Cybersecurity Skills & Training

Cybersecurity has a CAGR of 12% at 259B through 2025 and qualifications are highly in demand, particularly in regards to IOT and industrial (IIoT) use cases.

Industrial/IoT Security

IoT Endpoint Device Security

IoT endpoint devices include sensors, actuators, microcontrollers, smart appliances, and wearable devices as well as edge devices such as field gateways that perform local data encryption/decryption, compute, storage, data collection, and data aggregation functions for resource-constrained IoT devices.

Device Registry
Physical Security
Device Authentication
Device Trusted Rollback
Device Hardening
Mobile Device Audits
Device Lifecycle Management

IoT Connectivity and Communication Security

IoT devices can use communication protocols that are not recognized or protected by enterprise security controls. Enterprise firewalls and intrusion detection systems are designed to protect against enterprise specific threats, not attacks against industrial or consumer IoT protocols. IoT devices may be highly mobile or deployed in remote locations. As a result, these devices may be directly connected to the Internet with none of the protections found in a corporate environment.

Network Segmentation
Mutual Authentication & Encryption
Gateway Firewalls
Third-party Communications

IoT Identity & Access Management (IAM)

Identity and Access Management (IAM) requirements deal with both user and device identity management, authentication, access control, and the creation of security groups.

Identity Management
Access Control
Security Groups

IoT Data Protection & Security

A method for preventing unauthorized access to devices and data on the device must be implemented. All data that is generated, collected, stored, transits, or shared via a device must be properly classified and handled accordingly.

Data Location and Aggregation
Data Classification
Data Privacy Policy
Data Isolation
Data Retention and Duration
Data Encryption and Key Management

IoT Application Security

IoT applications should follow best practices for security controls, authorization, and authentication of devices and users. In addition, the IoT Shadow Trust Framework (IoTSTF) findings and recommendations should be considered, which embodies the concept of pursuing device trustworthiness through the analysis of IoT digital twins (device shadows) and their associated data streams.

Device Shadows (Digital Twins)
Application Firewalls
Data Flows
OMG DDS Messaging
Blockchain Implementation

Breach/Incident Management

Incident management pertains to monitoring and detection of incoming security threats, the collection and logging of incident data, alert notifications, and incident response. This applies to the device edge environment, the cloud environment, and the interfaces between the two. In addition, such a system will help to meet compliance audit requirements (such as for GDPR) for data logging.

Incident Monitoring and Detection
Event Logging
Alert Notification
Incident Response
Remote Auditing
Port Scanning.
Penetration Testing

Cybersecurity Hardware

Data Diodes
Next-Gen Firewalls
Hardware Security Modules (HSMs)
Encrypted Server Appliances
Encrypted USB Drives

Cybersecurity Certifications

GIAC - Global Information Assurance Certification
CEH - Certified Ethical Hacker
GSEC - GIAC Security Essentials Certification
CISSP - Certified Information Systems Security Professional
ISSMP - Information Systems Security Management
CISM - Certified Information Security Manager
HCISPP - HealthCare Information Security and Privacy Practitioner
CIPT - Certified International Association of Privacy Professionals
FACHE - Fellow of the American College of Healthcare Executives
CPHIMS - Certified Professional in Healthcare Information and Management Systems
CIPP - Certified International Association of Privacy Professionals
QSA - Qualified Security Assessor
GCED - GIAC Certified Enterprise Defender
GCFE - GIAC Certified Forensic Examiner
GCIH - GIAC Certified Incident Handler
GCIA - GIAC Certified Intrusion Analyst
GSNA - GIAC Systems and Network Auditor
CISO - Chief Information Security Officer
CSP - Certified Safety Professional

Cybersecurity Regulations

NIST Handbook 162 "NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements"
GSA - Highly Adaptive Cybersecurity Services (HACS)



ERP Software Advice

CMMS Software Advice

PdM Software Advice