Today is Keith Ron Evans he is the managing partner at km cybersecurity a global information security consulting business which includes penetration testing incident response management and consulting digital forensics and training Keit Ron is also a senior security at fire advisor at Savi s and at operator instructor for EC console and aisaka he is also one of the authors.
Of chained exploits advancing hacking act act at attacks from start to finish a textbook still used by the US government security agencies hey John thanks for.
Having me Joe your book for a good example chained exploits is a textbook still used by using US government Security Agency and you run certification courses.
Tell me what it takes to get certified and and what you teach there I mean you’ve been I think you’ve been doing certification courses for a while yeah I have and and you know to segue into that part of reason I still do the courses is because I get.
A lot an amazing amount of enjoyment out of sharing the information and putting it out and watching people digested and coming up with innovative ways to.
Where people actually get it so that’s kind of one of my passions but yes I’ve been doing the certification classes for a really long time some of the you.
Know all of the top training organizations in the industry have used me for various types of classes one of the ones are that’s our main class is certified ethical hacker so we take someone with basic IT skills we bring them in and we teach them.
The tools and techniques of hackers they master those tools and techniques and then we are certified them at the end by having them take the official certified ethical hacker exam okay and that it’s.
A five day course and on the fifth day it’s mostly you testing we do half day of lecture and half their getting you prepared again pretty game and then the second half of the last day you actually take the official exam and you’re certified when you leave on Friday now we’ve just introduced a more advanced version of it called the certified ethical hacker practical yeah so not only do you have to do the written exam and you have to do about a.
10 hour practical where you are tapping targets that we’ve set up and you have to break into those targets get specific beta off those targets and write a record about what you did to get that certification but that’s more advanced it’s definitely.
Not entry-level but you know people find it challenging because they actually have to not only prove that they have the knowledge from the written exam but they have to actually demonstrate it hands-on so those are kind of the two biggest the most popular classes that we run right now obviously Incident Response is really popular and computer forensics.
Is still really popular as well but those are the.
Main three core technical security classes that we run and you know what we found when you were talking about how do you know if this is happening to you what one of the things that.
We found Joe we’ve got big data to reflect this is the number one way that we’ve been able to improve the IQ of an organization when it comes to whether or not their attack it’s taking their technical people and putting them in these ethical hacking classes because.
What happens is suddenly when they go back and they’re looking at their networks they’re able to see signs they’re able to see indicators that they just couldn’t see before because they hadn’t been exposed.
To what these attacks look like you are you put in a class on shortly I mean you run these often I mean what’s your next class um the next one that I’m.
Running is there’s one September 10th in Birmingham Alabama and you know you know it’ll be a pretty good.
One we have some good people signed up and you know I wanted to kind of point out one of the values.
That come out of these classes too as the networking right you have a Sugino IT a security guy from this bank and then you have an IT security guy from another bank and they start talking to each other and oh well this is happening they share threats and they learn.
From each other just as much as they learn from me sometimes on certain topics and I’ve even seen great connections like people end up with.
Jobs right like there might be a person that’s got a maybe he’s a debt he’s.
Working as a a Geek Squad technician at Best Buy or something.
Get into cybersecurity so he comes and takes the class well also in the class is a chief information security officer for a fortune 500 organization that’s looking to hire.
People right and if this guy is really good in the class that person ends up with a job off called aside so on we you know the learning is a big part of it but there are other peripheral things that people get out of these classes the networking.
You know getting jobs and even getting employees you know for me myself my practice I’ve gotten some of my best employees.
From classes that I caught and I’ve been able to pool you know people on those classes that are that are unemployed.
You know obviously we can’t hire people that already have jobs because that would be a violation of integrity for your company to pay me the teachers you’re in Orion and I still them from you so in our training we have very strict contracts that say that we won’t do that and will.
Also prevent you know your employees from getting hired on with other people as they’re in that job as well but we do foster if you need a job this is one place to come in these classes you can probably.
Get hooked up because there’s a lot of people able to make hiring decisions in these classes well it’s a it’s a fascinating subject I I think a fascinating place is space to be in right now is there anything that you’d like to add to this conversation that maybe I didn’t ask.
Um yeah sure so we do quite a bit of public outreach and evangelism so on our website kmbc.com we’ve got I’ve got a very popular article that I wrote just a few months ago and the article is titled you know how to get into technical cybersecurity like what what your.
Step should be to get into it.
And it’s been a well-received article that’s been shared on LinkedIn and places like that thousands of times so we’re going to start now doing more of that you know just kind of laying out a road map doing outreach to show people.