|
This newsletter is about CMMC and the training opportunities it creates. While the past few weeks have seen a great deal of change for the CMMC standard, the commitment to hardening cybersecurity remains, both by the DoD and the DIB. So read on! Much is different about CMMC, but the training opportunity it creates remains HUGE.
Jim Gabalski
VP, Sales and Marketing
In this issue:
|
|
|
|
|
|
|
|
|
|
CMMC 1.0 Stalls - DIB Cybersecurity to Align with NIST 800
by Jim Gabalski, VP, Sales and Marketing
|
| |
|
 The CMMC 1.0 rollout hit a wall last week when the Department of Defense (DoD) released CMMC 2.0. In short, the CMMC 2.0 model introduces significant changes that include (1) a reduction in the number of levels --- there are now 3 levels instead of 5, (2) elimination of the maturity processes --- do, document, manage, measure, optimize, and (3) limitation of third-party assessments by C3PAOs --- Level 1 organizations and some Level 2 organizations can now self-attest. But what has not changed is that the DoD is steadfast in the requirement that all members of the Defense Industrial Base (DIB) enhance their cybersecurity practices to earn or maintain contract status. And that is why a significant training opportunity remains!
The DoD decided that the CMMC requirement will align with the well-known NIST 800–171/172 standard. This will make compliance straightforward while streamlining assessment by using existing processes and resources. The 17 domains and 171 practices associated with CMMC 1.0, many of which were developed exclusively for CMMC, are now replaced with the 14 domains and 110 practices of the well-understood NIST 800 standard. The domains associated with NIST still include the “biggies” from CMMC that provide you with opportunities to train, including Incident Response (7 Controls), Awareness and Training (3 Controls), Access (24 Controls), Maintenance (7 Controls), and Media Protection (8 Controls). MOST IMPORTANT: A senior member of the DIB organization must sign off, or self-attest, on compliance with all controls OR be assessed by a third-party or DIBCAC Assessor and pass that assessment. In other words, they MUST demonstrate compliance to maintain a DoD vendor contract.
What you can expect in the coming weeks is a thorough briefing from Logical Operations on how best to seize this opportunity. Yes, the model has changed and the swiftness of that change and the degree of change has shocked the CMMC-training ecosystem, as only recently did the CCP exam go into beta and training materials achieve CATM approval. Disappointing? For sure. But the opportunity to train IT professionals in the DIB to strengthen their cybersecurity practices and, in turn, increase national security is too important to let the disappointment distract us from that purpose.
Be on the lookout for emails and invitations to webinars that will help you better understand the CMMC 2.0 model and how you can take advantage of the training opportunities it affords.
|
|
|
|
|
|
|
CyberSAFE: The One Class EVERYONE Needs
by Jon O'Keefe, Technology Education Jedi
|
| |
|
 Every single one of your customers uses computers and the Internet. That is a phrase so rarely uttered in the training world that it bears repeating: Every single one of your customers uses computers and the Internet.
While some of your customers may come to you for Excel®, project management, or leadership skills, the one thing they have in common is that they use a device every day that connects to the Internet, and that creates risk.
Here are some facts about the current state of cybercrime:
-
According to TechRadar, 90% of cybersecurity incidents are caused by end users.
-
According to Hiscox, 50% of small businesses will suffer a cybersecurity incident in the next 12 months.
The average cost of a data breach has risen by 10% year over year, and is now $4.24 million.
-
According to the National Conference of State Legislatures (NCSL), almost every state in the United States has enacted or is considering enacting legislation on end-user cybersecurity awareness training.
This should paint a picture for you. Your customers are all vulnerable to cybercrime because cybercriminals are targeting the everyday employee with phishing attacks and social engineering. Every business is susceptible to this, and with the increasing number of remote workers, we are seeing more attacks than ever.
Therefore, most states are mandating some form of end-user cyber awareness training, and you have the opportunity to offer the best with CyberSAFE. This class stands above other similar offerings in its ease of delivery and knowledge validation that comes in the form of a CyberSAFE certificate after the student completes a simple online exam. This can aid compliance personnel in meeting state and federal regulations, and help you win that all-important bid.
|
|
|
|
|
|
Bridging the Gap between CFR-310 and CFR-410
by Jason Nufryk, Instructional Designer
|
| |
|
 A new version of CyberSec First Responder® is arriving soon, and Logical Operations, in partnership with CertNexus, is excited once again to have developed instructor-led training for this high-stakes, cybersecurity certification. The new CFR-410 courseware is very similar to its 310 predecessor. However, there are some important ways in which the two diverge, and I’d like to use this opportunity to give you a brief, high-level overview of those changes.
