Adapting to evolving standardsInformation security standards (e.g. PCI-DSS/ISO27001)Documented tools:ISO/IEC 27001PAS 555Control Objectives for Information and Related Technology (COBIT)Future standardsISO/IEC 2018EU privacy regulationsLocal and international government stipulations implicating access to private data
Principles of IT securityEnterprise securityExternal defensesWeb filteringIntruder Prevention Systems (IPS)Intruder Detection Systems (IDS)FirewallsSecure codeSoftware Development Lifecycles (SDL)Potential insecurities within developed applicationsWiFi security protocols and attributesVoice over IP (VoIP) securityGovernance Risk and Compliance (GRC)Security Incident Event Management (SEIM) applicationsCloud securityThird party security and compliance
Adopting cyber security measuresEmployee perception on security through Neuro Linguistic Programing (NLP)Security education and awareness: techniques, systems, and methodologiesPenetration testingEthical hackingOptions to mitigate viruses, malware, active code threats and Active Persistent Threats (APT)The Computer Incident Response Team (CSIRT) frameworks, tools and capabilitiesIncident first response: proven methodologies, tools, and systemsThe science of applying robust digital forensics: applicable law, capabilities, and methodologiesSupervisory Controls and Data Acquisition (SCADA); security requirements, processes and methodologiesAbuse images: complying with local and international law
Building cyber security teamsCreation and management of a Secure Operations Center (SOC)Development of the Corporate Security Organization FrameworkFormulation and deployment of a Computer Security Incident Response Team (CSIRT)Bespoke Security Incident and Event System (SIEM) for the operational deploymentRisks associated with I/O Security (e.g. USBs, CDs, other forms of media)Risks of Active Code Injection, and mitigation techniques
Advanced cyber risks and toolsCyber crime and the darknet/darkweb: the world of the hackers/hacktivistsThe underground of cyber criminalitySocial engineering as a tool to test operational resilienceOpen Source Intelligence (OSINT)Cyber threat intelligenceOpen source and commercial security toolsThe operational use of encryptionVirtual private networks
Steganography - Techniques used to hide hacking tools and malware on networksCommand line and tools used to identify and extract dangerous files and contain malware and hacking applicationsThe 1-10-60 Rule to identify and contain dangerous hidden applicationsAlternate Data Streams (ADS) and the threats they can pose under an NTFS environmentLeveraging ADS to hide undetectable malware within an operational network