10,320 hack all the systems own the systems and 168 00:08:06,300 --> 00:08:14,220 then report on it so that offensive 169 00:08:10,320 --> 00:08:15,360 security does take some those carry some 170 00:08:14,220 --> 00:08:17,850 weight in the pen testing community 171 00:08:15,360 --> 00:08:20,550 there's a certified ethical hacker the 172 00:08:17,850 --> 00:08:22,770 ones on top are kind of the ones that 173 00:08:20,550 --> 00:08:24,600 you want to have and the ones on the 174 00:08:22,770 --> 00:08:27,299 bottom or more once you're kind of 175 00:08:24,600 --> 00:08:33,140 working out toward certified ethical 176 00:08:27,300 --> 00:08:36,089 hacker is done by the EC Council and 177 00:08:33,140 --> 00:08:37,890 it's it basically teaches you some of 178 00:08:36,089 --> 00:08:43,680 the tools and tricks and how to how to 179 00:08:37,890 --> 00:08:46,110 do ethical hacking so it if you're 180 00:08:43,679 --> 00:08:48,449 looking like a job security than the 181 00:08:46,110 --> 00:08:52,980 osep and the ceh are probably more 182 00:08:48,450 --> 00:08:56,970 prevalent the g-pen there this is one of 183 00:08:52,980 --> 00:09:00,300 the G axor to vacations probably better 184 00:08:56,970 --> 00:09:03,150 known to the SANS community so sans 185 00:09:00,300 --> 00:09:06,240 provides a lot of training in security 186 00:09:03,150 --> 00:09:09,780 and they provide the penetration tester 187 00:09:06,240 --> 00:09:13,160 the GX certified penetration tester so 188 00:09:09,780 --> 00:09:15,329 everything that starts with a G has a 189 00:09:13,160 --> 00:09:18,300 certification on it is probably 190 00:09:15,330 --> 00:09:20,339 associated with sans the CompTIA also 191 00:09:18,300 --> 00:09:21,370 has the pen test plus which just came 192 00:09:20,339 --> 00:09:25,030 out in July 193 00:09:21,370 --> 00:09:29,590 of this year so that's new CompTIA is is 194 00:09:25,030 --> 00:09:31,060 more on the IT admin side and your I've 195 00:09:29,590 --> 00:09:33,160 talked with some people who have they're 196 00:09:31,060 --> 00:09:35,920 like like security plus and we'll talk 197 00:09:33,160 --> 00:09:37,839 about that in a bit but so those are 198 00:09:35,920 --> 00:09:39,520 some of the pen testing certs and let's 199 00:09:37,840 --> 00:09:42,190 talk about the organization's compte 200 00:09:39,520 --> 00:09:46,840 I've already talked about it's more IT 201 00:09:42,190 --> 00:09:49,930 certifications the EC Council provides 202 00:09:46,840 --> 00:09:51,400 the certified ethical hacker one thing 203 00:09:49,930 --> 00:09:54,310 to note there and we talked about that a 204 00:09:51,400 --> 00:09:56,170 little later is you can get your 205 00:09:54,310 --> 00:09:58,479 certified ethical hacker and they also 206 00:09:56,170 --> 00:10:02,199 have a practical exam now that you can 207 00:09:58,480 --> 00:10:03,490 you can do so they've seen that you know 208 00:10:02,200 --> 00:10:05,800 some of these others have a practical 209 00:10:03,490 --> 00:10:06,490 exam so they wanted you want they have 210 00:10:05,800 --> 00:10:09,099 that as well 211 00:10:06,490 --> 00:10:12,610 sans is a sysadmin audit network and 212 00:10:09,100 --> 00:10:16,020 security the sans training they provide 213 00:10:12,610 --> 00:10:18,130 all the general information assurance 214 00:10:16,020 --> 00:10:21,010 certifications security certifications 215 00:10:18,130 --> 00:10:22,720 so it gets a little redundant but sans 216 00:10:21,010 --> 00:10:26,290 does does really good training in 217 00:10:22,720 --> 00:10:27,910 different