Masterclass with Leading CISOs: Elevating Cybersecurity Talent
Key Takeaways
The SANS Institute's masterclass discusses strategies for nurturing and retaining cybersecurity talent, including risk management, competitive advantage through security training, and prioritizing individual skills and knowledge areas, with expert insights from Arthur Dean and Tyler Young.
Full Transcript
welcome to seat at the table the show where we talk about how to earn you a seat at the table and we don't think it's just your technical skills those will get you on the room but it's your soft skills and your leadership Acumen that will earn you a seat and keep you the seat and I'm happy to be part of this weight in infos SEC series and we brought two Powerhouse cesos to have a conversation that hasn't been had but needs to be had we're going to talk about how to grow your own unicorns that means investing in your talent and helping develop the specific skill sets and focus areas that you need within your organization on the show we have Tyler young and Arthur Dean Arthur Tyler please introduce yourself let's start with you Tyler yeah hey everybody thanks for the intro Jerick so I'm Tyler young Chief information security officer at Big ID I've been here for two years responsible with building a really robust product security program focused on as we're building products that they're secure prior to this um I spent about five years at relativity where I helped scale and build out the security program part of that um spent some time at Zork Insurance leading digital forensic investigations before that was doing some cons dfir Consulting work and prior to that I was working um with the Department of p security doing some forensics awesome Tyler welcome to the show can't wait to have this conversation with you Arthur there please share your background yeah Jerick good to be here thanks for having me um so my name is artha Dean uh Chief Information Security Officer for Amazon Health Services uh so I lead all of the security practices for our uh growing Healthcare business uh I've only been here for for five months um but prior to that I was ciso for Capital 1's card business uh and then before that a host of of various roles around the industry started my career as a security engineer and kind of hited through forensics with the the Department of Defense and intelligence Community uh moved into risk management and and some of the less technical kind of governance and Leadership kind of roles uh with with with fed ramp and and some other areas did Consulting with big four um you know did Big Tech before coming back then was on o at AWS spent some time a couple years at Google as well um I love to teach so we talk about building building our careers and such um and growing unicorns I'm an agic professor American University um and I also happen to just write books uh when I find time so good good to be here I like how you said write books when I find time so so first of all a lot of us have some similar backgrounds I'll just put it out there this is a group of millennial cesos that are having a conversation number one and one of the things that's similar in our background and maybe some other Generations are we've been to a lot of different places and we're going to actually talk about that at some point point in this conversation about retention and how Talent Development may or may not impact retention but let's hop right into some of the other questions that we we want to talk about so so first we're talking about talent talent requires an investment how do you communicate the value of investing in a cyber team and the specific development of your team to your non-technical stakeholders let's start with you Arthur yeah um so I find like most will speak some form of risk management you know like I I mentioned my background has cyber risk management in it but um even when I'm talking to non-technical audience uh audiences about anything like I just find their flavor of risk management and speak that language so um if you're you're talking about your Enterprise risk management team who may not always be technical but they're always finding and identifying what could go wrong loss prevention things like that um maybe they're thinking about BCP uh and disaster recovery from a business perspective either way it's like really easy for me to just sit back think about okay well um if if there's if there's something you're worried about that could go wrong there's probably a connection to to to cyber security so if it's BCP it's easy for me to say well you know one of our third parties has a ransomware event that takes them offline we need to have teams who can ask the right questions do the right analysis to find those risk before they come to to fruition that that's all training um another angle that I find pretty helpful and I I've worked a lot in my career in regulators spaces Financial Services now Healthcare government um so Regulatory and compliance often a big uh risk driver um i' like I said I've made it a career doing security regul entities if I'm talking to Legal compliance or or really anyone in the business like Hippa PCI gdpr you name it they're all very compelling drivers to to having a really well-trained security team um and then when when when all of that fails Everyone likes to talk about money right like that's a driver um and i' I've seen some light bulbs go off when I when I pull out data describing the financial impact of breaches and demonstrate the return of impact on security of security training um so it's it's often a challenge for us as cesos to demonstrate the value that our teams bring because we're trying to prove a negative like if we don't get breached if