White Team Training
What will help me get a White Team Role?
White Team roles are generally for more experienced Professionals within the industry however there are oportunities for entry level candidates. Soft skills are the key to gaining a white team role. You need to have confidence, excellent communication, the ability to write effective documentation, active listening. The soft skills are hard to learn and often come with experience. That experience can be gained in any industry, not just Cyber Security. It is your job to get your soft skills across to the hiring managers on your CV and in the interview stage.
Understanding the industry is key to your success as a White Team Pro. A solid base knowledge such as a CompTIA Security+ Certification will help you attain the basics. From there you need to be looking at what specific part of the White Team you want to be working in? The role will give you clues as to what you need to study. Where are you going to be based? The location and the laws governing Personal Data within that area are going to be the driving factors on choosing which frameworks to learn.
Fundamental knowledge of the systems you will be working on will help you gain a role. Look at MS 100 and MS 101. These will give you knowledge of Access Control Lists and Group Policies etc. Azure and AWS Fundamentals will also help. If you are writing Policies over these systems then you should know the basics about them. The great thing about these courses is that they are available free online, You will only need to pay if you wish to get a certificate.
Security Policy Cheat Sheet
A simple free guide to help you understand the very basics of policy development. Download it now and you'll soon be making yourself indispensable in your organization.
Security Policy Foundations
In this "pay what you can", foundational level course, I will show you how to cast your first spells as a budding Security PolicyWizard. You'll learn the basics:
What is security risk? What is a security policy?
What is a security framework? What is a security risk?
Security policy considerations:
- Layout - Readership - Accountability - Policy length - Legal terms - Title & references - Templates - Tracking methods - Development tools Plus a bunch more
Security Policy Masterclass
Remember the bit in Lord of the Rings where Gandalf fights the Balrog in the Mine of Moria? Well, this course is like that. Security policies are the Balrog, and you, well you are Gandalf the Gray. Standing on the bridge between where you are now, and your future as a Security PolicyWizard. You'll fight the monster, emerge victoriously and arise as Gandalf the White. You Shall Pass! I will show you the way.
Security Frameworks, 5 Steps to Learn them Fast!
Read the framework - Read every line, understand what it is saying. What Laws are relevant? What are the requirements? Read the sub documents!
Copy the document into a fresh word processor document - Format it so it's workable, Copy the requirements into a new document
Create a Gap Analysis - Use the requirements to build a Gap Analysis document which you could use to audit a company. Add Notes and Recommendations areas
Create a Best Practice Document - Read the requirements and decide what is the Best Solution to comply with that specific requirement. Repeat for all areas
Create a fictional company - What industry? What Size? What is their current Security Profile? Take the company through a Gap Analysis. Write a report
Bonus Tip! Get Experience - Publish your work, Help a small business comply with the framework, Help others learn by teaching the framework.
Laws vs Standards
Legislation such as the Computer Missuse Act state things that must or must not be done. It is down to the company or individual to decide to comply with the law, however acts which fall foul of the law may result in criminal prosecution. Standards are not laws; they are guidelines which help businesses implement best practice procedures and solutions. ISO 27001 is the International Standard for Implementing an Information Security Management System. It lists 114 security controls which may be implemented to secure company systems. If a company decides to ignore a standard, they will not face prosecution for ignoring the standard but they may fall foul of laws which state Personal Data must be secure and accurate such as the Data Protection Act.
In the UK we are governed by the Data Protection Act 2018 (GDPR) which is the UK Government version of the EU General Data Protection Regulation. This law is the foundation of data governance. If you wish to work in Governance, Risk and Compliance (GRC) within the United Kingdom or Europe, a solid understanding of this law is expected.
EU GDPR Courses
There are amazing free courses from Advisera. The course material is free but if you wish to get the certificate and additional material then you have to pay. I recommend doing both courses and if you feel you need to and have the budget, then take the exams.
As mentioned above, ISO 27001 is the International Standard for the Implementation of an ISMS. It is a complicated document with several sub documents. A solid understanding of this standard will help you in your search for a white team job. There are four levels to ISO 27001 Training; Foundation, Internal Auditor, Lead Implementor, Lead Auditor.
ISO 27001 Courses from IT Governance
ISO 27005 - Risk Management
This is a sub standard of ISO 27001 and is primarily concerned with the implementation of the Risk Management procedures of 27001. It gives guidance on how to assess, treat and document the Risk Management procedure. Great courses are available for this standard however I have not found any for free.
Great ISO 27005 Course from IT Governance
Learn how to conduct an information security risk assessment from start to finish with this specialist led training course.
Learn practical risk management methodologies, including ISO 27005 and other risk management techniques.
Learn from anywhere – choose whether you attend our courses Live Online or in person.
Our Classroom / Live Online option allows you to study your way, keeping travel and costs down to a minimum.
IBITGQ accredited three-day training course.
Successful completion of the course and included exam leads to the ISO 27005 Certified ISMS Risk Management (CIS RM) qualification and 21 CPD/CPE points
Business Continuity -
Keeping the business running in the event of a disaster
One of the requirements of ISO 27001 is that plans have been put in place to enable the ISMS to withstand a number of disasters such as flooding, power outages, fire etc. The ISO standard for the implementation of Business Continuity is ISO 22301. Just like ISO 27001, Individuals can gain certification in the same four levels, Implementor, Auditor, etc.
IT Governance courses on Business Continuity Management
Free ISO 27001 Training Courses!
The 4 courses from Advisera below are all free to watch, you'd just have to pay for the exam and certificate.
Advisera may not be the most cost effective for these courses if you do wish to get the certificates. I recommend searching other providers to get a better idea of any deals which may currently be offered. Search Linkedin for approved providers and see their current deals.