building your cybersecurity apprenticeship
TRANSCRIPT
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA is …The voice of the world’s information technology (IT) industry.
Non-profit: We are the world’s largest IT trade association advancing the global interests of IT businesses.
Philanthropic: CompTIA’s Creating IT Futures Foundation helps provide opportunity for the unemployed and under-employed to gain access to careers in IT.
A force for change through advocacy: CompTIA promotes sound public policy at the state and federal level to advance the digital economy.
A leader in IT certifications: With over 1.5 million certified professionals, CompTIA offers IT professionals a roadmap for establishing and advancing their careers.
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Need for Cybersecurity Skills
3
Internet of Things
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Cybersecurity Workforce Landscape
1. 82% of organisations report a shortage of cybersecurity skills
2. 77% of UK CIOs say skills shortage increases cyber security risk
3. Only 10% of Cybersecurity roles are held by women.
4. Demand for cyber security professionals grew by almost 70% between 2012 and 2015 – 40% higher than the overall growth rate for IT professionals.
5. In the UK, salaries have increased up to 10 percent year on year for security staff.
4
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Percentage of CompTIA certifications objectives covering cybersecurity skills
Certification Percentage
100%
100%
100%
30%
Certification Percentage
28%
37%
33%
20%
5
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
CompTIA Cybersecurity Pathways
6
Recommended ExperienceNetwork+, Security+ or equivalent knowledge. Minimum of 2-3 years of hands-on information security or related experience.
Recommended ExperienceCompTIA Network+ and two years of experience in IT administration with a security focus
Recommended Experience10 years experience in IT administration, including at least 5 years of hands-on technical security experience
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Cybersecurity Apprenticeships Standards
Cyber Intrusion Analysts
– https://www.gov.uk/government/publications/apprenticeship-standard-cyber-intrusion-analyst
Cyber Security Technologists
– https://www.gov.uk/government/publications/apprenticeship-standard-cyber-security-technologist-approved-for-delivery
Cyber Security Risk Analysts
– https://www.gov.uk/government/publications/apprenticeship-standard-cyber-security-technologist-approved-for-delivery
7
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Cybersecurity Apprenticeships & Certifications
No certifications have been included in any of the Cybersecurity Apprenticeship Standards hence there are no exemptions from Awarding Organisation’s Knowledge Modules.
Employers and training providers can choose to include certifications.
Awarding Organisations are just getting started on creating the units aligned to the knowledge modules for these apprenticeships.
CompTIA has already mapped its certifications to all the Cybersecurity Apprenticeships’ knowledge modules, so you can start delivering a programme aligned to industry needs today!
8
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Cyber Intrusion Analyst L4 & CompTIA Certifications
Cyber Intrusion Analyst Modules & CompTIA CertificationsModule 1: Network Mapped to CompTIA Network+
Module 2: Operating Systems Mapped to CompTIA Security+
Module 3: Information and Cyber Security Foundations
Mapped to CompTIA Security+ AND CompTIA Cybersecurity Analyst+ AND CompTIA Advanced Security Practitioner
Module 4: Business Processes Mapped to CompTIA Cybersecurity Analyst+
Module 5: Law, Regulation and Ethics Not explicitly covered due to the international nature of CompTIA certification exams.
9
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Cyber Security Technologist L4 & CompTIA Certifications
Cyber Intrusion Analyst Modules & CompTIA CertificationsModule 1: Cyber Security Introduction Mapped to CompTIA Security+
Module 2: Network and digital communications theory
Mapped to CompTIA Network+
Module 3: Security case development and design good practice
Mapped to CompTIA Advanced Security Practitioner (CASP)
Module 4: Security technology building blocks Mapped to CompTIA Network+ORCompTIA Security+
Module 5: Employment of cryptography Mapped to CompTIA Security+
10
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Cybersecurity Risk Analyst L4 & CompTIA Certifications
Cyber Intrusion Analyst Modules & CompTIA CertificationsModule 1: Cyber Security Introduction Mapped to CompTIA Security+
Module 6: Risk Assessment Mapped to CompTIA Security+ORCompTIA Advanced Security Practitioner (CASP)
Module 7: Governance Mapped to CompTIA Advanced Security Practitioner (CASP)
11
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Cybersecurity Intrusion Analyst Apprenticeship Programme Example
1. CompTIA Linux+ / Linux Skills
2. CompTIA Network+
3. CompTIA Security+
4. CompTIA Cybersecurity Analyst+
5. CompTIA Advanced Security Practitioner (CASP) domains as needed.
12
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Why Linux?
