Logically Speaking June 2021: Build a Security-First Culture
June 16, 2021
Growth Opportunities

Building a Security-First Culture

by Jon O'Keefe, Technology Education Jedi


Organizations are looking to build a “security-first culture”, one where security topics are discussed and implemented at every level in the organization. Whether it be at the C-suite, the IT department, or in the call center, security is now more important than ever.

Your customers have three main fears when it comes to dealing with security:

  1. Crisis of Confidence – Customers want to deal with organizations that put security first. Over 50% of all businesses this year will experience a cybersecurity incident that could drive customers away.

  2. Reduction of Revenue – ItPerson working on computer with malware warning costs money to deal with a security incident. Colonial Pipeline just paid out 5 million dollars in ransomware money. Key systems going down are not cheap to fix, and most organizations can’t survive a major cybersecurity attack.

  3. Failure of Function – Businesses survive when things work correctly. Losing the ability to transact with your customers, or having your website go down for even a few hours can be catastrophic.  

The good news is that by implementing a security-first culture, most businesses can avoid these three fears.  

From a training perspective, this can be a lucrative experience for you as there isn’t a one-size-fits-all, security-first approach. Different parts of the organization will need different types of training. You can sell this security-first culture by offering security training in effective layers.

  1. Non-IT Leaders can benefit from the CertNexus IRBIZ™ class, which can give them an overview of how to handle a cybersecurity incident that is appropriate for their technical acumen.

  2. IT Leaders can benefit from CISSP®, a highly valued certification in the IT space. 

  3. Programmers can benefit from the CertNexus Cyber Secure Coder certification, which puts security by design principles at the forefront of coding and application design.

  4. Engineers can benefit from the CertNexus Certified IoT Security Practitioner (CIoTSP) certification, which helps put security by design principles into the rapidly expanding IoT frontier.

  5. IT Professionals can benefit from Dark Web Council’s Certified Dark Web Analyst certification, which is a one-of-a-kind training opportunity for the Good Guys to learn how to the use the Bad Guys’ tools against them.

  6. EVERYONE can benefit from the CertNexus CyberSAFE class and micro-credential, as it teaches best practices on how to be safe online.

If you’d like to get started on helping your clients with their “security-first culture” requirements, we can help you.  

Contact me at JediJon@logicaloperations.com for help with these classes, webinars, marketing and sales support, or anything you might need to make this a success for you.  

Keys to Selling

ALIAS: All Level IT & Application Security

by Jim Gabalski, VP, Sales and Marketing


The key to selling security training is to offer the right level of training to the right audience. ALIAS is a really simple way to remember this concept and you can expect to hear more about ALIAS training solutions from Logical Operations in the weeks and months to come. The concept is quite simple and involves two simple steps: (1) determine what job role a person is in, and (2) offer them the training that best fits their role. Here’s how it works: 

Job Role 

Best Fit Training 

Non-IT, General Worker 

CyberSAFE: This group of people do not specialize in information technology but represent the largest population of trainees. They are also the weakest link and the likely target of most security threats. CyberSAFE teaches basic behavioral modifications that will significantly reduce a company’s risk of breach. 

Application Developer 

Cyber Secure Coder: Application developers create tools that businesses and customers use, such as a website. Security by design principles taught in CSC can be applied to any development language and, when put into practice by the Application Developer, close “common holes” left in applications that hackers exploit. 

IoT Engineer/Developer 

CIoTSP: As many companies engineer and deploy IoT applications that leverage customer networks and the Internet, security risks increase exponentially. CIoTSP, or Certified IoT Security Practitioner, teaches how to build IoT applications that are secure. Imagine what could happen if someone hacked your IoT-enabled Smart TV. 

IT Security Specialist 

CFR & CDWA: The Security Specialist is on the front line and will likely be the First Responder when a breach occurs, and they will occur. CyberSec First Responder teaches the IT Professional how to Identify, Isolate, Remediate, and Prevent future occurrences of a threat.  

Certified Dark Web Analyst training teaches how to safely use the Dark Web to identify pending threats by “listening in” on hacker conversations. It also provides instruction on how to prepare data for recovery in the event it is exfiltrated. And finally, CDWA teaches how to actually recover data.


IT Security Auditor 

CISA & CDWA: Security Auditors review breaches and threats and determine the best course of action to reduce risk of future threats. Certified Information Systems Auditor (CISA) teaches the IT auditor how to assess information systems, security controls, and vulnerabilities with improvement or “hardening” of systems’ security as the focus. 

CDWA provides the CISA candidate with access to “what the bad guys are talking about”. Taking this course will provide the Auditor with the skills needed to identify pending threats to audit systems against. 

IT Security Manager  

CISM: IT Professionals in management positions that include management of security professionals and/or processes require skills specific to the topic of security management. Certified Information Security Manager (CISM) is aimed at those professionals and prepares the candidate to sit for the ISACA CISM Certification Exam. 

IT Security Director 

CISSP: CISSP: The Security Director sets strategy and policy for IT security within an organization.  Certified Information Systems Security Professional expands the knowledge of the candidate by exploring the essentials of each of the 8 domains of the Common Body of Knowledge for information systems security professionals, preparing them for leadership and policy setting roles. 


Senior Management 

IRBIZ: Senior Managers just need the basics.  Incident Response for Business Professionals provides just that. Company executives and senior leaders are ultimately responsible for complying with incident response legislation. This course focuses on the knowledge, resources, and skills necessary to comply with incident response and incident handling process requirements. 

