Convocourses Podcast: Cybersecurity Workforce Framework

 

Hey guys, this is Bruce, and welcome to combo courses, podcast. I'm doing an experiment where I'm doing daily is here. We'll see how this goes. I don't know if I'll keep this or maybe I'll do this twice a week or something like that because it hasn't been that bad. I got so many things. I can talk about so many questions to answer, but right now I wanted to focus my time on the categories of cybersecurity.

So a lot of times. Industry people think that cyber security is all about. And I think it's all about just hacking or something like that, something to that effect. And those are the things that are popular, just Hacking or pin testing or programming another one's for digital forensics.

People think that's all that there is, but in cyber security, not just I've been doing this for a very long time. I've done everything from the technical side where I'm actually configuring systems and installing systems and that kind of thing. But I've also done the, more of the management type side.

And I want to tell you that there's. So many different. Parts to cyber security. And when you see somebody talking about hacking or whatever it's very glamorous, but that's a tiny fraction of the whole spectrum of cyber security. It goes very deep. So if you're actually trying to get into this career path, cuz it pays very well and it does then I, what I wanna do is introduce you to some other categories of cyber security that you may.

Know about. And so one of there's an organization out there and it's from nonprofits and the government and a couple of private sector. They got together and they broke down the different categories of cyber security that need to be addressed. And it's not just. Cyber security by itself. Some of it is you can have a system administrator who does cyber security, that also accounts for this one.

And I'm gonna explain that in a second. If you stick with me, you'll understand this and you'll understand, especially if you, this is particularly for you. If you are trying to get into cyber security, if you're interested enough to want to be a part of cyber security in this field. And if you've been thinking about getting into it, I'm gonna show you the whole spectrum of cyber security.

Let me show you. A framework called it's called the workforce framework for cyber security. And if you didn't know about this is something the federal us federal government has been using for years now to figure out what categories to put people in and what kind of training that they need to do in order to be in these different categories.

And from a bird's eye view. Let me. Switch my screen over here on TikTok. Feel free to ask me any kind of questions. I'll be doing this for about 30 minutes if you're interested in this, but let me show you what I've got going on here. And I'm just so you know, I'm broadcasting on a podcast, but I'm also doing so I, I will explain what we're looking at here, but you can watch this on YouTube and Facebook eventually will put this on Facebook.

But here we have all the categories. Now there's seven different categories at the time of this recording. There's analyze. There's collect and operate. There's investigate. There is operate and maintain, overseeing, govern, protect, and defend and securely provision. And what I wanna do is give you an example of each one of these seven categories, cuz each one of these breaks out into specialty areas.

So for example, analyze breaks out into. What you call exploit analysis, language analysis, target analysis, and you'll see that some of these don't look like cyber security topics, but they, in fact they are now, if you happen to be dual bilingual, if you happen to know another language Very fluently.

You might actually be able to very quickly go into something called language analysis, which we'll briefly touch on in a second. But what I wanna keep this kind of high level right now, just to show you the different specialty areas. Now there's about, I don't know, 30 or 40 different specialty areas.

Each one of these categories of cyber security breaks out into these special specialty areas now in collect and operate, you'll see things like cyber, operational planning, you don't think that would have a lot of hands-on stuff and it actually doesn't. So let's keep going here.

And when I say hands-on, I mean like somebody who's actually configuring a server or setting up a network and stuff like that, cyber security is not all just about that. It's a very broad area. It's a very broad umbrella. So investigation is what you might expect is digital forensics, cyber investigations.

Threat hunting, things like that. And we'll cover that in a second operate and maintain. This is what people normally think about when they think about system administrators, data, administrators, network services, that's their network engineers, things like that. These guys are in.

Cyber security in that they have to do a lot of cyber security-type activities. They're not typically seen as cybersecurity people, but they have to do a lot of things in cybersecurity. As you might expect when they're installing patches or things like that. Overseeing govern. So this is what I do.

I can speak extensively on this, but this is a lot of management type stuff. Cyber security management. This is your C level execs and it even includes legal and program managers. This is something I would very much like to talk to you about because program management requires a certain level of emotional intelligence that a lot of it people do not.

