Newsletters
Logically Speaking June 2021: Build a Security-First Culture
June 16, 2021

Security-first culture. As cyber threats continue to grow and ransomware attackers are more emboldened, the best defense is an organization that thinks “security” first, at all levels. In this issue of Logically Speaking, we share the Logical Operations point of view on how an organization can best prepare for modern cyber threats through training and certification. We hope you find this helpful in your discussions with your clients.

Jim Gabalski
VP, Sales and Marketing

In this issue:
 
Growth Opportunities
 
 

Building a Security-First Culture

by Jon O'Keefe, Technology Education Jedi
 

Organizations are looking to build a “security-first culture”, one where security topics are discussed and implemented at every level in the organization. Whether it be at the C-suite, the IT department, or in the call center, security is now more important than ever.

Your customers have three main fears when it comes to dealing with security:

  1. Crisis of Confidence – Customers want to deal with organizations that put security first. Over 50% of all businesses this year will experience a cybersecurity incident that could drive customers away.

  2. Reduction of Revenue – ItPerson working on computer with malware warning costs money to deal with a security incident. Colonial Pipeline just paid out 5 million dollars in ransomware money. Key systems going down are not cheap to fix, and most organizations can’t survive a major cybersecurity attack.

  3. Failure of Function – Businesses survive when things work correctly. Losing the ability to transact with your customers, or having your website go down for even a few hours can be catastrophic.  

The good news is that by implementing a security-first culture, most businesses can avoid these three fears.  

From a training perspective, this can be a lucrative experience for you as there isn’t a one-size-fits-all, security-first approach. Different parts of the organization will need different types of training. You can sell this security-first culture by offering security training in effective layers.

  1. Non-IT Leaders can benefit from the CertNexus IRBIZ™ class, which can give them an overview of how to handle a cybersecurity incident that is appropriate for their technical acumen.

  2. IT Leaders can benefit from CISSP®, a highly valued certification in the IT space. 

  3. Programmers can benefit from the CertNexus Cyber Secure Coder certification, which puts security by design principles at the forefront of coding and application design.

  4. Engineers can benefit from the CertNexus Certified IoT Security Practitioner (CIoTSP) certification, which helps put security by design principles into the rapidly expanding IoT frontier.

  5. IT Professionals can benefit from Dark Web Council’s Certified Dark Web Analyst certification, which is a one-of-a-kind training opportunity for the Good Guys to learn how to the use the Bad Guys’ tools against them.

  6. EVERYONE can benefit from the CertNexus CyberSAFE class and micro-credential, as it teaches best practices on how to be safe online.

If you’d like to get started on helping your clients with their “security-first culture” requirements, we can help you.  

Contact me at JediJon@logicaloperations.com for help with these classes, webinars, marketing and sales support, or anything you might need to make this a success for you.  

 
 
Keys to Selling
 
 

ALIAS: All Level IT & Application Security

by Jim Gabalski, VP, Sales and Marketing
 

The key to selling security training is to offer the right level of training to the right audience. ALIAS is a really simple way to remember this concept and you can expect to hear more about ALIAS training solutions from Logical Operations in the weeks and months to come. The concept is quite simple and involves two simple steps: (1) determine what job role a person is in, and (2) offer them the training that best fits their role. Here’s how it works: 

Job Role 

Best Fit Training 

Non-IT, General Worker 

CyberSAFE: This group of people do not specialize in information technology but represent the largest population of trainees. They are also the weakest link and the likely target of most security threats. CyberSAFE teaches basic behavioral modifications that will significantly reduce a company’s risk of breach. 

Application Developer 

Cyber Secure Coder: Application developers create tools that businesses and customers use, such as a website. Security by design principles taught in CSC can be applied to any development language and, when put into practice by the Application Developer, close “common holes” left in applications that hackers exploit. 

IoT Engineer/Developer 

CIoTSP: As many companies engineer and deploy IoT applications that leverage customer networks and the Internet, security risks increase exponentially. CIoTSP, or Certified IoT Security Practitioner, teaches how to build IoT applications that are secure. Imagine what could happen if someone hacked your IoT-enabled Smart TV. 

