Past Events

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Introduction to Log Management (IR210) Cyber Range Training event. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

Log files provide the data that are the bread and butter of incident response, enabling network analysts and incident responders to investigate and diagnose issues and suspicious activity from network perimeter to epicenter. Participants will be introduced to basic principles of log management and configuration. Federal compliance regulations of log configuration and management including OMB Memo M-21-31 will also be introduced. 

Experience these benefits and more: 

• Common attack methods: Understand the importance of the configuration, management, and analysis of logs for incident response and identify key processes of log management. 

• Practice in a realistic environment: Investigate and analyze log data for suspicious activity. Detect and correlate possible IOCs or malicious activity with threat intel. Exercises include configuring a DNS server, network device firewall, an operating system and more for propper logging.  

• Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussions and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions.

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.

DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER) is hosting a joint Energy Sector BOM Collaboration webinar in partnership with DHS Cybersecurity and Infrastructure Security Agency (CISA), and IEEE Power Systems Communications and Cybersecurity Technical Committee (PSCCC).  

This webinar will include representatives from asset owners and operators (AOOs), vendors, and researchers in the energy sector all sharing their experiences and lessons learned from using or attempting to use BOMs for supply chain risk management. The webinar will consist of a series of presentations as well as two facilitated Q&A panels where vendors and AOOs will discuss the following topics: policies/regulations, value proposition, existing challenges, and where do we go from here.

Empower your small business with a deep dive into cybersecurity basics at our upcoming Introduction to Cybersecurity event. Discover practical strategies to protect your business online. Join us for insights tailored to small businesses, ensuring your digital assets are secure. Do not miss out on the chance to boost your digital security knowledge.

This event will take place online using Microsoft Teams, please register to obtain for the login information. Please note, if you are planning to use a mobile device to access this webinar, you must first download the Teams app to your device.

SBA programs and services are extended to the public on a nondiscriminatory basis. For reasonable accommodation request please send an email to lado@sba.gov at least 7 days in advance.

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Using the CISA Incident Response Playbook at your Organization (IR211) Cyber Range Training event. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability. 

Produced in accordance with Executive Order 14028, “Improving the Nation’s Cybersecurity,” CISA released the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks that provide federal civilian agencies with a standard set of procedures to respond to vulnerabilities and incidents impacting Federal Civilian Executive Branch (FCEB) networks. This course introduces students to the Incident Response Playbook that describes the process FCEB agencies should follow for confirmed malicious cyber activity for which a major incident has been declared or not yet been reasonably ruled out. The course will include a tabletop discussion format that follows a simulated IR event/scenario and guides students through the CISA IR checklist and IR phases. While the playbooks are intended for federal agencies, CISA encourages public and private sector partners to review them to help inform their own incident response practices.

Experience these benefits and more:

• Key guidance for organizations: Introduce the CISA Incident Response (IR) Playbook with an overview of the IR phases, key resources, standardizing shared practices, and the Incident Response Checklist. Learn about roles, responsibilities, and the importance of communication during an incident response.  

• Lessons learned: This course also highlights lessons learned and common missteps when implementing an IR playbook.  

• Peer activity and discussion: A guided incident response tabletop scenario and discussion where students will be required to follow the IR process using the CISA IR checklist. The tabletop discussion will help students to better comprehend and apply critical thinking throughout the NIST/CISA IR process.

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment. 

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment. 

EVENT LOGISTICS  

• Dates:  Wednesday, November 6, 2024 or Thursday, November 7, 2024 

• Time: 9 a.m. to 1 p.m. EDT - Wednesday
  12:00 p.m. to 4:00 p.m. EDT - Thursday

• Location: Online via WebEx  

• CPE Credit: Participants can earn 4 CPE credits for attending this course.  

• Attendee Requirements: This course requires active participation. Attendees can use government-issued computers or personal computers. A second monitor is recommended.  

• Note: Audio is through WebEx; there is no external dial-in.  

• Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required.

Due to participation requirements, please register no later than 48 hours before the course starts. 

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer Incident Response Training event, Defend Against Ransomware Attacks Cyber Range Training (IR209). The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a network’s defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure. In this training, participants will be introduced to common applications and process that harden network defenses, as well as key terms to be aware of in the prevention of ransomware attacks.

Experience these benefits and more:

• Common attack methods: Define ransomware and identify best practices and preventive measures to mitigate the impact of ransomware attacks.  

• Practice in a realistic environment: Learn how to apply specific tools to configure and backup active directory policies, reset KRBTGT account passwords and create application allowlisting policies.  

• Identify and mitigate vulnerabilities in real time: Students will identify malicious domains and mitigate them by establishing a sinkhole and by blocking the malicious domain.   

• Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussions and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions.

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.  

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment. 

EVENT LOGISTICS  

• Date:  Thursday, October 31, 2024 

• Time: 12:00 PM EDT – 4:00 PM EDT  

• Location: Online via WebEx  

• CPE Credit: Participants can earn 4 CPE credits for attending this course.  

• Attendee Requirements: This course requires active participation. Attendees can use government-issued computers or personal computers. A second monitor is recommended.  

• Note: Audio is through WebEx; there is no external dial-in.  

• Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required.

Due to participation requirements, please register no later than 48 hours before the course starts. 

Please join CISA and the IT SCC in our 2024 Cybersecurity Awareness Month Series. This event is a partnership between CISA IT Sector Management and the IT Sector Coordinating Council to bring valuable information from Government and Private Sector experts to small and medium sized businesses operating in or adjacent to critical infrastructure. For 2024 we are focusing on Artificial Intelligence. The discussions throughout this series will discuss different aspects of AI, understanding how it could effect your environment, what the research community is developing and seeing, and what to expect moving forward when discussing AI safety. 