Okay. And I, it's a very important a very critical piece of any kind of system engineering, any kind of major cyber security projects, anything the organization is doing that where they're spending a lot of time, money, and energy, and a lot of resources. They need a program manager. I'll get off my soapbox on that one, but it also pays very.

And that's something I talk about a lot on my site program management is a big one. Okay. Anyway, let's keep going. Let's keep it high level protect and defend. So protect and defend. Is dealing with a cyber defense analysis, just to name a few incident response. That's a huge one, vulnerability assessment and management.

Huge, but that's for protect and defend. So you see, this is not all just firewalls. This is not all hacking have I haven't even mentioned hacking yet. That's how big this field. And there's some things that are not even included on here. Like cryptography, you don't see cryptography on here, but cryptography is considered part of part of cyber security.

And I would argue that the cypherpunks, the guys who created The concept for Bitcoin and all that kind of stuff were also very good cybersecurity people anyway. So securely provision. Now this one has to do with risk management, software development, system architecture, that sort of thing. So you can see, what I wanna do is just show you.

The high level here. There's many different categories of cyber security and it's not all just hacking. It's not all just programming. Yes. Those are part of what we do. But in the major scheme of things, like when you look at the big picture for all of this it's a very big feel. And I wanna just explain to you why if you think about it, it really makes sense when you go to your bank and you are trying to send a wire transfer from one.

Using ACH to another bank, right? Or you wanna wire something overseas or whatever the case may be. The bank has a certain they have certain protocols and procedures and certain policies that they have to do in order to secure your information to make sure that the $1,000 you sent from one bank to another, or from, to your, whoever.

Wherever you're sending it. They have to make sure that information is protected. The rules and protocols and procedures and the legal system. All of the things that come together that is known as secure security compliance. Now the financial industry has a different set of laws, as you would imagine than say the healthcare.

The healthcare industry is protecting your healthcare information, your digital, if it's that information is digitized, they have to protect that information, right? So they have a whole different set of laws that are completely different because it has a different has a different, it has, it requires a bus different business solution than say a bank.

If you think about it like this, the government, the federal government, who's protecting your social security number. They're protecting your, I don't know. They're holding, making sure that things like the DMV, if you're talking about the state they have to protect your personal on for information as well.

and making sure that's, of course there's all kinds of leaks and all kinds of hacks and all that kind of stuff going on, but they have a whole different set of procedures and rule sets and laws that apply to the federal and state government. And that's also called security compliance.

Security compliance is in every industry. It's in every state, it's in every jurisdiction, it's in every county and it's in every country. Each country has their own set of laws that pertain to. And all of us, all of them have different solutions that they need for their particular situation. So one would imagine as you can probably imagine, there's a lot of security that has to be done for that.

And it's not all hacking. Like you can see how hacking is a tiny drip and a gigantic ocean that is cyber. Cybersecurity is a very huge field and that's why you have seven different categories. Now, what I wanna do is kinda give you a practical understanding of these seven categories. Now let's start from the top here.

I'm gonna give you a specific example of where you might have seen this on TV or in a movie, or relate it to something you can understand here on a practical way. So let's start with analyze the first category we see on the top here is analyze. Has these specialty areas right here. Now, if you break these down and if you wanna go to the site, by the way, if you happen to be watching me on YouTube I have a link to where you can actually follow along.

The actual site. Is there in the link now analyze, let me give you a practical understanding what analyze is now. When I was in the military, we had, when I was in a combat zone and we have we had languish analyst. Whenever we and the reason why we had these language analysts was because we can't understand, say if say a another country is attempting to hack our systems, like they'll put some code on our systems and that code has to be in Ukrainian or in Russian or whatever other language you need a language.

To actually figure out what is being said in that in that code. And that's why a lot of times they figure out, oh yeah this hat came from Russia. This hat came from Ukraine. This hat came from whatever country, because you have an language analyst who has they're multidiscipline in language languages, where they can figure out and decipher and figure out like what's going on.