we don't get attacked like that's the value we're doing good things um but it's easy unfortunately because our industry just has so many negative stories to tell to pull those stories and say well hey like this training May cost you 100 100K but it probably Pals in comparison to the amount of uh Financial impact of of a breach happening so those are some of the things I think about so you you make it very clear here are all the bad things that can happen here's how it impacts the business this training will help us take the right steps to mitigate that it's not all tools and Technologies and processes there's this other thing called people you know they actually have to run the tools they actually have to execute the processes and we need to equip them it's pretty much what I think I heard exactly Tyler what what are your thoughts so I think everything that Arthur highlighted is obviously extremely important talking in business terms understanding the ROI and specifically you know being at a SAS security company another thing that we focus on with training and development is the competitive advantage that we could gain from it so sending security Engineers to a new course to learn a new programming language that we could then turn into a product or we can build a new feature for detection that we can highlight to our customers so like we take the the business terms the understanding of the ROI but then also taking it as a competitive advantage and like are we training and bringing the best security engineers and then when we bring them in do we do they have the tools and and the skills to continue to build new products to continue to build new features new functions that can go directly back to our you know we go back to our um the bottom line and help sales and so I think it's flipping the security from like that cost center to your competitive advantage that can then turn into a revenue driver for the business as well and I think that's kind of across the board regardless of the industry we're in I just see it from a Building Product perspective yeah that makes a lot of sense and it sounds like the the strategy is is a combination of kind of what Arthur said of hey here are the risks we need to address the risk we need to acknowledge the risks but here are some of the actual benefits it's not all doom and gloom we're not just protecting our investment in our Enterprise we're also enabling our Enterprise we're also differentiating ourselves from our peers in many cases we do this right and do this the right way whether it be sales enablement accelerating uh the sales life cycle or just having a better product alog together at the end of the day better people produce better products so so with that in mind how do you prioritize the individual types of skills and knowledge areas that you want to develop within your teams because there's a broad broad set of skills that we need in cyber so how do you how do you hone that and focus on the right areas start with you Tyler yeah so so I think it comes with really un a couple things understanding your program and where the gaps are because I think first and foremost you're running a business and at the end of the day that's what you know Keeps the Lights On that's what keeps people employed that's what gives people the opportunity to grow in their career I think so you balance the business with people's aspirations career goals and kind of meet in the middle where maybe you can do internal training or like more um you know lunch and learn kind of stuff internally to give that to you know stretch the itch if you will somebody you know maybe somebody in the GRC team wants to learn more about Cloud security and indirectly it does help them as they go through audits as they write policies as they're building out these really robust Frameworks to meet customer demands but on the surface like you're sending somebody to a $100,000 training for cloud security and they're in a specific function maybe that doesn't make the most sense but there's ways you can get training more like an in-house basis or more readily available on the internet things like LinkedIn learning some of the other code academy type things so I think like offering that but then also there's that business aspect where to get certain certifications you have to have employees at certain levels of skills whether that's an understanding kubernetes or Cloud security or specific specific like experiences and so I think it's kind of giving certain employees that are in certain roles that can drive business you know objectives whether it's a certification like I mentioned and then also coupling that with employees career aspirations and you have somebody who wants to learn a specific skill and balancing that secondly but still making sure that they feel heard and it's important and you're in providing as much support along the way so they can achieve those goals as well Arthur can you what do you add to that I mean Tyler Tyler covered a lot um so as far as prioritizing skills um for for my team I actually I like to start with with like evaluating the threat landscape itself like it's Chang in often so like start with some level of threat intelligence most companies use some sort of threat intelligence platform or service that's a great way to just track the the the trends in in in cyber threats um I also like to use industry groups like The ISX um so the like they help identify what the most relevant skills are and again the most like prevalent um threats in in in any given industry um so that's one thing like getting a good understanding of where the industry is going where the threats are um but I also we touched in and Tyler mentioned this earlier aligning