2020 FRsecure CISSP Mentor Program - Class 1

2020 CISSP MENTOR
PROGRAM
April 13, 2020
-----------
Class 1 – April 13, 2020
Instructors:
• Brad Nigh, FRSecure Director of Professional Services & Innovation
• Evan Francen, FRSecure & SecurityStudio CEO
• Ryan Cloutier, SecurityStudio Principal Security Consultant
#MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION ONE
1
INTRODUCTION
Just kidding! This will be awesome!
#MissionBeforeMoney
FRSECURE.COM/CISSP-MENTOR-PROGRAM

• What is the CISSP Mentor Program?
• History
• 2010 – 1st Class – 6 students
• Today – 11th Class – 1,200+ students!
• Why do we do it?
• Success stories
• Heck, it’s free! What have you got to lose?
2
INTRODUCTION
Welcome!
We have a severe talent shortage problem in our industry. Good news for you…
#MissionBeforeMoney

• Introduction
• Our severe talent shortage problem…
• Mentor Program Schedule & Class structure
• What is a CISSP?
• The book. **TIPS**
• Chapter 1 – Introduction (the other one).
3
INTRODUCTION
Welcome – Today’s Agenda
#MissionBeforeMoney

2020 CISSP MENTOR PROGRAM
INTRODUCTION
Let’s get started, but first a joke.
4
What do you call a sleepy Dad getting pizza for his kids?
#MissionBeforeMoney

INTRODUCTION
Let’s get started, but first a joke.
5
What do you call a sleepy Dad getting pizza for his kids?
Papa Yawns!
#MissionBeforeMoney

INTRODUCTION
Let’s get started, but first a joke. One more…
6
Why can’t the T-rex clap its hands?
#MissionBeforeMoney

INTRODUCTION
Let’s get started, but first a joke. One more…
7
Why can’t the T-rex clap its hands?
Because it's
extinct!
#MissionBeforeMoney

#MissionBeforeMoney
I do a lot of security stuff.
• Co-founder and CEO of FRSecure LLC and SecurityStudio
• More than 25 years of “practical” information security experience.
• Ambitious mission; fix the broken industry.
• Co-inventor of SecurityStudio (or S²), the platform for managing
information security risk.
• Co-inventor of S²Org, S²Vendor, S²Team, and S²Me.
• Co-inventor of S²Score, a quantitative measurement of information
security and vendor risk used by 3,500+ organizations.
8
INTRODUCTION
About Evan
Me, on most days
I think I look better
as a cartoon.
“Evan’s straightforward analysis of information security risk as fractured, incomplete
and disconnected is spot on.” – CISO, University of Miami
@evanfrancen

#MissionBeforeMoney
• Advised legal counsel in high-profile breaches including Target and
Blue Cross/Blue Shield.
• 2014/2015 - Consultant to the Special Litigation Committee of the
Board of Directors of Target Corporation; derivative action related to the
“Target Breach”.
• 2015/2016 – Consultant to legal counsel and Blue Cross/Blue Shield
related to remediation efforts (post-breach).
• Served as an expert witness is multiple federal criminal cases, mostly
involving alleged stolen trade secrets
• Served 100s of companies; big (Wells Fargo, Target, US Bank,
UnitedHealth, etc.) and small.
• Lots of television and radio, lots of information security talks at
conferences, and 750+ published articles about a variety of
information security topics.
9
INTRODUCTION
About Evan
Me, on most days
When they make
me clean up (a bit)
“I don’t think I’ve met a more successful guy in this industry with less bullshit.” –
Roger Grimes
@evanfrancen

And then…
10
INTRODUCTION
About Evan
https://www.amazon.com/Unsecurity-Information-security-failing-epidemic/dp/164343974X/
@evanfrancen
Russian
friend
Chinese
friend
#MissionBeforeMoney

That’s all fine and dandy. Accolades and accomplishments are one
thing, but they’re NOT why I do what I do!
I do what I do because…
11
INTRODUCTION
About Evan
@evanfrancen
I love people!Except when they’re on the road with me.
The best security people in the world are
people who love people.
Information security isn’t as much about information or security…
as much as it is about people.
#MissionBeforeMoney

I also get the privilege of helping people in the CISSP Mentor Program!
12
INTRODUCTION
About Evan
We started in 2010 with six students.
This year we had more than 1,200 people register!
@evanfrancen
#MissionBeforeMoney

