Small- and Medium-Sized (SMB) Employee Cybersecurity Training Seminar

TOPIC 1: SOCIAL ENGINEERING
•    Define social engineering the bugs in the human hardware that makes us susceptible to exploit
•    Video reviews and related discussions on the topics of cognitive biases and the power of pretexting
•    Common social engineering threat vectors such as waterholes, phishing and spear-phishing, quid-pro-quo, tailgating, ‘round the corner, and baiting.
•    Common tactics, techniques and procedures used by threat actors including Google dorking, Maltego and Kali Linux

TOPIC 2: PHISHING, SPEAR-PHISHING, WHALING & RANSOMWARE
•    The difference between phishing, spear-phishing, and whaling
•    A deep dive into the anatomy of a spear-phishing attack & characteristics of a malicious email, text and phone call
•    Video review discussion on the topic of voice phishing (vishing)
•    The underground marketplace (Dark Web) and the anonymity and commerce tools used by these merchants of mayhem
•    What ransomware is and a discussion on recent ransomware attacks
•    What to do if a victim or ransomware and a discussion on the organization’s decision to pay or not pay
•    How to minimize the risk of a ransomware attack

"We humans are the first and last line of defense against cybercriminals."

TOPIC 3: CYBERCRIMINAL PSYCHOLOGY
•    Cybercrime defined and the role of forensic psychology and offender profiling
•    An exploration of offender profiling, its approaches, and its methods

TOPIC 4: INSIDER THREATS
•    How insider threats happen
•    The three personas of compromised insiders: malicious actors, negligent actors, and compromised agents
•    What to do when you believe an employee is compromised

TOPIC 5: EXTERNAL THREAT ACTORS
•    A series of deep dives on the major global threat actors and the related open source intelligence available to help understand motivations
•    The complexities of vulnerabilities introduced by the internet-of-things (IoT) and bring-your-own-device (BYOD)