First, like any courseware based on a certification, development on CFR-410 was initiated by a new version of the exam. The blueprint for the CFR-410 exam is structurally much different than previous iterations. The domains are now based on active job tasks rather than general concepts. The scope of the exam has also widened to include more than just incident response, reflecting the need for first responders to integrate with every part of an organization’s cybersecurity operations.
 Still, you’ll find that much of the actual detail of the exam objectives is familiar. That’s why the CFR-410 course hasn’t deviated too much from the 310 version. One thing that has prompted a change is the “Protect” domain in the new blueprint. This domain focuses on proactive security architecting. As a result, the 410 course includes a new topic on cybersecurity auditing, as well as some additional content that touches on areas like identity and access management (IAM), patch management, and so on.
Another major change you should be aware of is that the lessons on vulnerability management (Lesson 6 in CFR-310) and penetration testing (Lesson 7 in CFR-310) have been consolidated into a single lesson on assessing the organization’s security posture (Lesson 6 in CFR-410), with the new auditing topic as the lead. This is the most prominent example of an overall effort to trim some of the course content to keep it within a reasonable five days of training, while still affording time to the new material.
There are other changes, like the inclusion of a new widescreen PowerPoint template, and a new visual overhaul of the course images. There are also changes to some activities to make them more robust and valuable to the student, as well as using new versions of Windows® and Kali Linux™. The rest are too numerous to list here, so be on the lookout for an upcoming video in which I’ll be walking through the CFR-310 to CFR-410 bridge document in much more detail.
|
|
|
|
_______________________________________
|
Designing CyberSAFE for Everyone
by Megan Smith Branch, Chief Operating and Product Officer, CertNexus
|
| |
|
 When we develop our curriculum at CertNexus, we always begin with the blueprint as a guide. Typically, this is done for high-stakes certifications, but at CertNexus, we follow the same process for our micro credentials as we do for our high-stakes, proctored exams. To develop our blueprint, we perform a job task analysis by engaging subject matter experts. Our upcoming CyberSAFE program is no exception. With the demands of directives such as CMMC, it is even more important that we apply a rigorous process to all our credential programs to provide organizations the assurance that their employees understand and are active participants in securing their organization’s data.
 As we begin revising the CyberSAFE program for release in early 2022, we want to highlight the diverse team that we have involved for this revision. Globally, we have representation from the Middle East, Singapore, United States, UK, EU, and South America. Our experts include instructors, CISOs, Security Architects, Security Consultants, and owners of businesses that have implemented end-user, cyber compliance programs. Our group is 40% female and racially diverse.
Why is this as important as the rigorous job task analysis? When a training program is designed, it is inherently representative of its creators. By engaging various points of view, we design products that are not limited by region or experience. This is even more important when we are designing a product which is intended for all end users. For more details on contributors of all our credentials, check out the contributors’ sections on the certification’s pages at certnexus.com. CyberSAFE (CBS-410) will be available in early 2022.
|
|
|
|
|
|
|
|
Latest Product Highlights
|
| |
|
|
|
|
|
|
|
_______________________________________
|
Content Revisions
|
| |
|
Logical Operations revises student and instructor materials based on technical changes, customer feedback, and our own assessment of necessary changes. The revision notes for the most recent updates are below as well as posted on the new Content Revisions page. Use this page as a resource to quickly access and view all revision details for any of our recent course updates.
095212 - Microsoft® Power BI®: Data Analysis Professional (Second Edition)
For revision 1.2, released November 2021, updates were made to address certification changes, customer feedback, and interface changes, including to Microsoft Edge.
095211 - Microsoft® Power BI®: Data Analysis Practitioner (Second Edition)
For revision 1.2, released November 2021, updates were made to address customer feedback as well as interface changes, including to Microsoft Edge.
Reminder: When viewing a product on the store, check the Revision Information tab to see the summary description of the most recent revision for that product at any time.
|
|
|
|
|
|
November 2021 Instructor Excellence Award: Semih Kumluk
As the Digital Training Manager at PwC’s Academy Middle East, Semih Kumluk designs, develops, and delivers custom-designed upskilling programs in Data Analytics, Artificial Intelligence, Cybersecurity, Cloud, and Blockchain. Semih combines real-world business and digital experiences in FMCG, Telecommunications and Consulting with formal education that includes several university degrees and professional certifications. As a practitioner and consultant, Semih utilizes his data skills to interpret business data of nearly any shape and leverages emerging technologies to extract practical, strategic insights.
