Archive for Infosec

Infosec Institute Recognized For Comprehensive Cybersecurity Training At The 2022 Global InfoSec Awards 

Posted in Commentary with tags on June 17, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company and part of Cengage Group, announced it won two coveted Global Infosec Awards from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The awards were announced last week during RSA 2022 in San Francisco, CA. Infosec was recognized for: 

  • Most Comprehensive Cybersecurity Training — Infosec Skills
  • Publisher’s Choice Security Awareness Training — Infosec IQ

Since its founding in 2004, Infosec has trained over 100,000 cybersecurity professionals through Infosec Skills courses and helped more than 5 million learners improve cybersecurity knowledge and safety at work and home with Infosec IQ training. With Infosec Skills, cybersecurity and IT professionals have access to 1,400+ hands-on cybersecurity resources, with the option to upgrade to boot camp style, instructor-led training to prepare for certifications. With Infosec IQ, organizations will continue to benefit from thousands of security awareness resources for training employees about cyber threats, phishing scams and cyber safety.

See the full list of this year’s winners at cyberdefenseawards.com.

Infosec Institute Accelerates Role-Guided Cybersecurity Training For The Entire Workforce at RSA 2022

Posted in Commentary with tags on June 2, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company and part of Cengage Group, announced a hands-on supply-chain cybersecurity workshop and role-guided training solutions they will showcase at the RSA Conference, June 7-9, 2022, in San Francisco, CA. Infosec will highlight a range of solutions including proprietary, role-guided training roadmaps, gamified security awareness programs and a chance to experience their industry-leading training firsthand with an incident response security workshop focused on supply chain security.

Record numbers of cyber incidents and open cybersecurity roles in 2021 fueled the need for security education to strengthen organizations’ security cultures, upskill cyber teams, reduce business risk and meet compliance. To help overcome these challenges, Infosec has developed new solutions within their Infosec Skills and Infosec IQ training platforms to help organizations scale effective, role-guided cyber education to every employee.

At this year’s RSA Conference, Infosec will highlight several security training solutions that provide hands-on, engaging training for the entire enterprise, empowering professionals with the knowledge, skills and confidence to outsmart cybercrime. 

  • Infosec Skills Roles provide pre-built training and certification roadmaps for 12 of the most in-demand cybersecurity positions, enabling enterprises to upskill and reskill cyber talent at scale and individuals to break into the industry. 
  • Choose Your Own Adventure® Security Awareness Games help employees learn by doing and accelerate security behavior change through a first-of-its-kind gamified approach. The games put employees in the driver’s seat with interactive storylines that foster critical thinking, boost retention and increase engagement. 
  • Infosec Skills Cyber Ranges provide hands-on training exercises in virtualized environments that security and IT professionals encounter in their jobs. Mapped to the MITRE ATT&CK® Matrix for Enterprise, interactive cyber ranges help learners not only master foundational concepts but also help them apply this knowledge hands-on to counter the adversarial behaviors targeting their businesses. 
  • Infosec IQ’s Cybersecurity Culture Survey systematically measures and tracks employee perceptions and sentiments around five domains of cybersecurity culture, enabling organizations to pinpoint areas for improvement, see recommended strategies to strengthen their culture and track progress over time.

RSA attendees will have the opportunity to experience Infosec Skills training firsthand, with a hands-on lab session on securing the supply chain led by Infosec’s principal security researcher, Keatron Evans. On the exhibit floor, attendees can experience Infosec Skills Roles and Choose Your Own Adventure® Security Awareness Games firsthand and learn how Infosec is working to fill the cyber skills gap through role-guided training that engages and empowers employees. 

Visit Infosec at booth 3324 in the South Hall at the RSA Conference or attend Infosec’s Secure the Supply Chain Workshop with Keatron Evans on June 7 from 1:15 PM – 3:15 PM PT in Moscone West 2020 to learn more about their organization-wide security training education platforms. 

A Security Researcher Provides His Initial Thoughts On The Verizon DBIR

Posted in Commentary with tags on May 28, 2022 by itnerd

A few days ago the Verizon Data Breach Investigations Report hit the streets. I covered that here and it should be considered required reading by anyone who is responsible for keeping their enterprise secure. I wanted to get another view on the DBIR. Thus I am fortunate to get the initial thoughts of Keatron Evans, principal security researcher at Infosec Institute.

