Who’s that crab stirring up trouble? Who’s that crab hacking wireless networks? Who’s that crab sobbing softly in the corner when your employees learn how to stop common viruses and network attacks?
Criminal Crab is ready to try to take down your wireless networks.
Criminal Crab will guide employees through all the common pitfalls of working with technology whether they are at home, at the office, or on the road.
Criminal Crab thinks that he is the master of Social Engineering
With over an hour of content split into six courses, Criminal Crab teaches employees:
Protecting Confidential Information
Protecting Your Computer
Mobile and Travel Security
Physical Security
Social Engineering
Security Awareness for Executives
After learning from the new Security Awareness program, employees will send Criminal Crab home in tears.
Teach your employees to defeat Criminal Crab. Be on the look for more information soon as Criminal Crab slinks over to Twitter! Criminal Crab is set to take on the world (and fail) Fall of 2010.
Expand your knowledge with SecureSkills training and add an ultra cool iPad to your technology toolkit.
Attend a 5-day Instructor Led training course between June 1st and August 31st and get a free iPad or 25% off your course fee*.
To receive a quote, head to the SecureSkills.com’s Request a Quote page and enter promotion code: IPAD_SB.
Travel, work, and play in style with an iPad. The iPad isn’t just the best device of its kind. It’s a whole new kind of device. The iPad features a large, high-resolution LED-backlit IPS display. An incredibly responsive Multi-Touch screen. And an amazingly powerful Apple-designed chip. All in a design that’s thin and light enough to take anywhere.
1GHz Apple A4 custom designed, high performance, low power system on a chip
Accelerometer and Ambient light sensor
20Hz-20,000Hz frequency response
Wi-Fi (802.11a/b/g/n)
Bluetooth 2.1 + EDR technology
Location: Wi-Fi and Digital Compass
Dock connector port, 3.5mm stereo headphone jack, built-in speaker, microphone
Environmental Impact Reduction Features
Arsenic-free display glass
BFR-free
Mercury-free LCD display
PVC-free
Recyclable aluminum and glass enclosure
*Promotion Disclaimer
Excludes CHFI & CISSP. Exam Prep courses. Attend class between June 1 – August 31, 2010.This is a limited time promotion that cannot be used in conjunction with any other promotion, discount, or special offer. In order to receive the promotional price for the course, the course must be taken during the promotional period. A promotional code is required at the time of student registration in order to receive promotional pricing. Any promotional pricing or discounts will be applied to the course’s MRSP unless otherwise stated. Course registrants will not receive their free gift until after the course fees have been paid AND the course has been completed by the registrant. Promotional pricing may end at any time without notice.
If FishNet Security reschedules the course for a date outside of the promotional period, promotional pricing will still apply.
“ F5 is the market leader in application availability and performance, and also the market leader in data center redundancy solutions.” Jerry O’Brien, Enterprise Account Executive, FishNet Security
FishNet Security Ensures Application Performance and Availability for Financial Services Company with F5.
FishNet Security is an F5 Expert Level Partner offering IT security solutions that range from information assurance to technology integration to managed services. Founded in 1996, the company provides services to organizations that compete in a number of industries, particularly those in highly regulated environments. With 400 employees and 26 locations worldwide, FishNet Security works with customers to develop security strategies, perform assessments, manage integration, and provide training and support.
Business Challenge
A publicly traded U.S. financial services institution based in the Midwest recently came to FishNet Security with two problems. First, the company needed to achieve redundancy for its data centers so that in case of a catastrophic event, business would not be disrupted and customers at its 136 locations around the country would still be served.
The company also needed to improve the availability and performance of all business applications running in its two data centers. The Cisco Content Services Switch that was in place was reaching the end of its support contract, and the customer was looking for a more robust solution.
In addition, the customer required that FishNet Security find one single vendor to solve the two challenges. FishNet Security recommended F5 BIG-IP® Global Traffic Manager™ (GTM) and BIG-IP® Local Traffic Manager™ (LTM) to solve both challenges in the customer’s data centers. “F5 is the market leader in application availability and performance, and also the market leader in data center redundancy solutions,” said Jerry O’Brien, Enterprise Account Executive with FishNet Security.
