At Connamara, our commitment to education and training has been unwavering since our inception in 1998. Over our 25+ years, we’ve diligently handled customer data, safeguarding our clients from the most severe attacks. However, as technology advances, so do the tactics of malicious actors aiming to exploit vulnerabilities and compromise sensitive information.
Therefore, as threats to digital security grow more sophisticated, we’ve remained committed and doubled down on staying ahead of the curve. Read more to discover the two major ways we upgraded our cybersecurity knowledge.
- The Northwestern Cybersecurity Bootcamp
Understanding the growing threat to our industry (that impacts companies worldwide by tens of millions of dollars each year), our now-CISO, John Vatianou, enrolled in the 24-week Northwestern Cybersecurity Bootcamp aimed at preparing technology professionals for the CompTIA Security+ and CEH exams, as well as taking students through an immersive, hands-on curriculum to learn skills needed to protect digital environments.
The program cemented for us just how important education is for safety – fellow students included those just at the beginning of their career in tech or finance to career professionals forging a path into this field at their respective firms.
Here are some of our favorite units and our takeaways:
- Building a Strong Security Foundation: Learn how to establish a security culture, identify threats, and implement security controls to mitigate risks. Gain proficiency in using the command line, a powerful tool for IT and security professionals.
- Mastering Operating Systems: Explore different Linux distributions and Windows operating systems, navigate those file systems, manage users and processes, and harden systems against attacks.
- Data Management and Security: Master techniques for archiving and logging data, essential for security analysis and forensics. Write Bash scripts to automate tasks and enhance your efficiency.
- Securing Across Platforms: Manage Windows systems using command-line tools and PowerShell, and implement security best practices.
- Understanding Networks: Build a strong foundation in networking concepts, including network topologies, OSI models, protocols, and troubleshooting techniques.
- Cryptography Demystified: Understand the principles of cryptography and explore various encryption and decryption techniques used to secure data.
- Network Defense Strategies: Learn about firewalls, intrusion detection systems, and other tools used to protect networks from unauthorized access.
- Cloud Security Essentials: Explore cloud security concepts and gain practical experience deploying and securing resources in the cloud. The course covers AWS and Azure, but many concepts are applicable to any provider.
- Red Team vs. Blue Team exercises: Simulate real-world attack scenarios and analyze log data to identify threats.
- Web server vulnerability assessment and alerting: Exploit vulnerabilities in a controlled environment and implement security alerts.
“The breadth and depth of what was covered during those twenty-four weeks was amazing. The cloud concepts alone were worth the price of admission. Understanding how cloud computing and networking work is part of the cybersecurity boot camp. That knowledge allowed me to become proficient in setting up security groups, alarms, and notifications for relevant infrastructure. I would recommend this course for anyone working in cybersecurity, from a security operations employee all the way up to CISO.”
John Vatianou, CISO
- CompTIA Security+ Testing
The Northwestern boot camp included some test prep for the Security+ test, but it was up to students to dig deep and study for the exam. According to CompTIA, the certification verifies that the candidate has the knowledge and skills required to:
- Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions
- Monitor and secure hybrid environments, including cloud, mobile, and IoT
- Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance
- Identify, analyze, and respond to security events and incidents.
With a maximum of 90 questions over a 90-minute testing period, candidates must score 750 out of 900 to pass. This high level of difficulty is why CompTIA recommends aspirants have at least two years of experience in a security or systems administrator role. Fortunately, our CISO had already been providing technical support for Connamara in this way for several years before the boot camp and his exam.
The exam is broken into the following sections:
- Attacks, Threats, and Vulnerabilities 24%
- Architecture and Design 21%
- Implementation 25%
- Operations and Incident Response 16%
- Governance, Risk, and Compliance 14%
“The test was very, very detailed, and I would have never passed if it were not for the class and our instructor’s syllabus. Because I understood the concepts, I could not only piece together what answers the test was looking for but also comprehend them on a higher level.”
John Vatianou, CISO
Read more about our feelings on the SOC 2 Type II certification and if we felt it was worth it.