Supply Chain is still top of mind and a serious threat. When we look at the other top items on the list from this report, they are intrinsically linked to the supply chain. Several high-profile Ransomware attacks were at the hands of vendors or suppliers. Several intrusions not involving Ransomware were due to vendors and suppliers. It’s great to see this report finally confirm this, but we’re still not any closer to a solution than we were when the “Winds of Solar” supply chain breach shook the world. 

NOTE: Keatron will be speaking about securing the supply chain at RSA.

82% of actual breaches had a human element to them according to the DBIR. Social Engineering, primarily phishing still leads the way for most data breaches. Credentials fall right behind it. But it’s worth mentioning the relationship between the two. Often times the reward of successful phishing is credential harvesting. This keeps end-user security awareness, Endpoint protection and EDR solutions in the lead as the best weapons to defend against the leading breach avenues. There is also a mention of Pretexting and Business Email Compromise being key drivers for this. I can cite our own internal numbers. Out of all of my clients, companies with 100 or more employees, we’ve had to assist with Business Email Compromise attacks against at least one executive at each organization. So this mirrors what we are seeing at our own micro-level. 

It’s no surprise that training has its own section in the report.  There is a very timely mention of how long training can take depending on the outcomes. I tell students all the time. Getting certifications can happen quickly, learning how to do something could take considerably longer than “quickly”, and changing will inevitably take much much longer than “quickly”.  In an article I published last year, I proposed that doing intense skills training for IT and cybersecurity staff had a greater net improvement impact on cybersecurity than end-user awareness training does. The statements made in this report about training developers and engineers on security since they build the systems are timely statements and I believe they are right on point. This again echos my own data from our customers for whom we both train and provide penetration testing and other services. 

One of my main concerns with the findings is that while we are improving on remediation, we are still remediating the same things. The vulnerabilities being exploited are not often zero-day in nature and they’re well known and mostly patchable. A lot of the web application attacks which seem to remain high are based on stolen credentials which blurs the actual issue, which is credentials are being stolen instead of bypassed by some advanced zero-day or next-generation attack. I think there are many great pieces of data uncovered by this report. We have to stay diligent in removing low-hanging fruit vulnerabilities because even advanced threat actors are using them. We must make sure we keep our people trained up to be able to combat the latest threats. And lastly, Ransomware is there to stay. It’s become too profitable and too easy. 

Infosec Institute Named a Visionary in EMA’s Vendor Vision Report

Posted in Commentary with tags on May 24, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today announced they were named a Visionary in the inaugural Vendor Vision report by Enterprise Management Associates (EMA), a leading IT and data management research and consulting firm. The report highlights the top ten preeminent security companies in their respective categories exhibiting during the 2022 RSA Conference at San Francisco’s Moscone Center, June 6-9. 

Recognized for delivering the right training to the right people at the right time, Infosec helps organizations strengthen their security posture, reduce risk and meet compliance by providing cyber-education for every role within an organization. Infosec Skills and Infosec IQ aim to meet learners where they are, providing them with timely and engaging content that works to fill the growing cyber skills gap. 

See the full list of vendors recognized in the report here. Infosec will be exhibiting at the RSA Conference in booth 3324 in the South Expo Hall, and more information regarding the conference can be found here.

Infosec Institute Unveils New Role-Guided Cybersecurity Training Roadmaps 

Posted in Commentary with tags on May 18, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today unveiled Infosec Skills Roles, pre-built training roadmaps aligned to the 12 most in-demand cybersecurity roles including SOC Analyst, Penetration Tester, Security Engineer and Cybersecurity Beginner. Hosted in the Infosec Skills training platform, Infosec Skills Roles helps organizations upskill and cross-train talent for open security roles while also improving engagement and performance.

Today there are over 600,000 unfilled cybersecurity roles in the U.S., with more than half requiring at least one certification. As critical cybersecurity roles remain unfilled and technology change continues to outpace skill development, organizations are increasingly vulnerable to today’s record number of cyber threats. Additionally, security leaders face increasing pressure to prevent and mitigate cyberattacks with overburdened cyber teams, inadequate training programs and limited resources.

To help cyber leaders upskill and cross-train talent quickly, Infosec Skills Roles provide training recommendations for 12 of the most common cybersecurity positions, enabling enterprises to upskill and reskill cyber talent at scale and individuals to break into the industry. Backed by the research of skills requested by employers and a panel of cybersecurity subject matter experts, each of the 12 Infosec Skills Roles clearly outline which training and certifications are needed so learners can laser focus on the most important areas to strengthen and security leaders fill skill gaps on their teams. 

