Red Team VS Blue Team LIVE Cybersecurity Battle | CySA+ & PenTest+ Skills by Jennifer Balsom

Red Team VS Blue Team LIVE Cybersecurity Battle CySA+ & PenTest+ Skills Patrick Lane NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

AGENDA Introductions Red team / blue team concept and penetration tester / security analyst job roles

Cybersecurity Analyst job role (CySA+) Penetration Tester job role (PenTest+)

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

WHY ARE RED TEAM / BLUE TEAM ACTIVITIES A NECESSITY?

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Red Team / Blue Team: The Relationship • Why does the red team exist in the first place? ❑ To improve the blue team ❑ To create the right thresholds

• Responsible ❑ Why else would you pen test? ❑ Adjust tactics / strategy

Penetration Testing / Vulnerability Assessment & Management

www.netcomlearning.com

Security Analysts

| info@netcomlearning.com | 1-888-563-8266

Seminal Event: Target Hack of 2014 • Wake up call for the IT security world • Brought widespread attention to the “Advanced Persistent Threat”

• Demonstrated that traditional security tools, such as firewalls and anti-virus, do not alone protect networks • Recent high-profile attacks at Yahoo! and Democratic National Committee (DNC)

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

ITIL® V3 - All Processes Characteristics: ▪ ▪ ▪ ▪

Never stop Often highly coordinated / state sponsored Bad actors lurk on systems and networks Hard to detect

Planning

Malware Introduction

Command & Control

Lateral Movement

Target Identificati on

Exfiltration

(Attack Event)

Retreat

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Lessons Learned We must apply behavioral analytics to IT networks to improve the overall state of cybersecurity • We must focus on network behavior in an organization’s interior network • We must identify network anomalies that indicate bad behavior

We must train IT security professionals security analyst skills, which include: ✓ Threat management ✓ Vulnerability management ✓ Cyber incident response ✓ Security and architecture tool sets

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Lessons Learned (cont’d) We must be proactive with cybersecurity • Go on the offensive against your own network. • Use penetration testing to find system vulnerabilities before the bad actors do.

• Based on the penetration testing results, fix and manage the vulnerabilities.

We must train IT security professionals penetration skills, which include: ✓ Planning and Scoping ✓ Information Gathering ✓ Vulnerability Identification ✓ Attacks and Exploits ✓ Penetration Testing Tools ✓ Reporting and Communication 16% © 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Red Team / Blue Team Example Penetration testing (red team) and security analyst (blue team) hands-on cybersecurity skills are needed. For example: Red team

Blue team

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Red Team / Blue Team Example (cont’d) Red team launches a Denial of Service (DoS) attack

Blue team detects the attack

Exploit

Red team

Blue team

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

RED TEAM / BLUE TEAM EXAMPLE

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

LOGRHYTHM: FINANCIAL SERVER HACK DISCOVERED

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Source: https://logrhythm.com/products/security-intelligence-platform/

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Source: https://logrhythm.com/products/security-intelligence-platform/

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

SPLUNK: DATABASE HACK DISCOVERED

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Source: https://www.splunk.com/en_us/products/premium-solutions/splunk-enterprise-security.html

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Source: https://www.alienvault.com/products

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

THE COMPTIA CYBERSECURITY CAREER PATHWAY INCLUDES RED TEAM / BLUE TEAM SKILLS

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CompTIA Cybersecurity Career Pathway Red team / blue team skills are a component of the pathway.

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Job Role Growth - Security Analyst & Penetration Tester TOTAL NUMBER OF JOB POSTINGS: Information Security Analysts 130,000

110,000

90,000

In an analysis of U.S. Bureau of Labor Statistics data, information security analysts, which includes pen testing, saw an 8% bump in growth over the first three months of 2016. Thatâ&#x20AC;&#x2122;s a BLS record.

109,819

70,000

58,456 50,000

48,947

39,920 30,000

Public APT attacks

Source: Burning Glass Technologies Labor Insights, January 2016

10,000

2012

ÂŠ 1998-2019 NetCom Learning

Demand remains high in 2018: 120,000 U.S. job ads were posted for security analyst between Sept. 20172018.

