with Senior Security Engineer
at Netflix
18 AUG 2021 - 29 SEP 2021
Duration:
6 WEEKS
MONDAYS & WEDNESDAYS
5 PM PST / 8 PM EST
Unless your business does everything on paper, you have data — and that data has value. How much risk are you willing to take with it?
Learn how to proactively defend your customers and investments from bad actors with the same security strategies used by Netflix and other top organizations.
Step Up Your Leadership
Business owners, team leads, and HR professionals play a direct role in keeping data safe. This course will empower you to lead with competence as your organization sets up protection and response plans, hires cybersecurity talent, and builds a security-focused culture.
Learn in Real Time
You'll learn in live, engaging classes alongside a cohort of business professionals with similar goals. This course gives you access to deeper learning through discussion, demos, and office hours with a leader in information security.
Be an informed decision maker in your organization's security policies. You'll learn how to assess the type of threats posed to you and correctly leverage defense and response strategies, threat modeling, and cybersecurity checkups.
Bring everything back to your own organization and security concerns. John won't just outline best practices, he'll teach you how to choose and apply the security concepts relevant for your teams.
Develop a security plan for your organization, with input from Netflix's senior security engineer. You'll learn how to pull together compliance, security tools, and employee culture into a posture of continuous defense.
HALEY LinkedIn Profile
- Senior Security Engineer, Detection Lead at Netflix
- Information Technology Advisor to the U.S. Department of State
- Thought leader and featured speaker on topics including threat detection, digital forensics, reverse engineering, and emerging technologies
- Has over a decade of experience in cybersecurity leadership at organizations like Verizon, Capital One, IronNet Cybersecurity, and Booz Allen Hamilton
- Holds almost as many industry certifications as there are letters in the alphabet, including CISSP, GIAC GCIH, ECSA, CEH, CHFI, Security +, and ITIL v3
Modern organizations are one successful hack away from loss of reputation and revenue. In this class, John will outline the vital role of cybersecurity in today's business world and the key concepts you'll refer to throughout the course.
- Why cybersecurity?
- Mission and origins
- Foundational concepts
Assignment #01: Research a major cyber incident that occured in the last 5 years and identify how the incident was disruptive.
"Cybersecurity" is a broad term that actually encompasses several types of security. In this lesson, you'll learn which ones are relevant to your business and to what you should pay particular attention.
- 7 key areas of cybersecurity
- OWASP top 10
- Phishing, MDM, and physical security
Assignment #02: Identify the domain you interact with the most and why.
Why are some types of attacks more prevalent in a business environment? John will walk you through some high-profile examples of these attacks and introduce you to a global knowledge base you can use to proactively combat attackers.
- MITRE Att&ck Framework
- Common types of cyber attacks
- Cyber attacks at a workplace
Assignment #03: You will receive a case of a real attack on a company. Which Att&ck category do you think it falls under?
Hackers can have many different goals behind an attack. In this class, you'll learn how to identify the "opportunities" for hackers at your company and security concepts that will be most relevant. Then, John will demo some common security tools in class.
- The CIA Triad: Confidentiality, integrity, and availability
- What goals do hackers have for your company?
- Demo: Common security tools
Assignment #04: Which concept do you feel is most important to your company and why?
So, your business has been attacked. Now what? Today, you'll learn what to do first if an attack occurs and how to mitigate a worst-case scenario.
- NIST CSF: The security-focused professional's best alley
- Threat detection, incident response, and disaster recovery
- Business continuity after a breach
Assignment #05: You will receive a case of a real incident. Use the NIST CSF to create a defense and recovery plan for the incident and return to normal operations.
How can you hack your mindset to mitigate security risk? In this lesson, you'll learn how to start thinking with a mindset of threat modeling to successfully identify threat actors and determine a plan for risk reduction.
- Principles of threat modeling
- Performing a threat model step by step
- Operationalizing the threat model
Assignment #06: Identify some common threats that may affect your company. Brainstorm how you would reduce those risks.
This lesson is about equipping you with the tools and processes needed to make your own cybersecurity checkups. You'll learn how to continually identify weaknesses in systems, remediate them, and harden defenses against attacks.
- How to do vulnerability management
- What is penetration testing?
- Red teaming, purple teaming, and bug bounty programs
- Demo: Nessus Security Scanner
Assignment #07: Download Nessus Security Scanner and run it against your laptop. What did you find?
Unfortunately, when it comes to regulations, ignorance of the laws won't protect you from the consequences of breaking them. In this class, you'll learn how to apply the most important cybersecurity regulations and compliance requirements.
- How do cyber laws and regulations affect your everyday life?
- What is regulatory compliance?
- Key regulatory standards and implementation
Assignment #08: You'll receive a real-life example of an incident or event. What regulation was that event connected with? Was the organization's security compliant or non-compliant?
Digital forensics is the most complicated out of all the skills. John will help you understand this opaque area of cybersecurity, with a focus on competence to ask the right questions of DF experts in case of an event.
- What is digital forensics?
- Digital forensics case studies
- Digital forensics in the workplace
Assignment #09: Think about digital forensics from the perspective of your company. What questions would you ask of a digital forensics expert?
This lesson is all about how to leverage training and mentorship in your workplace to practice good cyber hygiene. John will share his approach for tailoring the message and motivations to each team and ensuring that no one is unwittingly providing hackers a back door.
- Tools for training and preventing phishing
- Engineering-focused technical training
- Demo: Phishing and hacking gamifications
Assignment #10: Explore the features and functions of a key security tool. Do you think this would benefit your company? Why or why not?
In this lesson, you'll learn the qualities to look for when hiring cyber talent for your organization. John will walk you through his process for compiling candidate profiles, interviewing, and creating a rewarding work environment for security professionals.
- Assessing and finding what you need
- Interview questions and hiring triggers
- Creating an environment that encourages long-lasting employment
Assignment #11: Assess what skills you feel are most important for your company. Then, go to LinkedIn and find 3 people who you feel are most suitable for that role and explain why.
How does pandemic affect the cybersecurity field? How are threats and best practices evolving alongside changes in how work gets done? John will point to key trends and emerging fields of cybersecurity that are impacting business.
- Protecting your remote workspace
- The right way to do cloud migration, zero trust, and Bring-Your-Own-Device programs
- How to draw the line between alertness and paranoia
Assignment #12: Using what you've learned in the last 6 weeks, outline a cybersecurity strategy for your company.