IT Security is in the news these days and incidents will likely continue to rise. Addressing the threat of hacks and preparing for the eventuality of a breach is a common topic in many boardrooms.  Be ready to answer the request for training using the above grid. And know that Logical Operations provides you with the training materials needed to train security at all levels.  

Curriculum Corner

CyberSAFE: The Best Way to Achieve a Security-First Culture

by Nancy Curtis, VP, Content


CyberSAFE logoIf you truly want to create a security-first culture, the best way is to start at the staff level and build it from the ground up. The best way to achieve that goal is an effective security awareness training program. And the best way to roll out effective security awareness is with CertNexus’ CyberSAFE training and credential.   

The CyberSAFE program is:  

  • Affordable, with package pricing to suit any size organization. 
  • Scalable, reaching any number of staff through the CHOICE delivery platform. 
  • Flexible, with both self-paced and instructor-led modalities available. 
  • And above all, effective.  

How do I know CyberSAFE is effective? Because Logical Operations doesn’t just promote the CertNexus CyberSAFE program, we live it.  All LO employees need to certify as CyberSAFE when first hired, and we all refresh our credential at regular intervals.    

People looking at computerDave Stagnitto, LO’s Chief Operating Officer, has oversight of our IT security programs. Dave reports: “Our end-user breaches went down over 40% after rolling out CyberSAFE company wide. Plus, end users are now savvy enough to send us suspicious emails and web notifications so we can investigate them proactively. This means we are now preventing breaches before they occur, rather than cleaning up after attacks.” 

CyberSAFE helps every member of your organization to adopt a mindset of “security first, last, and always.” We invite you to explore how CyberSAFE can be your best way to a security-first culture.   




Development vs. Secure Development: An IoT Case Study

by Brian Wilson, Senior Instructional Designer


The massive stone walls of ancient Troy took a long time and significant resources to build. Yet the fortress was defeated in a single moment, when someone made the bad decision to let in a giant wooden horse left as a parting gift from the Greeks.  

Maintaining safety in a modern enterprise is also challenging, and just as dependent on the quality of decisions made by individuals. Not only do organizations have to worry about physical security (the kind provided by stone walls), they must also be concerned about the security of things that can’t necessarily be seen or touched – like cybersecurity, data privacy, regulatory compliance, and numerous other concerns of our modern, complicated world. 

Hand holding a tablet with IoT graphicsTo help manage the complexity, some organizations have turned to technologies such as the Internet of Things (IoT) and machine learning. For example, running a casino is a complicated business. Not only do operators have to manage the gaming floor, they also have to run a hotel, food service operations, parking garage, shuttle service, and myriad other concerns. Doing the job well requires information. To that end, a casino business might use IoT devices to monitor security cameras for unusual patterns of foot traffic or customer behavior. They could monitor food safety temperatures in their kitchens and serving areas. They might even use IoT devices to regulate the temperature and cleanliness of those enormous fish tanks in the lobby. 

But, as with many business decisions, benefits are often accompanied by risks. You may have heard about the case of the casino that was hacked through its Internet-connected fish tank. While many consumer-oriented devices can be set up and used by almost anyone (like the guy who got tired of scraping the green stuff off the sides of the fish tanks, for example), the people setting up those devices may not always be fully aware of the risks. They may be introducing a trojan horse to the organization, or opening the gateway to other sorts of malware and cyber attacking ne’er-do-wells. 

Technologies like IoT can help an organization manage complexity. But when the organization doesn’t have a culture that puts security first, technology can actually make the situation worse. In a “security first” organization, all members of the organization would be trained in CyberSAFE practices and would learn to question the security of ad hoc solutions. The use of appropriate technology would be embraced and supported, but solutions would be planned, designed, and implemented by a team knowledgeable in security implications, and the systems used to actively monitor and protect the organization’s networks would be aware of any new devices added to the organization’s wired and wireless networks. 

That’s the difference between IoT development and secure IoT development – and that’s the difference that the CertNexus Certified Internet of Things (IoT) Security Practitioner (Exam ITS-110) course and exam can make to your IoT project.   






Latest Product Highlights




Content Revisions


Logical Operations revises student and instructor materials based on technical changes, customer feedback, and our own assessment of necessary changes. The revision notes for the most recent updates are below as well as posted on the new Content Revisions page. Use this page as a resource to quickly access and view all revision details for any of our recent course updates. 

Reminder: When viewing a product on the store, check the Revision Information tab to see the summary description of the most recent revision for that product at any time.


Screenshot of revision field on Logical Operations store

Curriculum Corner
Teaching Prep



Customization Options for Content that Maps to a Certification

by Andrea Montanarella, Manager, Custom Production


CustomCHOICE logoSecurity offers many layers of growth opportunities and so does Custom for both the student and instructor.  

In our last webinar on May 25th, we did a demo of CISSP® 6th edition. If you didn’t catch it – you can view it here.

Whatever you choose to customize, there are always options available.   

However, with CISSP you can mix and match lessons, delete topics, and add your logo and personalization. If you do not have a need for customization, just pop your logo on the front cover and call it a day with branding!  

  • Branding  
  • Reordering  
  • Customizing  
  • Custom Logo  

We are here for you. Reach out to discuss your goals, options, and requirements. You will be glad you did!  

Andrea Montanarella headshot

Andrea Montanarella

Manager, Custom Production


1-800-456-4677—Option 4 | Direct: 585-350-7014 

Inside LO