3.  Security In Practice

I have successfully led a team, prepared and completed coursework and presented to ~40 people on the following topics:

Endpoint Protection

Looking at the principles of EPP, risk assessment and promoting compliance. Specific to external devices such as , laptops, smartphones, IoT etc.  Also Network Access Control, DLP, Encryption

Cloud Infrastructure

Deployment models (public, private, hybrid, community), service models (SaaS, PaaS, IaaS) and recommendations as to which were most suitable for various case studies.

Applied Cryptography

Cryptography functions and the implementation of it as  a threat countermeasure (e.g. for network data in transit). How system design mistakes can undermine cryptographic security (e.g. incorrect encryption methods, weak algorithms and cyphers). Symmetric and asymmetric encryption and their typical uses. Also public key encryption, digital signatures. hashing etc.

Forensics

What tools are required. The procedure and order of volatility in evidence collection. Avoiding destruction of evidence. Privacy+legal. Steps involved in collection. Transparency of methodology. Archiving, chain of custody.

Malware

Analysis of malicious file/URL and its purpose.  Covering viruses, ransomware, rootkits, trojans, worms, spyware. Static and dynamic analysis, memory forensics, monitoring. Precautionary measures, file determination, fingerprinting. AV, string extraction, obfuscation, Vocabulary and tools.

Internet of Things

Vulnerabilities in IoT devices and prevention of them. Covering secure web interface, secure network services, protection of data in transit, protection of privacy, secure cloud and mobile, flexible security, secure firmware and physical security.

Identity and Access Management

Broken access control (OWASP) and its consequences. Access control authentication and authorization. Federation, governance, lifecycle, SSO and MFA, PAM, customer IAM. Documentation of access control policy, reviewing access, auditing of policy.