IT Security Specialist 

CFR & CDWA: The Security Specialist is on the front line and will likely be the First Responder when a breach occurs, and they will occur. CyberSec First Responder teaches the IT Professional how to Identify, Isolate, Remediate, and Prevent future occurrences of a threat.  

Certified Dark Web Analyst training teaches how to safely use the Dark Web to identify pending threats by “listening in” on hacker conversations. It also provides instruction on how to prepare data for recovery in the event it is exfiltrated. And finally, CDWA teaches how to actually recover data.

 

IT Security Auditor 

CISA & CDWA: Security Auditors review breaches and threats and determine the best course of action to reduce risk of future threats. Certified Information Systems Auditor (CISA) teaches the IT auditor how to assess information systems, security controls, and vulnerabilities with improvement or “hardening” of systems’ security as the focus. 

CDWA provides the CISA candidate with access to “what the bad guys are talking about”. Taking this course will provide the Auditor with the skills needed to identify pending threats to audit systems against. 

IT Security Manager  

CISM: IT Professionals in management positions that include management of security professionals and/or processes require skills specific to the topic of security management. Certified Information Security Manager (CISM) is aimed at those professionals and prepares the candidate to sit for the ISACA CISM Certification Exam. 

IT Security Director 

CISSP: CISSP: The Security Director sets strategy and policy for IT security within an organization.  Certified Information Systems Security Professional expands the knowledge of the candidate by exploring the essentials of each of the 8 domains of the Common Body of Knowledge for information systems security professionals, preparing them for leadership and policy setting roles. 

 

Senior Management 

IRBIZ: Senior Managers just need the basics.  Incident Response for Business Professionals provides just that. Company executives and senior leaders are ultimately responsible for complying with incident response legislation. This course focuses on the knowledge, resources, and skills necessary to comply with incident response and incident handling process requirements. 

IT Security is in the news these days and incidents will likely continue to rise. Addressing the threat of hacks and preparing for the eventuality of a breach is a common topic in many boardrooms.  Be ready to answer the request for training using the above grid. And know that Logical Operations provides you with the training materials needed to train security at all levels.  
 
Curriculum Corner
 
 

CyberSAFE: The Best Way to Achieve a Security-First Culture

by Nancy Curtis, VP, Content
 

CyberSAFE logoIf you truly want to create a security-first culture, the best way is to start at the staff level and build it from the ground up. The best way to achieve that goal is an effective security awareness training program. And the best way to roll out effective security awareness is with CertNexus’ CyberSAFE training and credential.   

The CyberSAFE program is:  

  • Affordable, with package pricing to suit any size organization. 
  • Scalable, reaching any number of staff through the CHOICE delivery platform. 
  • Flexible, with both self-paced and instructor-led modalities available. 
  • And above all, effective.  

How do I know CyberSAFE is effective? Because Logical Operations doesn’t just promote the CertNexus CyberSAFE program, we live it.  All LO employees need to certify as CyberSAFE when first hired, and we all refresh our credential at regular intervals.    

People looking at computerDave Stagnitto, LO’s Chief Operating Officer, has oversight of our IT security programs. Dave reports: “Our end-user breaches went down over 40% after rolling out CyberSAFE company wide. Plus, end users are now savvy enough to send us suspicious emails and web notifications so we can investigate them proactively. This means we are now preventing breaches before they occur, rather than cleaning up after attacks.” 

CyberSAFE helps every member of your organization to adopt a mindset of “security first, last, and always.” We invite you to explore how CyberSAFE can be your best way to a security-first culture.   
 

________________________________________

 

Development vs. Secure Development: An IoT Case Study

by Brian Wilson, Senior Instructional Designer
 

The massive stone walls of ancient Troy took a long time and significant resources to build. Yet the fortress was defeated in a single moment, when someone made the bad decision to let in a giant wooden horse left as a parting gift from the Greeks.  

Maintaining safety in a modern enterprise is also challenging, and just as dependent on the quality of decisions made by individuals. Not only do organizations have to worry about physical security (the kind provided by stone walls), they must also be concerned about the security of things that can’t necessarily be seen or touched – like cybersecurity, data privacy, regulatory compliance, and numerous other concerns of our modern, complicated world. 

