Cyber Security Cohort

Cyber Security Cohort : S02.E04 Access Management Solutions In today’s episode, cybersecurity consultant Heather Holliday explores several common Access Management Solutions. Heather will compare and contrast options such as Federated Identity Management, Same Sign-On, Multifactor Authentication and Single Sign-On, then she'll take a look at what makes each option unique so you can better understand why there is more than one option and how to choose the best option for your situation. ⁠Click for full transcript⁠ Episode Notes and References Information shared in this episode came from personal experience. More information on these topics can be found by searching these references. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide by Darril Gibson: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/B096D1LGSK  What is Single Sign-On Authentication? And...How Does it Work? (SSO) Tech Target:What is single sign-on (SSO)?  https://www.techtarget.com/searchsecurity/definition/single-sign-on  AWS: What is SSO (Single-Sign-On)? https://aws.amazon.com/what-is/sso/  Onelogin: What is Federated ID?: https://www.onelogin.com/learn/federated-identity  Onelogin: SAML Explained in Plain English: https://www.onelogin.com/learn/saml  What is Kerberos?: https://www.simplilearn.com/what-is-kerberos-article  Microsoft: What is OpenID Connect?: https://www.microsoft.com/en-us/security/business/security-101/what-is-openid-connect-oidc 

Cyber Security Cohort : S02.E03 Authentication and Access Management Policies In today’s episode Heather Holliday explores the topic of authentication and access management policies. Heather shares details about the overarching considerations for good authentication and access management practices in the context of cyber security. Click for full transcript Episode Notes and References Information shared in this episode came from personal experience. More information on these topics can be found by searching these references. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide by Darril Gibson: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/B096D1LGSK  NIST Access Control Policy: https://csrc.nist.gov/glossary/term/access_control_policy  NIST Password Policy publication: https://csrc.nist.gov/pubs/ir/7970/final

Cyber Security Cohort : S02.E02 Passwords, Passphrases and PINs In this episode Heather dives into the world of PINs, passwords and passphrases. This is one of the hottest topics in cyber security and one of the most important! After all, you use PINs, passwords and passphrases to secure some of your most valuable personal information. ⁠⁠Click here for full transcript⁠⁠ Episode Notes and References Information shared in this episode came from personal experience. More information on these topics can be found by searching these references. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide by Darril Gibson: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/B096D1LGSK  Are Password Managers Safe? https://cybernews.com/best-password-managers/are-password-managers-safe/  John the Ripper Lab: https://greatadministrator.com/john-the-ripper-lab/ 

Cyber Security Cohort : S02.E01 Auth & Auth In this first episode of a brand new season of the Cyber Security Cohort, Heather will pivot from her previous discussions on Governance, Risk and Compliance in season 1 to begin a new chapter on another of her favorite topics - Authentication and Authorization. ⁠Click here for full transcript⁠ Episode Notes and References Information shared in this episode came from personal experience. More information on these topics can be found by searching these references. CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide by Darril Gibson: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/B096D1LGSK Why Your Organization Needs Rule-Based Access Control: https://www.networkcomputing.com/network-security/why-your-organization-needs-rule-based-access-control Techtopia: Mandatory, Discretionary, Role and Rule Based Access Control: https://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control

Cyber Security Cohort : Episode 008 Are You the One in Control? In today’s episode Heather Holliday the importance of Controls in cyber security and how Controls are used to ensure safe cyber practices. As Janet Jackson said, “It’s all about control, and I’ve got lots of it.” Click here for full transcript Episode Notes and References Information shared in this episode came from personal experience. More information on these topics can be found by searching these references. Janet Jackson’s “Control” video: https://www.youtube.com/watch?v=LH8xbDGv7oY 3-2-1 Storage Method: https://youtube.com/shorts/FbMdH3d00l0 3-2-1 Storage Method: https://www.cisa.gov/sites/default/files/publications/data_backup_options.pdf CompTIA Security+ Get Certified Get Ahead: SY0-601 Study Guide by Darril Gibson: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/B096D1LGSK