Check Point Software Technologies Ltd. recognizes SecureSkills as the 2009 Top Check Point Authorized Training Center in the Western Hemisphere
Check Point Software Technologies Ltd, the worldwide leader in securing the Internet, recently announced SecureSkills, the training group of FishNet Security, as the Top Check Point Authorized Training Center (“ATC”) in the western hemisphere for 2009. This award is presented each year in recognition of the Check Point Authorized Training Center which produced the highest gross revenue while delivering superior quality learning solutions to its customers during the previous year.
FishNet Security’s industry-leading, certified technical instructors use the latest Check Point developed courseware and training materials available to ensure students receive the most advanced information offered while aligning with the Check Point certification programs.
“This is the second time SecureSkills has been named ATC Partner of the Year, and we are honored to be selected again” says Barry Cooper, Vice President of Training Services for FishNet Security. “This award reflects our dedication to consistent, high quality instructional excellence.” The Check Point ATC Award confirms FishNet Security’s twelve year commitment to key partnerships, while providing consistent quality and exemplary training services at state-of-the-art learning facilities.
Did you know that SecureSkills has twenty Authorized Training Centers (ATCs) coast to coast throughout the United States?
When students attend class at one of our Authorized Training Centers they receive quality instruction in a focused, engaged learning environment free from distractions. The SecureSkills’ certified trainers are experienced experts who can clearly communicate complicated technical information.
SecureSkills is pleased to announce we are opening up three new Authorized Training Centers in:
Phoenix
LA
Orange County
You can also find our Authorized Training Centers in:
Atlanta
Boston
Chicago
Columbus
Dallas
Denver
Houston
Indianapolis
Kansas City
Greater Los Angeles Area
New York
Omaha
San Francisco Bay Area
Seattle
St. Louis
St. Paul
Tampa
Washington DC
Our SecureSkills’ ATC Google Map shows the location of each of our Training Centers. Need to figure out which building you’re class will be held in? Use the interactive map below.
SecureSkills has released a new site, http://cbt.secureskills.com, that focuses on our Computer Based Training (eLearning) portfolio. The new site features in-depth information on all of our Computer Based Training Course (and we have a lot of them).
In conjunction with http://cbt.secureskills.com, we also released a fresh batch of videos to our YouTube channel. The videos feature clips from all of our Computer Based Training courses. You can learn about everything from the history of HIPAA to how to code secure applications.
Recently, I had the opportunity to travel down to Florida for the Society for Applied Learning Technology (SALT) 2010 spring conference. There, along with a few hundred other developers and industry leaders, we learned about and explored new and emerging technologies, problems, and solutions.
The presentations ranged from Learning Management System discussions and reviews, to demonstrations on creating reusable content. I even got glimpses of the military gaming, training, and Virtual Reality technology that is being implemented now and in the future.
My goal was to start a dialogue with other developers in the computer based training world. To do so, I gave a presentation on SecureSkills‘ Computer Based Training team’s Software Design Life Cycle (SDLC).
At SecureSkills, we go through eight steps to create an end product. We apply this process to all content we create. Whether we are customizing existing content or creating new content, the cycle applies.
Step One: Design Document
Every product we create starts with a design document. Before any creation takes place, we start building a design document that will stay with the project through completion. The design document outlines everything that is going to be in the end product including colors, images, technical specifications, and many other details.
Of course, at the very start of a project, it’s hard to know the final form of every details. Changes and revisions are a part of life in the Computer Based Training world. That’s why we continue to modify and change the document throughout the SDLC. The design document is the guidebook that ensures we make it safely to the end product without getting lost.
Step Two: Subject Matter Expert
The Subject Matter Expert creates slide material, a script, and other reference materials.
Every project requires a Subject Matter Expert, a person or a very reliable source that provides the content needed to create a quality product. No matter how slick or creative a product is, if the content isn’t correct, up-to-date, and reliable, then everything is just hot air. SecureSkills has access to hundreds of experts at the top of their field which means we can always ensure that the content is king.
Step Three: Low-Fidelity Storyboard
We take the Subject Matter Experts material and start to layout the framework for the final product. In this screen shot you can see some basic color work, a little rewording, and place holders for images and other material that will be inserted in the high-fidelity storyboard stage.
Using the design document and the Subject Matter Expert’s source material as a guide, we start creating a low-fidelity storyboard. This storyboard outlines the whole course. This is a skeleton version of the end product with placeholders for many images and interactions.