with the goals and the Strategic objectives of the business um that I'm charged with securing that's another thing so like I always encourage my leaders to focus on the tech Ro maps of each of the businesses that they support um and this like that just really helps ensure that my teams are prioritizing skill development that's align with and supporting the actual business needs um and then the third thing that I I often think about is it's not just the tech and dererk you mentioned in your gr like we spend a lot of time talking about CP this and ocp that and like all the Technical Training and certification they get the love and like obviously I'm biased because I've written books for those but um I always remember and I remind my teams that there's value in the soft skills like communication leadership I need people who can can think critically who can make strategic decisions who can communicate risks and strategies to all type of audiences not just the engineers that they work with every day but the business that they support um so trainings that help people grow their soft skills uh I find those stand the test of time even as the threat landscape continues to evolve and one one thing that that I've I've I've seen in the past like I've had teams at past companies start Toast Masters Club um clubs to to improve presentation skills and and that wasn't even my idea it was just something I support like crazy because I love seeing Engineers that are interested in developing and holding their soft skills um the last thing I'll add um it's not only about like what skills you're you're targeting like like that's a big part of it if you're if you're all in on on AWS then like sure we're going to do AWS security training that's important um but like focusing on creating a culture of learning I think is the most important thing so whether it's the cloud security or AI security or whatever comes next like whatever the next hot thing is having that culture of curiosity and is learning that's what helps ensure that that our teams are always learning always keeping up with that thread landscape that's changing so you guys are talking about a few different ways to identify where you need to focus and start to invest do you guys develop a skills Matrix or anything along those lines because there's a few different ways you can develop somebody right you can go on the outside and get them training you can assign them someone internally that has that skill set and let that person uh help develop them or you can have them do some type of you know self trining through one of the training modules if you if you're a member of sans or remember of LinkedIn learning and gather gather that that information I'm curious if you look at all of the different ways or if your primary developmental area is external training like a sand stream yeah let you let you jump in yeah I I think I think we've tried to focus on the internal trainings and and the readily available content before you push an external training course while those training courses are great A lot of times when something comes with the c certification it doesn't necessarily mean that somebody is getting the best skills that that they can hone in to both help their career growth and build technical skills on the soft skills and so like I I try to like if there's an opportunity to so philosophically my my my my belief here is that um tour of Duties and internal type um mentorship opportunities is the best way to grow somebody's career I just know that I got to where I am today because I not because of training but because of opportunities that allowed me to fail and succeed in some cases and I think that you learn more in those opportunities than you'll ever get from a training course so that's that's like one I think the other thing there's um there's a book which is somewhere over here called The Alliance which focuses on specifically on tour of duties and setting contracts for employees so setting a period of time because we all know that in Tech generally people say a role for two to four years Max with people hopping around the best way you can keep people engaged in the business is giving them opportunity to focus on different areas and so setting up these like Tour of Duty these contracts where it says for a certain period of time you'll focus on this this skill the build this thing and after that time we'll meet we'll review and we'll see if this is a mutual fit going forward to continue to grow your skills or if you want to focus on another area and I'm a big believer in that and really giving the employee the ability to kind of own their career and have those open and honest conversations so I like that in I've worked in really large organizations and really small organizations in the large organizations being able to internally grow your own with your own it makes a lot of sense in small organizations you may not have the talent to develop the talent all also smaller organizations have to still demonstrate to external organizations that they're doing security well and one of the things that helps is being able to put acronyms on your resume right we have a GCI we have a cissp and then so forth so I typically try to combine both I try to say okay before you can move up to the next level you need to be able to demonstrate in practice but you have to be able to demonstrate on paper as well and that way we have that that combined and technically you're making this person more marketable in the future anyways which most people don't have a problem with yeah I'll add to that so definitely both um and jerck you mentioned skills Matrix um Maes those are really helpful um just to start by understanding like within the team