— TRAINING COURSES —


topics include
  • Security Nuances of Private,
    Semi-Private and Open Networks
  • Common Medical Device Exploits
  • Secure Design and Implementation
  • Encryption Functions
  • Key Management
  • Secure EHR Integration
  • Secure Network Protocols
Register
Medical Device Security (1/2 Day)

Overview

This course provides the foundation for the secure design and implementation of the core cybersecurity technologies found in clinical, therapeutic and diagnostic medical devices. Taught by instructors with extensive backgrounds in secure medical device design and implementations, coursework will also include cyber-related regulatory compliance, HIPAA guidance, and secure network integration with EHR and other healthcare data repositories and services.

Participants will be presented with common medical device exploit categories and industry best practices for implementing defenses against common vulnerabilities. The coursework will explore secure architectures for medical device firmware, including cryptographic primitives, encryption functions and sound key management practices. Secure communications protocols for both wired and wireless networking, and integration with cloud endpoints, will also be reviewed.

Who should attend?

This class is intended for technology professionals involved with the development and support of medical device firmware, user space software, networking protocols and associated hardware components.

Course Preparation

General familiarity with medical device architectures and functions.

training@harborlabs.com


topics include
  • NIST Risk Mitigation Framework
  • Managing CyberSecurity Requirements
  • Evaluating Organizational CyberSecurity
  • Managing a CyberSecurity Program
  • Training your Employees in Cyber Hygiene
  • Maintaining an Understanding of CyberSecurity Risk
  • Reporting of CyberSecurity Risks
  • Understanding Threats
  • Handling a Cyber Crisis
Register
Executive Crash Course in Cybersecurity (1/2 Day)

Overview

President Trump's May 11, 2017 Executive Order on CyberSecurity calls for heads of agencies to be held accountable for risk management as well as IT and data security in their organizations. The Executive Order further calls on agencies to implement the NIST Risk Management Framework for CyberSecurity. Executives in industry are being held to the same standard.

There is an increasing trend in industry for accountability at the top, and now more than ever executives need to understand the risks of CyberSecurity threats and the best mitigations available. We will review the NIST framework in a straightforward and accessible presentation. The crash course will cover how to maximize prevention of breaches and ransomware, how to deal with these incidents when they happen, and provide a general level of literacy and understanding of the most important CyberSecurity issues.

Who should attend?

This class is intended for executives, board members, managers and other professionals in industry who are accountable for a large organization's CyberSecurity risk.

Course Preparation

General audience.

training@harborlabs.com


topics include
  • Identity theft
  • Passwords
  • Email security/Phishing
  • Smartphone/Tablet security
  • Ransomware & backups
  • Handling sensitive data
  • Brand protection
  • Security on social media
  • "Free" Public Wi-Fi
  • Insider Threat
  • Denial of service
Register
Basic Cybersecurity Awareness (1 Day)

Overview

This course is required learning for employees who use computers or mobile devices in an enterprise. Participants learn basic computer hygiene - the dos and don'ts of security. The course is primarily geared towards a non-technical audience whose members find themselves in an increasingly complex and hostile online environment. We focus on actionable guidance on how to protect personal and corporate assets including data, systems and mobile devices.

Is it safe to connect to a public WifI network? Is it okay to click on this link in my email? Is there a virus on my computer? How do I protect sensitive files in my organization? How private is my smartphone communication? We answer these and many other questions related to day to day operations of computer and mobile systems in today's enterprise environments.

Who should attend?

This class is intended for anyone who works in an office and uses a computer and/or a smartphone or tablet.

Course Preparation

No prerequisites.

training@harborlabs.com


topics include
  • Threats and mitigations
  • Malware (Ransomware & Botnets)
  • Distributed Denial of Service Attacks (DDoS)
  • Insider threat
  • Phishing and Spear Phishing
  • Targeted attacks
  • Network Security
  • Best Practices & Procedures
  • Forensics
  • BYOD Mobile and Cloud
  • Risk Management
Register
Cybersecurity 101 (2 Days, 12 CPEs)

Overview

This course is designed for IT professionals who need to understand cybersecurity. The course examines the threats and the bad actors, examining their motivations and methods. We cover mitigations and what organizations can and should do to protect themselves.

