CybersecurITy Assist

Program CAP
Session 19

Topic:
Self Development
May 25, 2019
 Session 19: Self Development and
Learning
There is an humongous amount of learning resources online and one is sure to get lost trying to figure out the path to
cybersecurity expertise. This session will introduce the common (or popular) certification and education programs
available in the India environment.

Certifications, Education, Training

• Certifications (CISA, CISM, CISSP, OSCP,
CEH, SANS NEILIT, CDAC etc)
• Training (ISO training programs)
• Education (Graduate / PG / PhD programs)
• Online / Distance Education

CAP Session 19: Self Development & Learning

 Cyber Security Self Development
• Self learning using Internet resources
• Need strong fundamentals in IT / Internet
Infrastructure, s/w development, Governance Risk &
Compliance, Audit etc
• Logical and analytical thinking
• Good communication skills
• Align skills with upcoming technology developments

CAP Session 19: Self Development & Learning

 Options & Misconceptions
• You can opt for formal education and learning if you are out of +2 or
have completed your graduation
• If you are looking for adding to your skills and qualifications and are
a working professional you can take up the professional certifications
• Remember - Educational qualification and Professional certifications
are different
• Professional Certification programs do not “train” you, they ascertain
and attest your knowledge / skill
• One needs a certain number of years of work experience to qualify
for professional certification
CAP Session 19: Self Development & Learning
CAP Session 19: Self Development & Learning
 Certifications
(ISC)² ISACA
Credential Credential
Certification Title Certification Title
abbreviation abbreviation
CISSP Certified Information Systems Security Professional CISA Certified Information Systems Auditor
CISSP-ISSAP Information Systems Security Architecture Professional CISM Certified Information Security Manager
CISSP-ISSEP Information Systems Security Engineering Professional CRISC Certified In Risk and Information Systems Control
CISSP-ISSMP Information Systems Security Management Professional CGEIT
SSCP Systems Security Certified Practitioner
CCSP Certified Cloud Security Professional CompTIA
CAP Certified Authorization Professional Security+ CompTIA Security+
CSSLP Certified Secure Software Lifecycle Professional CySA+ CompTIA Cyber Security Analyst

HCISPP HealthCare Information Security and Privacy Practitioner PenTest+ CompTIA Pentest+

CASP CompTIA Advanced Security Practitioner

CAP Session 19: Self Development & Learning

 Certifications
OFFENSIVE SECURITY CISCO CREST
Credential Credential Credential
Certification Title Certification Title Certification Title
abbreviation abbreviation abbreviation
OSCP Offensive Security Certified Professional Cisco Certified Network Associate – CPSA CREST Practitioner Security Analyst
CCNA Security
Security
OSWP Offensive Security Wireless Professional Cisco Certified Network Professional - CRT CREST Registered Penetration Tester
CCNP Security
Security
OSCE Offensive Security Certified Expert Cisco Certified Internetwork Expert - CCT-APP CREST Certified Web Application Tester
CCIE Security
Security
OSEE Offensive Security Exploitation Expert CCNA Cisco Certified Network Associate -
CCT-Infra CREST Certified Infrastructure Tester

OSCE Offensive Security Certified Expert CyberOps CyberOps CC SAS CREST Certified Simulated Attack Specialist
IAPP
OSEE Offensive Security Exploitation Expert CC SAM CREST Certified Simulated Attack Manager
Certified Information Privacy
CIPP
GENERAL Professional

ISO27001 IS27001 Lead Auditor / Implementation CIPM Certified Information Privacy Manager

Information Systems Certification and Certified Information Privacy

ISCAP CIPT
Accreditation Professional Technologist

ISO Standards ISO22301, ISO31000, ISO20000

CAP Session 19: Self Development & Learning

 GIAC GIAC
Credential

Certifications
Certification Title Credential
abbreviation Certification Title
abbreviation
GPYC Python Coder GSEC Security Essentials
GCFA Certified Forensic Analyst GCIA Certified Intrusion Analyst
EC COUNCIL GCFE Certified Forensic Examiner GISF GIAC Information Security Fundamentals
Credential GREM Reverse Engineering Malware
Certification Title GCED Certified Enterprise Defender
abbreviation
CSCU Certified Secure Computer User GNFA Network Forensic Analyst GCWN Certified Windows Security Administrator

CND Certified Network Defender GCTI Cyber Threat Intelligence GPPA Certified Perimeter Protection Analyst