2013

2014

www.netcomlearning.com

2015

| info@netcomlearning.com | 1-888-563-8266

Additional Indicators

The U.S. Bureau of Labor Statistics (BLS) classifies both job roles under Information Security Analysts, which includes: • 2017 Median Pay: $96,000 per year • Number of Jobs Available: 82,900 • Job Outlook: 28% growth by 2026 (Much faster than average)

The U.S. Bureau of Labor Statistics predicts that information security analysts, which includes penetration testing, will be fast growing, with 28% overall growth between 2016 and 2026.

8 in 10 managers indicate that IT security certifications are very valuable (38%) or valuable (42%) in terms of validating security-related knowledge/skills or evaluating job candidates.*

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

PENTEST+ EXAM DETAILS RED TEAM SKILLS

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CompTIA PenTest+ Red Team Skills CompTIA PenTest+ is a certification for intermediate skills level cybersecurity professionals who are tasked with hands-on penetration testing to identify, exploit, report, and manage vulnerabilities on a network. PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks. Successful candidates will have the intermediate skills and best practices required to customize assessment frameworks to effectively collaborate on and report findings and communicate recommended strategies to improve the overall state of IT security. PenTest+ Domain

% of Exam

1.0 Planning and Scoping

15%

Skills competence for key job roles:

2.0 Information Gathering and Vulnerability Identification

22%

3.0 Attacks and Exploits

30%

4.0 Penetration Testing Tools

17%

5.0 Reporting and Communication

16%

• • • • • •

Total

100%

Application Security Engineer Penetration Tester Vulnerability Tester Security Analyst (II) Network Security Operations Application Security Vulnerability

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Job Task Analysis (JTA) Participants Key JTA participants • Brotherhood Mutual

• Las Vegas Sands Corporation

• Global Cyber Security

• Integra Life Sciences

• SecureWorks

• Enterprise Holdings

• North State Technology Solutions

• Paylocity

• BlackFire Consulting

• Johns Hopkins University Applied Physics Laboratory

• TransUnion

• ASICS Corporation

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

PenTest+ Exam Information Item

Description

Exam code

PT0-001

Launch Date

July 31, 2018

Availability

Worldwide

Pricing

$349 USD

Testing Provider

Pearson VUE Testing Centers

Question Types

Performance based and multiple choice

No. of Questions

Maximum of 85 questions

Length of Test

165 minutes

Passing Score

750 (on a scale of 100-900)

Languages

English only

Recommended Experience

Network+, Security+ or equivalent knowledge.

CE Program, ISO/ANSI and DoD accreditation

Yes, part of CE program. ISO/ANSI 17024 accredited. Currently seeking DoD 8140/8570 approval for Q1 2019.

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Metasploit Example

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

SET (Social Engineering Toolkit) Example

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

PenTest+ Domain Objectives 1.0 Planning and Scoping

15%

1.1 Explain the importance of planning for an engagement. 1.2 Explain key legal concepts. 1.3 Explain the importance of scoping an engagement properly. 1.4 Explain the key aspects of compliance-based assessments.

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

PenTest+ Domain Objectives 2.0 Information Gathering and Vulnerability Identification

22%

2.1 Given a scenario, conduct information gathering using appropriate techniques. 2.2 Given a scenario, perform a vulnerability scan. 2.3 Given a scenario, analyze vulnerability scan results. 2.4 Explain the process of leveraging information to prepare for exploitation. 2.5 Explain weaknesses related to specialized systems.

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

PenTest+ Domain Objectives 3.0 Attacks and Exploits

30%

3.1 Compare and contrast social engineering attacks. 3.2 Given a scenario, exploit network-based vulnerabilities.

3.3 Given a scenario, exploit wireless and RF-based vulnerabilities. 3.4 Given a scenario, exploit application-based vulnerabilities. 3.5 Given a scenario, exploit local host vulnerabilities. 3.6 Summarize physical security attacks related to facilities. 3.7 Given a scenario, perform post-exploitation techniques.

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

PenTest+ Domain Objectives 17%

4.0 Penetration Testing Tools 4.1 Given a scenario, use Nmap to conduct information gathering exercises. 4.2 Compare and contrast various use cases of tools.

4.3 Given a scenario, analyze tool output or data related to a penetration test. 4.4 Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

PenTest+ Domain Objectives 5.0 Reporting and Communication

16%

5.1 Given a scenario, use report writing and handling best practices. 5.2 Explain post-report delivery activities. 5.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities.

