BTV that is so great to hear. I hope that these videos are helpful and provide you with information you can use! Are you working in cyber security now? What topics would you like us to discuss?
@@Bishop_Sarpong Awesome! We will be looking at the assessment step the week of 3 Feb (next week) on Thursday, Feb 6! Glad we are covering something you want to see!
Alpha, That is great to hear! The CAP is a good certification and proves that you understand the RMF. We will be putting out more RMF content covering both RMF 1.0 and the new RMF 2.0. The RMF training lab should be back online soon as well. Thank you for commenting! Good luck in the exam!
@@Cyber-recon Thank you very much sir.. I look forward to checking out your content. (Sidenote) I love to see local guys doing great things. Keep up the good work
I think the things that you should cover more is control assessment and relate each control to different incidents or attacks. For example, what control can we put in place to mitigate brute force attack, cross site scripting attack, just as an example.
Hey there, thanks for watching the video and for your great question about the role of an ISSO and the need for coding or programming skills! The short answer is that it depends on the specific job role and the organization. Generally, an Information Systems Security Officer (ISSO) is responsible for the security of an organization's information systems. This role typically involves understanding security policies and procedures, ensuring systems comply with these policies, and managing risks. While direct coding or programming skills may not be a core requirement for all ISSO positions, having a basic understanding of how software is developed and how systems are maintained can be incredibly beneficial. This knowledge helps in understanding potential security vulnerabilities and in effectively communicating with technical teams. In some more technical roles or in smaller organizations where the ISSO might be more hands-on, having coding skills could be more important. For example, it might be useful for tasks like automating security processes, understanding and responding to security incidents, or even participating in secure software development. Ultimately, if you're considering a career as an ISSO or are currently in the field, it wouldn't hurt to have some foundational knowledge in coding. However, it's also important to focus on other key areas such as policy understanding, risk management, and communication skills. Thanks again for your question. If you're an ISSO or have experience in this area, feel free to share your thoughts on the importance of coding skills in the comments!
I have been in i.t two years and trying to cross over to cyber or cloud. I have sec+ and aws ccp. Any recommendations for landing a soc role or isso role. Right now I'm preparing for splunk, ejpt ,(cysa as a third option but debating skipping ) and going straight for casp.
If you have been in IT for two years and have the Security+ and AWS CCP, I would focus on a tool like Splunk (it seems that there are never enough Splunk Engineers), or focus on higher level AWS courses - especially Security (again not enough cloud people). The big thing is to get some experience in an area or tool would help a lot
I am a certified comptia plus and have taken RMF classes. I am trying to find a job without lying on my resume. I don’t have any experience. What’s your advice ? I think I need help with the resume etc.
Great question! Understanding the difference between an Information Assurance Specialist and an Information Systems Security Officer (ISSO) is key to grasping the various roles in cybersecurity. While there's some overlap, these positions generally focus on different aspects of information security. Information Assurance Specialist: This role is typically broader and focuses on ensuring the confidentiality, integrity, and availability of data across various platforms and systems. Information Assurance Specialists are concerned with the overall strategy and implementation of security measures to protect information. This includes risk management, developing security policies, and ensuring compliance with regulations. They might work with various types of data and systems, not just those related to information systems. Information Systems Security Officer (ISSO): The ISSO, on the other hand, is more focused specifically on the security of information systems. This role involves implementing and enforcing security policies specifically for information systems, ensuring they comply with regulatory requirements. An ISSO is responsible for the day-to-day management of security controls in information systems, monitoring for security breaches, and responding to incidents. In summary, while both roles aim to protect information, an Information Assurance Specialist has a broader scope covering all aspects of information security, whereas an ISSO is more focused on the security of specific information systems. It’s also worth noting that the exact responsibilities can vary depending on the organization's size and structure. In some cases, the roles might even overlap or be combined into one position. If anyone has additional insights or experiences regarding these roles, feel free to add to the discussion!
I am currently an ISSO in the USAF. I finished my Security plus back in 2011. Looking to obtain my CAP certification now. Any specific study material you would recommend?
There are not a lot of books out there on this subject. In my opinion the (ISC)2 book is not that good and needs to be updated. We are starting our semi self paced RMF 2.0 and CAP class on Monday. You can check that out at cyber-recon.com
Good morning!!!! I'm very interested in starting a career in cyber security. Where can I enroll into courses or receive certification. I'm currently working in a similar related field Thank you!
