The Air Force launches two new cybersecurity courses available across the Defense Department | #itsecurity | #infosec

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

Two new cybersecurity courses developed by the Air Force are available to anyone in the Defense Department. The Federal Drive with Tom Temin gets the details from the director of the DC3 Cyber Training Academy, Casey Szyper.

Tom Temin: Mr. Szyper, good to have you on.

Casey Szyper: Nice to be here.

Tom Temin: And you have two new courses available. And these are developed in the DC3 correct? But they’re available across the Defense Department?

Casey Szyper: Correct. Anybody with a CAC card essentially is eligible to sign up for an account at our website, and And from there, they can sign up for those classes, take online training, there’s all kinds of video content up there as well.

Tom Temin: All right, and let’s start with a shorter that seems like a more basic class that anyone concerned with cybersecurity might want to begin with. Tell us about that one.

Casey Szyper: There’s about 28 courses in the inventory. There’s the most recent one was for the Department of Defense CIO’s office that’s cyber fundamentals 101. And it’s essentially for all of the work roles in the Department of Defense that are what we call a cyber enabling work roles where you’re working in a cyber shop, that’s maybe conducting cyber operations, doing network defense, maybe even doing network offensive operations, but you’re not really a cyber person, but it would enhance your ability to do your job and support your elements if you knew more about cyber. So that course is part of 8140. It’s written into as a mandatory element for those people in those cyber enabler work roles. For other people, too, it’s just a good foundational course to kind of as a familiarization of cyber understanding. What the people left and right to you are doing and helping you be better at your job, understanding what their dependencies are, and maybe how you can better support them.

Tom Temin: And this course you can take kind of at your own pace, because it’s an online deal?

Casey Szyper: Correct, right. So if you go to the online environment, the, which I’m sure you’ll have a link for, is in that environment there’s that course there’s many, many other ones. It’s that course is self paced, but there’s it’s time limited. It’s not open forever, but it’s self paced in a way that I think that’s that’s open for two weeks that one, but it would not take somebody for two weeks to get through the all of the content on there. But it enables people after hours or during workday, that small pieces and chunks to take the course and move through it that way.

Tom Temin: And the longer course is in person.

Casey Szyper: Right, we have in terms of the fundamentals course we have the introduction to networks, computers, hardware, we the acronym INCH. In that course, students learn, it’s essentially geared towards if you didn’t know anything about cyber, you’re coming in as a strong foundational core, so walks you through hardware elements, basic networking and network configurations. And the capstone of that course is disassembly, reassembly of a computer, understanding how to put that together basic operations, operating system functions, and things like that. So out of that course, the idea is that course is building a strong enough foundation that you can then move into other courses like incident response, forensic courses, etc. from there, but at least baseline the student population to a certain level.

Tom Temin: And I’m curious about that idea of taking apart a computer because how does that help you with cybersecurity, since they’re all just, sounds sort of like a 90s type of activity.

Casey Szyper: Especially today, when you’re running into a lot of different types, I mean, a lot of the things that people even in the law, particularly in the law enforcement field, but otherwise you’re gonna run into are mobile devices, etc, things like that. More of the idea that is in a forensic person, these courses were originally built for a person who would be doing computer forensics, and in that computer forensic shop, so like, I’m a retired police officer, I did computer forensics for a living in California for many years, you’re going to build your own machine, it’s part of that, that foundational knowledge of understanding how the box works. It’s kind of like learning how to change the tires on a car. And when you’re gonna go learn to drive, you may probably never do it, you have AAA, somebody else come out and do that for you. But it’s good to know. And it also helps understand how the pieces parts come together and work together well. Will people do that as a practicality and most of the times in their job, particularly in cybersecurity, probably not, but at the same time if they’re doing an incident response, and the idea is they have to collect evidence, or they have to collect items in there where they want to see how a person may have been been building a system up or utilizing that system. You understand how those parts, maybe they’re extraneous, there’s laying around the scene, you could pick them up and use them.

Tom Temin: We are speaking with Casey Szyper, the DC3 Cyber Training Academy director. And in developing course, and maintaining this catalog of courses that you mentioned, how do you make sure that they are up to date with respect to the threat environments and with respect to the different certification bodies? I imagine you want takers of the courses to be involved with also?

Casey Szyper: Correct. So we have strong partnerships. For example, with CompTIA we deliver CompTIA courses A+, Net+, Security+ in residence there. All of our cyber casts, which are again available, essentially at no cost to any of the DoD members with CAC cards. Those all confer continuing education units to people with a certain CompTIA certifications that have been vetted by CompTIA. Look at for is the content relevant is a support and certification that CompTIA has.

And one of the other, there’s many different methods by which we keep the contents up to date and relevant and mission enabled. There’s alignment to the work roles working with the different stakeholders that own those work roles. In big buckets, we work very closely with the Defense Criminal Investigative Organization’s training subpanel they have and they’re the ones actually going out doing a lot of, particularly in the computer forensics realm, the workload involved from all the way from incident response to the actual doing the forensic reporting on that. So we’re looking at courses and we meet with them monthly and conduct those kinds of pulse checks on that. We also do student surveys, obviously, in every course in talking through there and doing that. And then one of the advantages the academy has is the majority of the people that are doing the work are contractors. So it enables us to have people there actually really practitioners in the field coming up, coming in, they understand what’s really, the real, that there’s theory and then there’s actually application. So there’s people that are doing it, and come back in to help inform that curriculum development. And of course, then working with some of the other major stakeholders and partners, and they have their own requirements. And we work through that with them and build the courses from there.

Tom Temin: And how many people come through the whole catalog in a given year? And is it a balance of uniforms and civilian employees?

Casey Szyper: In terms of numbers, we’re well over, in hours trained, we’re over 300, 400 thousand hours in a year, I’d have to, 5,600 or more people. There’s a it’s a tremendous number of people that come through there. It depends on the different types of pathways you’re looking at. If we’re looking at like network defense type of work roles, that’s generally all uniformed personnel. We’re looking at cyber forensics, that could be anybody. That could be DoD, civilians. Again, a lot of the cyber of protection team personnel want and need familiarization with cyber forensics, so they’re taking those courses. So it’s kind of a pretty broad spectrum across the DoD of personnel that are attending the courses and taking advantage of that training.

Tom Temin: And for those people that choose to attend the in person courses, where do they have to go?

Casey Szyper: So we’re located in Hanover, Maryland. We’re basically right off of 295. Very close to Fort Meade. Three exits up the road in fact, from Fort Meade. It’s right around the corner. We have a brand new trading facility, 10 classrooms and a security operation center, a mock one where we could do red team, blue team type of activities if we wanted to. That’s all been limited, of course during the COVID pandemic, but as we work our way out of that, we’ve been expanding more and more in residence courses and getting a lot more people back in the building. So I’m excited about that.

Tom Temin: Casey Szyper is director of the DC3 Cyber Training Academy. Thanks so much for joining me.

Casey Szyper: Oh, you’re welcome. Thanks for having me.

Original Source link

Leave a Reply

Your email address will not be published.

thirty one − 22 =