5.4 Explain the importance of communication during the penetration testing process.

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CYSA+ EXAM DETAILS BLUE TEAM SKILLS

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CompTIA CySA+ (Cybersecurity Analyst) Blue team skills Seamlessly following Security+, CompTIA Cybersecurity Analyst (CySA+) applies behavioral analytics to greatly improve network threat visibility. As attackers have learned to evade traditional signature-based solutions, an analytics-driven cyber defense has become critical.

CySA+ Exam Domains: Domain

% of Exam

1.0 Threat Management

27%

2.0 Vulnerability Management

26%

3.0 Cyber Incident Response

23%

4.0 Security Architecture and Tool Sets

24%

Total

100%

Skill competencies: • • •

Configure and use threat detection tools Perform data analysis Interpret results to identify vulnerabilities, threats and risk to an organization

Job roles: • • • • • • •

Security Analyst Security Operations Center (SOC) Analyst Vulnerability Analyst Cybersecurity Specialist Threat Intelligence Analyst Security Engineer Information Systems Security Engineer www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Organizations that Assisted in CySA+ Development The CySA+ certification has been reviewed by nearly 2,200 security analysts and/or IT pros, including those who took the beta exam. It has received feedback from organizations and partners across the globe to reach its current status. Some of the contributors in the process are listed below.

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CySA+ Exam Information Item

Description

Exam code

CS0-001

Launch Date

February 15, 2017

Availability

Worldwide

Pricing

$349 USD

Testing Provider

Pearson VUE Testing Centers

Question Types

Performance based and multiple choice

No. of Questions

Maximum of 85 questions

Length of Test

165 minutes

Passing Score

750 (on a scale of 100-900)

Languages

English, Japanese & Simplified Chinese

Recommended Experience

3-4 years of hands-on information security or related experience. Network+, Security+, or equivalent knowledge.

CE Program

Yes

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Tools of the Trade – Open Source Examples Blue team Category

Open source software

URL

Network protocol analyzer / packet capture tool

Wireshark

https://www.wireshark.org

Network intrusion detection systems (NIDS)

Bro and/or Snort

https://www.bro.org https://www.snort.org

Security Information and Event AlienVault Open Source Management (SIEM) software SIEM (OSSIM) with Open Threat Exchange (OTX)

https://www.alienvault.com/prod ucts/ossim

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CySA+ Domain Objectives 27%

1.0 Threat Management •

1.1: Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes.

•

1.2: Given a scenario, analyze the results of a network reconnaissance.

•

1.3: Given a network-based threat, implement or recommend the appropriate response and countermeasure.

•

1.4: Explain the purpose of practices used to secure a corporate environment.

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CySA+ Domain Objectives 26%

2.0 Vulnerability Management •

2.1 Given a scenario, implement an information security vulnerability management process.

•

2.2 Given a scenario, analyze the output resulting from a vulnerability scan.

•

2.3 Compare and contrast common vulnerabilities found in the following targets within an organization.

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CySA+ Domain Objectives 3.0 Cyber Incident Response

23%

•

3.1 Given a scenario, distinguish threat data or behavior to determine the impact of an incident.

•

3.2 Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation.

•

3.3 Explain the importance of communication during the incident response process.

•

3.4 Given a scenario, analyze common symptoms to select the best course of action to support incident response.

•

3.5 Summarize the incident recovery and post-incident response process.

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CySA+ Domain Objectives 4.0 Security Architecture and Tool Sets

24%

•

4.1 Explain the relationship between frameworks, common policies, controls, and procedures.

•

4.2 Given a scenario, use data to recommend remediation of security issues related to identity and access management.

•

4.3 Given a scenario, review security architecture and make recommendations to implement compensating controls.

•

4.4 Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC).

•

4.5 Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies.