They'll have like different tools. That'll help them to decipher what's going on with that, with whatever hack is going on. So this is actually a part of the analyze category. Let me give you another example, threat analysis. Now this is a big one. So a cyber threat analysis is something where what you're doing is.

You're trying to detect and figure out where a company might get hacked from an organization might get hacked from, and it sounds impossible. Sounds crazy. How can you figure out where threats are coming from? There's some ways to do it. So if you think about like this right now, somebody might be trying to hack, I don't know, I'm just pick something off the top of my head.

They might be trying to hack Walmart or something. Wal, what Walmart can do is they can have somebody scour the internet. Do search conduct searches or create a tool that goes out and. Does a web crawl of the internet to figure out okay, who is mentioning Walmart who is talking about it on social media?

Who's talking where are the communications that are in the public domain to figure out who is talking about us so we can figure out where those threats are coming from. Because a lot of times when these, before the attack even occurs, these criminal hackers are talking amongst each other on the dark web.

About how they're gonna attack or they even already had the attack. They already pulled the information from there and they're selling Walmart's emails. Now this is just an example. I just, so you know, I don't have a client with Walmart or anything like that. I don't have not interacted with Walmart's cyber security.

I was using them as an example and I'm unaware of any current tax or anything like that. Just, this is just an example, but that is what threat warning analysts do. And this is something I did at my last job, as a matter of fact, that was one of our jobs was to do threat analysis on companies to figure out what's going on.

And this also pertains to doing cyber looking at terrorist threats for whole countries, by the way. So that's analyze an analyze goes into analyzing information, analyzing targets, analyzing threats that might be coming to a cyber security through, to an organization. There is, there can be some hacking involved.

There can be times where you have to know a little code, but language analysts don't typically know code, and then all source analysis. This goes straight into just intelligence. This is normally what you'll see in like intelligence organizations where they're gathering actual, actionable intelligence from other.

From multiple sources, putting that information together to figure out, okay, we have a terrorist threat here. We have a terrorist threat there. We know that we have advanced persistent threats here and there. We have some, we have reason to believe we have human intelligence people on the ground where they've gathered this or that information to figure.

Who's gonna attack what, and a good example of this one would be that if you've ever watched a mission, impossible the ghost ghost recon, that one, they have, they talk about this type of job all the throughout that one. The as a matter of fact, they have one of the characters is an analyst, and this is the, what they're talking about.

This is somebody who. Who pulls information from different sources, different intelligence sources puts it together and figures out. Okay. We know that there's a credible, there's a probable attack. That's gonna happen over here, over there, based off of all the Intel that they've gathered in the field.

Okay. So we beat that one to death. Let's keep going here. So that is analyzed and that's in cybersecurity. Then we've. Collect and operate. Let's look at this one. So here's the specialty areas with collect and operate. Now, what are we talking about here? This is also dealing with a lot of intelligence, this, a lot of govern department of defense and some of the other three level organizations will have something like this cyber operations, where they're also looking at real time threats.

They're looking at foreign intelligence entities. So this one's very much related. To what we were talking about here analyze a lot of times we'll see these in security operation centers, a security operation center, especially the ones for that work for different governments.

They're very large, they have a large. Office where you have all these giant screens going on, you see these in movies, like when they were walking in and it's like, what's the threat and there's a, there's supposed to be a bomb here and they're trying to figure out like, what's going on.  so a lot of times they're talking about a cyber.

Intel planner. These are the guys who put everything together. And if I could just read through some of this details here, it says, develops detailed intelligence plans to satisfy cyber operations requirements. So these are the guys that are managing all the information that's coming in and how we're gonna, what we're gonna do once we gather that information.

So that is collect and operates, dealing with a lot of Intel type stuff. And You see it in movies and stuff like that. That's, it's not like the movies to be honest with. It's pretty boring. But okay. Investigation. Now, this one, if you ever seen the show CSI, this is. It, the digital forensics, not necessarily the scientists scientific forensics where they're trying to figure out when a person was murdered, based off of the insects that are consuming the corpse or whatever, sorry to be so crude, but that's forensics, digital forensics is a little bit different.

