Parabellum - Cyberbit Podcast

The 2018 SAN SOC Survey recap webinar, conducted in October of 2018, was hosted by Edy Almer, VP Product at Cyberbit. The webinar covered the key survey findings and certain challenges that could be overcome through the use of an automated SOC.

Almer first walked through the key survey findings. The lack of skilled staff was identified as the number one shortcoming.

“Over 60% of people surveyed think that less than half of the applicants are qualified for the position for which they are applying,” Almer said.

Almer reviewed the top metrics tracked by SOCs and discussed ways to train cybersecurity experts. One of the challenges is most cybersecurity experts have never experienced a real attack.

“Having an effective simulation of a cyberattack,” Almer said, “is something that would allow those cybersecurity experts to train the same way fighter pilots train.”

After a review of the possibilities of automating incident response IR, Almer discussed the third takeaway from the survey—Fusing IT and OT in the SOC. Almer wrapped up the webinar with a Q&A session.

On this episode of Parabellum, John D’Annunzio, Vice President of North America for Cyberbit, and Teddy Guzek, Director of Cybersecurity for Eleven Fifty Academy, joined host Jason Claybrook, head of Marketing North America at Cyberbit, for a lively discussion on bridging the gap of cybersecurity knowledge in the business world.

Guzek provided an overview of his background in cybersecurity, and how Eleven Fifty recruited him to head up their cybersecurity program. Eleven Fifty is a non-profit, Indiana-based, learning academy featuring advanced coding boot camps for anyone who has a desire to learn to code or upskill their talent. Guzek uses his role at the Academy to connect employers with academy graduates and keeping up with the latest trends in cybersecurity.

Next, Guzek discussed penetration testing, which he referred to as ‘ethical hacking.’ Companies pay Guzek to break into their systems, analyze the weak areas, and provide solutions. Guzek’s worked with both large and small companies.

Claybrook introduced the hands-on role today’s CISO needs to play. Guzek said the range, ages, and backgrounds of today’s CISO’s vary by a wide degree. The conversation segued into the cybersecurity talent gap, and this is the area Eleven Fifty is concentrating on. Guzek stated a college education is not necessary to obtain a job in cybersecurity, but a rigorous training program that provides hands-on experience is. Eleven Fifty’s training, which they call a ‘boot camp’ uses the Cyberbit Range to train their cybersecurity students.

The conversation concluded with a reminder that cybersecurity is a field in need of skilled workers, and it can be a great opportunity for veterans seeking employment opportunities after their military service has ended. Eleven Fifty encourages veterans to consider a career in cybersecurity, and often their GI Bill benefits will cover the cost of the education and more.

Samir Karnik, Regional Director for India West, Cyberbit, conducted a webinar on the Next-Gen SOC, led by co-presenter’s Shiv Kumar Pandey, CISO, Bombay Stock Exchange (BSE), and Oren Aspir, CTO, Cyberbit.

Pandey began his presentation with an overview of the BSE, its key SOC challenges, and its SOC technology landscape. Pandey then reviewed the key elements containing in the Next-Gen SOC.

Aspir covered common SOC challenges in financial institutions. Most security experts have no real on-the-job experience with cyberattacks, less than 30% of organizations perform IR exercises as a routine, and less than 30% of analysts believe that they can fully utilize their security technologies. A lack of orchestration and automation is another challenge Aspir identified.

Can too many tools be a problem? Aspir mentioned that many cyber analysts are experiencing vendor fatigue with too many cybersecurity tools at their disposal, but with a large percentage of these tools going unused. Another issue: financial security managers are sifting through thousands of security alerts daily.

Aspir next walked through solutions to these problems, from how to approach training for SOC teams, to employing the Cyberbit Range Platform. Aspir then discussed why SOAR is becoming a key priority for the next-gen SOC.

Aspir capped his portion of the webinar with how next-gen SOCs should approach endpoint detection and reviewing the benefits of Cyberbit EDR for financial institutions.

Susan Green, Regional Director and Higher Education Specialist, Cyberbit and Frank Martinez, Security Analyst & Cyber Range Trainer, Miami Dade College, joined Sharon Rosenman, VP Marketing, Cyberbit, to discuss the evolving needs of cybersecurity, the deficit of qualified professionals in this particular job market, and building the academic cyber degree of the future.

According to Cybersecurity Ventures, Cybersecurity is a growing job field with an estimated 3.5 million global unfilled security jobs by 2021.