Open Source tools are used by Cybersecurity Professionals to both defend systems and carry out vulnerability assessments (penetration testing).
These tools are built into various Linux distros including:
– Kali Linux - https://www.kali.org/
– BackTrack Linux - http://www.backtrack-linux.org/
The US National Security Agency (NSA) have also released a Linux Security Tool for Government and the private sectors to help secure their networks against cyber attacks - https://github.com/NationalSecurityAgency/SIMP
13
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
UK Cybersecurity Job Vacancies asking for CompTIA certifications
SOC Analyst
Information Security Analyst –ServiceNow
Security Analyst – Aviva
Security Analyst - Northrop Grumman
IT Security Engineer
Senior Cyber Risk Manager
Information Security Manager - AXA
Director, Security Operations Centre (SOC) - Pearson
Head of Information Security Engineering – Capital One
Computing Security & Information Protection Specialist – Boeing
14
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Skills for the Information Age (SFIA) Framework
15
The SFIA Framework is used to create UK National Occupational Standards (NOS) for IT Professionals:
https://www.thetechpartnership.com/standards-and-quality/it-professional-standards/
Cybersecurity Apprenticeships have been based upon the NOS.
CompTIA Certifications have been mapped to the SFIA Framework and addresses the need for cybersecurity skills.
http://www.sfia-online.org/en/get-help/qualifications-and-sfia/partners/sfia-and-comptiahttp://www.sfia-online.org/en/get-help/qualifications-and-sfia/sfia-mapping/sfiamappingforcomptia20162.pdf
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 18
CompTIA Security+ is the globalbenchmark for best practices in IT security. It validates competency in network security, compliance and operational security, threats and vulnerabilities, application, data and host security, identity management, and cryptography.
Now includes mobile security
Vendor neutral certification & ISO 17024
Foundation-level security knowledge for IT professionals
Over a quarter million Security+ certified professionals worldwide
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 19
CompTIA Network+ certification or equivalent knowledge
Two years of experience in networking with an emphasis on security
Prerequisites
Certification Exam Domains
Network security 20%
Compliance and operational security 18%
Threats and vulnerabilities 20%
Application, data and host security 15%
Access control and identity management 15%
Cryptography 12%
SY0-401
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Exam Details
Exam Requirement 1 certification exam (code: SY0-401)
Time Allowed & No. of Questions
A maximum of 90 questions90 minutes
Question TypesPerformance-based, multiple choice, multiple response, and drag and drop
Passing Score 720 (on a scale of 100-900)
Availability Worldwide
Languages* English, Japanese and Portuguese
20
• For up-to-date information on translations, visit http://certification.comptia.org/certifications/security
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 22
CompTIA Cybersecurity Analyst+ certification is a vendor-neutral IT professional certification that validates knowledge and skills required to configure and use threat detection tools, perform data analysis, interpreting the results to identify vulnerabilities, threats and risk to an organization with the end goal of securing and protecting applications and systems within an organization.
Covering more than seven DoD directive 8570.
Vendor neutral certification
Mid-level security knowledge for IT professionals
Requires hands-on experience using open source tools.
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 23
CompTIA Network+, CompTIASecurity+ or equivalent knowledge.
Minimum of 2-3 years of hands-on information security or related experience
Prerequisites
Beta Certification Exam Domains
Threat Management 27%
Vulnerability Management 26%
Cyber Incident Response 23%
Security Architecture and Tool Sets 24%
CS1-001
Beta Objectives – Subject to Change
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Beta Exam Details
Beta Exam Requirement 1 certification exam (code: CS1-001)
Time Allowed & No. of Questions
103 questions165 minutes
Question TypesPerformance-based, multiple choice, multiple response, and drag and drop
Passing ScorePass/fail information will not be available until Autumn 2016; candidates will be notified. Exam objectives will not appear in beta exam results.
