SAN ANTONIO, May 4, 2011 — Shon Harris, security expert and author of the bestselling CISSP All-in-One Exam Guide, is offering her training courses and study materials free of charge to military members who are deployed in war zones and cannot afford the cost of classes offered by her company, Logical Security. The broad roster of classes includes her premiere CISSP certification training, along with a variety of other IT certifications. Harris hopes that others in the technology community will join her to create a “pay it forward” movement to thank U.S. servicemen and women for their service.

Harris, who served in the U.S. Air Force and comes from a military family, understands the sacrifice servicemen and women make for our country. Harris’ father retired from the Army after several tours to Vietnam, her husband recently retired from the Air Force after serving 23 years and serving a tour in Iraq, and her grandfather served the U.S. as part of the Air Corps in World War II.

“It does not matter if I believe in our current wars or not; I DO believe in the people who are doing this work and fighting in these wars. My frustration and concern is that these wars and the soldiers fighting them have been pushed out of our country’s consciousness by the current state of our country’s economy and other unrest in various parts of the Middle East. What many people don’t realize is that military people are ALWAYS going through difficult economic times. No one gets rich serving our country,” Harris says.

Harris has published a number of information security books, including the bestselling CISSP All-in-One Guide, which is now in its fifth edition. She is also the president of Logical Security, a training and consultancy firm, which is known for its premiere CISSP training. “I have worked hard in my life but have been very fortunate, and I am finally in a position to give back. I want to ‘pay it forward’ to the men and women who make our way of life possible,” says Harris.

Harris is offering free seats in her open classes and study materials to anyone who is serving in Iraq or Afghanistan and cannot afford the training they need. Harris encourages these servicemen and women to contact her directly at info@logicalsecurity.com.

Harris’ course offerings include a five-day Logical Security CISSPÒ course, which is praised by industry professionals for its quality and robustness. The course goes beyond preparing students for the exam, by arming students with the knowledge to practice the security concepts, principles and methodologies expected of a security professional.

Harris invites other technology companies to follow suit and “pay it forward” in their own way. “Servicemen and women take their responsibility of protecting our country seriously and we should take our responsibility to them seriously,” says Harris. “If you are in a position to help, do it without hesitation. No matter who we are, someone has helped us get where we are today and we should hold ourselves responsible to do the same for others. Let’s “pay it forward” for our troops and show them that we care.”

Related Links

Complete Logical Security Course Listing

http://www.logicalsecurity.com/education/education_overview.html

Schedule of Logical Security’s open classes

http://www.logicalsecurity.com/education/education_courses_cissp.html

Download complete chapters from Harris’ books

http://www.logicalsecurity.com/resources/resources_bookchapters.html

About Shon Harris and Logical Security

Shon Harris, CISSP, is a former Air Force Information Warfare unit member. She is a consultant and has written or contributed to over ten information security books. Harris founded Logical Security in 2003 and as president has guided the company to become a leader in certification education and security consulting. Logical Security’s training programs include on-site and online classes, self-study and computer-based materials for students and companies preparing for certification exams, performing security audits on IT infrastructure and complying with security regulations. The company’s areas of expertise are broad, with specialties in CISSP certification, Microsoft exams, .NET development, career refreshers for security pros and other IT certifications. Logical Security is headquartered in San Antonio, Texas.

The reports make clear the mounting threats to federal agencies and to major private-sector firms and vital national infrastructures. “Foreign powers, criminal groups, hackers, and terrorist organizations have launched cyber attacks on the White House, Pentagon, State Department, and New York Stock Exchange,” notes the Booz Allen/PPS report. In the past few years, millions of attempts have been made to hack into defense digital networks, and cyber criminals have penetrated the nation’s electrical grid.

For “the past six years,” the CSIS report states, “the US Department of Defense, nuclear laboratory sites and other sensitive US civilian government sites have been deeply penetrated, multiple times, by other nation-states.” In 2008, CSIS adds, “one of the nation’s largest processors of pharmacy prescriptions reported extortionists had threatened to disclose personal and medical information on millions of Americans.” Indeed, last year the General Accountability Office (GAO) reported deficiencies in 23 of 24 federal agencies to detect or thwart cyber attacks.

President Obama has declared cyber security to be “one of the most serious economic and national security challenges we face.” Defense Secretary Robert Gates has stated that the Department of Defense (DoD) is “desperately short of people who have capabilities (defensive and offensive cyber security war skills) in all the services.”

The two reports essentially agree on the deficiencies facing the federal agencies. CSIS notes the “shortage of the highly technically skilled people required to operate and support systems already deployed” and “an even more desperate shortage of people who can design secure systems, write safe computer code, and create the ever more sophisticated tools” for preventing and mitigating damage from malicious acts.

