Corporate Laboratories - Information Security Training Program

Today, the issue of information security is particularly acute - "loud" scandals with data leakage, critical vulnerabilities found in the most popular commercial and opensource products, constant hacker attacks, covered in newspapers and on television - the list goes on and on. The information security market is full of various solutions designed to solve security issues, and despite the crisis, companies actively finance funds to maintain the proper level of information security, while the overall “personnel shortage” of qualified information security specialists is observed in the market.

To ensure high-quality security of your corporate network, you need to understand what are the vulnerabilities that allow an attacker to overcome security systems, as well as understand how it operates. General information security awareness of employees , as well as knowledge of the tools and ways of work of attackers, allow implementing the most effective measures to counter information security threats.
')
In order to master such knowledge (subject to the availability of knowledge in the field of system administration and the functioning of the network and systems), years of preparation are needed, including continuous study of the material and active practice . Fortunately, there are many resources, both paid and free . The disadvantage of such training is the need to process a huge amount of information. Due to lack of free time, this can be a daunting task. In addition, the process of self-learning should be systemic - it is necessary to first determine the direction (network security, web applications, systems and application software, cryptography, databases, etc.). Due to the lengthiness and lack of consistency during self-study, a situation may arise when the knowledge obtained at the time of the end of the training will lose some of its relevance, partially or completely.

On the Internet there are many video courses that allow you to systematize the learning process. Undoubtedly, such a training format will allow obtaining knowledge more qualitatively, but it has a significant drawback - the lack of practical training and curator assistance. Speaking of information security, it is worth noting that, as a rule, a successful attack involves the successful exploitation of a group of vulnerabilities.


In fact, in order to successfully exploit a vulnerability group, it is necessary, firstly, to be able to detect them , secondly, to be able to operate , and, thirdly, to be able to correctly use the results of the exploitation of each vulnerability (i.e., correctly construct the attack vector ). Thus, the practice should be implemented in the form of a full-fledged laboratory, implemented on the basis of a real corporate network. In order for tasks in such a laboratory not to be "feigned", it is the "practices" that should be involved in the development of the laboratory - specialists with extensive experience in conducting pentest.

There are various training programs in the field of ethical hacking and penetration testing, both in Russia and abroad, which can significantly improve their skills in the field of practical information security, but a significant drawback of many such programs is their long coordination (usually from six months) . Given the intensity of the emergence of new vulnerabilities, as well as methods and tools for their operation, such programs lose their relevance a bit.

Thus, advanced training can be divided into 2 types:
- free (very long and requiring consistency, otherwise it may be ineffective);
- paid (short, but requiring great dedication and additional self-study, with a serious approach and selection of a good program - the most effective).

Taking into account the needs of specialists , we have developed a special training program for professional training - “Corporate Laboratories PENTESTIT” , the uniqueness of which lies in the symbiosis of the training format (fully distant, not requiring separation from work and study), the quality of the material and the specialized resources on which the training is performed:

• training is built on the principle: 20% of theory (webinars) and 80% of practice (work in pentest laboratories);
• webinars are read by specialists with extensive practical experience in the field of information security;
• all laboratories (for each tariff there are several of them) are developed on the basis of vulnerabilities discovered as a result of pentest of real companies in an impersonal form;
• Throughout the learning process, the group is accompanied by a curator who helps to cope with the task, if such is required. It is important to note that the main task of the curator is not to explain the implementation, but to teach how to think in order to cope with the task independently;
• with each new set (once a month and a half), the material is processed and updated , which allows keeping the program up to date at the time of training;
• All resources used in the programs (personal account, webinar-site and laboratories) are PENTESTIT's own development and are implemented taking into account all the needs of students .

How the learning process is organized can be found here .

In addition to the main, paid program, we invite guests - experts in the field of IT and information security. In the current set of “Corporate Laboratories” (which was held on June 14), Ivan Novikov, the head of Wallarm (web application firewall of a new generation), will speak on the topic “General problems of attack detection tools and web application vulnerability search tasks”, as well as share his vision solutions to such problems.


As always, the video will be published on our channel , and the participants of the Corporate Laboratories will be able to talk with Ivan and ask their questions. The identity of the guest who visits the next set is not disclosed yet, we will inform about this later.

Summing up, it is worth noting that self-study is extremely important for maintaining and raising qualifications, however, high-quality training programs in symbiosis with self-study will allow in a short time to significantly increase knowledge , and also to set a quality vector for further development , allowing the specialist to remain in demand, despite the economic and political conjuncture.

Thanks for taking the time and reading the article to the end. The next set of “Corporate Laboratories” will be held 09/09/2015. You can learn more and register here .