areas and it's expensive 218 00:10:26,290 --> 00:10:29,170 training but they're they're generally 219 00:10:27,910 --> 00:10:31,719 complete and what they do then they do a 220 00:10:29,170 --> 00:10:34,300 lot of research and have the internet 221 00:10:31,720 --> 00:10:37,150 storm center and so offensive security 222 00:10:34,300 --> 00:10:39,880 like I say they do the Kali Linux so 223 00:10:37,150 --> 00:10:42,819 it's good to know you know who you're 224 00:10:39,880 --> 00:10:45,910 joining when you when you go get your 225 00:10:42,820 --> 00:10:47,860 certifications so now we come back to 226 00:10:45,910 --> 00:10:50,140 the passion and to the you know 227 00:10:47,860 --> 00:10:54,520 interests why would I be interested in 228 00:10:50,140 --> 00:10:56,680 getting an osep well you do the you have 229 00:10:54,520 --> 00:10:59,860 the skills and you prove it 230 00:10:56,680 --> 00:11:02,319 the ceh ethical hacker so they have a 231 00:10:59,860 --> 00:11:07,120 version 10 now so they cover kind of the 232 00:11:02,320 --> 00:11:10,210 same topics maybe a little bit less the 233 00:11:07,120 --> 00:11:13,510 g-pen i've already talked about the g 234 00:11:10,210 --> 00:11:15,880 whapped that's the web application so so 235 00:11:13,510 --> 00:11:17,830 there's a there's like general 236 00:11:15,880 --> 00:11:19,120 certifications like for penetration 237 00:11:17,830 --> 00:11:20,980 testers but like if you want to 238 00:11:19,120 --> 00:11:24,760 specialize in web application then 239 00:11:20,980 --> 00:11:27,580 that's kind of the sans specialization 240 00:11:24,760 --> 00:11:29,110 for web applications the certification I 241 00:11:27,580 --> 00:11:31,150 have is the incident handler 242 00:11:29,110 --> 00:11:33,550 certification so that kind of covers 243 00:11:31,150 --> 00:11:34,790 some basic hacking and then what to do 244 00:11:33,550 --> 00:11:37,760 in case the worst half 245 00:11:34,790 --> 00:11:40,219 Bunz because more more often than not it 246 00:11:37,760 --> 00:11:44,120 does and then I've talked about the pent 247 00:11:40,220 --> 00:11:47,780 f+ so we're gonna switch a little bit 248 00:11:44,120 --> 00:11:51,500 here and talk about security 249 00:11:47,780 --> 00:11:53,900 architecture security management the 250 00:11:51,500 --> 00:11:58,400 CISSP this is the first certification 251 00:11:53,900 --> 00:12:01,880 that I got that's you know took some 252 00:11:58,400 --> 00:12:04,010 some really some real effort to to 253 00:12:01,880 --> 00:12:07,780 prepare for and take and the way they 254 00:12:04,010 --> 00:12:09,500 look at certified information security 255 00:12:07,780 --> 00:12:12,680 information systems security 256 00:12:09,500 --> 00:12:14,660 professional is that you you basically 257 00:12:12,680 --> 00:12:16,219 the material is a mile wide and an inch 258 00:12:14,660 --> 00:12:18,439 deep so you know a little bit about a 259 00:12:16,220 --> 00:12:20,570 lot of things so you can talk about a 260 00:12:18,440 --> 00:12:22,700 lot of things in information security so 261 00:12:20,570 --> 00:12:24,470 it's just kind of a general security 262 00:12:22,700 --> 00:12:28,340 certification but it takes a long time 263 00:12:24,470 --> 00:12:32,750 to get experience in those different 264 00:12:28,340 --> 00:12:35,650 different areas so the digi sack again 265 00:12:32,750 --> 00:12:39,050 that's just security essentials and 266 00:12:35,650 --> 00:12:41,780 that's the Sands training that backs 267 00:12:39,050 --> 00:12:44,870 that up and so it it lets you