CEH Certified Ethical Hacker GASF Advanced Smartphone Forensics GMON Continuous Monitoring Certification

CEH (Practical) Certified Ethical Hacker (Practical) GSLC Security Leadership GCCC Critical Controls Certification

ECSA EC-Council Certified Security Analyst GSNA Systems and Network Auditor GCUX Certified UNIX Security Administrator
ECSA GISP Information Security Professional
EC-Council Certified Security Analyst (Practical) GCDA Certified Detection Analyst
(Practical)
LPT (Master) Licensed Penetration Tester (Master) GLEG Law of Data Security & Investigations GDAT Defending Advanced Threats
CCISO Certified Chief Information Security Officer GCPM Certified Project Manager GCIH Certified Incident Handler
ECIH EC-Council Certified Incident Handler GSTRT Strategic Planning, Policy, and Leadership GPEN Penetration Tester
CHFI Certified Hacking Forensic Investigator GSSP-JAVA Secure Software Programmer-Java GWAPT Web Application Penetration Tester
EDRP EC-Council Disaster Recovery Professional Exploit Researcher and Advanced
GSSP-.NET Secure Software Programmer- .NET GXPN
ECES EC-Council Certified Encryption Specialist Penetration Tester
GWEB Certified Web Application Defender GMOB Mobile Device Security Analyst
CASE Java Certified Application Security Engineer Java
Global Industrial Cyber Security
GICSP GAWN Assessing and Auditing Wireless Networks
CASE .Net Certified Application Security Engineer .Net Professional
GRID Response and Industrial Defense
ECSS EC-Council Certified Security Specialist
GCIP Critical Infrastructure Protection

CAP Session 19: Self Development & Learning

 • Systems Security Certified Practitioner • Certified Perimeter Protection Analyst

• Certified Cloud Security Professional • Continuous Monitoring Certification

More Certifications • Certified Authorization Professional

• Certified Secure Software Lifecycle
• Critical Controls Certification

• Certified UNIX Security Administrator

Professional
• CompTIA Pentest+ • Certified Detection Analyst
Some may be repeated from
• CompTIA Advanced Security Practitioner • Defending Advanced Threats
previous slides
• Certified In Risk and Information Systems
• GIAC Information Security Fundamentals
Control
Certified Cloud Security Professional (CCSP) | Cloud Security
Alliance • Security Essentials • Certified Enterprise Defender

Cloud Security Certification | CCSP - Certified Cloud
Security ... - ISC2
CERTIFICATE OF CLOUD SECURITY KNOWLEDGE
(CCSK)
CERTIFIED CLOUD SECURITY SPECIALIST (CCSS)
• Certified Intrusion Analyst
• Certified Incident Handler
• Exploit Researcher and Advanced
Penetration Tester
• Assessing and Auditing Wireless
Networks
• Network Forensic Analyst
• Certified Windows Security Administrator
• Web Application Penetration Tester
• Mobile Device Security Analyst
• Reverse Engineering Malware
• Advanced Smartphone Forensics

• Certified Hacking Forensic Investigator • IS20 security controls

• Offensive Security Certified Professional • Offensive Security Certified Expert

