• Cyber Training Services
Article:

Cyber Training Services

15 May 2017

David Cohen, BDO Forensics and Cyber Lab |
Warren Carr , IT Partner (Associate) |

Protect your company's reputation, competitive advantage and operational stability against cyber-attacks with effective cyber security awareness training. Select any (or a combination) of the following courses which aim to set your employees up for success by instilling cutting edge knowledge and practical know-how in the workplace.

OPTION 1: GENERAL STAFF TRAINING - MEET THE HACKER

We cover (in less technical jargon) the basics of keeping information safe both within the company, and in your personal lives. Presented from the point of view of the “hacker”, we illustrate with examples, different exploits used in order to gain unauthorized access to resources. While heavily focused on Social engineering, it also covers many of the other vulnerabilities users present. This presentation is done in a humorous, relaxed atmosphere in an attempt to keep interest piqued. The presentation runs for approximately an hour.

Topics Covered:

  • Social engineering (Extensive)
  • Physical Security (Tailgating, Challenging strangers)
  • Malware (Viruses, backdoors etc.)
  • Identity theft
  • Good passwords vs bad passwords
  • Basics of PKI and certificates
  • (Checking to see if you’re on the correct website)
  • Cryptography basics
  • Mobile security (Phones, PDAs, BYOD)
  • Email security
  • Social networking
  • Remote access and VPN
  • Incident response
  • Environmental controls (clean desk policy etc.)
  • Many examples of real incidents attributed to users
  • Downloading and installing software (licensing/malware/bloatware/key loggers/botnets)
  • Importance of updates
  • Q and A

OPTION 2: IN DEPTH SECURITY TRAINING - HACKERS MEAN BUSINESS

A 3 hour workshop aimed at providing a more in-depth overview of all the security fundamentals at the user level and is targeted at staff who work with sensitive information. This course contains more technical details and practical examples from the real world as well as live hacking demonstrations. This course is ideally suited for people who work with sensitive information such as the accounts department, and first line support staff such as call center staff.

OPTION 3: TECHNICAL TRAINING - CUSTOMIZED TRAINING FOR YOUR I.T. DEPARTMENT

This full day workshop runs for approximately 6 hours and is customized to fit the industry and expertise level of your I.T. department. From basic security risks, to advanced exploitation demonstrations, we show the I.T. department exactly what an attack on their systems would look like from the perspective of the attacker, and more importantly, how to prevent an attack by implementing industry standards and best practices. Gain valuable insight about how hackers think, and what they look for as they attack your infrastructure or scan you for low hanging fruit. Our trainer has more than 15 years of practical experience in attacking and exploiting companies and can provide invaluable insight to I.T. support staff related to vulnerabilities and best practices.

ABOUT THE TRAINER – RUDI DICKS

Rudi has more than 15 years of experience in network design and server administration with a focus on information security. He has conducted penetration tests for multiple top 100 companies and multi-national organizations. He is well versed in best practices and compliance including King III; POPI; OWASP; ISO27001; PCI; NIST and US Laws (SOX; HIPAA; GLBA). He is backed by the following certifications: CompTIA A+; CompTIA Security+; Microsoft Certified Systems Engineer (MCSE); Cisco Certified Network Associate (CCNA); Certified Ethical Hacker (CEH); Offensive Security Certified Professional (OSCP). Rudi has a strong understanding of how information security relates to business risk and is able to easily communicate in both extremely technical terms, as well as in more simplistic terms, providing very meaningful insight to executive and senior management. Rudi is passionate about his work, and more so about educating organisations about the biggest and most often overlooked point of unauthorized entry namely, social engineering.