I also get to record podcasts every week with my buddy Brad.
13
INTRODUCTION
About Evan
Just recorded episode 75 of UNSECURITY this morning!
Give it a listen and subscribe.
You can find us on:
• Apple Podcasts
• iHeart Radio
• Spotify
• Overcast
• Stitcher
• CastBox
• Player FM
• And a ton of others…
@evanfrancen
#MissionBeforeMoney

• 20+ years of overall IT experience, started with FRSecure in 2016
• FRSecure’s Director of Professional Services & Innovation
• CISSP Mentor Program Lead
• FRSecure Workshop Series Lead
• Co-host of UNSECURITY Podcast with Evan
• CISM, CISSP, CCSFP, CSSA, MCSA: Windows Server 2012, ITIL v.3
Foundations
• ISC²® Safe and Secure Online volunteer
• Wayzata Schools COMPASS program CyberSecurity Mentor
• Passionate about information security and happy to be here!
14
INTRODUCTION
About Brad
@BradNigh
#MissionBeforeMoney

• SecurityStudio’s Principal Security Consultant
• Seasoned IT Security professional with over 15 years of experience
• Certified Information Systems Security Professional CISSP®
• Held a variety of IT roles during his career including multiple architect
and security roles, cloud security, Dev-Ops/Sec-Ops methodology,
policy, process, audit and compliance, network and application
security architecture
• Performed expert-level work for several fortune 500 companies in
health care, financial, and agriculture sectors
• Heavily immersed in K-12 and SLED for the last 3 years
15
INTRODUCTION
About Ryan
@BradNigh
#MissionBeforeMoney

Expert-level, product agnostic information security management and
consulting firm.
• Established in 2008, but didn’t really start until 2010.
• Started by a security guy who was tired of taking shortcuts, tired of the money grab,
and tired of checking boxes.
• Information security is about people, and it’s a lot of hard work.
• Eight core values, and ten security principles.
• Core services include:
• Security Risk Analysis – using S²Score
• Social Engineering Services
• Penetration Testing Services
• PCI QSA Services
• Incident Management Services
• Information Security Training & Awareness
• vServices (vCISO, vISO, and vISA)
16
INTRODUCTION
About FRSecure
#MissionBeforeMoney

What’s the #MissionBeforeMoney thing?
17
INTRODUCTION
About FRSecure
#MissionBeforeMoney
Much (not all) of our industry.
US

Dedicated to Simplifying Information Security for the Masses
• SecurityStudio (or S²) is a Software as a Service (or SaaS) company dedicated to making
safety, privacy, and cybersecurity simple and attainable for everyone.
• The S² platform is built around a simple language called the S²Score and we make
fundamental tools available to the market including:
• S²Me - the free safety and cybersecurity risk management tool built for everyday people to
use at home for better personal and family protection.
• S²Team - the information security portal leveraged by organizations to help their employees
at home (and ultimately help themselves too).
• S²Org - the organizational information security risk management tool used by organizations
of all sizes, but primarily developed for small to medium-sized businesses.
• S²School - the education-specific version of S2Org, used by K12 and higher education
institutions everywhere.
• S²Vendor - the simple vendor/third-party information security risk management tool,
integrated with S2Org for optimal efficiency.
18
INTRODUCTION
About SecurityStudio
#MissionBeforeMoney

• Chapter 10 – UNSECURITY
• No shortage of stories about our impending doom.
• Another take (from me) - No Easy Button Solution To Cybersecurity’s
Skills Shortage (https://www.cybersecurityintelligence.com/blog/no-
easy-button-solution-to-cybersecuritys-skills-shortage-4150.html)
• Some people claim that there is no shortage, or that it’s overhyped.
• The truth is probably somewhere in the middle, but there is plenty of
opportunity!
19
OUR SEVERE TALENT SHORTAGE PROBLEM…
#MissionBeforeMoney

20
Some truth. Total Job Openings.
Source: CyberSeek – www.cyberseek.org
There are roughly 1,000,000 filled
jobs in the U.S.
Top Job Titles Include:
• Cyber Security Engineer
• Cyber Security Analyst
• Network Engineer / Architect
• Cyber Security Consultant
• Cyber Security Manager /
Administrator
• Systems Engineer
• Vulnerability Analyst /
Penetration Tester
• Software Developer / Engineer
• Cyber Security Specialist /
Technician
#MissionBeforeMoney

21
Job openings by metro area
#MissionBeforeMoney

22
Supply/demand ratio
#MissionBeforeMoney

23
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Some truth.
Source: United States Census Bureau
997,058
328.2 million
#MissionBeforeMoney
These are the
“normal”
people.

