administrator

The cybersecurity awareness trainer role aligns with the NICE Workforce Framework to Oversee and Govern, Protect and Defend, and Securely Provision.

Here are your responsibilities in this role:

• Train employees and users on how to recognize and prevent email security threats. This includes phishing scams, spoofing, vishing, whaling, and others.

• Promote organization-wide security awareness. This will apply to in-house and outsourced teams, including employees working from home.

• Train employees on how to protect against malware attacks like ransomware, spyware, scareware, adware, and keylogger. This will also cover anti-virus measures.

• Organize periodic security awareness training to ensure employees adopt security practices. This will also ensure that all personnel are conversant with the latest security threat.

• Provide real-world threat simulations to reinforce the importance of security awareness in the organization.

• Establish organization-wide password security and management measures. This includes how often passwords are changed, password format, and the use of multi-factor authentication.

• Train employees on how to respond to and report incidents.

• Provide training on acceptable practices for personal and corporate devices, including removable media. Part of this training will cover how to disable autorun on PCs and ensure the IT team scans all removable devices before use.

• Establish guidelines on social media use. This includes instructions on clicking links and responding to people pretending to be C-Level executives or other fake customer representatives.

• Train employees on safe internet habits, such as differentiating between secure and unsecured websites, recognizing watering hole attacks, downloading from suspicious sites, and identifying spoofed domains.

• Provide data management guidelines. This includes the approved storage locations for company data and how to handle data in motion.

• Developing the Bring Your Own Device Policy (BYOD).

• Establishing physical security measures such as clean desks and office hygiene. This also includes security measures against shoulder surfing, dumpster diving, eavesdropping, tailgating, etc.

Google is committing more than $20 million dollars to support the creation and expansion of cybersecurity clinics at 20 higher education institutions across the United States, the company announced on Thursday.

Such clinics rely on university students to provide free cybersecurity services to local institutions. By deploying students to community organizations to improve digital defenses, university cybersecurity clinics aim to give students cybersecurity experience, improve local defensive capacity and steer students toward work in cybersecurity.

“This investment that Google’s made today recognizes the value of experiential training. This is not only important for national security but for economic opportunities and national innovation,” Kemba Walden, the acting national cyber director, said at Thursday’s event announcing the funding. “Cyber clinics provide an on-ramp to cyber careers by enabling students from different backgrounds and majors to learn cyber skills.”

Businesses must get better at attracting, supporting, and hiring new cybersecurity talent. Here are eight initiatives launched this year to facilitate entry-level skills development and career opportunities.

• ThreatX partners with Cyversity, ICIT to offer free cybersecurity training - Learn more
• EC-Council launches CCT scholarship to spark new cybersecurity careers - Learn more
• (ISC)2 makes entry-level cybersecurity certification free for 20,000 Europeans - Learn more
• EU Cybersecurity Skills Academy aims to become entry point for cybersecurity careers - Learn more
• Google launches entry-level cybersecurity certificate to teach threat detection skills - Learn more
• Upskill in Cyber program returns to aid career changes to cybersecurity - Learn more
• Cyber Million program targets one million entry-level cybersecurity jobs ISACA pledges to help grow cybersecurity workforce in Europe - Learn more

Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.

There's the idea that once something is online, it is immortal, immutable, and almost impossible to contain. The golden rule is simple -- you should not put anything online you wouldn't want your grandmother to see, although, sometimes you aren't in control of what gets published.

Abuse, stalking, and bullying may also factor as reasons to erase our digital footprints and seize control of our devices. If you want to take control of your privacy and online data, these are the steps to start with.

In this episode of ThreatWise TV, Brandon Stultz and Nick Mavis not only provide a great overview of Snort 3.0, but they also touch on the kind of vulnerabilities that tend to trigger the most Snort signatures.

I’m rushing all of a sudden to study up and take the CySA exam before December when I think it switches to a newer 003 version and my study materials might be out of date. I know that sounds like a long time but in my hectic life feels fast!

I’m using Chapple’s book, Dion Training, ITProtv, and some special Udemy courses on like Wireshark and NMap. Any other recommendations?

Looking for low cost cybersecurity awareness training for small companies. Ideally includes some videos, written material and hopefully a little testing to reinforce learning. The stuff from the major players is expensive!