Pratum Blog

Cybersecurity Workforce

As the world become more interconnected, the need for protecting data grows. The cybersecurity industry is booming, and companies, both large and small alike, are looking to cybersecurity professionals for the protection they need. It’s critical that we have a powerful workforce to keep up.

In Iowa, many colleges and universities have responded to the demand by enhancing existing curriculum and adding new curriculum that’s molded around the need for cybersecurity. They seek guidance from professionals who are leaders in the cybersecurity industry to advise them on their courses. Who better to provide input than experts who know exactly what qualities and education the industry is looking for in an employee?

How One Individual is Getting Involved

Dave Nelson, Pratum’s President & CEO is one of the experts providing input. Nelson serves as the Co-Chair of the Cybersecurity Subcommittee of the DMACC IT Partnership and has since the subcommittee was formed. This subcommittee has established its goals: identify key technology skills that the industry needs to grow a powerful workforce, provide a pathway for people who want to further their education past a two-year degree, and attract/retain cybersecurity professionals in the state of Iowa. “Students who feel like they have support in Iowa are more likely to stay here,” Nelson says.

The cybersecurity subcommittee’s efforts have led to the creation of the Iowa Cyber Hub™ - a partnership between DMACC and Iowa State University that is geared towards cybersecurity. A well-suited name for this group that acts as a central location for cybersecurity resources. On the hub’s website, there are pathways for all levels of education: high school students, high school grads, associate’s degrees, and bachelor’s degrees. The hub fosters alliances with established cybersecurity professionals and partner schools through internships, training programs, and other projects.

Nelson’s contributions aren’t limited to the cybersecurity subcommittee. He’s spoken to the information assurance student group, and he mentors students who seek direction from established professionals. His most recent involvement is partnering with Drake University and other cybersecurity professionals to advise the college’s new post-baccalaureate certificate in cybersecurity.

You Can Make a Difference, Too

If you’re an information or cybersecurity professional looking to make a difference in the education of the future workforce, here are just a few ways to get involved:

  • Contact your local colleges and universities to see if they are needing members of an advisory board, subcommittee or other type of group that influences curriculum
  • Volunteer to be a guest speaker
  • Mentor students & advise them on their studies and coursework
  • Participate in surveys/polls requesting the needs of an employer and employees

The need for strong cybersecurity professionals won’t subside. As long as data is entering the world of the internet and technology, it will always require protection. It is the wisdom and guidance from established professionals that’s driving the future of cybersecurity and its workforce. With the proper tools and support, future cybersecurity professionals will be able to rise to the challenges of cybersecurity by reducing risks and keeping data safe.

AWS Security Best Practices

Security in the cloud should be viewed as a shared responsibility. With many organizations moving some, or all, of their data to the cloud, it’s important they understand, evaluate, and adopt the security solutions available to minimize and address risk.

Many cloud providers take care of the physical and underlying security and availability to the infrastructure that provides the services, but the consumer is responsible for configuring, deploying, and managing their data and systems within the cloud environment. This is where the shared responsibility model is important to understand. Cloud providers such as Amazon offer a multitude of security solutions to assist with properly configuring and managing these systems, however, these solutions are not enabled by default, so consumers must manually activate to leverage them.

Security and Network Access

Managed and unmanaged access to AWS resources should be carefully configured. Policies should be defined such that all traffic is blocked by default and only required communication is explicitly permitted. This will help to ensure unnecessary services and ports aren’t exposed. Management of services should be restricted to known and approved sources and used in combination with multi-factor authentication. In addition to a virtual or host-based firewall, it is considered best practice to leverage Amazon’s built-in security groups to help define and restrict permitted access. Most host-based or virtual firewalls will provide capabilities such as deep packet inspection, intrusion prevention, and additional advanced threat protection.

