Cybersecurity to be the fourth pillar for Department of Defense vendor awards.

The United States Department of Defense is changing its approach for acquisition of products and services from contractors. The three well-known “pillars for award decision” are performance, cost, and schedule. In other words, if a vendor can provide a product or a service that best meets the performance specifications, at the lowest price, faster than anyone else, that vendor wins. That is until the new CMMC Standards are put into effect in 2021. From that point on, vendors will also be evaluated based on their ability to deliver those services in a secure environment. 

According to the ​website for the Office of the Under Secretary of Defense for Acquisition and Sustainment, “the Council of Economic Advisers, an agency within the Executive Office of the President, estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 Billion in 2016”.  Of most concern is the loss of Controlled Unclassified Information (CUI) from the defense contractor base increasing risk to United States national security.  The stated purpose behind the creation of CMMC is “to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB)”.  Additionally, CMMC will serve to verify that appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect CUI that resides on contractors’ networks. 

So, what does this mean to you? With over 350,000 estimated defense contractors and hundreds of thousands more subcontractors all seeking to maintain business continuity with the Department of Defense, the demand for training on compliance will be very high. We see several unique training opportunities: 

• CMMC Professionals – Defense contractors will need people who understand the regulations to create and implement programs that ensure compliance. 

• Assessors – C3PAOs (third-party Assessors) will need to train Assessors to conduct official reviews. From Level 1 to Level 5, we envision several courses that map to the Assessor Certification Exams. 

• Internal Assessors – Prior to an official assessment, defense contractors will run “mock reviews” to ensure they are ready for an official review—so internal staff will need to learn assessor skills. 

• Gap Closing – Example: Incident response is one domain with 13 practices required and contractors will need training to close gaps when required practices are not present. 

CMMC stands for Cybersecurity Maturity Model Certification. Like most other maturity models, there are domains and practices that map to levels.  CMMC has 5 levels of maturity and covers 17 domains with 171 practices that are reviewed.  Not all contractors need to be Level 5. In fact, many will be perfectly able to maintain DoD contracts at Level 1. But Logical Operations estimates that over 1.5 million people will need training in the very near future, and that number could easily triple.   

Logical Operations was recently named a Licensed Publishing Partner to CMMC-AB and we’ve begun the process to launch curriculum in early 2021. We expect this to be a high-growth opportunity for our training channel partners, not only for the certifications required by CMMC, but also for the gap closure skill building that many of the contractors will need to ensure compliance. That gap closing can start RIGHT NOW, and we suggest that you identify customers that are DoD contractors and ask them about their CMMC gaps—you can start training on those TODAY! 

• Expose your key accounts to a brief, 1-hour training on a topic of interest to them (you can sell them on it account-wide after they see the value) 
• Have your sales staff sit through the course so they can sell it better 
• Prepare your trainers to offer CyberSAFE in the future 
• Experience the best end-user security awareness course on the market for yourself 

• Identify the need for security.  
• Secure devices like desktops, laptops, and smartphones. 
• Learn to use the Internet securely.   

DDLS is the leading provider of information and communications technology training in Australasia. With vendor-authorised content and facilities, DDLS is focused on providing maximum return on training investment for all customers. Decades of experience and robust vendor relationships make DDLS well known for being in front of the technology curve. DDLS offers a large and varied portfolio of over 700 instructor-led technology training courses, delivered to over 15,000 students annually in training facilities or remotely. In today’s highly connected world, organisations are extremely vulnerable to attacks and cybercrime. Cybersecurity training is critical to protect networks, computers, and data. DDLS offers cybersecurity training to cater for all levels of an organisation—from front-line staff to highly experienced senior cybersecurity professionals. Partnering with leading vendors in the cybersecurity space, DDLS provides comprehensive cybersecurity training solutions for each customer.

Jeremy Daly, Cybersecurity Product Manager, DDLS, recently weighed in on how DDLS is helping their clients counter heightened cyber activity with the CyberSAFE training program:

“Malicious cyber activity against Australia is increasing in frequency, scale, and sophistication. A recent report from the Australian Cyber Security Centre showed a dramatic increase in malicious activity with phishing and spear phishing remaining the most common methods to collect personal information or user credentials to gain access to networks, or to distribute malicious content. There’s also been a huge rise in ransomware attacks which is one of the most significant threats given the potential impact on the operations of businesses and governments. In March, cyber criminals quickly adapted their phishing methods to take advantage of the COVID-19 pandemic and in June, Australia’s Prime Minister, Scott Morrison, took the unusual step of addressing the entire country with a warning that Australia was under a sustained cyber-attack."

"This is where DDLS sees CyberSAFE playing an important role for individuals and businesses alike. In the face of growing cyber-attacks, companies need to invest in cyber awareness training, going beyond annual, ‘tick-box’ training that so many companies still rely on. All employees, including managers and board members, need a basic ability to implement cyber resilience in the workplace through engaging, relevant, and ‘effective’ learning that provides the simple, practical advice to develop and sustain vigilance and resilient behaviours. This is where the demand for CyberSAFE is coming from. Not only does CyberSAFE help ensure that your end-users can identify the common risks associated with using conventional end-user technology, it also shows them how to safely protect themselves and their organisations from security risks. Only once we start doing this, can we start to help to secure workplaces, large and small, from malicious cyber activity.”

