Certifications

Certifications

cissp_logo
gppa-2
gsec-2
gsna-2
gcwn-2
gcfe-2
gc-ih

Paradigm Consulting Co. maintains a rigorous training regimen in which all senior staff are expected to attain and maintain professional certifications in their area(s) of expertise. Examples of certifications held by our team include the CISSP, GSEC, GPPA, GSNA, MCSE, CNE, and CCNA, among others. Details on some of these certifications follow.


CISSP® – Certified Information Systems Security Professional

CISSP® certification is a globally recognized standard of achievement that confirms an individual’s knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. It was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.

Confirming One’s Knowledge and Experience

The CISSP exam tests one’s competence in the ten CISSP domains of the (ISC)²® CBK®, which cover critical topics in security today, including risk management, cloud computing, mobile security, application development security and more. Candidates must have a minimum of five years of paid full-time work experience in two of the ten domains. This vast breadth of knowledge and the experience it takes to pass the exam is what sets the CISSP apart.

CISSPs often hold job functions including:

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect

The CISSP exam is based on the following ten domains:

  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
  • Physical (Environmental) Security
  • Cryptography

GIAC Certified Perimeter Protection Analyst (GPPA)

The topic areas for each exam part follow:

Analyzing Network and Wireless Design
The candidate will demonstrate familiarity with network design principles and decisions, and with basic wireless security issues.

Creating and Auditing a Rule base
The candidate will demonstrate an understanding of building and verifying firewall rule bases that serve the needs of the business and map to security policy.

Firewall Assessment and Penetration Testing
The candidate will demonstrate a thorough understanding of assessing and validating the security of a firewall.

Host-Based Detection and DLP
The candidate will demonstrate understanding of the capabilities of HIDS and HIPS, and be familiar with DLP techniques.

Incident Detection and Analysis
The candidate will demonstrate a basic understanding of detecting incidents, intrusions, and preserving evidence.

IOS and Router Security
The candidate will demonstrate understanding of the basics of Cisco IOS and router hardening through applying ACLs

IPv6 and ICMPv6
The candidate will understand the basics of IP and ICMP version 6.

Log Collection and Analysis
The candidate will demonstrate understanding of techniques for centralizing log collection and analyzing firewall logs.

NAT and Proxies
The candidate will demonstrate understanding of transparent, non-transparent, and reverse proxy functionality, and the four standard implementations of NAT.

Netfilter iptables
The candidate will understand the features and configuration of the free firewall, Netfilter.

Network Access Control
The candidate will be familiar with Network Access Control theory.

Network-Based Intrusion Detection
The candidate will demonstrate an understanding of signature-based network intrusion detection.

Packet Filters and Inspection
The candidate will demonstrate an understanding of how static and stateful packet filters work.

Packet Fragmentation
The candidate will demonstrate an understanding of how fragmentation works and fragmentation-based attacks.

Perimeter Concepts and IP Fundamentals
The candidate will demonstrate a thorough understanding of the IP header, and basic perimeter concepts including services, firewalls, and layered security.

Securing Hosts and Services
The candidate will demonstrate an understanding of the principles, tools, and techniques for securing and hardening hosts and services.

TCP/IP Protocols
The candidate will demonstrate a thorough understanding of TCP, UDP and ICMP.

VPN Design and Auditing
The candidate will demonstrate an understanding of VPN authentication, encryption and placement techniques.

VPN Implementation
The candidate will demonstrate an understanding of IPSEC, SSL and SSH as VPN technologies.


GIAC Security Essentials (GSEC)

802.11
The candidate will demonstrate an understanding of the different 802.11 protocols, as well as an understanding of common wireless attacks and how to prevent them.

Access Control Theory
The candidate will demonstrate an understanding of the fundamental theory of access control.

Alternate Network Mapping Techniques
The candidate will demonstrate a fundamental understanding of network mapping techniques an attacker might use to examine wireless networks, and public switched telephony networks. The candidate will also demonstrate an understanding of how to identify the basic penetration techniques at a high level.

Authentication and Password Management
The candidate will demonstrate understanding of the role of authentication controls, how they are managed, and the methods used to control access to systems.

Common Types of Attacks
The candidate will demonstrate the ability to identify the most common attack methods, as well as the basic strategies used to mitigate those threats.

