02
Technological Architecture
Cryptography I:
Introduction to Cryptography; Terminology; Transposition vs. Substitution; Historical & Classical Algorithms (Mono-Alphabetic, Poly-Alphabetic, Caeser, Vigenere, Homophon, Vignere).
Symmetric Cryptography:
Basics of Modern Cryptography; Block vs. Stream Ciphers; The Symmetric Algorithm; Block Algorithm Examples (DES, AES); Inititialization Vectors; Modes of Operations; Stream Algorithm Examples (WEP/RC4); Key Management (DH, Kerberos).
Assymetric Cryptography:
Introduction to Assymetric Cryptography; Pros' & Con's; RSA Algorithm; Message Authentication (MAC); Hashes (and HMACs); Digital Signatures, Digital Certifcates; PKI; Modern Issues (SSL Striping / Termination, MITM)
Network Security - Network Access Control and Remote Access:
Introduction to Network Access Control (NAC); NAC as a Security Control within Organizations; NAC Common Deployments and Scenarios;
Remote Access Methodologies and Motivations; VPN Technology Overview; IPSec Elaboration; Introduction to Various Remote Access Alternatives (VPN vs. SSL-VPN).
Application Security I+II:
Secure Coding Principles, Input / Output Validation; Process Validation; Application Security Tools; Secure Development; Introduction to SDLC.
Access Control I+II:
Definition of Access Controls; Identification and Authentication; Authorization and Access Controls Models; Centralized Access Control Methodologies (AAA); Introduction to IAM Technologies: Role Definition, Workflow, User Provisioning/De-provisioning, Audit and Monitor; Kerberos Elaboration.
Virtualization Security:
Module 3: Cloud Risk Assessment and Governance; Legal and Compliance Issues; Cloud Incident Response; Module 4: Information Life Cycle; Applying Security Controls; Data Security Life Cycle; Cloud Storage Models; Cloud Cryptography.
Introduction to Cloud Computing and Security:
Module 1: Fundamentals of Cloud Computing; Definitions; Architectures; Role of Virtualization; Service Models; Module 2: Cloud Components, Networks, Management Interfaces and Administrator Credentials.
Hardware Security:
Hardware Security Introduction; Hardware Terminology; Markets and Globalization (Supply Chain, Assembly Lines); "TRUST" by DARPA; Hardware Trojan Examples; Categorization of Hardware Offensives; Hardware Hacking Examples.
System Security:
Introduction to Systems Security; Hardening Best Practices; Domain Security Considerations (GPO Policies); Endpoint Security Mechanisms; Device Management; Full Disk Encryption; BYOD Considerations.
IOT Security:
Introduction to IOT; Concepts of IOT Security; Examples and Discussions Regarding IOT and Cybersecurity; Incorporating IOT into the Organizational Culture and Implactions on Cybersecurity Architecture.
Advanced Cyber Security Technical Controls I+II:
Next Generation IPS; IDM Solutions; System Infrastructure Auditing/Monitoring; File Inspection and Cleaning; Next Generation DLP (Files Protection); VM Security (Virtual Firewalls); DB Firewalls.
SCADA Security I+II:
Introduction to ICS/SCADA Security; SCADA Terminology and Concepts; Introducing OT vs. IT and relevant Defensive Measures; Introduction to Standards and Compliance for ICS/SCADA; SCADA Terminology and Concepts; Introducing OT vs. IT and relevant Defensive Measures; Introduction to Standards and Compliance for ICS/SCADA.
Integrated Technological Architecture:
Putting Everything Together (System and Network); Use Cases and Scenarios Discussion; Fitting a Holistic Solution.
Unlocking the Power on Artificial Intelligence: Enhancing Cybersecurity for CISOs I+II:
I - This session will provide an in-depth exploration of Artificial Intelligence (AI) and its immense potential for the Chief Information Security Officer (CISO) as well as other cybersecurity professionals. Over the course of the session, we will delve into the fundamental concepts of AI, examine its key benefits, and showcase real-world applications that can revolutionize cybersecurity practices. By the end of this session, attendees will have a comprehensive understanding of how AI can bolster their defense strategies, improve threat detection and response, and ultimately fortify their organizations against evolving cyber threats.
II - This presentation aims to shed light on the potential threats posed by Artificial Intelligence (AI) in the realm of cyber-attacks and malicious activities. Over the course of three hours, we will delve into the darker side of AI, exploring how adversaries can exploit this technology to launch sophisticated cyber-attacks and evade traditional defense mechanisms. By the end of this session, CISOs and cybersecurity professionals will gain valuable insights into the warning flags associated with AI-driven threats, enabling them to proactively protect their organizations against emerging risks.
CISO-TECH Students Seminar:
CISO Students Lead a Self-Study Seminar - in matters of the Technology and Architecture (Topics will be provided 3 weeks in advance).