Semih believes in the power of the emerging technologies and is recognized for instructional excellence around the world in Data Analytics, Artificial Intelligence, Emerging Technologies, and Design Thinking. With a personal mission of easing the lives of human beings both in terms of business and daily lives, his purpose is to increase usage of technology by increasing the awareness of it and developing skills in people who will create solutions from these technologies. “This is what drives me to continue upskilling more people every day," says Semih.
As Artificial Intelligence continues to grow and evolve rapidly, Semih has advice for professionals entering the field. “The first step in having a career in AI is mindset: being very aware about what AI is, how it works, and most importantly, what use cases you can relate to.” According to Semih, this will help you define opportunities and create an AI strategy. The next step is improving your knowledge, “What needs to be done to execute your AI strategy, how algorithms work, which algorithm is the best for your use case, and how to implement them,” says Semih. The final step is developing your skills. “At this level you master the algorithms, you gain hands-on experience and you become certified to showcase your skills to employers.”
Although many have had to make the big adjustment of teaching virtually in response to the impact of COVID-19, Semih already had experience conducting workshops virtually with participants from all around the world. “When all of our training programs moved online, I went back to remember and utilize my previous experiences.” Semih believes that one of the biggest challenges of online teaching is student engagement, so he explored many alternative ways of interacting with participants such as polls, quizzes, games, breakout rooms, etc. “We had to move quickly to convert our programs for online delivery. I played a pivotal role in sharing my experience and how to use the online tools with our trainers. I am enjoying it a lot --- mainly because it removes boundaries.” Since the beginning of COVID-19, Semih has delivered classes to participants based in the US, Jamaica, Europe, Sri Lanka, Singapore, New Zealand, and other locations around the world.
Semih is excited for what’s to come. “I am constantly upskilling myself and exploring new topics to teach and this excites me. I am on my way to delivering emerging technology topics such as Cloud, RPA and Data Privacy courses in the coming year.”
In his free time, Semih’s favorite activity is traveling to new countries.
_______________________________________
|
|
|
|
|
|
|
|
|
|
November 2021 Instructor Excellence Award: Hamid Aougab
| |
|
Hamid Aougab
Agilist, System Engineer,Technology Strategist,and EducatorConnect on LinkedIn
|
| |
|
Hamid Aougab is an Agilist, system engineer, technology strategist and educator with 25 + years of experience. His teaching expertise includes Project Management, Agile, Scrum, and Systems Engineering. Over his career, Hamid has worked and consulted with government agencies, privately owned companies, and large multinational corporations.
Hamid’s formal education gave him a start in software and systems engineering. He moved into project management when he realized that good or bad project management practices were the biggest contributor to the success or failure of a project. He expanded his project management capability by moving into Scrum and Agile to help address the constant, rapid changes that impact most projects. “I am always looking to learn new things," says Hamid, adding, “I just recently got certified as a ScrumAlliance Educator, which means I can teach ScrumAlliance Certified Scrum Developers. I am very excited to help developers not make some of the mistakes I used to make. I am also planning to instruct SecDevOps to bring the entire process together."
A student of Hamid’s recently said, “I wanted to let you know that I am so grateful for having you as my PMP bootcamp instructor. Your class and the extra time you spent with us certainly paid off for me. I took the PMP Exam yesterday and passed with marks over target on all 3 domains. I couldn’t have done it without you. So, thank you, thank you, thank you! I appreciate you being so patient in helping me from reviewing my sample application, to answering questions via email, to conducting office hours late on Friday afternoons. You are simply the best! Sending you virtual chocolates, cigars, and a ton of praise!”
Hamid invests the time necessary both in and out of the classroom to ensure his students find success, however they define it — whether it's passing a PMP exam, delivering value on the job through critical project and program management skills, or fueling organizational transformation as a coach and advocate for the best practices that lead to repeated success. Hamid has touched countless students’ lives in his pursuit of excellence. More than an instructor – Hamid is an educator, a coach, and a mentor who is dedicated to guiding tomorrow’s workforce toward Project Management and Agile excellence.
When Hamid isn’t working or teaching, he enjoys spending time with friends and family, anywhere and anytime.
_______________________________________
|
|
|
|
|
|
|
|
|
|
Submit Your Instructor Nominations for December
 We're recognizing instructors who have reached key milestones and made a meaningful impact in the training world. Do you want to nominate an instructor who you feel deserves to be recognized in the next Logically Speaking? Visit the Instructor Spotlight page to get more insight into what the Instructor Spotlight is all about.
|
|
|
|
|
|
|
|
|
|
| |
|
John Sciandra
Founder and CEOSyndicus NACON
|
| |
|
Syndicus NACON Leads the Way in Cybersecurity Training
 Syndicus NACON’s mission is to teach risk management, compliance frameworks, and cybersecurity controls. Their goal is to create professionals that can work as subject matter experts in this space.