Good morning! It's wonderful to see your enthusiasm for starting a career in cybersecurity. There's a wealth of both free and paid training options available that can help you on this journey. Free Online Courses and CZcams Training: Many experts and educators share their knowledge on platforms like CZcams, offering free tutorials and lectures on various cybersecurity topics. Websites like Khan Academy, MIT OpenCourseWare, and Harvard's online learning platform also provide free courses. These resources are great for self-paced learning. Paid Online Courses: Platforms like Coursera, Udemy, and edX offer both free and paid courses in cybersecurity. Paid courses often include more in-depth material, additional resources, and sometimes offer a certification upon completion. Professional Certifications: While some certifications might require an investment, they're highly regarded in the industry. Look into certifications like CompTIA Security+, Certified Ethical Hacker (CEH), and Cisco's CCNA Cyber Ops. Some of these certifications may offer free study materials or community support to help with preparation. University Programs: For a more structured approach, consider enrolling in undergraduate or postgraduate degree programs in cybersecurity. While these are usually paid, they offer comprehensive education and are valued by employers. Bootcamps: Cybersecurity bootcamps, both free and paid, provide intensive, practical training. Free bootcamps might be more limited in scope but can still offer valuable insights and basic skills. MOOCs and Educational Websites: Many Massive Open Online Courses (MOOCs) offer free versions of their courses, with the option to pay for certification. Websites like Cybrary and Codecademy also provide a mix of free and paid cybersecurity learning resources. Remember, the field of cybersecurity is always evolving, so staying up-to-date with the latest trends and threats is crucial. Engaging in online forums, local meetups, and professional networks can also provide invaluable insights and career opportunities. Best of luck in your cybersecurity journey! And if anyone else has recommendations for great free or paid learning resources, please share them in the comments below!
wow!!!. Am also in VA. I am learning a lot. Thanks so much
BTV that is so great to hear. I hope that these videos are helpful and provide you with information you can use! Are you working in cyber security now? What topics would you like us to discuss?
@@Cyber-recon , I will.like too discuss Assessment step. thanks so much
@@Bishop_Sarpong Awesome! We will be looking at the assessment step the week of 3 Feb (next week) on Thursday, Feb 6! Glad we are covering something you want to see!
Hello Guy's excellent video. I've just started studying for my CAP your videos are very informative. Thanks
Alpha, That is great to hear! The CAP is a good certification and proves that you understand the RMF. We will be putting out more RMF content covering both RMF 1.0 and the new RMF 2.0. The RMF training lab should be back online soon as well.
Thank you for commenting! Good luck in the exam!
@@Cyber-recon Thank you very much sir.. I look forward to checking out your content. (Sidenote) I love to see local guys doing great things. Keep up the good work
@@alphakuyateh7765 Thank you so much!
@@Cyber-recon If I have the CAP, should I still get the Security +?
I think the things that you should cover more is control assessment and relate each control to different incidents or attacks. For example, what control can we put in place to mitigate brute force attack, cross site scripting attack, just as an example.
Assessment video is very informative
Dankona, thank you I am glad you like it. Is there anything you think we should cover?
I'm also in VA what a small world! I just applied for an ISSO position
That is an awesome job! Where are you at in VA?
@@Cyber-recon Alexandria, i currently work Helpdesk for the company but applied to ISSO still waiting to hear back
@@vablackbelt hopefully you hear something soon!
Hey great video, do ISSO need to know how to code/program? Thanks;
Hey there, thanks for watching the video and for your great question about the role of an ISSO and the need for coding or programming skills!
The short answer is that it depends on the specific job role and the organization. Generally, an Information Systems Security Officer (ISSO) is responsible for the security of an organization's information systems. This role typically involves understanding security policies and procedures, ensuring systems comply with these policies, and managing risks.
While direct coding or programming skills may not be a core requirement for all ISSO positions, having a basic understanding of how software is developed and how systems are maintained can be incredibly beneficial. This knowledge helps in understanding potential security vulnerabilities and in effectively communicating with technical teams.
In some more technical roles or in smaller organizations where the ISSO might be more hands-on, having coding skills could be more important. For example, it might be useful for tasks like automating security processes, understanding and responding to security incidents, or even participating in secure software development.
Ultimately, if you're considering a career as an ISSO or are currently in the field, it wouldn't hurt to have some foundational knowledge in coding. However, it's also important to focus on other key areas such as policy understanding, risk management, and communication skills.
Thanks again for your question. If you're an ISSO or have experience in this area, feel free to share your thoughts on the importance of coding skills in the comments!