• Report from Cybersecurity Ventures estimates there will be 3.5 million
unfilled cybersecurity jobs by 2021, up from 1 million openings last year.
• ISACA predicts there will be a global shortage of two million cyber
security professionals by 2019. (CAME TRUE)
• The number of unfilled positions now stands at 4.07 million
professionals, up from 2.93 million this time last year.
• National Association of Software and Services Companies (NASSCOM)
estimates India will need 1 million cybersecurity professionals by 2020.
• Cyber crime is expected to cost the world $6 trillion by 2021.
24
Some truth.
“Lack of Cybersecurity Talent is a Systemic Issue” - Dave Barton,
Security Magazine
#MissionBeforeMoney

25
Some truth.
Private Sector Public Sector
#MissionBeforeMoney

• What makes a “good”
information security
professional?
• Backlash from the Equifax
Breach, noted that Susan
Mauldin (former Chief Security
Officer) had a music degree;
therefore, she must have been
unqualified.
26
“Good” Security Talent
“a problem emerges: according to LinkedIn,
Mauldin’s stated educational background has no
security or technology credentials, and consists
of.... a bachelor’s degree in music composition
(magna cum laude) and a Master of Fine Arts
degree in music composition (summa cum laude),
both from the University of Georgia. Once again,
this is the person who was in charge of keeping
your personal and financial data safe — and
whose failure to do that have put 143 million at
risk from identity theft and fraud.”
(Source: https://www.zerohedge.com/news/2017-09-15/another-
equifax-coverup-did-company-scrub-its-chief-security-officer-was-
music-major)
#MissionBeforeMoney

• What makes a “good”
information security
professional?
• Backlash from the Equifax
Breach, noted that Susan
Mauldin (former Chief Security
Officer) had a music degree;
therefore, she must have been
unqualified.
27
When Congress hauls in Equifax CEO Richard
Smith to grill him, it can start by asking why he put
someone with degrees in music in charge of the
company’s data security.
And then they might also ask him if anyone at the
company has been involved in efforts to cover up
Susan Mauldin’s lack of educational qualifications
since the data breach became public.
It would be fascinating to hear Smith try to explain
both of those extraordinary items.
(Source: https://www.marketwatch.com/story/equifax-ceo-hired-a-
music-major-as-the-companys-chief-security-officer-2017-09-15)
#MissionBeforeMoney

• What makes a “good” information security professional?
• Some people believe that you cannot be “good” without a technical degree, others
believe that you cannot be “good” without certifications like a CISSP, CISM, etc.
• There are thousands of awesome security practitioners who have no information
security degree whatsoever.
28
Defining “Good”
• At FRSecure we “grow talent”.
• There are three things that create talent:
• Intangibles – the things you can’t teach.
• Education – the “book smarts”. Education can come in a variety of forms; degree
programs, books, in-person instruction, mentorship, certification preparation, etc.
• Experience – the “street smarts”. The best way to gain experience is by doing.
The three ingredients are not mutually exclusive and there are all sorts of ways.
#MissionBeforeMoney

• Supply – we don’t have enough information security people.
• Acquisition – we can’t find enough good information security
people for ourselves.
• Retention – we can’t keep good information security people for
ourselves (and in some cases, in our industry).
• Culture – we have a “bro culture” problem that isn’t helping.
29
Supply and Demand - acquisition, retention, and our culture
#MissionBeforeMoney

• Two sources; people willing to change careers, and younger people entering the
workforce.
• Career Changers - If you were interested in getting into our field, where would
you start?
• A bachelor’s degree in cyber security will cost somewhere between $20,000 -
$60,000, or more. This might get you an entry-level job. A master’s degree
will cost much more. (Source: https://www.onlineu.org/most-affordable-colleges/cyber-
security-degrees)
• Certification? Training to pass the CISSP® exam can range from $3,000 -
$5,000, or more, and the exam itself will set you back another $699.
• Cost is a barrier to entry. Most people don’t have this amount of money lying
around.
• Younger People – Not enough education options (getting better, but not fast
enough).
30
#MissionBeforeMoney