Availability Worldwide except for India and China
Languages English
24
• For up-to-date information, visit: • https://certification.comptia.org/certifications/cybersecurity-analyst
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 26
Vendor neutral certification
Mastery-level security knowledge
ISO 17024 compliant
CompTIA Advanced Security Practitioner (CASP) meets the growing demand for advanced IT security in the enterprise.
CASP certifies critical thinking and judgment across a broad spectrum of security disciplines and requires candidates to implement clear solutions in complex environments.
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Exam Details
Exam Requirement 1 certification exam (code: CAS-002)
Time Allowed & No. of Questions
80 questions165 minutes
Question TypesPerformance-based, multiple choice, multiple response, and drag and drop
Passing Score Pass/Fail only (no scaled score)
Availability Worldwide
Languages* English
27
• For up-to-date information on translations, visit http://certification.comptia.org/certifications/comptia-advanced-security-practitioner
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 28
Prerequisites
Certification Exam Domains
Enterprise security 30%
Risk management & incident response 20%
Research & analysis 18%
Integration of computing, communications & business disciplines 16%
Technical integration of enterprise components 16%
CAS-002
Minimum 10 years experience in IT administration
5 years hands on technical security experience
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 30
Network+ is the leading vendor-neutralcertification for networking professionals. It validates the essential knowledge and skills needed to confidently design, configure, manage and troubleshoot any wired and wireless network.
Globally recognised, it demonstrates core competencies in networking, including virtual networking, networking security and in-depth knowledge of OSI and TCP/IP models, including IPv6 and cloud.
Cisco recommends it before a CCNA
Next step after CompTIA A+ training and certification
Recommended 1st professional-level networking certification
Globally recognised - ISO 17024 compliant
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Certification Exam Domains
31
N10-006
Network architecture 22%
Network operations 20%
Network security 18%
Troubleshooting 24%
Industry standards, practices, and network theory 16%
CompTIA A+ certification or equivalent knowledge
A minimum of 9 to 12 months of work experience in IT networking
Prerequisites
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Exam Details
Exam Requirement 1 certification exam (code: N10-006)
Time Allowed & No. of Questions
A maximum of 90 questions90 minutes
Question TypesPerformance-based, multiple choice, multiple response, and drag and drop
Passing Score 720 (on a scale of 100-900)
Availability Worldwide
Languages* English, German, Japanese
32
• For up-to-date information on translations, visit: http://certification.comptia.org/certifications/network
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 34
The CompTIA Linux+ certification is an internationally-recognized, vendor-neutral validation of the technical competencies required by a junior level Linux administrator. It covers the tasks common to major distributions of Linux, including:
• Working at the Linux command line• Performing basic maintenance tasks such as
adding users to a larger system, executing backup and restore, shutdown and reboot
• Installing and configuring a workstation and connecting it to a LAN
Only Linux+ offers a 3-for-1 certification*: the opportunity to earn 3 industry-recognized Linux certifications for the time, effort and expense of 1.
Sets foundation for building advanced vendor/distro specific knowledge, such as Red Hat or SUSE
*earn Linux+, earn LPIC-1 and SUSE CLA
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Certification Exam Domains
35
LX0-103 LX0-104
System Architecture 14%
Linux Installation & Package Mgmt 18%
GNU & Unix Commands 43%
Devices, Linux Filesystems, Filesystem Hierarchy
25%
Shells, Scripting & Data Mgmt 17%
User Interfaces & Desktops 8%
Administrative Tasks 20%
Essential System Services 17%
Networking Fundamentals 23%
Security 15%
Copyright (c) 2016 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Exam Details
Exam Requirement 2 certification exams (code: LX0-103 and LX0-104)
Time Allowed & No. of Questions
A maximum of 60 questions90 minutes
Question TypesMultiple choice, multiple response, drag and drop, and fill-in-the-blank
Passing Score 500 (on a scale of 200 to 800)
Availability Worldwide except for Japan
Languages* English, German, Portuguese*
36
• For up-to-date information on translations, visit http://certification.comptia.org/certifications/linux