Cyber Security Cohort : Episode 007 Organizational Considerations In today's episode Heather Holliday discusses the critical role that C-suite leaders play in cyber security. Heather will also take a deep dive into the importance of organizational design in creating a cyber safe culture equipped to tackle tough cyber security issues and concerns. Click here to download the full transcript Episode Notes and References Information shared in this episode came from personal experience. More information on these topics can be found by searching these references. Tech Target: https://www.techtarget.com/searchcio/definition/C-level Deloitte: https://www2.deloitte.com/content/dam/insights/us/articles/ciso-next-generation-strategic-security-organization/DR19_TheNewCISO.pdf

Cyber Security Cohort : Episode 006 Risk and Compliance In today's episode Heather Holliday continues her exploration of the world of GRC, or Governance Risk and Compliance. Heather spoke about Governance in the previous episode, so today's podcast will cover Risk and Compliance. Click here to download the full transcript Resources mentioned in this episode: Information shared in this episode came from the references below and more information on these topics can be found by searching these references. Governance, Risk, and Compliance for CompTIA Security+ by Christopher Rees: https://www.pluralsight.com/courses/governance-risk-compliance-comptia-security-plus AICPA on SSAE 18: https://www.aicpa-cima.com/resources/download/aicpa-statement-on-standards-for-attestation-engagements-no-18 Sprinto Blog on SSAE 18: https://sprinto.com/blog/what-is-ssae-18/ NIST Cybersecurity Risk definition: https://csrc.nist.gov/glossary/term/cybersecurity_risk NIST CSF: https://www.nist.gov/cyberframework

Cyber Security Cohort : Episode 005 The G in GRC In today's episode Heather Holliday dives into the world of GRC, or Governance Risk and Compliance. This is one of Heather's favorite topics in cyber security and she believes its importance is often overlooked or undervalued. This episode covers an overview of Governance, the G in GRC. Click here to download the full transcript. Resources mentioned in this episode: Information shared in this episode came from the references below. CISA on Zero Trust: https://www.cisa.gov/zero-trust-maturity-model Deloitte Article: https://www2.deloitte.com/us/en/pages/advisory/articles/modernizing-the-three-lines-of-defense-model.html NIST on Data Governance: https://csrc.nist.gov/glossary/term/data_governance Governance, Risk, and Compliance for CompTIA Security+ with Christopher Rees on Pluralsight: https://www.pluralsight.com/courses/governance-risk-compliance-comptia-security-plus

Cyber Security Cohort : Episode 004 What's AI Got To Do With It? In today's episode Heather answers the question, "What’s AI got to do with it?" and explores the ways that artificial intelligence, or AI, intersects with cyber security. Download the full transcript here. Resources mentioned in this episode: Tech Target: https://www.techtarget.com/searchenterpriseai/definition/AI-Artificial-Intelligence Techopedia: https://www.techopedia.com/definition/34948/large-language-model-llm NIST Glossary: https://csrc.nist.gov/glossary Gartner on Generative AI: https://www.gartner.com/en/topics/generative-ai Fortune Article: https://fortune.com/2023/06/09/lawyers-angry-new-york-judge-ai-tricked-them-citing-fake-cases-court-filing-chatgpt/ Krebs on Security: https://krebsonsecurity.com/2023/08/meet-the-brains-behind-the-malware-friendly-ai-chat-service-wormgpt/