Logging and Security Monitoring

Amazon has multiple ways to begin logging data within EC2 including both CloudWatch and CloudTrail. Many times, organizations simply enable CloudWatch since it can be done with a single click. Unfortunately, these logs are generally focused towards availability and performance monitoring versus security events. To perform security monitoring and properly audit events to aid in a forensic investigation, it is crucial to monitor network, security, application, authentication, and system logs. The only way to pull all of these events in is to properly configure and tune them. It is recommended to point this data to a central aggregation server such as a SIEM, which will store this data for a year, provide threat detection capabilities, and allow for rapid incident response and analysis.

Identity and Access Management

In addition to restricting access management through access controls, it’s important to adopt best practices managing user access to AWS resources and API’s. This access can be managed through Amazon’s built-in Identity and Access Management (IAM). Role based access can be defined by referencing built-in security groups. These groups can be customized to align with roles within your organization. This helps to reduce risk by decreasing the chance of access creep. IAM policies should also be enforced to match corporate standards. Settings such as multi-factor authentication, password complexity requirements, and lockouts and expirations should also be aligned to the business’s requirements.

If this article was helpful, make sure to check out our Office 365 Best Practices blog article.

Pratum team outing to The Escape

Pratumeers recently took turns getting away from the office to put our skills to the test in an escape room. We split into four teams total – two different teams went on consecutive Friday afternoons, while the opposite teams stayed back to hold down the fort. Each team contained at least one member from every department. We worked together, racing against the clock to uncover clues, and solve riddles to escape. It was a memorable outing that our entire company enjoyed.

Same Skills, Different Mission

When it comes to requiring finesse, Pratum and an escape room have a lot in common. Just like operating an information security firm, you can’t complete an escape room without a few necessary skills. If you’ve ever partaken in an escape room, maybe you already know the formula for success: a great deal of critical thinking, a bit of creativity, add some wit in there, and the final, most important part is teamwork.

The same formula is used every day at Pratum to be leaders in the information security industry and deliver top-notch service to our clients. Let’s take a closer look at the similarities:

You’ll Need Critical Thinking

You’ve just entered the escape room, the door locks behind you, and the clock begins. The room is unfamiliar to you, and you may only have a few clues. What little information you have must be analyzed so you can form judgment on how you’ll proceed to uncover your next clue.

Critical thinking is just as important to Pratum as it is to an escape room. In the early stages of consulting a new client, we are in the discovery phase learning about their business model and current security practices. It’s up to our consulting team to interpret current security policies and procedures, dissect information and figure out the best approach for their security needs.

Get Creative

You’ve uncovered a few more clues now, but they’re not in a logical order. You must use a bit of your imagination and think outside of the box to make sense of them.

Pratum’s ethical hackers use obscure ways of thinking when performing a penetration test to uncover vulnerabilities. Social engineering assessments require our team to find clever ways to remain incognito. Whether it’s pretexting phone calls, email phishing or onsite facility access, taking on a new identity to ethically uncover an organization’s security risks takes quite a bit of creative thinking.

Don’t Forget the Wit

It’s now down to the final five minutes, and it seems as though the only thing that’s escaping is time. You begin to realize that you need to kick your brain into high gear if you’re going to make it out of the room. You must be careful to not rush and make a detrimental mistake that will set you back even further.

Often, we receive new clients who come to us because they are facing a security breach. These clients rely on us to help them get through this stressful time. Our incident response team is always prepared to think on their feet and deliver quick, intelligent solutions to minimize damage. It’s safe to say that we have wit down pat here at Pratum.

All Together Now

Success! You’ve cracked every code, solved each riddle, and have escaped. Your cheer is echoed as you proudly walk out the door with the rest of your team. You didn’t complete the escape room on your own, rather it was a team effort. Everyone contributed in their own way, and that’s what got you out.

Pratum celebrating at Cheesecake Factory
Celebrating Escape Room Success with Cheesecake!

At Pratum, above all, we are a team. Though we are each individually skilled in critical thinking, wit and creativity, it’s our collaborative effort that makes Pratum an enjoyable place to work.

Team building is important to an organization’s overall health, and Pratum recognizes that. An escape room was the perfect outing for us to use our skills in a fun and unique way. Having a member from each department on every team gave us the opportunity to open some new doors for communication and strengthen our team as a whole.

Get our blog posts delivered to your inbox:

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.