Hand holding a tablet with IoT graphicsTo help manage the complexity, some organizations have turned to technologies such as the Internet of Things (IoT) and machine learning. For example, running a casino is a complicated business. Not only do operators have to manage the gaming floor, they also have to run a hotel, food service operations, parking garage, shuttle service, and myriad other concerns. Doing the job well requires information. To that end, a casino business might use IoT devices to monitor security cameras for unusual patterns of foot traffic or customer behavior. They could monitor food safety temperatures in their kitchens and serving areas. They might even use IoT devices to regulate the temperature and cleanliness of those enormous fish tanks in the lobby. 

But, as with many business decisions, benefits are often accompanied by risks. You may have heard about the case of the casino that was hacked through its Internet-connected fish tank. While many consumer-oriented devices can be set up and used by almost anyone (like the guy who got tired of scraping the green stuff off the sides of the fish tanks, for example), the people setting up those devices may not always be fully aware of the risks. They may be introducing a trojan horse to the organization, or opening the gateway to other sorts of malware and cyber attacking ne’er-do-wells. 

Technologies like IoT can help an organization manage complexity. But when the organization doesn’t have a culture that puts security first, technology can actually make the situation worse. In a “security first” organization, all members of the organization would be trained in CyberSAFE practices and would learn to question the security of ad hoc solutions. The use of appropriate technology would be embraced and supported, but solutions would be planned, designed, and implemented by a team knowledgeable in security implications, and the systems used to actively monitor and protect the organization’s networks would be aware of any new devices added to the organization’s wired and wireless networks. 

That’s the difference between IoT development and secure IoT development – and that’s the difference that the CertNexus Certified Internet of Things (IoT) Security Practitioner (Exam ITS-110) course and exam can make to your IoT project.   
 

________________________________________
 

LinkedIn iconJoin the Logical Operations Instructor Community on LinkedIn. 
It is a place for instructors to connect with colleagues to share ideas, feedback, and insights related to instructor-led training. 
 

________________________________________
 

Latest Product Highlights
 
 
 
  Download the latest Product Summary Guide to see the full list of available titles and recent updates >  
 
 

________________________________________

 

Content Revisions
 

Logical Operations revises student and instructor materials based on technical changes, customer feedback, and our own assessment of necessary changes. The revision notes for the most recent updates are below as well as posted on the new Content Revisions page. Use this page as a resource to quickly access and view all revision details for any of our recent course updates. 

Reminder: When viewing a product on the store, check the Revision Information tab to see the summary description of the most recent revision for that product at any time.

 

Screenshot of revision field on Logical Operations store
 
 
Curriculum Corner
 
 

CertNexus: Built to Validate Emerging Job Skills

by Bill Rosenthal, CEO, CertNexus

 

Bill Rosenthal Portrait

Bill Rosenthal
CEO, CertNexus

​​​​When I envisioned CertNexus, my primary thinking surrounded the growth of Emerging Job Roles and creating a suite of vendor-neutral certifications that validated people had the skills to perform in those roles. In most cases, those emerging jobs relied on emerging technologies and there were no certifications that validated expertise in those technologies. One example is Internet of Things Engineer/Developer. 

At CertNexus, we chose to certify our flagship exams by ANAB (American National Accreditation Board) – one of only a handful of companies in our space to do so – to meet our goal of utilizing a rigorous process for certification development for all our certifications that would be recognized globally as meeting to “gold standard” of certifications. Keeping it simple, here are the primary steps: 

  1.  JTA – Job Task Analysis involves the use of industry experts to identify the tasks a professional needs to perform to function in a role.  Using CIoTSP as an example, we explored what a practitioner needs to do to complete secure IoT projects.  We document what people need to know to perform tasks, what those skill categories are, and what weighting each category should have as it relates to the role.   

  2. Exam Blueprint – The result of the JTA is the exam blueprint against which training content providers can build course materials and industry experts can author exam questions. Exam questions are not shared with content developers in compliance with our rigorous policies which align to the ISO 17024 standards recognized by ANAB. 

  3. Certification Validation – Certifications are then validated to a broader sample of industry practitioners utilizing psychometrics of beta exams and/or standard setting. Analysis from this validation determines the passing score of the exam.  

  4. Exam Development – While our content team is finalizing training materials, the exam is released with a passing score.  