I have been in i.t two years and trying to cross over to cyber or cloud. I have sec+ and aws ccp. Any recommendations for landing a soc role or isso role. Right now I'm preparing for splunk, ejpt ,(cysa as a third option but debating skipping ) and going straight for casp.
If you have been in IT for two years and have the Security+ and AWS CCP, I would focus on a tool like Splunk (it seems that there are never enough Splunk Engineers), or focus on higher level AWS courses - especially Security (again not enough cloud people). The big thing is to get some experience in an area or tool would help a lot
I am a certified comptia plus and have taken RMF classes. I am trying to find a job without lying on my resume. I don’t have any experience. What’s your advice ? I think I need help with the resume etc.
What CompTIA cert do you have - I would love to help you if I can
Hello kind Sir,
Can you please explain to me the difference between an Information Assurance specialist and ISSO???
Great question! Understanding the difference between an Information Assurance Specialist and an Information Systems Security Officer (ISSO) is key to grasping the various roles in cybersecurity. While there's some overlap, these positions generally focus on different aspects of information security.
Information Assurance Specialist: This role is typically broader and focuses on ensuring the confidentiality, integrity, and availability of data across various platforms and systems. Information Assurance Specialists are concerned with the overall strategy and implementation of security measures to protect information. This includes risk management, developing security policies, and ensuring compliance with regulations. They might work with various types of data and systems, not just those related to information systems.
Information Systems Security Officer (ISSO): The ISSO, on the other hand, is more focused specifically on the security of information systems. This role involves implementing and enforcing security policies specifically for information systems, ensuring they comply with regulatory requirements. An ISSO is responsible for the day-to-day management of security controls in information systems, monitoring for security breaches, and responding to incidents.
In summary, while both roles aim to protect information, an Information Assurance Specialist has a broader scope covering all aspects of information security, whereas an ISSO is more focused on the security of specific information systems.
It’s also worth noting that the exact responsibilities can vary depending on the organization's size and structure. In some cases, the roles might even overlap or be combined into one position.
If anyone has additional insights or experiences regarding these roles, feel free to add to the discussion!
I am currently an ISSO in the USAF. I finished my Security plus back in 2011. Looking to obtain my CAP certification now. Any specific study material you would recommend?
There are not a lot of books out there on this subject. In my opinion the (ISC)2 book is not that good and needs to be updated. We are starting our semi self paced RMF 2.0 and CAP class on Monday. You can check that out at cyber-recon.com
I would check out some NIST publications. Start with NIST SP 800-37.
Good morning!!!! I'm very interested in starting a career in cyber security. Where can I enroll into courses or receive certification. I'm currently working in a similar related field Thank you!
Good morning! It's wonderful to see your enthusiasm for starting a career in cybersecurity. There's a wealth of both free and paid training options available that can help you on this journey.
Free Online Courses and CZcams Training: Many experts and educators share their knowledge on platforms like CZcams, offering free tutorials and lectures on various cybersecurity topics. Websites like Khan Academy, MIT OpenCourseWare, and Harvard's online learning platform also provide free courses. These resources are great for self-paced learning.
Paid Online Courses: Platforms like Coursera, Udemy, and edX offer both free and paid courses in cybersecurity. Paid courses often include more in-depth material, additional resources, and sometimes offer a certification upon completion.
Professional Certifications: While some certifications might require an investment, they're highly regarded in the industry. Look into certifications like CompTIA Security+, Certified Ethical Hacker (CEH), and Cisco's CCNA Cyber Ops. Some of these certifications may offer free study materials or community support to help with preparation.
University Programs: For a more structured approach, consider enrolling in undergraduate or postgraduate degree programs in cybersecurity. While these are usually paid, they offer comprehensive education and are valued by employers.
Bootcamps: Cybersecurity bootcamps, both free and paid, provide intensive, practical training. Free bootcamps might be more limited in scope but can still offer valuable insights and basic skills.
MOOCs and Educational Websites: Many Massive Open Online Courses (MOOCs) offer free versions of their courses, with the option to pay for certification. Websites like Cybrary and Codecademy also provide a mix of free and paid cybersecurity learning resources.
Remember, the field of cybersecurity is always evolving, so staying up-to-date with the latest trends and threats is crucial. Engaging in online forums, local meetups, and professional networks can also provide invaluable insights and career opportunities.
Best of luck in your cybersecurity journey! And if anyone else has recommendations for great free or paid learning resources, please share them in the comments below!
@@Cyber-recon Thank you so much!!!!!! Happy New Year!!!!