Embed Size (px)
Citation preview
Cybersecurity Analyst (CSA+) Welcoming the latest cer9fica9on to the family
James Stanger Senior Director, Products, CompTIA
Agenda
CompTIA Cybersecurity Analyst (CSA+) 1. Why did CompTIA develop CSA+?
2. CSA+ exam specifics
3. Partner and instructor resources
Our Agenda
COMPLEXITY OF PRIVACY
INCIDENT RESPONSE
DISSOLVING PERIMETER
EVOLVING ENDPOINT
ENCRYPTED TRAFFIC VISIBILITY
SECURITY POSTURE
NEW SECURITY CONTROL ADOPTION
SECURITY POSTURE
Technology changes and their impact
End users
• The primary way that hackers enter systems
• Social engineering • Spear phishing • Piggybacking / tailgating • Vendor impersonation
• Solutions • Training
• “Phake pishing” • “Drop and learn”
• In the US: ”Lock Down Your Login” campaign
Some perspec9ves from companies who’ve been hacked
• Tim Crothers – now works for Target • Tim McDaniel – 1800 Contacts • Brought widespread attention to the
“Advanced Persistent Threat”
Characteris9cs of an APT
§ Mul9ple, unpredictable ways of entry § Always ac9ve § OHen highly coordinated / state sponsored § Bad actors lurk on systems and networks
Planning Malware
Introduc<on
Command &
Control
Lateral Movement
Target Iden<fica<on
Exfiltra<on (ADack Event)
Retreat
Lessons learned • The industry has shifted to applying behavioral
analytics to the IT security market to improve security
• For people • For networks
• Focus on network behaviour in an organisation’s interior network
• Identify network anomalies that indicate bad behaviour, without relying on signature-based detection
• We must train IT security professionals security analyst skills, which include: • Threat management • Vulnerability management • Cyber incident response • Security and architecture tool sets • Track end user hacks to a source
Total number of job pos9ngs: Security Analyst job role
39,920
48,947 58,456
109,819
10,000
30,000
50,000
70,000
90,000
110,000
130,000
2012 2013 2014 2015
Informa<on Security Analysts
175% increase from 2012 to 2015. Data for U.S. only, but reflects an interna9onal need.
Tradi9onal and new approaches • Signature-based detection has been around for
20+ years • How has it helped?
• Table stakes • Deters known issues
• But what about the more pressing issues?
• Traditional: • Compliance • Auditing • Business Continuity / Data Recovery
(BCDR) • Newer
• Analytics • Instant recovery
Firewalls Too easy to
avoid: Logical and physical a^acks
An9virus Are you kidding?
Bro and RSA
Security Analy9cs
IDS Too easy
to ignore
Wise network analysts
The Result? CompTIA Cybersecurity Analyst (CSA+) Developed to address the need for IT Security Analysts
As attackers have learned to evade traditional signature-based solutions, an analytics-based approach has become extremely important. CSA+ applies behavioural analytics to the IT security market to improve the overall state of security.
CSA+ exam specifics The CompTIA CSA+ examination is a vendor-neutral certification designed for IT security analysts, vulnerability analysts, or threat intelligence analysts. The exam will certify that the successful candidate has the knowledge and skills required to configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organisation with the end goal of securing and protecting applications and systems within an organisation.
Skills competence for key job roles: Job Roles Security Analyst Security Opera9ons Center (SOC) Analyst Vulnerability Analyst Cybersecurity Specialist Threat Intelligence Analyst Security Engineer Informa9on Systems Security Engineer
Exam Domains Threat Management 27% Vulnerability Management 26% Cyber Incident Response 23% Security Architecture and Tool Sets 24%
The exam domains:
The CompTIA cybersecurity pathway
• CSA+ creates a path from Security+ to CASP.
• The cer9fica9on path is
based on years of recommended experience: Security+ 2 years; CSA+ 3-‐4 years; and CASP 5-‐10 years.
The CompTIA cybersecurity pathway
Item Descrip9on Exam code CS0-‐001 Launch Date February 15, 2017 Availability Worldwide Pricing Security+ 2017 pricing 9er (e.g., approx. $320 USD standard
pricing) Tes9ng Provider Pearson VUE Tes9ng Centers Ques9on Types Performance based and mul9ple choice No. of Ques9ons Es9mated at 90 ques9ons maximum* Length of Test Es9mated at 90 minutes* Passing Score Scale of 900, cut score to be determined* Languages English, Japanese Recommended Experience
3-‐4 years of hands-‐on informa9on security or related experience. Network+, Security+, or equivalent knowledge.
CE Program Yes
Performance-‐based assessments § The CSA+ exam will include hands-‐on, performance-‐based simula9ons.
§ To prepare for these performance-‐based assessments, trainers, educators and publishers should emphasize open-‐source analy9cs tools and teamwork.