Step Four: High-Fidelity Script
While we are creating the low-fidelity storyboard, we write the high-fidelity script. To create this script, we take the material provided by the Subject Matter Expert and organize and polish it. This script will go to the recording studio, but not before the SME reviews it to make sure the meaning of the content hasn’t been changed.
While other details are still in the low-fidelity stage (meaning the final details have not been added), the script doesn’t have that luxury. It has to be perfect because it complicates the project if we have to go back to the studio.
Step Five: Audio Recording
A quality recording studio ensures crystal clear audio.
SecureSkills always uses a professional studio and an experienced voice actor. A quality voice actor brings a script to life. When we cover technical and complex topics, a good voice actor’s tone and inflection can be the difference between boring and intriguing.
Step Six: High Fidelity Storyboards
Most of the wording is the same as the Low-Fidelity storyboard but final fonts, colors, images, themes, and other elements have been finalized. The audio is married up to this final storyboard.
With the audio recording in place, we take our design document, low-fidelity storyboard, and audio and start to assemble the final product. We layout and code the final form of all interactions, images, GUIs, and other requirements. This is a really exciting part of the SDLC, as everyone’s hard work starts to spring to life.
Step Seven: Alphas and Betas
As the high-fidelity story board turns into the final product, we go through a series of alphas and betas that test the product. More and more groups are brought in to review the final product. Feedback is collected and acted on. In this stage all final wrinkles are ironed out.
Step Eight: Product Release
With all alphas and betas complete and all changes made, we release Version 1.0. The product is now polished, functional, and educational. It has been tested, QAed, and checked for usability. It is now ready to be wrapped in a variety of SCORM, AICC, or Flash formats and hosted on a LMS or KMS.
Learn More
To learn more about the process, view our catalog of CBT products, and request a quote, head to www.secureskills.com
At FishNet Security, we realize that your organization is under pressure to meet the complex and ever-changing regulatory compliance standards imposed on you to protect your information assets. It is nearly impossible to keep up with regulations and how they impact your organization, let alone have the bandwidth to implement solutions and ensure their organization stays in compliance.
Tokenization: On a high note, we are seeing an uptick in retailers’ adoption and implementation of tokenization in their environments. In hopes of reducing the impact of PCI, retailers have begun rolling out various tokenization technologies that not only shrink the scope of their PCI environment, but also reduce risk by removing credit card data from the environment.
It is important to recognize the misconception that tokenization actually removes all credit card data from an environment. While it is possible to remove all credit card data in some very basic environments, removing all credit card data in transit and while being processed is a challenge faced in more complex environments. Nonetheless, tokenization is a technology that is gaining considerable ground, and we expect to see organizations using this technology as it matures.
Wireless Handheld Devices: Due to tightening requirements from the PCI Security Standards Council, FishNet has seen a significant increase in the number of retail clients seeking guidance for securing legacy wireless handheld devices.
The biggest question we have received is, “Should we replace this technology? Or, “How do we segment our environment to reduce the risk of these types of devices?” Most organizations seem resistant to the idea of replacing these devices considering the initial investment, and they are more likely to implement compensating controls in order to comply with the PCI Data Security Standard. It has been FishNet Security’s recommendation to reference the PCI DSS Wireless SIG furnished in 2009 for guidance surrounding securing wireless handheld devices.
Patch Management: Patch Management is a very challenging task for any organization. If you throw in blackout windows during the holiday season patching becomes even more challenging in the face of PCI. A vast majority of our retail clients have blackout windows between November and the end of January. Considering the PCI requirement for applying critical patches within 30 days of their release, rolling out patches seems impossible during the blackout window and can put a company at risk and out of compliance very quickly.
FishNet Security’s Jeff Foresman, previously a Trainer with the PCI SSC, states that the best way to address patching during holiday blackout periods to reduce risk and maintain compliance is to implement a patch classification program that addresses how patches are implemented in an environment according to their criticality. For instance, categorizing assets by Server, Workstation, then Laptop, and then patching these systems according to a very regimented patch process can help to ensure the client stays in compliance through their holiday period.
Global Cyber-Forensic Statistics: 2009 Annual Visa QIRA Meeting
FishNet Security attended the 2009 Annual Visa Qualified Incident Response Assessor (QIRA) Meeting this year in California. The statistics below have been taken from this meeting, and represent the majority of the retail vertical.