Booz Allen identified four serious conditions inhibiting the strength of the cyber security workforce:

1. An inadequate pipeline of potential new talent. Just 40 percent of federal chief information officers (CIOs), chief information security officers (CISOs), and IT managers, according to those surveyed, find sufficient the quality of applicants for cyber security jobs. This leads to a disproportionate reliance on contractor personnel, such as the 83 percent of CIO staff  at the Department of Homeland Security that are private contractors.
2. Uncoordinated leadership and fragmented governance in the federal effort, with no one organization heading up decision making or planning for the cyber security workforce. Thus agencies sometimes work at cross-purposes. None of the people interviewed for the report could provide an official count of the actual number of government cyber security personnel.
3. Recruitment and retention of cyber security talent is hampered by: the federal government’s cumbersome hiring processes, outdated job classifications, inadequate specialized training, and absence of a federal career path. One computer science job category was last updated in 1988–before the adoption of the Internet.
4. Hiring managers, compared to HR managers, are dissatisfied with efforts to hire cyber security talent.

CSIS reaches similar conclusions, and provides others as well. “There is neither a broad cadre of cyber experts,” its report notes, “nor an established cyber career field to build upon.” CSIS specifically criticizes the certification process, asserting that credentials focus on showing expertise in complying with statutes, not risk reduction, thus creating “a dangerously false sense of security.”

The two reports take somewhat similar paths in their recommendations for improving the workforce. Taking the big view, Booz Allen/PPS calls for the White House cyber security coordinator, agency leaders, and OPM to formulate a government-wide blueprint for addressing workforce demands. The blueprint would include tools to gauge the health of the workforce.

Regarding certifications, Booz Allen/PPS advocates updating job classifications, while CSIS calls for the adoption of rigorous professional certifications. CSIS would accomplish the latter through creation of a governance body, to be evaluated after a two-year pilot test, which would formulate and administer certifications in new specialty areas. Members in the governance body would be drawn from key federal agencies, major private-sector organizations, and universities with important cyber education programs.

Both reports urge establishment of a career path in cyber security akin to that in civil engineering or medicine. CSIS emphasizes strengthening the technical competence of personnel through the hiring, acquisition, and training processes, while Booz Allen/PPS stresses the provision by congress of adequate funding for such purposes as worker training and the bolstering of management expertise.

Funds would include graduate and undergraduate scholarships in cyber security such as the Scholarship for Service program. In fact, CSIS posits a number of initiatives to enhance cyber security education, including an OPM action plan on career issues, and the creation via the federal Chief Information Officers Council of a Cyber Corps alumni group.

More broadly, the reports view the dearth in cyber security talent as reflecting the nation’s woes in science and technical education and in the technological workforce generally. To address this, CSIS stresses more rigorous school curricula, while Booz Allen/PPS calls expanding scholarship funding in cyber security and computer science. The White House should lead,” affirms Booz Allen/PPS, “a nationwide effort to encourage Americans to develop technology, math, and science skills.”

The two reports, shown below, were compiled from public reports and congressional testimony, and interviews with and surveys of federal subject matter experts and information officers in many federal agencies.

http://csis.org/publication/prepublication-a-human-capital-crisis-in-cybersecurity http://www.ourpublicservice.org/OPS/publications/viewcontentdetails.php?id=135

Other Information:

Certified Information Systems Security Professional (CISSP)

Free CEH online course

1. 1. Please provide us with some background information on your organization and your industry.

I work in the information security industry, which has critical impacts on businesses, organizations and nations. Our society only increases its dependence upon technology, and properly securing it can come down to the life or death of an organization.

The information security industry is relatively new compared to other industries as in financial, medical, and telecommunications. The industry is currently going through many different ‘growth pains’ as it moves from a chaotic and infant entity to a more mature and disciplined space. I and my company have been seen as visionaries in helping some of the largest corporations and government agencies secure their most precious assets against the largest threats they face today.

Logical Security is going into its 8^th year of existence, while I have been in the industry for 15 years. My company specializes in risk management consulting services and training. We build enterprise-wide risk management programs that not only allow our customers to identify their vulnerabilities and stop their adversaries, but correlate and integrate information security issues into their overall business decisions and vision.

1. 2. What are some of the primary challenges your industry faces?

The threat landscape that companies face today is not the same that they had to deal with even five years ago. Today’s threats are not the lone hackers but organized, trained, and funded groups that are backed by organized crime rings or nation states.

Attackers are no longer interested in spreading benign viruses, but have very focused goals of obtaining an organization’s most sensitive data as in social security numbers, credit card information, medical data, and privacy and financial information. The attackers are using our technology against us and we are constantly being outsmarted.