Bringing 20 years of expertise, the Syndicus NACON team has trained over 1.6 million users, teaching courses to the U.S. Department of Defense (DoD) and federal government since 2001, all while developing cutting edge learning technologies along the way, including the VirtualOnDemand® cyber range.
Syndicus NACON sees the training demand right in their backyard. As a DoD training platform with a GSA contract, the training need is right where the organization's team lives and works every day, making it an easy decision to offer in-demand cybersecurity training programs. In additional to traditional class schedules, Syndicus NACON offers a unique approach to training by incorporating flexible scheduling, including weekend and evening courses.
Based on Logical Operations’ reputation in the training world, Syndicus NACON knew that partnering with LO meant that they were guaranteed a great product. What really impressed Syndicus NACON is the people side of the business. According to the Syndicus NACON team, LO has taken them under their wing and acted as a true partner in every sense of the word, in more ways than they could have imagined.
“Here at SNCA (Syndicus NACON Cyber Academy), we are committed to creating true professionals who hold more than just certifications in cybersecurity. Our goal is to create professionals that understand the profession from its foundation on up. To go beyond certification exams into the realm of professional relationships and sounding boards and deep knowledge,” stated John Sciandra, Founder and CEO, Syndicus NACON.
|
|
|
|
|
|
|
|
|
|
Instructor Videos: A Great Way to Prep
by Jon O'Keefe, Technology Education Jedi
You can now prepare to teach CertNexus Emerging Technology certifications like CyberSec First Responder® (CFR), Certified AI Practitioner (CAIP), and several others with the NEWLY included trainer preparation videos.
 These videos are available to any instructor who purchases the Instructor Edition of the CertNexus courseware. They will give novice and experienced instructors valuable insight into the class, including looks at the activities, discussions around challenging spots of the course, and additional material an instructor might want to cover during specific sections of the class.
These videos are the perfect addition to any teaching prep and are a great way to become more familiar with the material before teaching the class live. Best of all, they are included FREE with any qualifying CertNexus instructor kit.
If you’ve been considering adding CertNexus classes and certifications to your portfolio, but are worried about being fully ready to teach these classes, you now can get up and running quickly with the free included train the trainer videos.
|
|
|
|
|
|
|
|
|
|
|
|
A Featured Guest from CertNexus: Meet Megan Smith Branch
From art to healthcare, my early career had a common theme of education outside of traditional academic settings. Early in my L&D career as a CRM instructor, I engaged stakeholders to design training that aligned technology with business needs. During these sessions, it became apparent that technology was underutilized in organizations because the assumption was that if a person demonstrated a basic understanding of the business strategy, technology would be intuitive to that user. Fast forward a decade (or two), and organizations are making the same assumption about emerging technologies inclusive of cybersecurity.
In my current role as Chief Product Officer at CertNexus, I was lucky to have inherited the flagship cybersecurity certification suite inclusive of CyberSec First Responder® (CFR), Cyber Secure Coder® (CSC) and CyberSAFE. This suite of cybersecurity products exemplifies CertNexus’ mission to provide education across the organization to enable all users of data to be engaged in their company's digital transformation. Since our inception three and a half years ago, we have expanded this design philosophy to the emerging technologies of IoT, AI, Data Science, and soon Data Ethics. We provide foundational and practical knowledge to all business professionals with our THINK level of credentials (CyberSAFE, IoTBIZ, AIBIZ™, DSBIZ™, and DEBIZ™), support vendor-neutral skill growth and validation with our BUILD level of certifications (CSC, CIoTP™, CDSP, and CAIP) and help organizations meet the requirements to secure and use data and systems ethically with our SECURE level (CFR, CIoTSP™, and CEET). Our portfolio is a holistic approach to emerging tech and cybersecurity. We also align with standards such as CMMC, DoD 8570, NIST 800, and the upcoming EU AI Regulation to provide training that complies with these regulations
When I am not geeking out about emerging tech credentials, I can be found walking my dog Oakley, running with friends, supporting the two amazing humans I get to call my kids, working on the most recent house renovation with my husband, or hiding from house renovations working on art. I am also very excited to start graduate school in January at George Mason University in their Applied Organizational Industrial Psychology program.
If you like to connect with me on LinkedIn, click here.
|
|
|
|
|
|
|
Join the 
