Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF...
Transcript of Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF...
![Page 1: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/1.jpg)
Your Workforce—is the Key to
Cyber Resilience
R. “Montana” Williams, CWDP
President
Titan Rain Cybersecurity, LLC
![Page 2: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/2.jpg)
The State of Global Cyber Resilience
• Summary of the Verizon Report• 75% involve external actors
• 51% involve criminal groups
• 81% involve stolen credentials or weak passwords
• 43% involve social attacks (social engineering/phishing
• 66% involve malware installation via attachments
• 73% are financially motivated
• Cost of Cyber Attack• $6T annually cost of cybercrime thru 2012 (Forbes)
• Cost of per breach has declined from $4M to $3.6M
• Technology—Analytics, SIEM, encryption, ISAOs
• Implementation of governance, risk, compliance
![Page 3: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/3.jpg)
Cause(s) of Failure
• Is it our Technology?
• Is it our processes, regulations, or policies?
• Is it our people?
![Page 4: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/4.jpg)
People—the Chain’s Weakest Link
• Organizational culture
• Catching Phish & Click’itis
• Lack of Policy & Accountability
• Workforce Development
![Page 5: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/5.jpg)
GLOBAL CYBERSECURITY RESILIENCY CRISIS—IT’S A PEOPLE
NOT TECHNICAL PROBLEM
![Page 6: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/6.jpg)
Cyber Resiliency—Start Here
• Organizational Cybersecurity Culture– From the Boardroom to the Breakroom
• Leaders: Make yourself available
• Make it Real
• Make it a Team Effort
• Make it a Priority
• Make it Safe to ask Questions
• Make it Personal
• Make it transparent
• Make it easy to come clean
• Make it Plain
– Espoused vs. Actual Values
– Understand Cybersecurity’s Return on Investment
![Page 7: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/7.jpg)
Cyber Resiliency—Start Here
• Catching Phish & Click’itis
– Overcoming Cognitive Bias—if it is too good to be true
– Awareness Training—Beyond the Once a Year Model
• Recency
• Model
– Brief
– Frequent
– Focused
![Page 8: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/8.jpg)
Cyber Resiliency—Start Here
• Lack of guidance (policy) & Accountability
– If all you do is comply—you have lost
– Touhill’s Great Cyber Policies
• Acceptable Use
• Computer Ethics
• Password Protection
• Clean Desk
• Use of Internet
• Employee Monitoring & Filtering
• Technology Disposal
• Physical Security
• Electronic Mail
• Removable Media
• Remote Access
• Mobile Device
• Software
• Access Control
• Network
Management
![Page 9: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/9.jpg)
Cyber Resiliency—Start Here
• DHS Workforce Development ToolkitPrepare Assess Your Organization’s Cybersecurity Workforce Planning Readiness
Tools on How to Plan for Your Cybersecurity Team
What Should a Cybersecurity Team Look Like
Develop Your People
Plan
Build
Advance
![Page 10: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/10.jpg)
Cyber Resiliency—Start Here
• Workforce
Management
Lifecyle
PREPARE
![Page 11: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/11.jpg)
Cyber Resiliency—Start Here
• Workforce Planning Diagnostic Tool
– Risk Exposure
– Risk Tolerance
PLAN
![Page 12: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/12.jpg)
Risk Exposure Values
![Page 13: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/13.jpg)
Risk Tolerance
![Page 14: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/14.jpg)
Cyber Resiliency—Start Here
• National
Cybersecurity
Workforce
Framework
• Task-based KSAs
BUILD
![Page 15: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/15.jpg)
Cyber Resiliency—Start Here
![Page 16: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/16.jpg)
Cyber Resiliency—Start Here
• Transition from Knowledge-based only to
Experiential-based education & training
– Centers of Academic Excellence
– Certifying bodies—labs and performance-based
assessments
ADVANCE
![Page 17: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/17.jpg)
Globally-
Recognized
Cyber-Ready
Professional
Educate
or
Train
Develop
KSAs
Assess KSAs
Validate Competency
SHIFTING THE MODEL TO
EXCEED GLOBAL
STANDARDS
Educate or Train—World Class
Trainers Delivering Globally
Recognized Certification Content
Develop Knowledge, Skills, &
Abilities—Combining Knowledge-
based Instruction with Experiential-
based Labs & Scenarios
Assess Knowledge , Skills , &
Abilities—Assessing KSAs Via Hands-
on Assessments
Validate Competency—Education,
Development, & Assessment Validates
Competency
Cybersecurity Workforce Development Model
![Page 18: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/18.jpg)
Network TechniciansNovice Journeyman Master
Incident RespondersNovice Journeyman Master
Advanced Incident Response
Recommended Role Aligned Certs
![Page 19: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/19.jpg)
ForensicsNovice Journeyman Master
Network Security EngineersNovice Journeyman Master
Network Forensics
Advanced Malware Analysis
Fundamentals of Malware Analysis
Recommended Role Aligned Certs
![Page 20: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/20.jpg)
Identification and Access ManagementNovice Journeyman Master
Vulnerability Management (Pen Testing)Novice Journeyman Master
Pen Testing & Network Exploitation
Advance Malware Analysis
Recommended Role Aligned Certs
![Page 21: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/21.jpg)
Compliance/Risk Novice Journeyman Master
Project Management/Leadership
Managers Directors Executives
Cybersecurity for Executives
Recommended Role Aligned Certs
Cybersecurity Risk for Executives
![Page 22: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/22.jpg)
About Titan Rain Cybersecurity• History: It’s Roots are secured by expertise gained from the
earliest cyber intrusions across the globe—thus its name
• Services Provided
– Consulting
• Organizational Policy & Strategy Development
• Governance, Risk Management, & Compliance (GRC)
• Cybersecurity Workforce Development
– In-Person Training
• Individual
• Team
• Executive/Boardroom Training
![Page 23: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/23.jpg)
QUESTIONS????
![Page 24: Your Workforce is the Key to Cyber Resilience · Education & Awareness Branch, commanded the USAF Cyber Red Team, & is adjunct college professor. Mr. Williams is a globally recognized](https://reader034.fdocuments.in/reader034/viewer/2022043012/5fab940d7ac0060d7338ba39/html5/thumbnails/24.jpg)
R. “Montana” Williams is the President & Founder of Titan Rain
Cybersecurity, LLC, in Las Vegas, NV. He leads an emerging business
focused on global cybersecurity strategy, policy, risk management,
governance, workforce development consulting & expertise across the
critical infrastructure sectors. He is a Certified Workforce Development
Professional with over 25 years experience delivering training, running
training organizations, creating and delivering cybersecurity workforce
strategy internationally within government, academia, and industry. He
lead the U.S. Department of Homeland Security’s Cybersecurity
Education & Awareness Branch, commanded the USAF Cyber Red
Team, & is adjunct college professor. Mr. Williams is a globally
recognized expert in cyber risk, governance, threat analysis, cyber
education, training, & workforce development, the architect of the NICE
National Cybersecurity Workforce Framework, Federal Virtual Training
Environment, & the first cyber workforce development tool kit.
Presenter