know that 268 00:12:41,780 --> 00:12:47,390 you've you know about security some of 269 00:12:44,870 --> 00:12:50,830 the tools that they use and so forth 270 00:12:47,390 --> 00:12:53,480 I want the sisa system auditor 271 00:12:50,830 --> 00:12:56,170 certification is from Asaka and we'll 272 00:12:53,480 --> 00:12:59,000 talk about that in a second but they do 273 00:12:56,170 --> 00:13:01,189 auditing so if you're really if you 274 00:12:59,000 --> 00:13:03,340 really like telling people what they 275 00:13:01,190 --> 00:13:06,410 have wrong and that they have to fix it 276 00:13:03,340 --> 00:13:08,450 then that's probably the you know the 277 00:13:06,410 --> 00:13:12,410 career path that you should take the CIA 278 00:13:08,450 --> 00:13:14,870 the the sisa or the CISM CompTIA has a 279 00:13:12,410 --> 00:13:16,640 couple of security plus so if you're 280 00:13:14,870 --> 00:13:18,410 just starting with a security 281 00:13:16,640 --> 00:13:20,060 architecture and so forth and your 282 00:13:18,410 --> 00:13:23,000 interest in this area security plus is 283 00:13:20,060 --> 00:13:25,790 probably a good one to to start with and 284 00:13:23,000 --> 00:13:28,520 then the CISSP for example takes five 285 00:13:25,790 --> 00:13:31,310 years of experience to get it although 286 00:13:28,520 --> 00:13:34,640 you can get a sort of certificate and be 287 00:13:31,310 --> 00:13:37,819 an associate until you get your five 288 00:13:34,640 --> 00:13:41,270 years and then you're a CIS SP and then 289 00:13:37,820 --> 00:13:44,860 the cyber security analysts kaunteya has 290 00:13:41,270 --> 00:13:44,860 that as well so 291 00:13:48,259 --> 00:13:51,720 make it big 292 00:13:49,860 --> 00:13:53,910 there we go so we talked about compte 293 00:13:51,720 --> 00:13:55,259 and sans IFC squared is the one who 294 00:13:53,910 --> 00:13:58,350 provides the gold standard for 295 00:13:55,259 --> 00:14:03,209 information security the CISSP and they 296 00:13:58,350 --> 00:14:05,430 also provide other certifications and I 297 00:14:03,209 --> 00:14:07,829 and it's general information security so 298 00:14:05,430 --> 00:14:10,109 that that shows if you want to be in 299 00:14:07,829 --> 00:14:11,880 management you want to do architecture 300 00:14:10,110 --> 00:14:15,050 that's kind of the one for you 301 00:14:11,880 --> 00:14:16,490 again that Asaka is the one for auditors 302 00:14:15,050 --> 00:14:19,469 okay 303 00:14:16,490 --> 00:14:21,690 so the type of topics that you cover 304 00:14:19,470 --> 00:14:24,389 with information security is risk 305 00:14:21,690 --> 00:14:30,120 management government's operations 306 00:14:24,389 --> 00:14:32,399 development again the basing based on 307 00:14:30,120 --> 00:14:34,949 the number of years of experience you 308 00:14:32,399 --> 00:14:37,529 have that can kind of help you guide 309 00:14:34,949 --> 00:14:38,310 yourself on on which certification to 310 00:14:37,529 --> 00:14:44,100 look at next 311 00:14:38,310 --> 00:14:46,439 because really it's a it it's basically 312 00:14:44,100 --> 00:14:48,180 a journey and not a destination in a lot 313 00:14:46,440 --> 00:14:51,209 of cases you're learning things as you 314 00:14:48,180 --> 00:14:55,229 work and as you communicate different 315 00:14:51,209 --> 00:14:56,969 things so in my case I earn the CISSP 316 00:14:55,230 --> 00:14:59,459 and then I got the cloud certification 317 00:14:56,970 --> 00:15:03,149 and then privacy ones came kind of came 318 00:14:59,459 --> 00:15:05,099 at the end all right so so those are if 