“Since launching CyberSAFE into Australia, we have undertaken a large amount of internal activities with our sales teams and staff across the business to help them understand just how important cyber awareness training is but also to better enable our sales teams to communicate confidently with their customers on the benefit of the program and why it is a solid investment. Some of our internal initiatives included a fantastic live webinar with a demonstration of the product from CertNexus’ President Jeff Felice with some engaging Q&A from our sales team. Off the back of that, we gave access to CyberSAFE training for everyone in the sales teams as well as our Senior Leadership Team, Finance Team, and even the Product team which I am part of,  to ensure they are trained and up to date on how to remain resilient day to day. This was also an excellent opportunity for the sales team, as it gave them a firsthand look at the customer experience of the product. We launched our partnership with CertNexus across various Australian tech media sites and headlined CyberSAFE in our monthly newsletter “U-Learn” with a link to our new Readiness assessment landing page inviting individuals and organisations alike to take the test and see if they are CyberSAFE. Heading into October, we are running a dedicated Cyber Call Out day and part of this initiative is for our team to talk to their customers about the importance of organizational wide cyber awareness training and the solution CyberSAFE offers,” added Daly. For more information about DDLS, visit https://www.ddls.com.au/.

• Cybersecurity Maturity Model Certification (CMMC): Certified Professional 
• Cybersecurity Maturity Model Certification (CMMC): Certified CA-1 Assessor 

• Cybersecurity expertise 
• Technical and management background in common IT practice areas 
• Auditor or assessor experience and general workplace abilities 

• Certified Information Systems Security Professional (CISSP®) 
• CyberSec First Responder™ (Exam CFR-310)*^ 
• CISM Essentials**  
• CISA Essentials**  
• ITIL® 4 Foundation 
• Cisco Solutions: Implementation and Administration (CCNA 200-301) 
• Microsoft® Windows Server® 2016 
• Database Design: A Modern Approach 
• SQL Querying: Fundamentals and Advanced  
• Introduction to Programming with Python® 
• Cyber Secure Coder (Exam CSC-210)* 
• Certified Internet of Things (IoT) Security Practitioner (Exam ITS-110)* 
• Project Management Essentials 
• Introduction to Agile and Scrum Methodologies 
• Problem-Solving Skills  
• Emotional Intelligence for Business Professionals 
• Effective Interpersonal Communication for Business Professionals 
• Finance and Budgeting Essentials for Business Professionals 

Logical Operations revises student and instructor materials based on technical changes, customer feedback, and our own assessment of necessary changes. The revision notes for the most recent updates are below as well as posted on the new Content Revisions page. Use this page as a resource to quickly access and view all revision details for any of our recent course updates. 

091030 Microsoft® 365 Office for the Web Productivity Apps Revision 1.0 to 2.0

Release Date: October 15, 2020

For Revision 2.0, releasing on October 15, the course material has been generally refreshed. The course has been retitled “Microsoft® 365 Office for the Web Productivity Apps.” The sequence of the lessons and topics remains the same; however, numerous maintenance-level changes to text, activities, screenshots, and slides were made throughout. Notable app changes include the fact that Microsoft Teams is now the primary collaboration app which replaces Skype for Business. The Flow app has been renamed as “Power Automate” but you still create flows to automate work processes. ​​​​(Keep in mind that Microsoft continues to make changes to the online version of Office as they see fit, so at any given time there may be discrepancies between the material in the curriculum and the live Office web interface.)

Reminder: When viewing a product on the store, check the Revision Information tab to see the summary description of the most recent revision for that product at any time.

Since it’s National Cybersecurity Awareness Month, let’s talk about getting your instructors prepped and ready to teach cybersecurity and emerging technologies. CertNexus understands that the biggest barrier to entry for offering any training is making sure your instructor is equipped with the materials and information they need to run a successful class. This is why CertNexus offers self-paced, train-the-trainer bundles on their certifications.

Looking ahead to 2021, the market will be looking for training in cybersecurity, AI, IoT, and data science. The opportunity now is to get your instructors prepped in the next three months for 2021. Get ready to offer the CertNexus portfolio of certifications by getting your trainers ready to teach them. 2021 is coming up fast, act now and get ready to offer your customers the training in cybersecurity, AI, IoT, and data science they’ll be asking for.

In honor of National Cybersecurity Awareness Month, we are bringing back the all-important reminder of customization. Cybersecurity cannot be overstated in our personal and professional lives. And at times, we need to choose specific topics and subject areas to focus in on to learn and apply. Therefore, customization is worth mentioning again because of its value add and cost effectiveness.      

Click on the link and we will show you how in under 6 minutes!

Scenario:

You might have students with some programming background but no Python experience who need to become functional with both Python programming and the most important principles of secure coding, all within a compressed 5-day time frame. This video will show you how to make it happen!

In this case, the content you want covered in class would be found in each of the following three books: 

• CertNexus Certified Cyber Secure Coder® (Exam CSC-210)

• Python® Programming: Introduction

• Python® Programming: Advanced

You can mix and match lessons and delete unwanted topics from each of these titles to make a 5-day Python Secure Coding Bootcamp of your own!  

Create your content using only the subject areas that pertain to your students, and then personalize it with subtext and footers plus your logo on the front cover. Looking to just add your logo? No problem! 

• View a sample Custom table of contents

• View a sample Custom cover

How to Order: 

You can submit an order for a quote online using our CustomCHOICE tool:

• Go to → store.logicaloperations.com → Log in → Choose “My Account” at the top of the screen → Choose “CustomCHOICE” on the left-hand navigation.  

• View a short CustomCHOICE demo to see how easy it is to get started:

• Or call me for a 1:1 demo today!

Andrea Montanarella

Manager, Custom Production

cprint@logicaloperations.com

1-800-456-4677—Option 4 | Direct: 585-350-7014