This is the people who will take a computer. A lot of times they'll work with law enforcement and stuff because they're dealing with very heavy issues. I don't wanna get flagged for talking about some of the stuff that they find. But if you're talking about digital forensics, you're only talking about a few crimes major crimes that are gonna have to necessitate a digital forensics guy, major crime murders, and assaults that were caught on fi on, on digital media.

And somebody try to hide some. Illegal contraband on their computer and try to do some illegal transactions using cryptocurrency or something like that, and they have to trace back. Where the cryptocurrency wallet it's went to, or they have to figure out see if somebody was using some illegal pictures or images on their computer, but they try to erase it.

But with digital forensics, you can actually extract that from the ones and zeros on the hard drive. That is what we're talking about when we're talking about investigations. So they work a lot with the law, with law enforcement, they work a lot with with The with law they might have to do things like what you call it.

Chain of custody, where they have to make sure that the hard drive that they're investigating can get to trial and not be tampered with and things like that. So that's investigations then you have maintain and operate. So what is this one maintain and operate is this one's pretty self explanatory.

Once, once you see some of the job titles and stuff in here network services, that's like the people who install, configure, test operate, maintain the network, the firewalls. The switches, the hubs, they, they say hubs here, but not many people use hubs that much anymore. So that's funny, but system administrators, these are people who install, troubleshoot, maintain the servers and the configuration files and make sure that the config, the confidentiality, the integrity and the availability of the system is protected.

So yeah, that's that is maintain and operate. Then you've got overseeing governor. I could talk. My entire site is about this one specifically about cyber security management. Cause this is what I do. And this is when I, when we were talking about this in the beginning, we were talking about what exactly what I'm doing, which is.

This right here, information system, security manager, actually, I'm a my specialty is information system security operate officer, but management's something I do as well. So it's security. Doing cyber security for the whole organization, making sure that the cyber security of the organization is sound making sure the documentation is good, making sure that you've got all the system security controls are in place, things like that.

And you have to work a lot with the C level execs, high level security people within the organization. Doing a lot of coordination talking with the program managers, talking with the subject matter experts on the firewalls, on the networks, on all that kind of stuff, to make sure that we, as a team in the organization are doing what we're supposed to do, whether that's doing PCI compliance or HIPAA compliance or whatever industry standard we need to meet, that's what cyber security managers are doing.

And. COMSEC manager. These guys manage the cryptography, the crypto keys within an organization. So that is one, that's just one of the specialty areas that we're talking about for overseeing govern. This also goes into C level execs, your CIOs, your CIS OS with chief system security officers, or your chief information security officers, your C level execs, you're legal people.

You don't know often see legal people. Lumped into cyber security, but here it is right before your eyes. I'm telling you, the point I'm trying to make is that cyber security is not just programming. It's not just hacking stuff. It's also, it includes legal advocacy. Because the organization has to protect its reputation.

If somebody's defaming the organization, right? Their reputation is at stake. Who do they go to? You go to your legal team. Your legal team is, has to determine, okay, did these people defam? The, our organization are these, do we need to do a cease and desist order on this website? That's trying to. Do what's called typo squatting.

That's where you let's say google.com, but some somebody creates a site called Google, whether E and the L are transposed so that people, whenever they miss type Google, it goes to their site. And then they take you to a, some malware or something. Some other site. So are, do we have a legal case?

For the protection of our reputation or not, so legal is also where you would talk about, okay, we need to develop a privacy notification. We need to develop a a, something so that some, a non-disclosure agreement for all of our users who come in that's legal department. They, so they're very much involved with things like.

Privacy notifications that pop up on a website whenever you've gone to a website that privacy notification pops up, that's serious because the organization doesn't wanna be liable to, they don't wanna get sued because they released your information without you knowing about it without you, knowing what you were clicking on.

So they have to go to the legal department for that kind of stuff. Cyber security includes that kind of. So let's keep going here. I wanna show you a few more things and I'll keep it a little bit briefer on the next ones, what we do. So that's overseeing, govern. Let's go to the next one, which is protect and defend.

