Suzette Bailey-Jones - Cyber Defense - The Big Picture — SecureWV

Cyber Defense – The Big Picture
Intro – High level/generalized about me
The Big picture of Cyber Defense and how to be an effective defender.
Knowledge, Skills, and Ability needed.
• PKI – Most importantly how they should be applied, what’s an A name, common name and what difference does it make, certificate chain of trust. What cipher suits and encryption strengths are required to be compliant with regs and are not CVEs. Where should the public key be stored and on which devices – IDS/IPS, Load balancer, Firewall, F5, etc.
• Ports and how to tell which ones are open, closed/deny, and are they encrypted
• How to read and navigate file directories
• How to use the command line and write scripts – .sh, .ps1
• Languages – PS, Bash, Python are essential
• Fundamentals of networking and how to use basic CLI networking commands and tools- ping, tracert, ipconfig, ifconfig, nslookup, openssl, curl, man, etc
• VS Code and how to use – Notepad ++ will work in a pinch
• How to setup a VM for practice
• Fundamentals of Risk – What’s the likelihood of it happening, and how great will the impact be (5×5 method)
• Fundamentals of databases & how they are backed up. (Incremental, full, etc)
• Fundamentals of Disaster Recovery
• How to write CYA emails – Assume that they will be read in court, evidence on social media, or congressional hearing.
• **** Nice to have – SQL queries, advance excel skills – Power Query, Xlookups, how to pull data into excel, Power BI, how to create datasets, familiar with APIs, JSON, XML, etc. ***

Common Security Risks/Issues
• PKI – Lack of proper implementation
• Cloud Configurations – Large rush and push, little training, resources, and expertise
• Ostrich Algorithm – Head in sand
• Lack of accountability and the need for plausible deniability
• Lack of Security oversight, procedures, and policy
• CMDB – Configuration Management DB is key for stakeholders, especially for security practitioners
• Proper Change Management
• Software Supply Chain – SolarWinds, MoveIT, Log4j (Still a thing), hoarding of old binaries.
• Many in C suite lack technical skills or experience
• CISA’s Known Exploited Vulnerability Catalog – https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Getting Started
• To get started – Firehose method. Obtain security+ cert and maybe CEH
• It’s not like it’s portraited in the movies….learn how to use excel and CSV data

Resources
• Information
o NIST 800 series – Do not have to be an expert, just know how to use ctrl f.
o CVE – https://cve.mitre.org/
o CWE – https://cwe.mitre.org/
o Stack Exchange – Some else has probably had the same question and the solution may be posted.

• Training
o Azure Cloud – Microsoft Enterprise Skills Initiative – https://esi.microsoft.com/ (Corporate Account)
o Youtube
o AWS – https://www.aws.training/ (Corporate may have Amazon Partner Network training)
o Cybrary – https://www.cybrary.it/
o SANS Institute – https://www.sans.org/
o FedVTE – https://fedvte.usalearning.gov/ (Federal Employees and contractors only)

Pen Testing Practice and Skills
• Try hack me – https://tryhackme.com/
• Hack the Box – https://www.hackthebox.com/
• Hacker One – https://www.hackerone.com/

Tools
• Github – https://github.com/ Checkout MIT, NSA, CISA repos
• Docker Hub – https://hub.docker.com/
• Burp Suite – https://portswigger.net/burp Web Vulnerability Exposure
• Chrome Browser Dev Tools
• Shodan https://shodan.io
• Google Hacking Database – https://www.exploit-db.com/google-hacking-database
• Kali Linux – https://www.kali.org/