• Early Education – schools are starting programs, and they’re working. Many
examples.
• Free Education
• FRSecure’s Mentor Program (https://frsecure.com/cissp-mentor-program/)
• SANS Cyber Aces Online (http://www.cyberaces.org/courses/)
• Cybrary (https://www.cybrary.it/catalog/)
• Cyber Degrees (https://www.cyberdegrees.org/)
• Mentorship – no single dominant program; this requires more of us giving back.
• Hire Intangibles – and train/educate for the rest. Can be a good acquisition
strategy too.
• Internships – becoming more popular, but we need more.
31
#MissionBeforeMoney

• Our industry culture is not always conducive to attracting and retaining talent.
• Some of the results of our culture are gender inequity and minority inequity.
• Women make up 49.56% of the world’s population, but only make up 11% of
the information security workforce.
• 26% of our workforce is non-Caucasian (or “white”) male.
32
“In a survey of 580 scheduled attendees of the
Black Hat 2017 conference to be held in Las Vegas,
Black Hat found that 71% of respondents felt their
companies lacked sufficient staff to defend itself
against current cyberthreats. And, although less
than half of respondents (45%) were "concerned"
about the shortage of women and minorities in
the information security”
#MissionBeforeMoney

• Since our industry is so male dominated, there’s a “bro culture” that exists.
• “It’s a very male-dominated culture.” “It can be a little more crass, a little bit
more rough and maybe some … females don’t like that, and it is off-putting.” –
Ellison Anne Williams, Ph.D., founder and chief executive of Enveil, a Fulton,
Md., data security company.
• It’s not only the people in our industry that contribute to the problem. Customers,
clients, and other normal people also assume that information security is a male
sport.
• “They have clients who won’t speak directly to them, It’s the assumption that
the woman is not the lead on the project. They just default to speaking to the
men.” - Leah Figueroa, lead data engineer at Gravwell, a data analytics
company out of Coeur D’Alene, Idaho (Source:
http://www.govtech.com/workforce/Why-Are-So-Few-Women-in-Cybersecurity.html)
• This culture didn’t start in our industry and it’s not exclusive to our industry either.
33
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
#MissionBeforeMoney

• Promote and participate in more diversity initiatives and programs.
• Studies prove the more diverse work groups produce more creative a better
results.
• A partial list of resources for women:
• SANS CyberTalent Immersion Academy for Women -
https://www.sans.org/cybertalent/immersion-academy
• Computer Science for Cyber Security (CS4CS) Summer Program for High
School Women - http://engineering.nyu.edu/k12stem/cs4cs/
• Women’s Society of Cyberjutsu (WSC) - http://womenscyberjutsu.org/
• Women in Cyber Security (WiCyS) - https://www.wicys.net/
34
#MissionBeforeMoney

• One more thing.
• Go get this.
• It’s free.
35
INTRODUCTION
Our severe talent shortage problem…
#MissionBeforeMoney

36
MENTOR PROGRAM SCHEDULE & CLASS STRUCTURE
Syllabus (not really), but close.
#MissionBeforeMoney

• Online, FRSecure homepage à Events à 2020 CISSP Mentor
Program
37
Class schedule
#MissionBeforeMoney

• There is a boatload of information to memorize for the
exam, and you’ll appreciate the breaks; we’ve built in two
of them (4/27 and 5/13).
• Evan, Brad, and/or Ryan will lead classes, switching
things up to keep things fresh.
• We’re easing into things this first week; only this
introduction and one domain (Domain 1: Security and
Risk Management).
NOTE: We do have some volunteers to teach. We’ll figure
out how to use them. J
38
Class schedule
#MissionBeforeMoney

• Every class is structured similarly, starting with a brief
recap of the previous content/session, then:
• Questions.
• Quiz.
• Current Events.
• Lecture.
• Homework (you’ll appreciate the breaks…)
• If you’re interested in organizing a study group, send us
an email.
39
Class schedule
#MissionBeforeMoney

• We are here to help!
• If you have any questions, at any time, please send them
to cisspmentor@frsecure.com.
• Content will be made available to all students, including
slides, handouts, and video recordings.
40
Class schedule
#MissionBeforeMoney

Get your Ultimate Guide to the CISSP @
https://www.isc2.org/Certifications/Ultimate-Guides/CISSP?
41
WHAT IS A CISSP?
The Certified Information Systems Security Professional (or “CISSP”)
#MissionBeforeMoney