Contingency Planning
The candidate will demonstrate an understanding of the critical aspect of contingency planning with a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).

Crypto Concepts
The candidate will demonstrate a high-level understanding of the mathematical concepts which contribute to modern cryptography.

Crypto Fundamentals
The candidate will demonstrate an understanding of the core concepts of cryptography and the three main algorithms.

Defense-in-Depth
The candidate will demonstrate an introductory understanding of the terminology and concepts of Risk and Defense-in-Depth, including threats and vulnerabilities.

DNS
The candidate will demonstrate a high-level understanding of the Domain Name System architecture.

Firewall Subversion
The candidate will demonstrate an understanding of how firewalls can be bypassed and why additional security measures are required.

Firewalls
The candidate will demonstrate a fundamental understanding of firewalling technologies and techniques.

HIDS Overview
The candidate will demonstrate a fundamental understanding of the techniques used by Host Based Intrusion Detection Systems.

Honeypots
The candidate will demonstrate understanding of basic honeypot techniques and common tools used to set up honeypots.

ICMP
The candidate will demonstrate an understanding of the structure and purpose of ICMP, as well as the fields in an ICMP datagram header.

IDS Overview
The candidate will demonstrate an understanding of the overall concepts of Intrusion Detection.

Incident Handling Fundamentals
The candidate will demonstrate an understanding of the concepts of incident handling and the six-step incident handling process.

Information Warfare
The candidate will demonstrate an understanding of information warfare methods and defense.

Introduction to OPSEC
The candidate will demonstrate an understanding of what OPSEC is and the threats and techniques used for protection in Operational Security.

IP Packets
The candidate will demonstrate a fundamental understanding of how the IP protocol works.

IPS Overview
The candidate will demonstrate a high-level understanding of how IPS systems operate.,/p>

IPv6
The candidate will demonstrate a high-level understanding of the IPv6 protocol.

Legal Aspects of Incident Handling
The candidate will demonstrate an understanding of the basic legal issues in incident and evidence handling.

Linux/Unix Configuration Fundamentals
The candidate will demonstrate an understanding of Linux/Unix fundamental configuration settings, including file permissions, user accounts, groups, and passwords, and commands used to display information and run backups.

Linux/Unix Logging and Log Management
The candidate will demonstrate an understanding of the various logging capabilities and log file locations common to Linux operating systems.

Linux/Unix OS Security Tools and Utilities
The candidate will demonstrate an understanding of how to use key security utilities and tools that are available for Linux/Unix systems, including file integrity, host firewalls, and applications such as SELinux.

Linux/Unix Overview
The candidate will demonstrate familiarity with the different variants of Linux/Unix, the Linux file system, and important commands.

Linux/Unix Patch Management
The candidate will demonstrate an understanding of the process of patch management, best practices, and common patch management tools and techniques for Linux/Unix systems.

Linux/Unix Process and Service Management
The candidate will demonstrate an understanding of how to manage Linux/Unix processes, run levels, and services, and best practices for common processes and services.

Mitnick-Shimomura
The candidate will demonstrate an understanding of the details of the famous Mitnick-Shimomura attack, as well as what we can learn from this attack to appropriately protect our networks today against these vulnerabilities. The candidate will also demonstrate an understanding of the strategies that would have prevented the Mitnick attack.

Network Addressing
The candidate will demonstrate an understanding of the essentials of IP addressing, subnets, CIDR and netmasks.

Network Design
The candidate will demonstrate an understanding of how to design basic network architectures using best practices.

Network Hardware
The candidate will demonstrate an understanding of network hardware components, as well as how standard and cross-over network cabling is wired.

Network Mapping and Scanning
The candidate will demonstrate a fundamental understanding of the common tools attackers use to scan systems and the techniques used to create a network map.

Network Plumbing
The candidate will demonstrate an understanding of the different types of networks, topologies, and the most common network technologies in use today.

Network Protocol
The candidate will demonstrate an understanding of the properties and functions of network protocols and network protocol stacks.

NIDS Overview
The candidate will demonstrate an understanding of the techniques a NIDS uses to operate and understand their strengths and weaknesses.

Physical Security
The candidate will demonstrate how to use protection mechanisms to secure and monitor restricted areas and physical perimeters.