319 00:15:03,149 --> 00:15:06,449 you're if these are your interests and 320 00:15:05,100 --> 00:15:07,560 topics and that's what you have a 321 00:15:06,449 --> 00:15:11,699 passion for then you should probably 322 00:15:07,560 --> 00:15:13,739 look at those certifications okay so now 323 00:15:11,699 --> 00:15:18,089 we got to the cloud and privacy 324 00:15:13,740 --> 00:15:21,720 certifications so cloud is still new to 325 00:15:18,089 --> 00:15:23,760 the certification realm IFC squared has 326 00:15:21,720 --> 00:15:27,110 created one called the certified cloud 327 00:15:23,760 --> 00:15:35,420 security professional and this one 328 00:15:27,110 --> 00:15:39,649 basically it's cloud for the CIS SPS 329 00:15:35,420 --> 00:15:41,459 again it takes doesn't it's not as much 330 00:15:39,649 --> 00:15:43,439 information there is they have an 331 00:15:41,459 --> 00:15:45,839 information security but it's still 332 00:15:43,439 --> 00:15:49,620 quite it still kind of stands on its own 333 00:15:45,839 --> 00:15:53,839 so ccs k was probably the first cloud 334 00:15:49,620 --> 00:15:57,389 certification that was was offered and 335 00:15:53,839 --> 00:15:59,130 it was it's basically kind of it's by 336 00:15:57,389 --> 00:16:03,060 the 337 00:15:59,130 --> 00:16:04,200 si si cloud security alliance and so 338 00:16:03,060 --> 00:16:05,969 they started putting their best 339 00:16:04,200 --> 00:16:08,670 practices together for the cloud and 340 00:16:05,970 --> 00:16:10,830 came up with this 30 certification CCS k 341 00:16:08,670 --> 00:16:12,599 then is c-squared came and talked with 342 00:16:10,830 --> 00:16:14,580 them and said hey we want to do a cloud 343 00:16:12,600 --> 00:16:16,770 certification so they took some of that 344 00:16:14,580 --> 00:16:19,860 material added some of their own and 345 00:16:16,770 --> 00:16:23,579 that's where you have those CCSP the 346 00:16:19,860 --> 00:16:27,020 cloud plus is the CompTIA certification 347 00:16:23,580 --> 00:16:29,940 for the cloud so again from your IT 348 00:16:27,020 --> 00:16:33,380 administration point of view and then 349 00:16:29,940 --> 00:16:37,110 the CI PP this is the security privacy 350 00:16:33,380 --> 00:16:41,130 privacy certifications that is done by 351 00:16:37,110 --> 00:16:45,390 AI IPP and with gtp are coming down the 352 00:16:41,130 --> 00:16:47,910 line basically my manager and I needed 353 00:16:45,390 --> 00:16:51,600 to be educated on what this actually 354 00:16:47,910 --> 00:16:55,400 meant for us and for our systems and so 355 00:16:51,600 --> 00:17:01,040 that's why I pursue the the CI PP 356 00:16:55,400 --> 00:17:01,040 certification so we talked about CompTIA 357 00:17:02,030 --> 00:17:11,430 and we've talked about ok so CSA is 358 00:17:07,560 --> 00:17:14,579 cloud security alliance ok 359 00:17:11,430 --> 00:17:16,590 ia PP is the world's largest information 360 00:17:14,579 --> 00:17:18,560 privacy organization they actually 361 00:17:16,589 --> 00:17:21,869 provide more than one sir so they have a 362 00:17:18,560 --> 00:17:23,270 CI PP for the EU which is a lot of 363 00:17:21,869 --> 00:17:26,189 people that's very popular now 364 00:17:23,270 --> 00:17:29,700 understanding GD P R and they have CI PP 365 00:17:26,190 --> 00:17:34,650 for the US and then is e squared that's 366 00:17:29,700 --> 00:17:35,940 the CCS P alright so we've kind of gone 367 00:17:34,650 --> 00:17:40,110 through and here's the cloud privacy 368 00:17:35,940 --> 00:17:42,480 topics again the CCS P is going to be 369 00:17:40,110 --> 