Who should attend:

While the focus of the content will be centered around small and medium businesses there are prominent discussions happening that will provide value to businesses of any size. Discussions around safety effect all sized businesses and many times all American citizens due to the interconnectivity of IT environments. This effort stems from the IT sector and will maintain that origin within the discussions but again, due to the interconnectivity of the sector, we encourage all 16 critical infrastructure sectors to attend and will receive value from attending. 

What to Expect: 

For our final week we want to provide resources for continuing education and support. This week will serve as an opportunity to highlight educational  efforts on-going throughout government and industry. How can you ensure your company remains at its top operational prowess in a field such as the IT Sector that changes rapidly? Continued learning and involvement. Involvement in the efforts discussed this week will provide opportunities to apply this continued education mindset and ensure you are staying up-to-date on any changes in the field. 

Identity and Access Management is a fundamental and critical cybersecurity capability for businesses of all sizes. To protect your business from fraud and unauthorized system and data access, you want to take steps to ensure that only the right people and technologies have the right level of access to the right resources at the right time.

For many busy small business owners, the use of passwords has been the primary method for locking down access to sensitive systems and data. However, passwords alone are not effective for protecting your data from most attackers. They have become too easy for threat actors to exploit at scale and with limited effort. So that leaves us with the question: what can a small business owner with limited resources do to protect their systems and information from unauthorized access?

During this webinar, we’ll take it back to the fundamentals to discuss practical steps small businesses can take to enhance their identity and access management, resulting in a stronger, more resilient business in the face of increasing cybersecurity risks. We will cover:

• Current guidance and leading-practices for multi-factor authentication (MFA), including phishing-resistant MFA.
• Identity and Access Management approaches to consider as your business grows.
• How identity and access management is covered in the NIST Cybersecurity Framework 2.0.

Please join CISA and the IT SCC in our 2024 Cybersecurity Awareness Month Series. This event is a partnership between CISA IT Sector Management and the IT Sector Coordinating Council to bring valuable information from Government and Private Sector experts to small and medium sized businesses operating in or adjacent to critical infrastructure. For 2024 we are focusing on Artificial Intelligence. The discussions throughout this series will discuss different aspects of AI, understanding how it could effect your environment, what the research community is developing and seeing, and what to expect moving forward when discussing AI safety. 

Who should attend:

While the focus of the content will be centered around small and medium businesses there are prominent discussions happening that will provide value to businesses of any size. Discussions around safety effect all sized businesses and many times all American citizens due to the interconnectivity of IT environments. This effort stems from the IT sector and will maintain that origin within the discussions but again, due to the interconnectivity of the sector, we encourage all 16 critical infrastructure sectors to attend and will receive value from attending. 

What to Expect:

For week three we will be discussing Principles and Guidelines surrounding AI. This will be a panel discussion with industry leaders. Information learned here can be used to advance your company's programs on how AI can be used efficiently and safely throughout your environments. 

Attention all small business owners! In 2024, data breaches are at an all-time high, impacting billions of people and causing unprecedented financial and personal damage. Don’t let your business or personal security be compromised by the surge in cybercrime!

What you'll learn:

• Big Data Breaches of 2024: Discover the major breaches making headlines this year and understand their impact on both individuals and businesses.
• Protect Yourself: Get actionable tips on safeguarding your identity and finances if you find yourself involved in a data breach.
• Cybersecurity Best Practices: Learn how to fortify your defenses against bad actors who exploit weak security to steal your data, money, and reputation.
• Risk Reduction Strategies: Find out what you can do to minimize the chances of falling victim to cybercrime and ensure your company is protected.
• Action Plan for Breach Notification: Understand the steps to take immediately if you’re notified of a data breach affecting you or your organization.

Why Attend?

Cybersecurity is not just an IT issue; it's a critical aspect of protecting your business and personal assets. This webinar is your chance to get ahead of potential threats and arm yourself with the knowledge to defend against them. Equip yourself with the knowledge to stay safe in an increasingly dangerous digital world.

Please join CISA and the IT SCC in our 2024 Cybersecurity Awareness Month Series. This event is a partnership between CISA IT Sector Management and the IT Sector Coordinating Council to bring valuable information from Government and Private Sector experts to small and medium sized businesses operating in or adjacent to critical infrastructure. For 2024 we are focusing on Artificial Intelligence. The discussions throughout this series will discuss different aspects of AI, understanding how it could affect your environment, what the research community is developing and seeing, and what to expect moving forward when discussing AI safety. 

Who should attend:

While the focus of the content will be centered around small and medium businesses there are prominent discussions happening that will provide value to businesses of any size. Discussions around safety effect all sized businesses and many times all American citizens due to the interconnectivity of IT environments. This effort stems from the IT sector and will maintain that origin within the discussions but again, due to the interconnectivity of the sector, we encourage all 16 critical infrastructure sectors to attend and will receive value from attending. 

What to expect: 

This installment aims to create a baseline of understanding of AI and how it could be used for or against your organization. Ensuring everyone is on the same page of definitions, knowledge, and understanding of AI is critical to ensuring we move forward to a safer future, together. An invaluable asset to our nation's security is the research community. Dr. Zico Kolter from Carnegie Mellon University will be joining us for this event to share his knowledge on AI as one of the nation's brightest minds on the subject.