With the continually evolving threat landscape affecting organizations in all sectors, there is a persistent need to increase the number and qualifications of workers trained in information security disciplines. The conventional focus on information assurance or information security seems to have given way to cybersecurity as the term most in vogue, as seen in the recent rise of undergraduate and graduate academic degree programs in cybersecurity. A representative case-in-point is the University of Maryland University College, where SecurityArchitecture.com founder Stephen Gantz has taught since 2005 as an adjunct professor of information assurance. While UMUC has long had bachelors and masters degree (and graduate certificate) programs in information assurance, the university launched new degree programs in cybersecurity and cybersecurity policy in 2010 which quickly eclipsed the information assurance programs in popularity (UMUC dropped the undergraduate IA program several years ago, but continues to offer a master of science in information technology degree concentrated on information assurance).
What does it mean to learn, or to teach, information security? Security needs in public and private sector organizations – and correspondingly security jobs those organizations seek to fill – increasing emphasize the importance of practical,tangible qualifications, experience, and subject-matter expertise. While security certifications provide one means of gauging domain knowledge, and are frequently cited as required or strongly desired, particularly by government agencies and contractors, the widespread availability of written reference materials and online certification exam prep guides can make certifications unreliable indicators of capabilities needed to effective perform security functions. Many academic programs and professional training courses have shifted their emphasis to teaching hands-on security skills through the use of lab exercises and dedicated network environments that allow students the opportunity to approximate real-world defensive and offensive scenarios.
There is still an important role for security textbooks, reference materials, and even lectures or how-to guides. To achieve learning objectives in training settings that translate into effective operational security (including security management), there is no substitute for direct exposure to security tools, techniques, and deployment alternatives. For instance, one of the information assurance courses at UMUC focuses on intrusion detection and prevention, illustrated in practical terms through the hands-on use of Snort, one of the most popular open-source network IDS tools. Snort offers a lot of advanced features and complex intrusion analysis capabilities, but can nonetheless be installed and configured for basic experimentation and learning purposes on just about any computer workstation.
We prepare training materials and provide training on a variety of security topics, with experience in online and face-to-face course delivery models. Our practitioners have worked in both university and professional training settings, and we can work with you to provide tailored, focused training ranging from half-day subject overviews to multi-day, in-depth topic coverage. Representative professional courses include:
Our areas of expertise include security management, security engineering, and the application of security control frameworks relevant to both private and public sector organizations; security policy development, implementation, and enforcement; layered security architecture, enterprise architecture, and defense-in-depth practices; enterprise risk management; and security and privacy compliance.
SecurityArchitecture.com does not provide certification-specific training or certification exam preparation. When seeking training in order to meet security and privacy certification requirements and to prepare for and successfully pass certification exams, tailored courses are often available from the certifying organizations themselves. There are also many third-party sources of security training that provide instruction not only for certification test preparation, but also in the fundamentals of security (which typically underlie the relevant certifications) and education in detailed technical and practical knowledge that can only be gained through hands-on exposure.