00:17:48,860 you're going to be talking about a lot 370 00:17:42,480 --> 00:17:52,170 about the infrastructure as a service 371 00:17:48,860 --> 00:17:54,300 and software as a service and those 372 00:17:52,170 --> 00:17:56,280 areas and then as far as governance and 373 00:17:54,300 --> 00:18:00,740 then the cloud plus is more general 374 00:17:56,280 --> 00:18:03,360 cloud and then the CI PPS is privacy so 375 00:18:00,740 --> 00:18:06,000 what does it take to pass the 376 00:18:03,360 --> 00:18:10,860 certification exam ok for those of you 377 00:18:06,000 --> 00:18:12,480 who are preparing for cissp or CH or 378 00:18:10,860 --> 00:18:15,060 some of these 379 00:18:12,480 --> 00:18:17,160 what does it really take to do it you 380 00:18:15,060 --> 00:18:19,020 got to know the material so there's 381 00:18:17,160 --> 00:18:20,700 there's a lot of books out there there's 382 00:18:19,020 --> 00:18:23,129 a lot of reference materials there's 383 00:18:20,700 --> 00:18:26,340 training but what I found from my 384 00:18:23,130 --> 00:18:28,650 experience is knowing the material and 385 00:18:26,340 --> 00:18:29,760 being able to review the material so in 386 00:18:28,650 --> 00:18:34,020 a lot of cases you're going through a 387 00:18:29,760 --> 00:18:35,310 lot of material and so when I went 388 00:18:34,020 --> 00:18:37,050 through the material I would create 389 00:18:35,310 --> 00:18:39,000 questions and so forth so that's just 390 00:18:37,050 --> 00:18:40,860 the way that I learned and I can make 391 00:18:39,000 --> 00:18:45,300 some of those available for those of you 392 00:18:40,860 --> 00:18:46,770 who are looking at like the CCSP but you 393 00:18:45,300 --> 00:18:48,629 have to be able to review it and have it 394 00:18:46,770 --> 00:18:51,830 in your mind when you're doing the exam 395 00:18:48,630 --> 00:18:54,240 and that and it's it's it helps to 396 00:18:51,830 --> 00:18:57,149 having made that commitment to the 397 00:18:54,240 --> 00:19:01,110 security community and to this area to 398 00:18:57,150 --> 00:19:02,700 be able to want to retain the 399 00:19:01,110 --> 00:19:04,550 information if you just want to get the 400 00:19:02,700 --> 00:19:08,880 information and then just forget it all 401 00:19:04,550 --> 00:19:10,470 it's harder to remember so you can take 402 00:19:08,880 --> 00:19:11,730 the security training but review the 403 00:19:10,470 --> 00:19:14,520 material before you go through the 404 00:19:11,730 --> 00:19:16,110 training I had one case where I went to 405 00:19:14,520 --> 00:19:18,090 the training and they offered the exam 406 00:19:16,110 --> 00:19:20,120 at the end and I was sure glad I had 407 00:19:18,090 --> 00:19:22,470 gone over the material before because 408 00:19:20,120 --> 00:19:24,780 even though they reviewed everything I 409 00:19:22,470 --> 00:19:28,350 wouldn't have been able to do it without 410 00:19:24,780 --> 00:19:31,139 that initial knowledge take practice 411 00:19:28,350 --> 00:19:33,449 tests if they have them if they don't 412 00:19:31,140 --> 00:19:37,050 then then you can kind of set up your 413 00:19:33,450 --> 00:19:38,820 own and here's my multiple-choice exam 414 00:19:37,050 --> 00:19:42,270 tip for those who are doing multiple 415 00:19:38,820 --> 00:19:43,950 choice exams read the question twice you 416 00:19:42,270 --> 00:19:46,230 know you want to understand what they're 417 00:19:43,950 --> 00:19:48,960 actually asking because you have a lot 418 00:19:46,230 --> 00:19:53,040 better chance to to pick the right 419 00:19:48,960 --> 