42
WHAT IS A CISSP?
#MissionBeforeMoney

43
WHAT IS A CISSP?
#MissionBeforeMoney

44
WHAT IS A CISSP?
#MissionBeforeMoney

45
WHAT IS A CISSP?
#MissionBeforeMoney

46
WHAT IS A CISSP?
#MissionBeforeMoney

47
WHAT IS A CISSP?
#MissionBeforeMoney

48
WHAT IS A CISSP?
#MissionBeforeMoney

49
WHAT IS A CISSP?
#MissionBeforeMoney

50
WHAT IS A CISSP?
#MissionBeforeMoney

51
CISSP CERTIFICATION EXAM OUTLINE
#MissionBeforeMoney

52
CISSP CERTIFICATION EXAM OUTLINE & CLASS SCHEDULE
Class 2: April 15th
Instructor: Evan
#MissionBeforeMoney

53
Class 3: April 20th
Instructor: Brad
#MissionBeforeMoney

54
Class 3: April 20th
Instructor: Brad
Class 4: April 22nd
Instructor: Ryan
#MissionBeforeMoney

55
April 27th - BREAK
#MissionBeforeMoney

56
Class 5: April 29th
Instructor: Evan
#MissionBeforeMoney

57
Class 6: May 4th
Instructor: Brad
Class 7: May 6th
Instructor: Ryan
#MissionBeforeMoney

58
Class 8: May 11th
Instructor: Evan
#MissionBeforeMoney

59
May 13th - BREAK
#MissionBeforeMoney

60
Class 9: May 18th
Instructor: Brad
#MissionBeforeMoney

61
Class 10: May 20th
Instructor: Ryan
Class 11: May 25th
Instructor: Evan
#MissionBeforeMoney

62
Class 12: May 27th (and maybe)
Class 13: June 1st
Instructors: Evan, Brad, and Ryan
Class 12: May 27th
Instructor: Brad
CISSP Exam Final Preparation & Practice Testing
#MissionBeforeMoney

63
Class 12: May 27th (and maybe)
Class 13: June 1st
Instructors: Evan, Brad, and Ryan
Class 12: May 27th
Instructor: Brad
CISSP Exam Final Preparation & Practice Testing
#MissionBeforeMoney

64
Date Class # Class Description Instructor
4/13/2020 Class 1 Introduction Evan
4/15/2020 Class 2 Domain 1: Security and Risk Management Evan
4/20/2020 Class 3 Domain 2: Asset Security Brad
4/20/2020 Class 3 Domain 3: Security Architecture and Engineering Brad
4/22/2020 Class 4 Domain 3: Security Architecture and Engineering Ryan
4/27/2020 BREAK BREAK BREAK
4/29/2020 Class 5 Domain 3: Security Architecture and Engineering Evan
5/4/2020 Class 6 Domain 4: Communication and Network Security Brad
5/6/2020 Class 7 Domain 4: Communication and Network Security Ryan
5/11/2020 Class 8 Domain 5: Identity and Access Management (IAM) Evan
5/13/2020 BREAK BREAK BREAK
5/18/2020 Class 9 Domain 6: Security Assessment and Testing Brad
5/20/2020 Class 10 Domain 7: Security Operations Ryan
5/25/2020 Class 11 Domain 7: Security Operations Evan
5/27/2020 Class 12 Domain 8: Software Development Security Brad
5/27/2020 Class 12 CISSP Exam Final Preparation & Practice Testing Evan
5/27/2020 Class 12 CISSP Exam Final Preparation & Practice Testing Brad
5/27/2020 Class 12 CISSP Exam Final Preparation & Practice Testing Ryan
6/1/2020 Class 13 CISSP Exam Final Preparation & Practice Testing Evan
6/1/2020 Class 13 CISSP Exam Final Preparation & Practice Testing Brad
6/1/2020 Class 13 CISSP Exam Final Preparation & Practice Testing Ryan
#MissionBeforeMoney

65
WHAT IS A CISSP?
#MissionBeforeMoney

66
WHAT IS A CISSP?
#MissionBeforeMoney

For the latest (and official) information about the CISSP,
refer to the (ISC)2 website;
https://www.isc2.org/Certifications/CISSP
The four steps to the CISSP:
1. Meet CISSP Eligibility
2. Schedule the Exam
3. Pass the Exam
4. Agree to the Code of Ethics and get endorsed.
67
WHAT IS A CISSP?
#MissionBeforeMoney