Attendees will learn what to expect when a cybersecurity breach occurs and how to handle various security incidents. We will cover malware such as ransomware and botnets, how to detect and eliminate these and how to cope with new threats and attacks. We'll also study distributed denial of service attacks, how they work, and how to deal with them.

Lectures will include interspersed case studies about topics including Full Disk Encryption (FDE), Security Information and Event Management (SIEMs), multifactor authentication, password managers, forensics, and others.

By the end of the course, you will have a comprehensive understanding of the cybersecurity landscape for enterprises and other organization, as well as literacy in the cybersecurity space.

Who should attend?

This class is intended for executives, managers and other professionals in industry who need to understand the threats and mitigations present in today's IT systems.

Course Preparation

General audience.

training@harborlabs.com


topics include
  • Web Application Development
  • Cybersecurity Design Life Cycles
  • Secure Configuration and Policy Management
  • Proper Implementation of Cryptographic Protocols (SSL/TLS)
  • Authentication
  • Web-based Attacks
  • Secure Coding Practices
  • Vulnerability Assessment
  • Browser Security
Register
Cybersecurity for Applications Developers (2 Days, 12 CPEs)

Overview

This course provides hands-on training on securing web applications and avoiding common pitfalls that lead to vulnerable systems. Students will learn about common cybersecurity errors in application development as we describe and demonstrate problem areas in applications. We utilize a running example of an application in a web application framework that we designed with some common vulnerabilities. We will perform a vulnerability analysis and source code analysis. In the hands-on labs, we will learn to discover the vulnerabilities, to fix them, and to avoid them in the future.

The course also covers browser security issues, correct use and configuration of such protocols as TLS, and handling of certificates. We will study common attacks such as XSS, CSRF, and SQL injection and learn how to build applications that are resistant to these and other attacks. Finally, we will cover secure coding practices for developers, contrasting good and bad code examples.

Who should attend?

This class is intended for anyone who wants to learn about how to include security requirements in the software development life cycle and how to properly configure, test, and deploy applications that include popular and well-regarded security mechanisms. The students should be familiar with at least one common web application frameworks.

Course Preparation

General application development knowledge or Computer Science background. Familiarity with web application development and web application containers.

training@harborlabs.com


topics include
  • Wireshark
  • PCAP files
  • Network protocol analysis
  • Live packet capture, retroactive analysis
  • TCP/IP and popular application-layer protocols (e.g., HTTP)
  • MITM (man-in-the-middle)
  • DNS injection
  • ARP cache poisoning
  • Charles Proxy
Register
Network Forensics Using Wireshark (2 Days, 12 CPEs)

Overview

Network forensics can be generally defined as monitoring a network for anomalous traffic and intrusions, and analyzing captured network traffic to reconstruct the underlying semantics. Wireshark is a free, multi-platform network packet capture and analysis tool. It has become the standard bearer for network analysis. Wireshark enables you to troubleshoot hundreds of network protocols including the entire TCP/IP suite (e.g., DNS, HTTP, and SMTP). The packet-centric approach of Wireshark is not limited to protocol troubleshooting, it is also useful for performing network forensic analysis.

In this course, you will become intimately familiar with Wireshark as we perform a live network analysis on a simulated network (i.e., virtualized network). In particular, we provide in-class instruction on the setup, configuration, and use of Wireshark, as well as in-class activities that further explore these concepts. We also provide a variety of network packet captures that will guide you through the retroactive analysis of an unknown network.

Once you have become comfortable with Wireshark, we will describe a set of network attacks and the tools that perform them. Working in small groups, you will use these tools to perform a network attack that another group will analyze in real-time. The goal is for every student to successfully perform a network attack and identify an attack using Wireshark.

The course concludes with an active capture the flag exercise.

Who should attend?

This class is intended for anyone who wants to learn about how network protocols work in the context of hands-on network packet analysis. The students should be familiar with basic networking and TCP/IP, with the concept of network layering, and with how to use a standard application user interface.

Course Preparation

General IT knowledge or Computer Science background. Laptop required.

training@harborlabs.com