foundstone scq cypherpath
DESCRIPTION
SCQ for FoundstoneTRANSCRIPT
Solving the Key Issue of Role-based Security Professional Training
Phillip M. Sparks, MBA CISM CISADirector Innovation and Technology, CypherPath
Professor HULT International Business SchoolEx. RCERT-Europe Site manager
Instructional designer for: Enterprise Network Security, AFRAID, Incident Response Planning and Forensics, and 3 x5-day DoD Information Assurance training program, Europe
Information security is strategic, requires technology and skilled personnel to be effective and successful.
• Foundstone provides strategic consulting, technology and education services for Fortune 500 clients globally
• Experts put right processes and procedures in place and provide tools to support them and educated staff to use
• Has 18+ courses and continues to identify new global issues through McAfee Labs that need to be known by clients
Situation Current stable facts
• Scale and role out of instruction based learning is inefficient and hard to maintain global quality and instruction
• Clients starting to value more practical experience training based upon actual procedures and processes
• Time to develop and deliver new security training is long
ComplicationUncertainties
• Can a scalable role based learning platform enable rapid delivery of process based skills to capture value ?Key Issue
There are five basic questions that must be answered to ensure that we can capture value from a role based
platform
Can a scalable role based learning platform enable rapid delivery of process based skills to capture value ?
Can foundstone learning be delivered online?
Can online training
scale while maintaining quality?
Can new relevant
knowledge be
delivered efficiently?
Can we capture
value from clients?
Can training align to
processes and
procedures of services
offered?
YES, a scalable role based learning platform will enable Foundstone for rapid delivery of process based skills to capture
value.
•Hands on practical labs can be delivered via Lab-on-Demand from single or multiple global sites with users just needing Internet Explorer
•instructor assisted delivery through Elluminate or other web conference is available
Yes learning can be delivered online.
•Over 30,000 labs/ month already proven from one data center, just add hardware/bandwidth for more concurrent users to access
•Step by Step ability of Lab-on-Demand ensures consistency of experience
Yes, online can scale while maintaining quality
•CertME Process combined with Modular Environments allow for rapid knowledge capture that is needed near real time
•Capture and distribution of the knowledge with Lab-on-Demand is hours or days, not weeks and months
Yes, new relevant knowledge can be
delivered efficiently
•Clients get the performance based training they desire with better processes aligned to their environments
•Paid subscriptions and consulting engagements increase revenue
Yes, Foundstone can capture value from clients
•The Modular environments can mirror production environments so process alignment is feasible
•LOD interface produces printed Process documentation (LAB manual) that can complement the Visio process swimlanes and RACI charts
Yes, training can align to processes and procedures.
The CertME Topology can support many tiers of networks all interconnected with routing and be build from a library of pre-
existing virtual machines to build relevant
Modular Environment Library of virtual systems
By Network SegmentBy Operating SystemBy System Role
W2k8r2std-dbW2k8r2webWin7officeWin7adminWin7hackerWinxphackerw2k3HacME-bankingwinxpHacme-casinio
Relevant training can be created in hours and distributed to registered users
Build the ME• Build a modular environment from preexisting systems or create own/new
system from base OS
Collect all Tools into ISO resource• DVD Media is available to users on remote systems, so collecting into a
*.ISO image is easy
Define the Role-based Scenario• Use RACI and BBP to define a Lab Profile so user is put into a job
performance scenario lab profile and lab series if multiple tasks
Provide level of Guidance Desired• LOD supports content less and content guided labs, where you can add
detailed procedure and work instruction level steps
Assign Users Lab Series• Once labs are assigned to users, they will have access to run the lab and
interact all in own sandboxed Modular Environments
McAfee GSL is available for demo but does not meet the training needs of the McAfee Foundstone Practice, but can be leveraged as
Modular Environments were applicable
Modular Environments support Foundstone strategic consulting, technology consulting and education
A typical Modular Environment for Foundstone could support Penetration testing, assessment techniques, and secure coding practices in a three tier and DMZ deployment.
NOTE: Not ALL systems have to be turned on for each lab. Each Lab Profile can define the virtual machines that are active from the modular environment.
Lab 1: winxp-hacker + R1G1O1 router + Hacme-banking + win7-foundstone
1
1
1
1
User has a simple login and access to the labs’ modular environment with or without content (step by step
guides)
Login Select My Assignments
Launch or Resume Lab Interact Save or Exit
CertME Lab-on-Demand™ Components can be “mobile” to support hosting Seminars via wireless or
hosted in a datacenter(s) distributed globally
Modular Enterprise Host (MEHost-XX)Dell PowerEdge R710, 72-96GB RAMMaximum Speed Raid for 300GB DrivesEACH: Support about 20 concurrent users depending upon lab resource requirements. 72 GB = 60 GB usable resources20 users of about 3 GB each (3 System lab)
EXPANDABLE by just adding another MEHOST
LOD SoftwareVirtual Server 4GBIIS 6 or IIS 7:a. LOD Web Servicesb. Data Mover Services
NAS Drive Cache, 3TB RAID, 2x Gigabit NIC
24 port Gigabit Switch User Stations:
1 GB RamInternet Explorer with Java
Learning Management Server integrates with LOD Web Services
Role-based Processes can be converted from workflows to online environment via Lab-on-Demand in just hours
and delivered by URL or LMS.
Existing environment can be converted into a Modular Environment for use with LOD and business processes
captured with Subject Mater Expert into LOD
1. Select what systems are needed2. Capture with Disk2Vhd (~ 2 hours 3. Clean system capture and ensure working in LOD4. Add to LOD virtual system list5. Create VMOnly lab 6. Configure correct IP and settings for systems7. Save as stable virtual system for development
LOD systems can be used for Real training
using replicated production environment
Cyber Security workforce must be proficient in tasks they will be expected to perform under stress
Validate process proficiency
Ensure “Certified” by 3rd party
Test against live environments
Test they can do on the job
Identify specific skills neededAwareness topics Hands on tasks Knowledge levels
Define Role-based tasks requiredMap tasks to realistic job
expectationsBase upon best practice
Process workflowsBook
knowledge is NOT enough!
Certify with CertME
against actual job skills needed.
The Lab-on-Demand Platform will be used to build the SPA (Scalable Proficiency Assessment) engine to certify
performance based skills.
Job Description
• Identify the top 10 tasks for Job
Create Modular Environment
• Replicate the On-the-job environment in CertME and build Lab Profile
Task Signature Analysis
• Capture the task signatures for real-time tracking of
Deploy SPA agents
• When taking exam, SPA agents monitor lab activity and report back to SCORM LMS
The Lab-on-Demand has X primary features
System
ME Admin
Lab Profiles
Lab Management
•Add/Delete Users
•Assign
User Management