The number of global compromises has been increasing consistently from 2007 – 2009. Interestingly, the percentage of compromises is decreasing in the US from 2007 – 2009.
For the past 2 years, restaurants have been the focal point of compromises globally.However, in 2009 hotels were compromised almost 3-to-1 compared to restaurants.
The Top 5 Malware from January 2008 – April 2009 were: Memory Parser, Sniffer, Keylogger, Backdoor, and Malicious .asp Pages
The Top Attack Vectors in the US, (and globally), from January 2008 – April 2009: Malcode, Network (Egress Traffic), Remote Access Server, and Hosts (POS & Workstation)
*Please note, all statistics have been taken from QIRA Meeting Literature
Every year the Computer Security Institute furnishes the Computer Crime & Security Survey. The purpose of this survey is to gain insight into the challenges survey respondents face throughout the year. This year there were over 440 respondents from the most common verticals, (Financial, Government, Education, Medical, and Retail). While we have only outlined what we feel are the Top 5 most significant findings from this survey, we encourage all of our clients to read the entire survey as it contains a wealth of beneficial information.
Similar to the QIRA Statistics above, respondents reported the Top 5 Attacks last year were: Malware/Malcode, Password Sniffing, Website Defacement, Mobile/Laptop Device Theft, and Phishing.
The average loss per respondent has lowered from 2007 – 2009 by almost 30%.
65% of respondents feel that compliance requirements have improved their Security Program. Moreover, some respondents have embraced and used compliance requirements to leverage and justify new technology and/or staff.
Respondents reported a significant jump in the number of incidents of Financial Fraud. They also reported that financial fraud continues to be the most expensive attack averaging almost $450,000 per incident.
Finally, on a more cultural level, respondents felt satisfied, but not holistically overjoyed with security technology. Many respondents named tools that would increase their visibility of their environment, (log management, event monitoring, etc), as an item on their wish list.
*Please note, all findings have been taken from 2009 CSI Computer Crime & Security Survey
2010 FishNet Security Schedule of Events:
Shared Assessment Summit – “Hear from leaders in IT outsourcing risk management from a range of industries. Learn the latest in managing security, privacy and business continuity risks, including what you can do to ensure the reliability and resiliency in cloud and SaaS environments.”
May 18-19, 2010
Providence Biltmore
Providence, RI
National Retail Federation CIO Summit (NRFtech) – “NRFtech is the retail industry’s most influential event for senior level IT executives. The National Retail Federation (NRF) CIO Council, an established corps of premier retail IT leaders, has developed an educational program that is global, relevant, and forward thinking. Attendees will learn about the latest trends in retail technology and supply chain management in a pressure-free environment with no vendor exhibits.”
August 15-17, 2010
The Ritz-Carlton, Half Moon Bay, CA
PCI Annual Community Meetings – FishNet Security will have a presence at both the North America and Europe community meetings this year. Please let us know in advance if your organization will be present and stop by our booth when time permits.
North America:
Buena Vista Palace
Orlando, Florida
September 21 – Welcome Reception
September 21 – QSA/ASV Session September 22 & 23 – General Session
Europe:
Hotel Fira Palace
Barcelona, Spain
October 18 – Welcome Reception
October 20 – QSA/ASV Session October 19 & 20 – General Session
Contact Strategic Services with any questions.
Authored by: Alex Pezold, StS National Retail Industry Lead
Last week, FishNet Securitytrainer and SecureBlog blogger (creator of our most informative blog posts yet), was at our corporate headquarters in Kansas City teaching a class and working on the infrastructure that runs the SecureSkills’ Remote Training Environment.
John puts the rest of the RTE to shame with his cord management.
After his class wrapped up on Thursday and he expertly installed a slew of F5 boxes, we headed over to a great Kansas City dive bar, The Peanut, to sample their famous, delicious and spicy wings.
As we sat in the back eating wings I asked Sims about his life, career at FishNet Security, the threat landscape, and social networking.
How long have you been with FishNet Security?
Well before I was with FishNet Security I was with TrueNorth Solutions, which acquired the company I was with before that. TrueNorth was acquired by FishNet Security in July 2006. So around nine years at this point.
Have you always been a trainer?
No actually. When I was with TrueNorth Solutions I was in support.
How did you make the switch?