After Green’s presentation, Martinez provided an overview of the evolution of Miami Dade College, and why they opened the most advanced Cybersecurity Range in Florida: The Cybersecurity Center of the Americas. The program’s goals are to produce graduates with the skillset to perform more effectively and become cybersecurity leaders and produce graduates with immediate value to employers. Martinez broke down the 4-year degree program curriculum with Cyber Range as the centerpiece.

Shree Parthasarathy, CIO & National Leader of Cyber Risk Services for Deloitte India, and Sharon Rosenman, VP Marketing for Cyberbit presented a webinar on the future of Cybersecurity training on March 11, 2019.

Parthasarathy set the tone for the webinar with the statistic: there will be 3.5 million global unfulfilled cybersecurity jobs by 2021. In India, the demand for cybersecurity professionals tripled in the past 12 months, with 15,000-30,000 open cybersecurity jobs.

One of the key issues in hiring is applicants lack hands-on experience. Parthasarathy then discussed the current context of cyber training & awareness in Enterprises. Parthasarathy said, “Skilling, not trainings, is essential to overcome the skills gap.”

Parthasarathy detailed the Deloitte Cyber Academy’s simulation-based skilling approach, and Rosenman discussed the Cyber Range Platform. These discussions included cyber range examples. “And what we believe is important,” said Parthasarathy, “whether we operate in government, military, academia, industry, is to really focus on the skilling. It’s going to be extremely important for all of these particular stakeholders to continue to basically move up in their skilling maturity as we take this forward.”

Also covered in the webinar was the benefits of Cyber Range Training & Education. Before Parthasarathy and Rosenman opened the discussion up for a Q&A session to end the webinar.

In this webinar from February 2019, Sharon Rosenman, Cyberbit’s VP of Marketing was joined by Alon Nachmany, Cyberbit ICS Security Expert, and Cecil Pineda, former CISO of DFW Airport and CISO/Managing Director of Cyber Watch Systems. This webinar took participants through an overview of OT visibility and challenges, presented a CISO Case Study on managing a converged IT/OT network, provided approaches to securing IT/OT environments, presented a case study on smart building security project, and wrapped up with a Q&A session.

Nachmany discussed visibility and the OT security challenge. He mentioned several examples of major attacks on ICS / OT systems from 2013-2018.

Pineda discussed his prior experience working in cyber security at DFW airport and laid out the numerous systems at risk.

“Think of the airport cyber security, not just the cybersecurity side, the IT and the OT side; it’s almost like an orchestra, everything has to be in synch with each other,” Pineda said. Pineda continued his presentation by presenting the technical challenges of multiple IT, OT and IoT Systems in a typical airport, and how he and his team addressed those challenges.

Next, Rosenman and Nachmany covered Securing the Converged IT/OT Environment. Nachmany walked through several key steps, which included: Enhancing IT Security, revisiting network architecture, obtaining full OT visibility, creating a baseline for OT anomaly, and consolidating OT and IT incident management with SOA.

In April of 2019, Edy Almer, VP Product at Cyberbit, conducted a webinar for aligning cybersecurity training and education with the NICE framework. Susan Green, Regional Director and Higher Education Specialist for Cyberbit, joined the webinar to discuss the objectives of the NICE framework, and the key NICE framework concepts.

Green provided an overview of the NICE (National Initiative for Cybersecurity Education) framework and discussed how to leverage the NICE framework in a training program, then moved into bridging practical skills gaps by offering hands-on training using a cyber range.

“This is a highly immersive, real-world, scalable platform that’s unlike anything else that’s out there,” said Green.

Almer discussed the 4 building blocks of hyper-realistic simulation for training. Almer presented the Cyberbit Range Platform and laid out examples of the type of threats a skilled cyber analyst needs to prepare for.

The webinar concluded with Almer and Green taking questions from the webinar participants.

Tony Rowan, Cyberbit Cybersecurity Architect, provided a deep-dive into the Grizzly Steppe campaign which targeted critical infrastructure networks in North America. Rowan introduced the discussion with an overview of Cyberbit, before he launched into some examples of several attacks on OT (Operational Technology) networks over the last few years.

Rowan provided a kill chain analysis of the attack, saying: “It is pretty much to be expected now to be an arm of any future warfare to include attacks on infrastructure through cyber techniques.”

Why are OT networks at risk? Rowan walked through several potential reasons. One of the main ones being the convergence of IT and OT networks which increases connectivity to the outside world. Other factors increasing OT risk are lack of OT monitoring and inherent design flaws.

Rowan offered steps to prevent similar attacks, focusing on segmented network architecture, obtaining more visibility into assets and network communications, creating a robust OT security policy, and establishing a means to detect both known and unknown threats.