CertNexus logoEmerging job roles that we are focused on include Cybersecurity, IoT, Data Science, Artificial Intelligence, Machine Learning, and Data Ethics. If you look on your favorite job site or read business news from your preferred news source, you will see that these are in demand categories with hundreds of thousands of unfilled jobs — for example, there was a recent report that said there are over 500,000 unfilled Cybersecurity jobs in the United States. CertNexus provides the certifications that validate skills needed to perform in these emerging roles and Logical Operations provides the training content needed to get people ready to succeed on the exams. 

 
 
Teaching Prep
 
 

Insights from a CyberSec First Responder (CFR) Instructor 

by Al Wills, (CFR, CySA+, MCSE), Senior Technical Instructor, New Horizons at Logical Operations 

 
Al Wills Portrait

Al Wills
Senior Technical Instructor
New Horizons at
Logical Operations
 

​​​​​I’ve been delivering security and technology classes to IT professionals for over twenty years.  My instructional career grew from my own experiences working in IT. My classroom and my field experiences allow me to realize what IT leaders and practitioners need to get out of their time spent in security training:  

  • Insights into today’s threat landscape; how it now extends further than your data center.  
  • Taking a comprehensive approach to risk management.  It’s more than end-user training, patch management, and online research. 
  • Using a variety of cybersecurity principles and tools to reveal actionable intelligence.  
  • Deploying proper mitigation practices on any platform, in any location. 
  • Taking a more proactive vs. reactive approach to security.  
  • Understanding how security affects all aspects of an organization. 
  • Employing good evidence collection, preservation, and forensic practices when attacks do happen. 
  • Reinforcing learning with realistic, hands-on practice in a safe, sandbox environment.  

CyberSec First Responder (CFR) meets all these needs, and that’s why it’s one of my favorite – and most frequent – classes to teach.  My students tell me that the 5 days they spend away from their operations to attend CFR is more than justified by the positive impacts on their business. 
 

________________________________________

 

Customization Options for Content that Maps to a Certification

by Andrea Montanarella, Manager, Custom Production
 

CustomCHOICE logoSecurity offers many layers of growth opportunities and so does Custom for both the student and instructor.  

In our last webinar on May 25th, we did a demo of CISSP® 6th edition. If you didn’t catch it – you can view it here.

Whatever you choose to customize, there are always options available.   

However, with CISSP you can mix and match lessons, delete topics, and add your logo and personalization. If you do not have a need for customization, just pop your logo on the front cover and call it a day with branding!  

  • Branding  
  • Reordering  
  • Customizing  
  • Custom Logo  

We are here for you. Reach out to discuss your goals, options, and requirements. You will be glad you did!  

Andrea Montanarella headshot

Andrea Montanarella

Manager, Custom Production

cprint@logicaloperations.com

1-800-456-4677—Option 4 | Direct: 585-350-7014 

 
 
Inside LO
 
 
 


Graham Richards Portrait

Graham Richards
Support Specialist ​and
Facilities Manager​​​​
 

Meet Graham Richards

My IT journey with LO started about 4 years ago. Before that, I lived in Cleveland, Ohio and worked as a field manager and network technician. I started out primarily working internal helpdesk and quickly branched into the infrastructure administrator. 

My current title as Support Specialist and Facilities Manager does not fully describe my wide swath of duties. My primary focus now is data backup and security. In this world of ever-sophisticated phishing, hacking, and ransom attacks, Multi-factor Authentication, backups, and failovers are more important than ever. This includes making sure there are multiple onsite and cloud backups of our integral business data, making sure everything from end-user machines to storage and production servers are encrypted, backed up, and use MFA as often and whenever possible. Perhaps the most important, and most overlooked, part of protecting your data and business from attacks is making sure end-users are aware of common phishing attacks and that they feel comfortable coming to IT when they have questions about suspicious emails or activity on their machines. Providing a comfortable helpdesk environment is something I strive for in my overall plan to prevent data loss and maintaining healthy IT infrastructure. 
 

Let’s Talk.
Whether you need support or just want to connect, our team is here for you.
© Copyright 2012-2024 Logical Operations, Inc. All rights reserved.
All trademarks and logos are the property of their respective owners.