00:19:55,740 answers if you do that and then go 420 00:19:53,040 --> 00:19:59,340 through every answer and and this is 421 00:19:55,740 --> 00:20:01,410 part of the thing if you my my tip is if 422 00:19:59,340 --> 00:20:02,790 you go from the bottom up your mind will 423 00:20:01,410 --> 00:20:04,710 just want you to go through every answer 424 00:20:02,790 --> 00:20:06,149 right if you go from top down sometimes 425 00:20:04,710 --> 00:20:07,650 you see the right answer you think is 426 00:20:06,150 --> 00:20:10,440 the right answer and then there's a 427 00:20:07,650 --> 00:20:14,250 better answer further down so you want 428 00:20:10,440 --> 00:20:16,040 to you want to basically understand how 429 00:20:14,250 --> 00:20:18,330 you're going to approach that exam and 430 00:20:16,040 --> 00:20:22,110 then you can go back and review the ones 431 00:20:18,330 --> 00:20:24,149 that are there there so certification 432 00:20:22,110 --> 00:20:25,830 exam this is an eye chart but it's 433 00:20:24,150 --> 00:20:28,740 basically based on Myra Myra 434 00:20:25,830 --> 00:20:31,740 search for these security certifications 435 00:20:28,740 --> 00:20:34,350 and and basically the number of 436 00:20:31,740 --> 00:20:38,220 questions you have the time you have the 437 00:20:34,350 --> 00:20:41,908 pass rate and there's the cost right so 438 00:20:38,220 --> 00:20:45,929 you're gonna have different varying 439 00:20:41,909 --> 00:20:49,649 things but it's not cheap in a lot of 440 00:20:45,929 --> 00:20:51,539 cases that the CISSP is now five hundred 441 00:20:49,649 --> 00:20:54,959 ninety nine dollars to take the test to 442 00:20:51,539 --> 00:20:57,419 sit for the exam and a lot of the SANS 443 00:20:54,960 --> 00:20:59,639 ones that they do you know know they're 444 00:20:57,419 --> 00:21:01,559 expensive and the training is expensive 445 00:20:59,639 --> 00:21:03,719 the probably that if you're if you're 446 00:21:01,559 --> 00:21:06,210 looking to it to do yourself I probably 447 00:21:03,720 --> 00:21:09,720 look at the CompTIA once because they're 448 00:21:06,210 --> 00:21:11,279 more affordable for you but get your if 449 00:21:09,720 --> 00:21:14,370 you can get your employer to play pay 450 00:21:11,279 --> 00:21:16,309 for singing for the exam that would be 451 00:21:14,370 --> 00:21:19,709 the way to go 452 00:21:16,309 --> 00:21:21,090 okay after you got the exam after you've 453 00:21:19,710 --> 00:21:24,090 passed that and you've made the 454 00:21:21,090 --> 00:21:25,860 commitment to this community what more 455 00:21:24,090 --> 00:21:28,168 is required of you well if you want to 456 00:21:25,860 --> 00:21:32,189 maintain your certification you get to 457 00:21:28,169 --> 00:21:34,500 do more security training so basically 458 00:21:32,190 --> 00:21:37,110 you can come to places like st. Con or 459 00:21:34,500 --> 00:21:40,500 Def Con or derbycon 460 00:21:37,110 --> 00:21:42,928 and get credit for your certification 461 00:21:40,500 --> 00:21:44,669 and you can actually justify it to your 462 00:21:42,929 --> 00:21:47,580 manager and say look I've got to 463 00:21:44,669 --> 00:21:49,289 maintain my certification so and keep me 464 00:21:47,580 --> 00:21:52,379 up to date so send me to the conference 465 00:21:49,289 --> 00:21:54,658 so that's you do have any membership 466 00:21:52,380 --> 00:21:56,600 fees and then you have the continuing 467 00:21:54,659 --> 00:22:01,080 professional education which is 468 00:21:56,600 --> 00:22:03,990 generally self-reported and the kind of 469 00:22:01,080 --> 00:22:06,949 requirements you have if that's not for 470 00:22:03,990 --> 00:22:10,230 you then there's only two of these 471 00:22:06,950 --> 00:22:15,419 certifications that have exams only but 472 00:22:10,230 --> 00:22:20,010 most of them require you know twenty-two 473 00:22:15,419 --> 00:22:23,399 looks like nine to forty hours of some 474 00:22:20,010 --> 00:22:25,049 training during the year so there's 475 00:22:23,399 --> 00:22:27,199 there's the cost to maintain those 476 00:22:25,049 --> 00:22:31,370 certifications but there's also 477 00:22:27,200 --> 00:22:34,230 continuing education and you generally 478 00:22:31,370 --> 00:22:35,939 report that yourself or in some cases 479 00:22:34,230 --> 00:22:37,799 it's reported for you especially the 480 00:22:35,940 --> 00:22:38,340 trainings done by the organization that 481 00:22:37,799 --> 00:22:44,260 you're way 482 00:22:38,340 --> 00:22:48,250 so security training you can take that 483 00:22:44,260 --> 00:22:50,050 the online training or sit for classes 484 00:22:48,250 --> 00:22:52,540 there are some free training out there 485 00:22:50,050 --> 00:22:56,110 that you can take one of my favorites is 486 00:22:52,540 --> 00:22:58,540 the cyber re training when I was doing 487 00:22:56,110 --> 00:23:01,270 the CCSP and I needed to review some 488 00:22:58,540 --> 00:23:03,370 topics before I went to the training I 489 00:23:01,270 --> 00:23:06,639 got on there got the free training and 490 00:23:03,370 --> 00:23:08,320 then went into the training there's also 491 00:23:06,640 --> 00:23:10,780 some things on lynda.com the kind of 492 00:23:08,320 --> 00:23:16,060 ghosts over all of these so if you have 493 00:23:10,780 --> 00:23:17,860 questions about that so I we have time 494 00:23:16,060 --> 00:23:22,240 for a couple questions or you can just 495 00:23:17,860 --> 00:23:26,909 talk to me afterwards and my information 496 00:23:22,240 --> 00:23:26,910 is right here my LinkedIn email 497 00:23:33,440 --> 00:23:41,330 CCSP okay so the question was are there 498 00:23:36,299 --> 00:23:46,500 any prerequisites for a CISSP or CCS B I 499 00:23:41,330 --> 00:23:49,529 think basically you're required to have 500 00:23:46,500 --> 00:23:53,279 five years of industry experience so 501 00:23:49,529 --> 00:23:55,380 that's the only prerequisite if you're 502 00:23:53,279 --> 00:23:59,519 looking at a security certification to 503 00:23:55,380 --> 00:24:01,710 get before that before the CISSP or 504 00:23:59,519 --> 00:24:05,039 before the CISSP I would recommend the 505 00:24:01,710 --> 00:24:08,580 security plus before the CCSP I would 506 00:24:05,039 --> 00:24:09,210 recommend the CISSP so that's just my my 507 00:24:08,580 --> 00:24:15,840 take on it 508 00:24:09,210 --> 00:24:18,179 any other questions okay 509 00:24:15,840 --> 00:24:19,740 well feel free to come by and ask me 510 00:24:18,179 --> 00:24:21,960 questions if you're studying for 511 00:24:19,740 --> 00:24:24,299 particular exams you know I may be able 512 00:24:21,960 --> 00:24:27,330 to help you out or or at least get you 513 00:24:24,299 --> 00:24:30,299 on the right track and you know let's go 514 00:24:27,330 --> 00:24:31,769 own it and that you come to st. Conn 515 00:24:30,299 --> 00:24:33,658 means you know you have made a 516 00:24:31,769 --> 00:24:34,950 commitment to the security community now 517 00:24:33,659 --> 00:24:40,700 it's the question of whether it's going 518 00:24:34,950 --> 00:24:40,700 to affect you personally so thank you 519 00:24:42,820 --> 00:24:44,879 you