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

COMPTIA OFFICIAL CONTENT

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CompTIA now has Official Content! ÂŠ 1998-2019 NetCom Learning

Books, eLearning, labs, and exam prep software to support CompTIA certifications

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Official CompTIA Content ▪

Instructor-Led Training – – – –

Official CompTIA PenTest+ Instructor Guide (print or eBook) Official CompTIA PenTest+ Student Guide (print or eBook) LogicalLABS CompTIA CHOICE Platform Visit store.comptia.org

▪

Self-Paced Training – – – –

CertMaster Learn CertMaster Practice CertMaster Labs Self-study guide (eBook and print)

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

The CertMaster Suite

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Features of Official Content 1. Comprehensive Instructional Tools ✓ Robust Instructor Guide with presentation planners, helpful tips, and solutions in the margin ✓ Class tested with real instructors before publication ✓ Resources within CompTIA Choice including PPT slides

2. Focused on Job Roles and 100% Coverage of Objectives ✓ Lessons in the book align with real world job objectives and scenarios ✓ Activities require students knowledge into practice (some align with Labs) ✓ Appendix aligns content to exam objectives

3. Flexible and Customizable Content Based on Course Format ✓ Instructor Guide references different course formats and how presentation should be tailored ✓ The CompTIA Choice platform is the one stop shop for all resources for course including eBook, instructor files, videos, assessments and labs (if applicable) ✓ Students get lifetime access

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CertMaster Learn The first comprehensive eLearning product from CompTIA

Videos

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CertMaster Learn The first comprehensive eLearning product from CompTIA

Assessments

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

CertMaster Learn The first comprehensive eLearning product from CompTIA

Performance Based Questions

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

RECORDED WEBINAR VIDEO To watch the recorded webinar video for live demos, please access the link: http://bit.ly/2OSTuOk

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

ABOUT NETCOM LEARNING 90,000+

10,000+

1500+

Professionals trained

Corporate clients

IT, Business & Soft Skills courses

96%

8.6/9

20+

Of customers recommend us to others

Instructor evaluations

Leading vendors recognitions

Microsoftâ&#x20AC;&#x2122;s

80%

Top 20

Worldwide training partner of the year

Trained of the Fortune 100

IT Training Company

ÂŠ 1998-2019 NetCom Learning

NetCom Learning is an award-winning global leader in managed learning services, training and talent development.

www.netcomlearning.com

Founded

: 1998

Headquarters

: New York City

Delivery Capability

: Worldwide

CEO

: Russell Sarder

| info@netcomlearning.com | 1-888-563-8266

RECOMMENDED COURSES AND MARKETING ASSETS NetCom Learning offers a comprehensive portfolio for Security Courses » CompTIA Cybersecurity Analyst (CySA+) Certification Prep (Exam CS0-001) - Class scheduled on Sept 09 » CompTIA PenTest+ Certification Prep (Exam PT0-001) - Class scheduled on Sept 09 » CompTIA Security+ Certification Prep (Exam SY0-501) - Class scheduled on Sept 16 » CompTIA Advanced Security Practitioner (CASP+) Certification Prep (Exam CAS-003) - Class scheduled on Sept 23

You can also access the below Marketing Assets » Free On-Demand Training - Explore the Ways to Navigate Your Career in Cybersecurity » Free On-Demand Training - Getting Started With CompTIA PenTest+ » Blog - CompTIA Security+ Certification For Enterprise Network Security: Advantages

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

UPCOMING WEBINARS

• • • • • • • •

DevOps: Using Metrics and QA Practices That Matters New Cisco Roadmap: Creating a Powerhouse IT Networking Team Introduction to Power BI for Business Professionals Microsoft 365: Introduction to Microsoft Cloud Services What's new in Autodesk Revit 2020 Cisco Security: Introduction to CCNA Security IINS Microsoft Cloud Developer: Integrating AI Using Azure Services & More

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

PROMOTIONS

Bridge tech & business skills gap to empower workforce! Learn More about our Expert Training In High-Demand Cloud, Data & AI, Dev, Security, and Business Skills and start building your companyâ&#x20AC;&#x2122;s tech and business skill set. ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Facebook

Twitter

YouTube

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

BUILDING AN INNOVATIVE LEARNING ORG.

A NEW BOOK FROM RUSSELL SARDER, CEO AT NETCOM LEARNING A framework to build a smarter workforce, adapt to change and drive growth.

DOWNLOAD e-book

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266

Thank you

ÂŠ 1998-2019 NetCom Learning

www.netcomlearning.com

| info@netcomlearning.com | 1-888-563-8266