After TrueNorth was acquired I started working as a consultant and taught Blue Coat classes when I wasn’t consulting. I found that I really didn’t enjoy consulting as much as I liked teaching. In April of 2008 I officially switched over to training full time.
How do you like being a full time trainer?
I like it a lot overall. Sometimes the travel sucks, but I’ve built up a lot of hotel points. The worst is when I have to go through Dulles in Washington DC.
What is your focus as a trainer?
My specialty is with F5 Load Balancing and Blue Coat Proxies. I’m slowly starting to train more application firewall classes such as F5’s ASM, Palo Alto, Sidewinders, and Layer 7.
What’s your favorite class to teach?
Probably the one I’ve trained the most, F5’s Local Traffic Manager classes.
Let’s dial way back to when you first got interested in technology and computers. What was your first computer?
John's first computer, the almighty TRS-80
I got my first computer at 12. It was a Radioshack TRS-80. I taught myself basic (hello world!) and was generally an awesome computer nerd growing up. I played a lot of Dungeons and Dragons.
What did you major in and what was your first job?
I majored in computer engineering. However I’m not sure how much I really gained from my that. A lot of the really fun and interesting stuff had yet to be invented. After college, my first real IT job was at a credit union where I got to deal with Y2K and migrating off green-screens.
What do you see on the threat landscape?
Identity theft is really big for me. People have always been the weak point of security and that is quickly ramping up as more and more information about you is published. With that information, social engineers can gain important information and steal identities. With the correct information and if you try enough, someone in any organization will give up their user name, password, or other sensitive information.
Why does the social networking aspect of the web intrigue you?
It seems like everyone is involved in social networking in some way, and many are not following best practices. I enjoy being involved, protecting my information, and seeing how scammers and social engineers are using these networks for their own profit.
Just take MySpace for example. If you sign up, just wait and see how many messages you get from attractive women wanting to be your friend. How many of those messages are real? None. Someone out there is searching for vulnerable people to exploit, and social networking ramps up the possibilities of exploitation.
When you move onto buying and selling items and money through MMORPGs, especially if you are not supposed to, there is even more room for exploitation and room to steal credit card numbers and even accounts.
There are a lot of real threats out there. Predators use social networking. Everyone should be aware of the risks and how much Personally Identifiable Information they are releasing to the world by using social networking.
With all of the YouTube videos in the world, many people may have come to the conclusion that flash animation may be doomed to the uncoordinated people of the world falling off ladders. In the case of computer based training, that flash content is actually more conducive to learning than video. Let’s look at three aspects of development, file size , content flexibility, and the level of interactivity it provides.
File Size
The size of flash is one of the largest reasons that I love it so much. A 10 minute flash clip with full audio is about 5 megs in size and it is much easier to distribute over a network than a movie clip of 20 or 30 megs (depending on the quality) of the same size. Now if we use the .fla encoding method it will bring down such a clip to only 10 megs in size, and for a single clip that may be OK. But as a long term solution that assumes the amount of content being produced will grow at a steady rate, being able to cut your file size in half is a huge advantage.
Content Flexibility
Let say you had to produce a computer based training course on your company’s computer policy. You shoot a video explaining it, maybe have a some background music, and your set.
The problem arises when you need to change your computer policy, for a normal company your only option will be to completely reshoot the video. With flash development you simply open the file, add verbiage,audio changes as necessary, and then export it. Now it’s true that you could do so with the video as well but the amount of expertise and equipment needed to do so it makes flash a much more economic and realistic option.
Interactivity
Interactivity really sets video and flash apart. There is no real comparison in this category. A video by its very nature is static media that you watch. It may be the most stunning and enthralling thing you have ever seen, but ultimately you are a passive observer.
Flash on the other hand can be as interactive with the user as you are willing to make it. Let’s say that you’re demonstrating a command line program. You could actually have the user enter inputs on a fake command line for practice. It can be used for matching, problem solving, image recognition, idea retention, and a myriad of other things. But ultimately what it allows you to do is engage the user in the training itself, in a way that video simply can’t.
Flash is Power
Ultimately both video and flash development is going to continue no matter what I say on SecureBlog. But as far as I am concerned, Computer Based Training is on a meteoric rise and the size, content flexibility, and level of interactivity of flash are only three drops in the bucket as to why.
FishNet Security
Recent Comments