CAP Session 19: Self Development & Learning

CAP Session 19: Self Development & Learning
CAP Session 19: Self Development & Learning
CAP Session 19: Self Development & Learning
 Education institutions (Grad programs)
Graduate Programs
• University of Madras
• Galgotias University
(https://www.galgotiasuniversity.edu.in/)
• Graphic Era University, Dehradun
(https://www.geu.ac.in/content/geu/en.ht
ml)
• Chandigarh University
(http://www.cuchd.in/)
• UPES, Dehradun
(https://www.upes.ac.in/)
• BITS, Hyderabad (https://www.bits-
CAP Session 19: Self Development & Learning
pilani.ac.in/Hyderabad/)
• Hindustan Institute of Technology and
Science https://www.hindustanuniv.ac.in/
• Ansal University
https://ansaluniversity.edu.in/
• Ganpat University
https://www.ganpatuniversity.ac.in/
• Raksha Shakti University
http://www.rsu.ac.in/
• GNA University
http://www.gnauniversity.edu.in/
 Education institutions (PG programs) – 1/2
• Hindustan Institute of Technology
• Amity University
• • Indian Institute of Information
VJTI
• All IITs
• University of Mumbai
• Amrita School of Engineering,
Bangalore
(https://www.amrita.edu/campus/b
engaluru)
• Amrita Vishwa Vidyapeetham,
Coimbatore
(https://www.amrita.edu)
• ITM University, Raipur
(https://www.itmuniversity.org/)
• Vikrant Institute of Technology
and Management, Indore
(http://www.vitm.edu.in)
CAP Session 19: Self Development & Learning
• PES University, Bangalore
(https://www.pes.edu/)
Technology and Management
(IIITMK-Thiruvananthapuram)
http://www.iiitm.ac.in/index.php/e
n/
• Master of Technology (M. Tech)
in Cyber Law and Information
Security, Indian Institute of
Information Technology –
Allahabad
https://www.iiita.ac.in/
• M. Tech (CSE) with specialization
in Information Security,
Indraprastha Institute of
Information Technology – Delhi
http://www.iiitd.ac.in/
• M. Tech in Computer Science and
Information Security, International
Institute of Information
Technology – Hyderabad
https://www.iiit.ac.in/
• MBA-ITBM (Information
Security Management), Symbiosis
Centre for Information
Technology – Pune
• REVA University in Bengaluru
https://reva.edu.in/?
utm_source=GMBListing&utm_m
edium=organic
• Vikrant Institute of Technology
and Management, Indore
http://www.vitm.edu.in/
 Education institutions (PG programs) – 2/2
• NIIT University
https://www.niituniversity.in/
• Jain University
https://www.jainuniversity.ac.i
n/
• Gujarat Forensic University
http://www.gfsu.edu.in/
• Amrita Vishwa Vidyapeetham
https://www.amrita.edu/
• M.Tech-Cyber Security &
Digital Forensics in KLEF(KL
University) Vijayawada
https://www.kluniversity.in/
• Nshm Knowledge Campus,
Kolkata
CAP Session 19: Self Development & Learning
http://www.nshm.com/
• Ramaiah University Of
Applied Sciences - [RUAS],
Bangalore
http://www.msruas.ac.in/
• N. L. Dalmia Institute Of
Management Studies And
Research - [NLDIMSR],
MUMBAI
https://www.nldalmia.in/
• K.K. Modi International
Institute - -, New Delhi
• DY PATIL UNIVERSITY,
NAVI MUMBAI
http://www.dypatil.edu/
• UNIVERSITY OF MYSORE
- [UOM], MYSORE
http://www.uni-mysore.ac.in/
• IIIT Allahabad
• Madhya Pradesh bhoj open
university
http://www.bhojvirtualuniversi
ty.com/
• Odisha state open university
http://osou.ac.in/
• Institute of Forensic Science
(Mumbai University)
• MNIIT Allahabad
 TYPICAL SYLLABUS (pg)
YEAR I •Cyber Crimes & Investigation
•Operating System, Database, and Elective I
•Information Systems and Infrastructure Security •Mobile & Digital Forensics
Software •Cyber Forensics Lab Penetration Testing &
•C Programming and Data •Network Security Vulnerability Assessment Cloud
Structure Computing
•Fundamentals of Information YEAR II
Security and Legal Framework Elective II
•Engineering •Mobile, Wireless, and VoIP •Hardware Security Biometric
•Introduction to Hardware, Security Security Risk
Network, the Internet •Cryptography Lab ManagementMalware Analysis
•Cyber Forensics •Security Policy & Audit •Cyber Law
•Operating System, Database and •Information Security & •Sessional Project
Infrastructure Security Cryptography •Grand Viva
•Computer LAB (MATLAB, •Block Chain
Excel, Linux Server- Apache) •Security Architecture and
•Cyber Threat and Modelling Models
CAP Session 19: Self Development & Learning
 Distance Education
• Udemy, Coursera, MOOC
• Post Graduate Certificate in Cyber Laws
(PGCCL) – Symbiosis Centre for distance
learning
• https://www.academiccourses.com/Courses/
Cyber-Security/Distance-learning/
• SMU University
CAP Session 19: Self Development & Learning
 Typical Syllabus (SMU)
Unit 1: Introduction to Cyber Security
• Overview of Cyber Security, Internet Governance
– Challenges and Constraints, Cyber Threats:-
Cyber Warfare-Cyber Crime-Cyber terrorism-
Cyber Espionage, Need for a Comprehensive
Cyber Security Policy, Need for a Nodal
Authority, Need for an International convention on
Cyberspace.
Unit 2: Cyber Security Vulnerabilities and Cyber
Security Safeguards
• Cyber Security Vulnerabilities-Overview,
vulnerabilities in software, System administration,
Complex Network Architectures, Open Access to
Organizational Data, Weak Authentication,
Unprotected Broadband communications, Poor
Cyber Security Awareness. Cyber Security
Safeguards- Overview, Access control, Audit,
Authentication, Biometrics, Cryptography,
Deception, Denial of Service Filters, Ethical
Hacking, Firewalls, Intrusion Detection Systems,
Response, Scanning, Security policy, Threat
Management.
Unit 3: Securing Web Application, Services and
Servers
• Introduction, Basic security for HTTP
CAP Session 19: Self Development & Learning
Applications and Services, Basic Security for • Introduction, Cyber Security Regulations, Roles of
SOAP Services, Identity Management and Web International Law, the state and Private Sector in
Services, Authorization Patterns, Security Cyberspace, Cyber Security Standards. The