Title: CISSP Study Guide, Third Edition (Paperback) by Eric
Conrad, Seth Misenar, & Joshua Feldman.
• ISBN-10: 0128024372
• ISBN-13: 978-0128024379
68
THE BOOK
CISSP Study Guide – Third Edition
#MissionBeforeMoney

• If you don’t have it, you can
get it in a variety of place;
Amazon, Elsevier, Borders,
etc.
• I prefer the book in Adobe
Acrobat format; easy
reference and copy/paste
capabilities.
69
THE BOOK
CISSP Study Guide – Third Edition
#MissionBeforeMoney

70
READY?! LET’S DIG IN.
#MissionBeforeMoney

• How to prepare for the Exam
• How to take the Exam
• Sticking with it!
71
CHAPTER 1 - INTRODUCTION
EXAM OBJECTIVES IN THIS CHAPTER
You ARE NOT required to take
the exam!
Everybody has their own pace.
Everybody has their own
method.
#MissionBeforeMoney

• Used to be six hours and 250 questions.
• Now it’s three hours and 150 questions! (not in the book)
• Computer-based testing (“CBT”) at Pearson Vue, used to
be paper and pencil (Evan’s old!)
• Two (sort of four) types of questions:
• Multiple Choice (four options, two are almost obviously wrong)
• “Advanced Innovative”
• Scenario
• Drag/Drop
• Hotspot
72
CHAPTER 1 - INTRODUCTION
How to take the Exam
#MissionBeforeMoney

• This is a question for you.
• This is a question that our industry still struggles with.
• Don’t forget this…
73
BONUS – INFORMATION SECURITY FUNDAMENTALS
What is Information Security?
Information security is managing risks to the confidentiality,
integrity, and availability of information using administrative,
physical and technical controls. Will also accept…
Information security is the set of rules, plans, and actions
taken to protect people and information.
#MissionBeforeMoney

74
physical and technical controls.
It is NOT eliminating risks!
#MissionBeforeMoney

75
Balance.
People often over-
emphasize this,
#MissionBeforeMoney

76
It is NOT (only) and IT
issue!
It’s easier to go through
your secretary than your
firewall!
Who cares about your
firewall if I can steal your
server?
#MissionBeforeMoney

• Don’t forget this (either)…
77
What is Risk?
#MissionBeforeMoney

• Don’t forget this (either)…
78
What is Risk?
Risk is the likelihood of something bad happening and the
impact if it did.
These are derived from
threats and
vulnerabilities!
#MissionBeforeMoney

1. A business is in business to make money.
2. Information Security is a business issue.
3. Information Security is fun.
4. People are the biggest risk.
5. “Compliant” and “secure” are different.
79
Ten Information Security Principles
Not necessarily on the
exam, but these will
serve you well!
#MissionBeforeMoney

6. There is no common sense in Information
Security.
7. “Secure” is relative.
8. Information Security should drive business.
9. Information Security is not one size fits all.
10.There is no “easy button”.
80
Ten Information Security Principles
Not necessarily on the
exam, but these will
serve you well!
You Dig?!
#MissionBeforeMoney

• We’re very excited that we get to be a part of
your information security career journey!
• This will be a rewarding experience.
For most of you:
This will get hard. This will seem dry. This will
seem overwhelming.
Don’t give up!
81
THAT’S IT. NEXT?
That’s it for today…
#MissionBeforeMoney

• Homework for Wednesday (4/15):
• Go check out S²Me – https://s2me.io. Have you friends and family do
it too!
• Please get the book if you haven’t already.
• Please read Chapter 1 (pages 1 – 10).
• We will be covering Chapter 2 Domain 1: Security and Risk
Management (e.g., Security, Risk, Compliance, Law, Regulations,
Business Continuity) on Wednesday.
82
THAT’S IT. NEXT?
That’s it for today…
See you Wednesday!
Evan Francen
@evanfrancen
Brad Nigh
@BradNigh
Ryan Cloutier (“cola”)
@CLOUTIERSEC
#MissionBeforeMoney
Stay tuned!
We’re setting up an
online study group too.

2020 FRsecure CISSP Mentor Program - Class 1

More Related Content

What's hot (20)

Similar to 2020 FRsecure CISSP Mentor Program - Class 1 (20)

More from FRSecure (20)

Recently uploaded (20)

2020 FRsecure CISSP Mentor Program - Class 1