Recently named a Leader in IT Training by IDC Marketscape, the Infosec Skills platform offers 1,400+ hands-on cybersecurity courses and cyber ranges mapped to the NICE Workforce Framework for Cybersecurity and MITRE ATT&CK® Matrix. Infosec Skills helps cyber leaders prepare teams for ATT&CK tactics, guide team development and fast-track certification, with over 80% of learners reporting improved skills and abilities. 

Infosec Skills Roles will be showcased at the upcoming RSA Conference, June 6-9 in San Francisco, CA and Gartner Security & Risk Management Summit June 7-9, in National Harbor, MD. Individuals are encouraged to explore Infosec Skills Roles firsthand and take Infosec’s new #MyCyberRole quiz with a custom role recommendation and a trial Infosec Skills subscription to start training towards their newly matched role. 

Explore Infosec Skills Roles. 

TrustRadius Names Infosec Skills And Infosec IQ Top Rated in 2022

Posted in Commentary with tags on May 11, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today announced their Infosec Skills and Infosec IQ security training platforms earned Top Rated Awards from TrustRadius.com, the most trusted review site for business technology. Top Rated Award criteria are based on authentic recent ratings and reviews from real customers.

Infosec’s platforms — Infosec IQ and Infosec Skills — provide hands-on, engaging training to the entire enterprise, empowering professionals with the knowledge, skills and confidence to outsmart cybercrime. Today, more than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent and teams, and more than five million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness and phishing training

Infosec Skills secures its second Top Rated Award

With overwhelming positive client feedback and recognition from industry experts, Infosec Skills received its second Top Rated Award in the eLearning Content category, based on client satisfaction and market relevance.

Read what other clients had to say in their TrustRadius Infosec Skills reviews.

Infosec IQ Receives Third 2022 TrustRadius Award

After winning awards from TrustRadius for Best Feature Set and Best Relationship, Infosec IQ received the Top Rated Award in the Security Awareness Training category. This award ranks Infosec IQ as having some of the highest client satisfaction ratings in the market.

Read what other clients had to say in their TrustRadius Infosec IQ reviews.

Infosec Institute Adds Sales And Channel Leaders To Their Team

Posted in Commentary with tags on April 26, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today announced the expansion of its international commercial business with the appointment of Jeffrey de Graaf as the senior vice president of international sales and Donna Turgeon as head of channel.  

As SVP of international sales, Jeffrey will build and lead Infosec’s global sales organization. Jeffrey de Graaf has more than 20 years of experience as a sales and marketing professional, with a strong emphasis on IT security and channel relations. He was most recently responsible for leading KnowBe4’s operations across Europe, the Middle East and Africa (EMEA). Ensuring growth aspirations were met, this included the build, growth and maturation of the Channel business, along with all foundational functions such as Sales and Account Management, Customer Success, pre and post-sales Technical support and Engineering, People Operations, Marketing and Administration functions.

In her role as head of channel, Donna will lead Infosec’s channel sales team and indirect go-to-market strategy, operations and revenue globally. Donna brings 30 years’ experience driving indirect and direct revenue, ensuring customer success, delivering global GTM programs, leading corporate Channel and Distribution strategy, recruiting and onboarding business partners, and building effective Global sales and support teams. Donna is a multiple-year CRN Channel Chief award winner. Before her role at Infosec, she built an excellent indirect and direct sales and Marketing organization as CRO of VIPRE Security Group. She has held various senior leadership roles at various companies, including KnowBe4, Tech Data, InspiredeLearning and AccentHealth. 

In 2021 alone, Infosec’s software platforms — Infosec IQ and Infosec Skills — helped millions of learners make the digital world safer by delivering 26 million minutes of cybersecurity training. The company has also received many awards for its online training platforms, Infosec Skills and Infosec IQ, and announced several strategic industry alliances with organizations like Microsoft and Check Point Software.

To learn more about Infosec, visit https://infosecinstitute.com/

Infosec Institute Partners With VetJobs To Provide Cybersecurity Scholarships To Veterans And Military Spouses

Posted in Commentary with tags on April 19, 2022 by itnerd

Infosec Institute, the leading cybersecurity education company, today announced a new Infosec Gives Partner, VetJobs.  VetJobs is a leading veteran charity organization providing job placement and ongoing career progression to veterans, transitioning military and military spouses.