Considerations, Challenges. INDIAN Cyberspace, National Cyber Security
Unit 4: Intrusion Detection and Prevention Policy 2013.
• Intrusion, Physical Theft, Abuse of Privileges, Unit 7: Cyber Forensics
Unauthorized Access by Outsider, Malware • Introduction to Cyber Forensics, Handling
infection, Intrusion detection and Prevention Preliminary Investigations, Controlling an
Techniques, Anti-Malware software, Network Investigation, Conducting disk-based analysis,
based Intrusion detection Systems, Network based Investigating Information-hiding, Scrutinizing E-
Intrusion Prevention Systems, Host based mail, Validating E-mail header information,
• Intrusion prevention Systems, Security Tracing Internet access, Tracing memory in real-
Information Management, Network Session time.
Analysis, System Integrity Validation.
Unit 5: Cryptography and Network Security
• Introduction to Cryptography, Symmetric key
Cryptography, Asymmetric key Cryptography,
Message Authentication, Digital Signatures,
Applications of Cryptography. Overview of
Firewalls- Types of Firewalls, User Management,
VPN Security Protocols: - security at the
Application Layer- PGP and S/MIME, Security at
Transport Layer- SSL and TLS, Security at
Network Layer-IPSec.
Unit 6: Cyberspace and the Law
CAP Session 19: Self Development & Learning
 Training institutes
• Red Team Academy, Calicut & Kochi
• Institute of Information Security, Mumbai
• OSA Academy, Mumbai
• CAP Program
• Asian School of Cyber Law
• Pentester Academy
• Razz Institute, Chennai
CAP Session 19: Self Development & Learning
CAP Session 19: Self Development & Learning
CAP Session 19: Self Development & Learning
CAP Session 19: Self Development & Learning
 Certifications
CEH: CERTIFIED ETHICAL HACKER continuing professional education program and compliance with the information systems auditing
• The CEH is an intermediate level certification focused on the prevention of most common attacks standards.
and securing systems and networks. CEH is designed to ensure a strong understanding of hacking • The exam lasts for 4 hours, with 150 multiple choice questions one needs to have a minimum
practices including footprinting recognitions, scanning networks, SQL injections, worms and score of 450 to pass the examination. The certification costs $575 for registered members and
viruses, DoS attacks, social engineering, and honey pots. $760 for non-members. The domains of CISA include The process of Auditing Information
• CEH certification requires successful completion of a 4-hour, 125 questions multiple choice Systems, Governance, and Management of IT, Information Systems Acquisition, Development
cybersecurity examination with a minimum score of 70%. The exam costs $500 USD. For self- and Implementation, Information Systems Operations, Maintenance and Support, Protection of
study students, an additional $100 USD eligibility application fee and a record of two years of Information Assets, The Process of Auditing Information Systems.
information security related work experience endorsed by the employer is necessary. With an • One can find an ample number of institutions in India that offer CISA training.
increase in awareness of cyber attacks, the certified ethical hacker resonates with many employers. • CISM: CERTIFIED INFORMATION SECURITY MANAGER
However, there is some debate about the value of the certification. In terms of difficulty, the EC •
CISM is truly management focused certification. This is an ideal certification for seasoned IT
Council maintains tight control over entry to the certification exam. In order to be eligible to
managers, security managers and CSO’s. The CISM validates a vast range of cybersecurity skills
attempt the CEH exam, it requires that candidates attend an EC Council official training program
and recognizes a manager who promotes these international security practices. If someone is
or provide employer verified proof of at least two years of Information Security experience.
interested in IT security management, the CISM provides a multitude of opportunities.
• The CEH exam is further categorized as core, advanced and expert. However, the general domains
• The recommended experience to get this certification is 5 years in the information security field.
include Information Systems and Networking, Security Controls, Reconnaissance Fundamentals,
The exam comprises of 200 multiple choice questions and lasts for 4 hours. To qualify one must
Network Attacks, System and Device Attacks and Regulations, Policies and Ethics.
score a 450 on a scale of 200-800. In the CISM certification exam, the domains included are
• In India, there are multiple institutions that offer both classrooms as well as online-based IT Information Security Governance, Information Risk Management, Information Security Program
security courses at an affordable cost. One can also refer to Udemy for any self-paced training Development, Information Security Program Management, Incident Management, and Response.
course to equip themselves with the right skills and knowledge before applying for CEH
certification. Moreover, on Youtube, one can also find some interesting free resources to help
understand most of the topics.
• CISA: CERTIFIED INFORMATION SYSTEMS AUDITOR
• The CISA is ICACA’s validation for audit control assurance and security. The main responsibility
of a CISA is to assess vulnerabilities, report on compliance and institute controls within an
enterprise system. This world-renowned certification will certainly set one apart from the
competition and allow you to work anywhere you want. While anyone can take the CISA exam,
getting certified has the following requirements.
• Firstly, you need a year of experience in information systems or any qualifying educational
degree. Next, you need to have an adherence to the code of professional ethics and also to the

