As IT systems expand in their complexity, ensuring security diligence becomes increasingly challenging. More importantly, the need for job-specific guidance becomes critical for all those involved in the secure building and operating of them, whether in Program/Project Management and Acquisition, Network Services, Systems Architecture, Development, Risk Management, or even Threat Analysis.
IT Infrastructure Security
Today’s cyberattacks are so dynamic that they are revealing significant concerns around just how exposed information systems are. Applying security to high-risk infrastructure components, such as servers, applications, operating systems, and databases, is critical to improving performance and security posture. Research supports that simulation, CTFs, and other hands-on learning methods are great ways to build expertise. Taking this “learning by doing” approach into account, we released the Infrastructure Security course Hardening Linux/Unix Systems that strikes the right balance between learning objectives and gamification elements.
As mainstream acceptance of blockchain technology emerges for its many practical applications, so do security challenges. The need for teams to better understand systems architecture, how to secure existing assets against security threats, and how to create requirements for a secure blockchain network has never been greater. The release of our two Blockchain courses is timely and will help organizations better navigate uncharted waters.
Supply Chain Security
Modern software development has fueled the interconnected nature of supply chains, introducing risk to organizations that rely on potentially insecure third-party software. The dependency on a range of software and hardware to gather and transmit data provides new opportunities to disrupt supply chains and obtain sensitive information or financial benefits. This forces organizations to implement security measures beyond traditional ones primarily focused on physical risks. Our courses provide Program/Project Management and Acquisition with an understanding of how to apply DevSecOps best practices to reduce software supply chain risks for commercial off-the-shelf (COTS) and open-source software (OSS).
DevSecOps in the Cloud
As companies both migrate and expand their cloud operations, they struggle with gauging their security programs and maturity. To get the cloud and DevOps working together to help businesses achieve their transformation goals, we introduced courses that provide an understanding of how to align and configure cloud services to enable automation, rapid deployment, and effective monitoring as security threats continue to evolve for AWS and Azure Cloud.
NIST Risk Management Framework (RMF)
To round off our Risk Management Framework series, we released three additional courses that help organizations architect, secure, and monitor IT systems. As organizations try to wrap their arms around The NIST Risk Management framework, this series will provide necessary guidance to apply all steps; categorize, select, implement, assess, authorize, and monitor.
The constant rise of cybercrime leaves pen testers, ethical hackers, and bug bounty hunters with a busy future. Leveraging our security testing courses, organizations can groom their internal resources to augment 3rd party service providers. Our library includes coverage of common vulnerabilities in the Infrastructure and Application layer while providing an understanding of how to determine test coverage, types of pen testing required, and the risk associated with disclosure of sensitive data and failure of the system. To develop an Attack & Defend mentality, Security Innovation combines the accessibility of self-paced learning with the unrivaled realism of our CMD+CTRL cyber ranges for the most effective way to assess staff risk, advance knowledge transfer, and build a culture of cybersecurity.
OWASP Mobile & IoT
As IoT continues to emerge, connected machines will continue to expand attack surfaces and increase user risk. It is no wonder the OWASP Foundation continues to expand its platform-specific coverage, even to mobile applications. Resultingly, it’s fitting to release courses focused on each of the OWASP Mobile and IoT Top 10 risks. These courses add to our pre-existing OWASP Web coverage.
What’s coming in July 2020 Release?
In addition to supporting our current catalog, our July 2020 release features courses on Privacy Principles and Supply Chain Security. Additional courses will cover Automation, Orchestration, Compliance, and cloud computing as they relate to a DevSecOps Framework.
Want more detail? Check out our course updates in-depth.