that I have who knows what and who can help like Leverage that that knowledge to Train everybody else so I'm a big believer in in creating microlearning opportunities Brown Bags lunch and learns um having guest speakers at my town halls things like that that just expose people to to different um ideas while they're working that doesn't take a a full week to go somewhere and learn learn a thing you can learn something an hour and it just has an additive effect um but then also creating learning opportunities within the real work I love exposing people to challenges that that are just outside their their their experience so um like professional development isn't only about sitting in a class or taking a boot can as much as I do love a good sand boot camp um it it's also like putting people in in healthy positions to learn something new on the job absolutely and I'd be remiss if I didn't point out that ccsp for dummies book behind Arthur that little book that he says he writes he's the AR he's the author of that book um he he's a very he's a very mest guy but uh yeah um I also did not even introduce myself at the beginning of this I'm gon say so as well I've been doing this for a little while now and and one of the things in in my role that I struggle with in the conversations I'm having often is we are seeing people in security walk out the door I mean often and one of the questions that I've gotten and I'm I'm assuming you guys have gotten it too is well why do we want to spend because you said $100,000 title I don't know what course is $100,000 but I don't want to spend oh MBA okay got you I don't even want to spend $110,000 on somebody if I think they're going to leave right after they get it and and so that's the question is well do we want to make this investment in somebody that's getting ready to potentially leave after they are now more marketable as we kind of you know called out how do you answer that question or how do you respond to that when someone says that so I I I don't know that this is the best uh the best data point to use but there's that cartoon that says like uh like if we what what if we don't train them and they leave and the other one is like well what if we don't train them and they stay and so like it's kind of like the Dilemma of like do you give people the opportunity to grow their skills allow them to stay in the organization and grow or leave potentially I mean it's obviously what's going to happen in cyber and in Tech in general or do you train them or don't give them the opportunity for training and they they have skill rot and potentially they don't continue to develop themselves personally and professionally and so it's kind of I think the the ladder can impact culture as well which in in my opinion is also extremely important when you're building a security team in a program it's it's having a good security culture where both at the organization but both internally on the security team as well I think uh the latter could lead to some toxic culture as well Tyler completely agree um I mean this this is just an industry Hazard at this point in cyber security um the lifespan of of cyber professionals at any given company is pretty low like we we just have to accept that risk I talk about risk management like that's a risk um but like Tyler hit a few really important points in the head I won't repeat all that but but honestly um better trained professionals helps the industry is one way to think about it as well so hopefully they stay and there's there's a lot of evidence that people leave when they're not getting development opportunities um but even if they do leave after you give them training cyber security is bigger than just the company that I'm working at it's an industry challenge um that's Global in nature so having better trained professionals hopefully stay at the company that that that you're you're leading um but even if they do migrate out uh it it benefits all of us to have an industry that's stronger uh with with professionals who who know what doing great point you keep hearing about this Talent Gap I think more and more of us are coming around to the fact that it's not a talent Gap it's a skills gap which is why entry level people have a hard time getting in because they don't necessarily have the skills just yet and it sounds like you're like hey you know what at least within my team I'm GNA do my contribution to closing that skills Gap I was I was talking to my CFO the other day and and she's a big sports fan and so I was trying to explain to her why we need to do some of this and I use the analogy of free agency it's like you know managing top cyber Talent is like managing a pro athlete that's going into free agency next year like you got to make sticking around worthwhile you have to you know make sure that they're being paid what another team would be willing to pay them you have to make sure that the people that they're working with and the team that they're going to be working around is solid because they don't want to have to carry a team but they also want to be around top talent that help them develop and grow and you kind of have to con stantly re-recruit your talent and training and development is one of the ways that you can do that eventually I always tell the tell my team you know if you're really good I'm gonna get you to a point where you're too expensive to keep and that is the best case scenario but that'll keep them around for a lot longer if you if you kind of take that approach and so she she asked me well do we have any free agents all right I'm like well I think you mean flight risks but I'm going to view the free agents as the quarterback that we want to keep next year and yeah we