CAP Session 19: Self Development & Learning

 Certifications
CISSP: CERTIFIED INFORMATION SYSTEMS SECURITY Asset Security and Risk Management.
PROFESSIONAL OSCP: Offensive Security Certified Professional
• CISSP from (ISC)2 is arguably the current gold standard of InfoSec • The offensive Security Certified Professional (OSCP) certification is used
Certifications. It’s an advanced level certification for IT Security for Penetration testing. It is world’s first hands-on offensive IS
Professionals and is recognized and valued by both industry and certification course that an individual can get. The use of this certification
government employers worldwide. CISSP is approved as a DoD baseline will enable the individual to express and demonstrate the working
for level 3 IT security technicians. That’s where the comparisons end. knowledge of Penetration concepts and walk through the life cycle of the
• The CISSP certification is designed for security professionals who develop same. The certification cost for “Offensive Security Certified
information security policies and procedures. This is the most advanced Professional” varies somewhere between $200 to $400. The cost varies
certification in the list. And for many candidates, it may require up to a because of different levels of the certification.
year to prepare for the exam. The certification exam is a 6 hour 250 CompTIA Security+
questions monster which costs $699 USDand to pass it one must score a • While Security+ is an entry-level certification, successful candidates
minimum of 700 out of 1,000. Also, to take up the exam one must prove should possess at least two years of experience working in network
that he has worked for at least five years as a security professional and you security and should consider first obtaining the Network+ certification.
must subscribe to the (ISC)2 code of ethics.
GSEC: SANS GIAC Security Essentials
• Once you’re a CISSP certified practitioner, you must recertify every three
years through at least 120 hours of continuing professional education and • Another fine entry-level credential is the GIAC Security Essentials
you must pay a yearly fee of $85 USD to maintain your certification too. (GSEC), designed for professionals seeking to demonstrate that they not
CISSP basically makes you a cybercrime investigator. It’s intensive but only understand information security terminology and concepts but also
well worth it. possess skills and technical expertise necessary to occupy "hands-on"
security roles
• Its domains include Identity and Access Management, Security
Assessment and Testing, Security Operations, Software Development
Security, Communication and Network Security, Security Engineering,

CAP Session 19: Self Development & Learning

 Online
• Search for certifications and decide on your path
of interest

CAP Session 19: Self Development & Learning

 Thank you – practice well
• This PPT will be uploaded to the CAP
website and the download link will be
shared on the WhatsApp group
• Please avoid sharing outside the group
at this stage as we want to have your
opinion first for any enhancements
• Please share your feedback

CAP Session 19: Self Development & Learning

 End Session 19
• Session 20 – Next Saturday June 01, 2019
• Threat Intelligence & More - Presented by KK
(invitee instructor)

• (alternatively in case KK is not available)

• Incident Response and Management – presented by
CAP team

CAP Session 19: Self Development & Learning

CAP Session 19: Self Development & Learning
CAP Session 19: Self Development & Learning
CAP Session 19: Self Development & Learning
CAP Session 19: Self Development & Learning