Derrick Coston, CISA, CISSP, GIAC

Rami Sass, CEO, WhiteSource has found that for the past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing as 2018 beat out the previous year with 16,521 CVEs reported, we should prepare ourselves for plenty of patching ahead in 2019.  Despite this, he notes that we need to remember that even as a rise in CVEs can be eternally frustrating and means more remediation work, it is still far more preferable to deal with these vulnerabilities early before they are exploited by attackers.See his article here.

Derrick Coston, CISSP, CISA, GIAC

This is a common result for every organization that has a data breach.  The Equifax Breach  is just one of many that have the similar root cause.  What is interesting is that  many organizations do not use the findings of the Equifax Breach to enhance their own Risk Management and Cyber Security Controls.  SC media reports today data breaches up 400% and the Identify Theft and Research has just published their January 2019 Data Breach List which is more disturbing because many organizations do not even know the extent of how much PII or PHI data was compromised.  We seem to be going backwards and not forwards and it appears that the problem will get worse before it gets better.    At the RSA 2019 conference, Jason Escaravage, from Booz Allen Hamilton, summed up one of the issues nicely… “compliance isn’t enough. You need to be aware of the threats that are likely to… that your organization is likely to encounter or experience and really getting a threat-focused mindset into the organization”. Entire Article Here.  This is just a starting point.  We have a long way to go.

Derrick Coston – CISSP, CISA, GIAC

I had the opportunity to preview and demo the uCertify COMTIA Cybersecurity Analyst Course. For many of you that are considering becoming a CISSP or CISA, I strongly recommend this course as well as take a plethora of good notes. This course is written in a way that makes it easy to transition from being an A+ and/or Network + Engineer into Cybersecurity. The course will also help in gaining a better understanding the roles and responsibilities of a Cyber Security Analyst. This course is easy to follow and has a plethora of examples, practice questions and exercises.

This course will help students pass CompTIA’s Cybersecurity Analyst Certification Exam as well as ensure that the following CompTIA Cybersecurity analyst skills are obtained:

  • Perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization.
  • Configure and use threat-detection tools.
  • Secure and protect applications and systems within an organization.

Being a CISSP instructor, I have identified that if participants who take this course and maintain a strong understanding of the course material, it will make it easier to understand the topics found in ISC2’s CISSP Security and Risk Management Domain and Security Assessment and Testing Domain.