do have a few and we need to make some investments in them and we were able to do that and so that's the analogy I like to use but I'm curious if there's you know any other way that you guys Hammer that point home um to whomever you're talking to when you're trying to maybe get an extra pay bump for somebody or or whatever it may be man I've never used that the sports analogy but I like it I probably will start using it um but but honestly I think it it it often comes back to the first question I think it was that we we talked about it really is um both like yeah like proving out the the the negative case a little bit and saying like hey this is really important because um but then like pulling this threat of it's a competitive industry and when we have top talent we have to invest in them um that's really where the value is like you know I think one of the things that I I try to really focus on balancing is investing in and and the people who are like just squarely those those those top talent you mentioned the star QB that that you you need to retain but then there's a whole team a whole roster that that makes the the team run um and everyone needs a different level of investment so like investing in the top T is is is equally as important as finding the people who have all the the capacity and potential in the world um but are not meeting their full potential because they haven't gotten training and so that's another side of the story as well it's it's it's thinking about like we got to keep our best talent with the people that are already performing at a high level um but we're in an industry that has that skills Gap that we just can't afford to to squander people that are already committed to working here we we need to to invest in them and give them the opportunity to grow their skills and grow their their um ability to have an impact and so it it really is both sides of the spectrum that's that's a great point I mean keeping with the sports analogy you know you can't keep the quarterback if he has wide receivers with those two or if he thinks that the defense isn't solid he wants to win at the end of the day and it's not just investing in that person you have to invest in the supporting past as well um so I I I like that approach uh last question other than you guys because that's an easy answer can you kind of share a success story from actually investing in Talent I'll start with you Tyler so I have a I have a couple so there's um one person in particular that has has been with me at three different companies now SED is an intern with me at cich um and and again a lot of this um a lot of his career growth was not due to training in like the formal sense but it was it was really two key things opportunity and the the giving somebody the flexibility to fail I I can't stress this enough putting somebody in a sinker swim situation where it's learn this skill learn this technology um with with guard rails obviously like you want to throw somebody in the Cyber Arena if you will and they're doing this at response work and have zero idea what they're doing but putting that person in the room I think Arthur you mentioned this with really top talent around them so they can continue to learn and be a sponge um is is the one of the most important things we can do so giving opportunity plus surrounding them with really good talented people that they can kind of pick their brains learn the skills and learn the right way to do things um for this one person specifically was was great so started as an intern at Zurich um brought him in at relativity as an intern when he graduated school um and then eventually became a full-time analyst uh on like the Cyber team doing instant response and threat detection work uh was sink or swim there was two really good people at relativity that were on my team that focused on threat detection and building out alerts and very like Advanced software development type skills and for the first like three months it was your end goal is to do this thing and this is the two guys you're going to work with and this is what they know really well and it was kind of like thrown to the sink or swim really like thrown in the ocean nothing but learning how to swim and it came out on the end of it one of the strongest security Engineers that I've seen and a lot of it was that intuition to teach yourself and a lot of it was extra extra work he had to put in and free resources but it but he got there and and now he actually um is a director with me at big idea on on our Cloud security team leading Cloud security so opportunity surrounding with really great talented people that pushed the envelope and that forced kind of forced him to to become really skilled and and really hone in on um some some of those technical skills that maybe they weren't taught in school I I love that story um I'm going to resist the temptation to look up a director and big ID to find out who this individual is but one thing really stood out to me is you created a psychologically safe environment where he was able to fail and grow from that failure um I'm going to speak to leaders here any leader that's watching this if your team doesn't have occasional failures they don't feel empowered to try something new to try to grow to operate outside the box because if you do that you're going to fail it's just it is what it is ideally you don't fail the same way twice but failure is part of the process if it's not your team isn't trying hard enough back to my regular schedule program Arthur what are what are your what are your thoughts on this one I mean uh I I'm going to anonymize mind so you don't do some linking but so actually there's there's like a a category of of um success