Companies and government agencies are finding it difficult to keep up with a threat that can morph and adapt at the rate of speed that is currently taking place. Anti-virus products capture around 23% of the malware that is on our systems, meaning that most systems are infected and being used by an underground criminal without our knowledge.

Organizations have a false sense of security because they have anti-virus, firewalls, intrusion detection, intrusion prevention and other technologies in place. While these are necessary defenses, the enemy is circumventing them and covertly embedding themselves into the technology and devices we use day in and day out.

To view the entire Article, click here.

Other Information:

Certified Information Systems Security Professional (CISSP)

EMC, IBM, Novell, Cisco, CheckPoint, Symantec, CA, Attachmate, Q1Labs, eIQ Networks, SenSage and others all have SIEM products. Because of the technology’s relatively new emergence in the marketplace, there are few publications that address more than one vendor’s product.  SIEM Implementation shows how to implement multiple products, and also discusses the strengths, weaknesses, and advanced tuning of these various systems.  SIEM Implementation covers the gamut of topics a network administrator or security professional needs – from basic concepts and components to high-level configuration, analysis, interpretation and response.  It aids in the performance of risk analysis, threat detection, threat analysis and threat response for IT systems and businesses of every size.

Written by security and compliance experts and speakers, Security Information and Event Management Implementation shows IT professionals how to effectively implement SIEM in order to efficiently analyze and report data, respond effectively to inside and outside threats, and follow compliance regulations. This book also shows the separate pieces that make up a complete and cohesive SIEM.  These pieces are what most small and medium size businesses are forced to implement, due to the relatively high cost to acquire, implement, maintain and reap benefits from the full scale SIEM systems.  This teaches the IT professional how to implement a more integrated collection of discrete SIEM pieces, approaching similar utility of a full featured SIEM tool.  Further, SIEM Implementation shows readers how to use the SIEM tool to develop business intelligence, beyond the realm of being just a fancy security tool.

SIEM Implementation is a valuable addition to our security plan for 2010.

Key Selling Features

• Includes a Smartbook – a knowledge base of business use cases: real world examples of business needs that can be satisfied by using a finely tuned SIEM system.
• Covers the top SIEM products/vendors: ArcSight, Q1 QRadar, and Cisco MARS
• Authors are security, SIEM, and compliance experts who speak globally around the world, are famous published authors, and have close ties with the government and multiple corporate vendors.
• Foreword by Shon Harris
• Includes product feature summaries, and analysis and trending examples
• Covers regulatory compliance issues
• Provides Incident Response solutions

Market / Audience

• Targeted at IT/security professionals and compliance professionals
• Fueled originally by stealthy threats such as worms and more recently by compliance, the SIEM market is projected to grow from about $380 million last year to $873 million in 2010, according to research firm IDC.
• RSA Security, the security division of EMC, estimates that the SIEM market is expanding at a rate of between 25 percent and 35 percent annually.

Author Profiles

David R. Miller (SME, MCT, MCITPro Windows Server 2008 Enterprise Administrator, MCSE Windows NT 4.0, 2000, and Server 2003:Security, CISSP, LPT, ECSA, CEH, CWNA, CCNA, CNE, Security+, A+, N+). David is an IT security consultant specializing in information systems security, compliance and network engineering. He is a lecturer, an author and technical editor of books, curriculum, certification exams and computer based training videos. He regularly performs as a Microsoft Subject Matter Expert (SME) on product lines including Microsoft Server 2008, Microsoft Exchange Server 2007 and Microsoft Windows Vista.

Shon Harris, CISSP, is the CEO of Logical Security, a computer security consultant, a former engineer in the Air Force’s Information Warfare unit, an instructor and an author.  She has authored three best selling CISSP books, is a contributing author to the book Gray Hat Hacking, and developed a full digital information security product series for Pearson publishing.  Shon was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.

Allen Harper, CISSP, is founder and president of N2NetSecurity, Inc., a consulting company specializing in advanced security and vulnerability analysis, penetration testing, SIEM implementation, and compliance. He served as a security engineer in the U.S. Department of Defense, and is a coauthor of Gray Hat Hacking.

Stephen VanDyke, CISSP, BCCPA, BCCPP, MCSA, Security+, Network+, was a founding member of the U.S. Army Reserve global network Computer Emergency Response Team and helped design and deploy its NetForensics SIEM. He implemented high end, multi-tiered security systems for the Multi-National Force – Iraq (MNFI) network.

Chris Blask, Vice President of Marketing at AlienVault, is on the faculty at the Institute for Applied Network Security, Co-founded Protego Networks (now Cisco MARS) and founded Critical Infrastructure Cybersecurity company Lofty Perch. Chris invented the BorderWare Firewall Server in the early days of the Internet Security market and built the Cisco Systems firewall business.

Other Information:

Certified Information Systems Security Professional (CISSP)