As the leading organization in computer security training, the SANS Institute is known for providing intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and networks.
We also develop, maintain, and make available at no cost the largest collection of information security research documents and whitepapers about various aspects of information security and operate the Internet's early warning system - the Internet Storm Center.
At the heart of SANS are the many information security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community.
Пікірлер
10:36 - Classic Stephen Sims.
Sans
This is very good material and well presented thanks
Thanks
I am diving deep into Human Risk Management
Great conversation
This is the best show ever. SANS Institute is awesome! 💚
Great dialogue with your guest, here, @JerichBeason
Love it. He indeed gave really good real-world examples.
This guy is talking to us like a kindergarten teacher lol
What most experts fail to discuss in detail is the fact that the bad guys also have AI and can use it for even more effective attacks.
first
same here, cybersecurity certificateion salary dropdown like anything now. window admin getting better then this.
I am GRC Consultant with a cyber background. I made sure I studied AI in conjunction with my expertise.
Great Vid
"Cyber Rosetta Stone": a useful idea, supported by a great analysis work. The standards comparison and categorisation is awesome, and throws light into how complex our industry is becoming.
Excellent
Undertale reference
Great Job Rich!
Thanks a lot for this talk Chris, it's very valuable to learn about an actual day-to-day workflow of a CTI analyst/engineer
Megalovania moment
enjoyed this webinar any links to resources or the slide deck?
Excellent as always. Thank you!
32:06 This was published in 1984. That’s 30 years ago. And yet we are where we are. What happened? Sheer stupidity doesn’t provide a credible explanation given that there are enough people who are intelligent enough to understand. The only other possible explanation points to ill intent. The same with this cloud stupid madness. Even if I could create something-anything, I won’t. Ever. One has to be utterly irresponsible to put anything in the hands of criminals even if they are disguised as defenders. Do you understand?
This is one course I plan to take!
I would argue that recovery has no place within blue teams . The cyber incident management being referred to here involving recovery is training for ISOs and business continuity. At a certain scale nist 80061 is absolutely essential to sec im and keeps an official record solid for regulatory proof . While I see where you are coming from this becomes mom and pop vs large enterprise reality .
Amazing video!! Love the content!
Threat Vectors
45:20 Listen. You seem to be a decent man and a very good teacher, however… If their stupid incompetence affects me, I can’t be chilled about it, can I? If I were just an external consultant, it would be probably easier. But if my job in that company is at risk and/or if my data is at risk because an idiot up there can’t be bothered…Huston, we have a big problem. And, by the way, this typical Western type of mentality is one of the main causes for the demise of the West.
The best one purple teaming explanation on youtube But not the best explanation
This is so appalling that I had to come back to it. I have a question. Do the candidates know that they are subjected to a psychometric test? Presumably not. How does it fit then with Data Protection/ GDPR and other ethical considerations? (Not that anyone is bothered by law or ethics. I am an idiot, I know). It’s hacking into their minds. Listen. I don’t know who the hell you are and why you are doing this, but if you put my account on a KZread clone, have the minimal decency to, actually, do a fucking proper job and throw a reply to my comments now and then (hopefully with something intelligent and useful). Morons.
35:35 Thanks for the tip. If I will ever take this test that is obscenely expensive (who can afford it in their first five years of IT work?) and run by robots (because these days humans are unable to think and exercise sound judgement), I will read some Marcus Aurelius in the morning to get in the appropriate mood. I had a look at some questions on a IT website and the first one was ‘Which factor is the most important item when it comes to ensuring security is successful in an organization?’ to which, at least according to this seemingly reputable website, the correct answer is ‘Senior management support’ instead of the common sense one which is ‘Security awareness by all employees’. Not even the highly dubious excuse that this is a ‘research question’ would be good enough for me. Why? Because any test should primarily be about teaching the candidates and improving their practice. Even if they fail, they will know more. But no. This overhyped test not only that confuses them with the so- called ‘research questions’, it, also, deprives them of the opportunity of pondering on relevant issues (because it stops when the bot decides so) and doesn’t provide them with at least an indication as to why their answers were wrong. It doesn’t help their professional development and can have a devastating impact on their self- esteem. All the administrators want is for the bot to tell them who is worthy of having this certification. Its very purpose is selfish and counterproductive. It is rubbish. How did it get to have this aura of excellence is beyond me 😃
30:10 I think you may be a little bit economical with the truth here. Are you sure that the questions with the obviously wrong possible answers do not test something else (such as resilience when faced with frustration/cognitive dissonance and suchlike)?
Great overview. I regularly have the 'IM or IR' question raised to me, and this sums up the answer perfectly. Having also attended LDR553, I can say it's an awesome course.
Can you publish the slides used here?
Really wanted to work on my GCIH cert. Unfortunately, the price isnt something I can afford as a student.
yeah! are you irani?
@@user-vy9oi1vx9i I am Indian. But currently living in the US.
I did SEC-401 in 2022 and it really helped me to get much more than just a security overview!
There's 2 types of people. Grateful people with a positive mindset, who are willing to learn and who will pass the CISSP. Then there are people who complain about microphones which are of adequate quality for the purpose, whilst people were working from home during a global pandemic.
*megalovania*
Expensive but worth it. Whilst saving moneys I am walking through the syllabus and preparing myself with the topics provided. Quite nice course.
😈 🧙
Thankyou SANS and Eric.
Loved today's live stream!!! Great job Delisha, Tia, Zinet and Jasmine :)
I am 95% sure I know how Lockbit was caught. Ryan, I would like to discuss privately, my opinion with you. Let me know good means to contact! Would love to have a chat
Always enjoy hearing Ryan speak on ransomware!
jen is so cute
Thanks it was very interesting webinar.
Chattanooga, TN
Thank you