stories that I'm really proud of um so I do a lot of mentoring and coaching um and many of the the people that I Mentor or coach are from Tech backgrounds they're either already in cyber or some form of engineering and they're looking to break into cyber um or they're just in Tech period and last day and whatever feeli they're in but there's a whole host of people that I've I've mentored coached um and otherwise kind of supported over the years that are not in Tech like they're they're starting out in business but they're like I want to get into cyber I see there's a skills Gap there's a there there's opportunity there I want to break into that and there are there are I'm thinking of at least two people right now that have gone from working as consultants not in cyber not in Tech um but over the course of a couple years have grown their careers you know whether it's like getting the right certifications or fin the way to break into project management and and then leg into cyber security and other tech tech specific things um but anytime I can see somebody that that thinks there's this like invisible barrier between them and the industry and I can help them see like it's really quite approachable like there there are opportunities and ways you can bridge the gap those are the ones that I'm just the most proud of um and and so I I've I've been really fortunate to to be a part of some some great success stories um one one specific one that maybe he can't Snoop too much on um there's there was uh one of my students actually from it was in a a graduate course that I was teaching at at American um he was an MBA student taking a a a graduate level cyber security governance and risk course so kind of approachable but still like enough Tech to to Peak the interest um and like he was one of the students that actually just showed the most interest um and over the course of about a year like he he ended up learning some more and learning more and and now he's actually had a past a prior employer of mine doing quite well um but but just seeing things like that and and he's in cyber um seeing things like that and and showing people that it's not only like you got to get a computer science degree and then do your Master's information degree and get like the CP and the GC and the gpen like there are multiple ways to get into this industry and be very successful and and those are the ones that I think are just way more interesting or exciting for me because it shows those options I love it I love it and that is a perfect way to to end this episode Tyler Arthur thank you all both for for sharing your your insights your experiences and hopefully helping equip other Leaders with conversations and tools and tips and approaches to equipping the next generation of cyber Warriors especially the ones within their own teams thanks guys thanks J thanks sh
Original Description
In the second episode of a three-part series, CISO and SANS SME Jerich Beason talks with two of cybersecurity’s most influential leaders - Arthur Dean (Amazon Health CISO) and Tyler Young (BigID CISO) - exploring the untapped strategies of nurturing and retaining cybersecurity talent within today's fast-evolving industry.
As a CISO, you’re not just managing technology; you’re leading people. Discover how to transform your cybersecurity team into a powerhouse by fostering a culture of continuous learning and innovation. Learn firsthand from seasoned CISOs who have successfully built robust security programs and cultivated the next generation of cyber leaders.
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from SANS Institute · SANS Institute · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
SANS NetWars
SANS Institute
SANS DFIR NetWars
SANS Institute
Hack The Drone - SANS Cyber Academy UK
SANS Institute
SANS VetSuccess Immersion Academy
SANS Institute
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
The 2015 SANS Holiday Hack Challenge
SANS Institute
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
SANS VetSuccess Academy Overview
SANS Institute
SANS ICS Security Summit & Training 2017
SANS Institute
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
WannaCry recap, patches, and analysis
SANS Institute
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
SANS Data Breach Summit & Training 2017
SANS Institute
SANS Secure DevOps Summit & Training 2017
SANS Institute
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
SANS Institute
SANS Institute
ICS515: ICS Active Defense and Incident Response
SANS Institute
SANS Institute
SANS Institute
Introducing the NEW SANS Pen Test Poster
SANS Institute
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
SANS ICS Security Training, Munich, Germany
SANS Institute
SANS Automotive Summit Webcast
SANS Institute
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
SANS Security Operations Summit & Training 2018
SANS Institute
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
A Sneak Peak at the New ICS410
SANS Institute
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
Introduction to Linux
SANS Institute
Introduction to Malware Analysis
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
SANS Webcast - Zero Trust Architecture
SANS Institute
SANS STX Cyber Range
SANS Institute
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute
More on: AI Security
View skill →Related Reads
📰
📰
📰
📰
File Path Traversal Vulnerability
Medium · Cybersecurity
Beyond Prompt Injection: The AI Attacks That Actually Matter
Medium · Cybersecurity
Breaking Born2Root: From Enumeration to Root Access
Medium · Cybersecurity
Treasury Sanctions Two Individuals and VPN Firm Enabling Ransomware Attacks on Americans
Dev.to · Codego Group
🎓
Tutor Explanation
DeepCamp AI