Here you can find events that your organization might find helpful. These range from in-person events to webinars on a variety of topics.
(please note that some of these events require advance registration)
Introduction to Log Management (IR210)
The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Introduction to Log Management (IR210) Cyber Range Training event. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.
This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.
Log files provide the data that are the bread and butter of incident response, enabling network analysts and incident responders to investigate and diagnose issues and suspicious activity from network perimeter to epicenter. Participants will be introduced to basic principles of log management and configuration. Federal compliance regulations of log configuration and management including OMB Memo M-21-31 will also be introduced.
Experience these benefits and more:
- Common attack methods: Understand the importance of the configuration, management, and analysis of logs for incident response and identify key processes of log management.
- Practice in a realistic environment: Investigate and analyze log data for suspicious activity. Detect and correlate possible IOCs or malicious activity with threat intel. Exercises include configuring a DNS server, network device firewall, an operating system and more for propper logging.
- Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussions and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions.
This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.
Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.
Workshop on Updating Manufacturer Guidance for Securable Connected Product Development
NIST invites the cybersecurity and IoT communities to join a discussion on updating
-
IoT Device Cybersecurity Capability Core Baseline (NIST IR 8259A)
-
IoT Non-Technical Supporting Capability Core Baseline (NIST IR 8259B)
Topics like the convergence and rise of Industrial IoT (IIoT), the introduction of new guidance from NIST (e.g., Secure Software Development Framework, Privacy Framework, Cybersecurity Framework 2.0), and cybersecurity for legacy products, systems, and environments are just a few examples of considerations that NISTIR 8259 could incorporate or expand on in a revision.
This Workshop will begin a conversation around these topics to identify useful new additions to this core IoT guidance.
Registration for in-person participation will close on November 22, 2024 at 5:00pm.
University-Based Cybersecurity Clinics: Educating the Next Generation of Cybersecurity Leaders While Safeguarding Small Businesses
Colleges and universities have long been a valuable resource for small businesses in their communities. Examples of support and outreach include running start-up incubators and accelerators, hosting small business development centers, providing a source of interns and entry-level workforce members, hosting legal and medical clinics, and much more. Recently, higher education, with support from industry and government, has been addressing two critical questions in cybersecurity through an emerging network of cybersecurity clinics:
- How can we bolster the cybersecurity posture of small, under-resourced organizations in our community?
- How can we build a stronger cybersecurity workforce by providing students with valuable, hands-on learning experiences?
Through the clinics, multidisciplinary teams of students work with faculty providing no-cost cybersecurity services to the region’s small, under-resourced organizations—providing valuable workforce development experiences to students and important cybersecurity support to those organizations who need it the most.
This webinar will provide an overview of cybersecurity clinics, while also highlighting experiences of students and small businesses who have participated in the program. The panel discussion will run for 45 minutes, with 15 minutes reserved at the end of the hour for questions.
Opening Remarks:
- Rodney Petersen, Director, National Initiative for Cybersecurity Education (NICE), NIST
Panelists:
- Mehdi Abid, Cyber Program Coordinator, Department of Computer Science, University of Nevada, Las Vegas
- Aisha Ali-Gombe, Ph.D., Associate Professor and Director, LSU Cybersecurity Clinic, Louisiana State University
- Gary Anderson, Partner, Cardinal Capital, LLC
- Keith Daniel Tan, Scholarship for Service(SFS) Student, University of Nevada, Las Vegas
Moderator:
- Daniel Eliot, Lead for Small Business Engagement, NIST