This is one of my favorite ones, cuz this one, excuse me. This one includes cyber defense analysis. In a past life. This is what I did. And this is, this one is really fun. I really love doing this one. This is people looking at logs. It looks like the matrix. Like they'll sit there and they're watching a screen full of logs go by and they're trying to figure out what is, if there's any kind of attacks going on in, on their, in their environment.

If there's some, if. Malware happening in the environment. Like it, it actual infiltrated the environment, or if there's somebody doing something they're not supposed to do, you could pick that stuff up in the logs. If you know what to look for. And they're looking for certain patterns of behavior inside the logs, that's reflected in what's going on.

Cyber defense analysis is where you would do that. It's picking up the IDs, intrusion detection, intrusion prevention, the firewall logs, the network, traffic logs, all that stuff. And it's making a determination. And these days you can do it a little bit with artificial intelligence to help you out, to help out the actual cyber defense analysts.

So that. What we're talking about with that's one of the things that we're talking about with protect and defend another huge one is incident response. That's a big one. And then vulnerability. These are like whole. Industries, by the way. This I'm briefly mentioning the names, but this is an entire industry in and of itself.

This one incident responses is own thing. And so it's vulnerability management. Okay. Let's go to securely provision. And this is the last one last, but not least this one's getting into risk management. This is something I do a lot. This is my whole job right here. Risk management. This is making sure that the organization is within a acceptable level of risk because every system that's out there, every single system, no matter what system it is, has some certain level of risk that they have to operate with.

And so risk management is just simply making sure that the risk is not too great for them to operate and not the risk. If a system has too much risk. It's too much exposure to their critical systems, then they can get, they're gonna get hacked at some point, they're gonna have a breach at some point, if your risk is too high.

So you need risk management as a specialty area, software development, whenever you develop software, you gotta make sure that software is developed securely so that you don't have any major breaches. A lot of the breaches that happen especially with zero. It's because of software issues, that software that wasn't secure and that's all in securely division securely provisioned rather.

So there's other things in here and the whole point I'm trying to make before I close this thing out and I'm almost done here is that cyber security is a huge, it's a huge field. It includes everything from manage. Program managers are very integral part to cybersecurity. It's a whole different discipline.

They do not have to have hands on stuff. They do need to, at some point, understand the organization's process on how software is developed, but not necessarily no Java or no C plus, or how to actually code or how to use the coding libraries and all that kind of stuff. They don't need to. They need to know the organization's process.

They need to know things like agile. They need to know things like what's the other one, scrum. And and things like that, processes that allow an organization to get to securely build the system securely build the software, develop the software, things like that. They need to know. So it, this includes C level executives.

This includes like we said, manage. It includes risk risk management, managing the risk effectively for an organization. It includes an, a lot of analysis. It includes all of these aspects. So whenever you think, whenever somebody says cyber security, just know it's a huge field, and it's not just one thing.

It's many different things. Okay. That's it for this one, guys. Thank you for watching me. I really appreciate it. I'm trying to do these lives. Daily. I'm I've got one on YouTube coming tomorrow. I'll try to put this on TikTok as well. I try to put on as many platforms as I can tomorrow. I do these at least once a week on Saturdays, one o'clock mountain standard time on YouTube.

I've got a podcast it's called pod combo courses dot pod, bean.com. And if you go to combo courses.com, there's tons of downloadables tons of free stuff. It's free to actually sign up there and I'm always giving out stuff like this where I don't expect you to pay me anything. I'm just giving you out information so we can get.

More people where they can take care of their family. To me, that's the name of the game you taking, being able to take care of yourself and being unable to take care of your family. That's the name of the game? That's why I teach people how to get into this field, how to make more money in this field and how to have security in this field.

Financial security. A career security so that they could take care of themselves and their family. All right, guys, that's it for this one. Thank you so much for watching. I really appreciate everybody. Who watched and I'm sorry, I couldn't get to your questions this time. Maybe next time.

We'll attack those questions. Peace.