Open Source SoLware* Descrip<on URL
Wireshark Network protocol analyzer / packet capture tool hDps://www.wireshark.org
Bro and Snort Network intrusion detec9on systems (NIDS)
hDps://www.bro.org hDps://www.snort.org
AlienVault Open Source SIEM (OSSIM) with Open Threat Exchange (OTX)
Security Informa9on and Event Management (SIEM) soHware
hDps://www.alienvault.com/products/ossim
Etherape High-‐level traffic visualisa9on hDp://insecure.org
More about analy9cs and visualisa9on
§ Admin Magazine ar9cle – October 2016
§ Essen9al skills – In-‐depth analysis that doesn’t just focus on
signature-‐based approaches – A^acks over 9me -‐ scanning, protocol
anomalies – Visualisa9on
Industry par9cipa9on and support So far, the CSA+ certification had been reviewed by nearly 2,200 security analysts and/or IT pros, including those who took the beta exam. It has received feedback from organisations and partners across the globe to reach its current status. Some of the biggest contributors are listed below.
CSA+ learning content expected at/near launch
Many content partners have stated their intent to be ready at exam launch, but it’s too
early to have a defini9ve list. As items clear CAQC we’ll post updates to the partner portal and use the CompTIA Instructor Network to get the word out.
NOTE: CSA+ training days are expected to be similar to Security+ training (five days or one quarter/semester), as long as students are prepared
Preparing the instructor: The CompTIA Instructor Network (CIN)
Who can par<cipate?
The network is for instructors around the world who deliver or intend to deliver training on CompTIA certification courses. The instructors might be self-employed or working for: • High schools, colleges, universities • Professional training centers • Publishers and content partners • Corporations • Government agencies
Visit www.comp9a.org/CIN to join! Any ques9ons email : [email protected]
Share best practices and resources with each other
Receive free training and tools from CompTIA to enrich your training
Access resources for students to understand the value of being certified
Why Join?
Communicate and collaborate with CompTIA staff and other instructors
What we’re doing with CIN
Deep Dive is a weekly webinar series available to participants in the CompTIA Instructor Network. It goes beyond the surface to look deeper at CompTIA certifications.
Join the Network: https://www.linkedin.com/groups/CompTIA-Instructor-Network-8350296/about
CompTIA Deep Dive: A Look Inside the CSA+ Series Objec<ves
Webinar Series January through February 2017
Dates and 9mes to be determined
Agenda: Each week’s session will last approximately 45 minute with 30 minutes
for informa9on presenta9on and 15 minutes set aside for ques9ons and discussion about
the series and the weekly content.
Keeping updated
What’s Coming—Events • Webinar for February launch • Speaking engagements at industry events
What’s Coming—Collateral & Resources at Launch • Press release • Additional marketing materials by segment
(government, academic, corporate) • Updated product web page on CompTIA.org • Updated Partner Portal content • Social Media: Snackable content
What’s Coming—Promotions • CompTIA Instructor Network: Train-the-trainer for
CSA+ • Others campaigns planned for 2017
CSA+ useful links
• CompTIA Instructor Network: h^ps://www.linkedin.com/grp/home?gid=8350296 • CompTIA Cer9fied Professionals Group: h^ps://www.linkedin.com/groups?home=&gid=143484&trk=anet_ug_hm
• CompTIA CSA+ group to be created Twi1er • @CompTIA: h^ps://twi^er.com/comp9a
• @TechCareersPlus: h^ps://twi^er.com/techcareersplus YouTube “IT Career Test Drive” Series, “Taking a CompTIA Exam” and other videos:
h^ps://www.youtube.com/CompTIATV
Content Availability h^p://cer9fica9on.comp9a.org/Training/studymaterials.aspx
Classroom Training Availability
h^p://www.comp9astore.com/ h^p://cer9fica9on.comp9a.org/Training/training.aspx
Exam Voucher Purchase h^p://www.comp9astore.com/ h^p://www.pearsonvue.com/vouchers/pricelist/comp9a.asp
Exam Registra<on
Partner Portal
h^p://home.pearsonvue.com/test-‐taker.aspx
h^p://partners.comp9a.org/academy h^p://partners.comp9a.org/delivery h^p://partners.comp9a.org/content
Relevant blog links
h^p://cer9fica9on.comp9a.org/it-‐career-‐news/post/view/2016/01/15/five-‐tech-‐skill-‐trends-‐to-‐watch-‐in-‐2016 h^p://cer9fica9on.comp9a.org/it-‐career-‐news/post/view/2015/11/19/stealing-‐a-‐new-‐security-‐term-‐the-‐quarterback
Social Media
• 11.30: Learning Partner and Academy Partner Programme Updates
• 12.00: EMEA Conference Lunch in Exhibit Hall
• 13.00: The Value of IT Training and Cer<fica<on – An Interna<onal Perspec<ve
Up Next