Cyber Security Cohort : Episode 003 Cybersecurity Overview In today’s episode we’ll get down to business and start with an overview of cyber security. I’ll introduce some key terms you’ll need to know as we cover various topics. I’ll also provide resources that will help you on your learning journey. Download full transcript Information shared in this episode came from the references below and more information on these topics can be found by searching these references. Google: www.google.com Cyber security and Infrastructure Security Agency, or CISA, site: https://www.cisa.gov.  National Initiative for Cybersecurity Careers and Studies (NICCS) site: https://niccs.cisa.gov/  National Initiative for Cybersecurity Careers and Studies (NICCS) vocabulary list: https://niccs.cisa.gov/cybersecurity-career-resources/vocabulary.  Free Code Camp Hacker Hat Types: https://www.freecodecamp.org/news/white-hat-black-hat-red-hat-hackers/. NIST vocabulary list: https://csrc.nist.gov/glossary/term/code_vocabulary  Wikipedia: https://en.wikipedia.org/wiki/Port_(computer_networking)  If you need a throwback moment to reminisce the old times with dial-up, just good “modem sound ringtone.” This one is courtesy of Red Ringtones: https://www.youtube.com/watch?v=7d85sESKEL8 

Cyber Security Cohort : Episode 002 Bootcamp Decisions In today’s episode Heather will discuss bootcamp learning. She will share her own personal journey and how she came to the decision that a bootcamp was right for her. Heather will also provide insights and resources that can help you decide if a bootcamp is your optimal learning solution. Episode transcript Resources mentioned in this episode: More information on topics discussed in the show can be found by searching these references. 2U Technical Bootcamps: https://2u.com/about/boot-camps/ The Ohio State University Cybersecurity Bootcamp: https://eng-bootcamps.osu.edu/cybersecurity/  CompTIA CertMaster Practice Site: https://www.comptia.org/training/certmaster-practice 

Cyber Security Cohort : Episode 001 Rocky Beginnings In today’s episode Heather Holliday shares some of her early learnings from when she first attempted to find the right cybersecurity training courses for herself. If you’ve been struggling to get started on your cyber security path, this episode is for you! Resources mentioned in this episode: https://eng-bootcamps.osu.edu/cybersecurity/ https://www.udemy.com/course/1m-cyber-security-awareness/ Episode Transcript Notice By accessing this Podcast, the listener acknowledges that the entire contents and design of this Podcast, are the property of Heather Holliday and are protected under U.S. and international copyright and trademark laws. Except as otherwise provided herein, users of this Podcast may save and use information contained in the Podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing, of this Podcast may be made without the prior written permission of the owner, Heather Holliday. Disclaimer By accessing this Podcast, I acknowledge that the owner, Heather Holliday, makes no warranty, guarantee, or representation as to the accuracy or sufficiency of the information featured in this Podcast. The information, opinions, and recommendations presented in this Podcast are for general information only and any reliance on the information provided in this Podcast is done at your own risk. This Podcast should not be considered professional advice. Unless specifically stated otherwise, the owner, Heather Holliday, does not endorse, approve, recommend, or certify any information, product, process, service, or organization presented or mentioned in this Podcast, and information from this Podcast should not be referenced in any way to imply such approval or endorsement. The third party materials or content of any third party site referenced in this Podcast do not necessarily reflect the opinions, standards or policies of the owner, Heather Holliday. The owner, Heather Holliday, assumes no responsibility or liability for the accuracy or completeness of the content contained in third party materials or on third party sites referenced in this Podcast or the compliance with applicable laws of such materials and/or links referenced herein. Moreover, the owner, Heather Holliday, makes no warranty that this Podcast, or the server that makes it available, is free of viruses, worms, or other elements or codes that manifest contaminating or destructive properties. THE OWNER EXPRESSLY DISCLAIMS ANY AND ALL LIABILITY OR RESPONSIBILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR OTHER DAMAGES ARISING OUT OF ANY INDIVIDUAL'S USE OF, REFERENCE TO, RELIANCE ON, OR INABILITY TO USE, THIS PODCAST OR THE INFORMATION PRESENTED IN THIS PODCAST.

Cyber Security Cohort : Episode 000 Today's episode answers the question, "Why Cyber?" and host Heather Holliday shares her own reasons for pursuing this topic as well as a few common reasons you and others may be interested in learning more about Cybersecurity technology. Episode Transcript