The Infosec Gives Partner Program enables partners to award three annual Infosec Accelerate Scholarships — fully funded by Infosec — through their organization. Each Infosec Accelerate Scholarship provides qualified recipients lifetime access to Infosec Skills, the leading security and IT skill development platform with over 1,000 hours of hands-on cybersecurity training. Each lifetime Infosec Accelerate Scholarship is valued at $15,000. 

As the second official Infosec Gives partner, VetJobs will award three scholarships to a  transitioning service member, veteran, national guardsman, reservist, or military spouse, enabling  them to build and enhance their cybersecurity skills. Beyond the annual scholarships, the Infosec and VetJobs partnership provides discounted online technical training opportunities to VetJobs technology program participants through the Infosec Skills platform.

Infosec’s technical skill development platform, Infosec Skills, includes over 1,200 learning resources to assess teams and close skills gaps with hands-on cyber ranges, labs, projects and courses mapped to the NICE Workforce Framework for Cybersecurity and the MITRE ATT&CK® Matrix for Enterprise.

To learn more about the scholarships and to apply via VetJobs, click to apply.

Scholarship applications will open on April 18, 2022 and will close May, 13 2022. 

Infosec Institute Named A Security Awareness & Training Strong Performer By Forrester 

Posted in Commentary with tags on March 17, 2022 by itnerd

Infosec Institute, a leading cybersecurity education company, today announced it has been named a Strong Performer in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022 report. The report ranks the 11 most significant security awareness training companies based on Current Offering, Strategy and Market Presence categories using 30 criteria. Infosec was among the top two ranked in the Current Offering category based on learner content, risk quantification, reporting capabilities, security culture betterment and other criteria. 

The Forrester Wave™ states, “Infosec provides a comprehensive, customer-focused solution for today’s market. Long-established Infosec Institute bases its vision on three pillars — learner engagement, human risk measurement, and exceptional customer experience — that are all fundamental to present and future market needs…Infosec has delivered on its promise of gamification: The award-winning Choose Your Own Adventure Games complement a set of creative, engaging, and inclusive content, including animation; customer references were delighted with the quality and variety of this content.” 

The report also notes, ”The vendor has a team dedicated to customer support that displays client obsession at all points and consistently gets rave reviews from reference customers. Security leaders interested in working with a vendor that deeply understands them and which provides a quality solution should investigate Infosec.”

Infosec’s role-guided security education platforms — Infosec IQ and Infosec Skills —  help individuals and organizations protect their data, mitigate risk and empower employees through education. Today, more than five million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness and phishing training, and more than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent and teams.

The report is produced by Forrester Research, Inc., a leading global research and advisory firm. Forrester’s research assessed vendors on a weighted scale that ranks capabilities across multiple categories. 

You can get a complimentary copy of The Forrester Wave™: Security Awareness and Training Solutions 2022 report via the link.

A Quick Conversation With Jack Koziol Of Infosec

Posted in Commentary with tags on March 10, 2022 by itnerd

Last week I got the opportunity to speak with Jack Koziol who is the CEO of Infosec. What is cool about Infosec is that they are really invested in training people in terms of IT & Security. Because it’s super important that everyone be aware of the risks and threats that exist due to threat actors that are out there who will take advantage of any weakness that they find.

One question that I had was if colleges and universities are missing the boat when it comes to getting people fully trained up in IT security. From a Canadian perspective, there are only a handful of degree programs based on a search that I did prior to the interview. What I did find was there were courses. Mr. Koziol noted that not a whole lot has changed. Back in his day, the closest thing to information security courses was a cryptography course. Which is just math at the end of the day. I have to admit that I laughed at that because when I was in university, it was the same thing. So clearly to make the world a safer place when it comes to information security, university need to up their game.

My next question was diversity. Does information security need diversity to thrive. According to Mr. Koziol the answer is yes. The more voices that come to the table that have diverse backgrounds makes us all safer. Related to that, my final question was getting people who are under 18 into information security. Back in my day, you got into information security by breaking the law and then becoming famous. A good example of this is Kevin Mitnick. Mr. Koziol agrees that needs to change by redirecting youth into information security so that they don’t have to do something extreme to break into the industry.

While this was a quick 15 minute conversation, it was an interesting conversation. I’d like to thank Mr. Koziol for his time for this interview.