Policy Framework
The candidate will demonstrate an understanding of the purpose and components of policy.

Protecting Data at Rest
The candidate will demonstrate an understanding of the functionality of PGP cryptosystems and how they operate.

Public Key Infrastructure PKI
The candidate will demonstrate an understanding of how PKI works and the key components for managing keys.

Reading Packets
The candidate will demonstrate an understanding of how to decode a packet from hexadecimal output.

Risk Management
The candidate will demonstrate an understanding of the terminology and basic approaches to Risk Management.

Safety Threats
The candidate will demonstrate the ability to identify and understand the most common threats to safety and identify why they are important to address.

Securing Windows Server Services
The candidate will demonstrate an understanding of the basic measures in securing Windows IIS, SQL, and Terminal Servers.

Steganography Overview
The candidate will demonstrate an understanding of the different methods of steganography, as well as some of the common tools used to hide data with steganography.

TCP
The candidate will demonstrate an understanding of the structure and purpose of TCP, as well as the fields in a TCP datagram header.

UDP
The candidate will demonstrate an understanding of the structure and purpose of UDP, as well as the fields in a UDP datagram header.

Virtual Machines
The candidate will demonstrate an understanding of what virtual machines are and how to use them to create a virtual lab

Virtual Private Networks VPNs
The candidate will demonstrate a high-level understanding of VPNs and be able to identify IPSec and non-IPSec protocols used for VPN communications.

Viruses and Malicious Code
The candidate will demonstrate an understanding of what malicious code is, how it propagates and why it is such an expensive problem. Additionally, the candidate will demonstrate an understanding of the attack vectors leveraged by recent malicious code attacks.

VoIP
The candidate will demonstrate an understanding of the functionality and architecture of VoIP.

Vulnerability Management Overview
The candidate will demonstrate the ability to perform reconnaissance and resource protection to manage vulnerabilities, and address threats and vectors.

Vulnerability Scanning
The candidate will demonstrate an understanding of how data generated from a port scanner like nmap, and vulnerability assessment tools like nessus can be used to examine systems, ports and applications in more depth to secure an environment.

Web Application Security
The candidate will demonstrate an understanding of web application security and common vulnerabilities including CGI, cookies, SSL and active content.

Windows Auditing
The candidate will demonstrate an understanding of the techniques and technologies used to audit Windows hosts.

Windows Automation and Configuration
The candidate will demonstrate an understanding of the techniques and technologies used to automate configuration.

Windows Family of Products
The candidate will demonstrate an understanding of the different types of Windows operating systems and the basic security features and concerns of each.

Windows Network Security Overview
The candidate will demonstrate an understanding of the basic measures in securing a Windows host, including managing services and VPNs.

Windows Permissions & User Rights
The candidate will demonstrate an understanding of how permissions are applied in the Windows NT File System, Shared Folder, Encrypting File System, Printer, Registry Key, Active Directory, and how User Rights are applied.

Windows Security Templates & Group Policy
The candidate will demonstrate a high-level understanding of the features and functionality of Group Policy and best practices for locking down systems.

Windows Service Packs, Hotfixes and Backups
The candidate will demonstrate an understanding of how to manage Windows Service Packs and Hotfixes, as well as backups and restoration for a network of Windows hosts.

Windows Workgroups, Active Directory and Group Policy Overview
The candidate will demonstrate an understanding of the basic security infrastructure of local accounts, workgroups, Active Directory and Group Policy.

Wireless Overview
The candidate will demonstrate a fundamental understanding of wireless technologies including Bluetooth and Zigbee.


GIAC Systems and Network Auditor (GSNA)

Audit Methodology and Risk Management
The candidate will demonstrate familiarity with the audit process, baselines, time based security concepts, and how risk assessment are used to identify and specify controls.

Auditing Concepts
The candidate will demonstrate knowledge of basic auditing terms and concepts.

Auditing Firewalls and Intrusion
Detection/Prevention Systems The candidate will demonstrate the ability to audit Firewall, Intrusion Detection and Intrusion Prevention systems, including architecture reviews, configurations, and testing ACLs and rulesets.

Auditing Network Services and Critical Systems
The candidate will demonstrate the ability to audit common network services including: Wireless infrastructure, Virtualized services, VoIP, Mail systems, DNS, and remote access services

Auditing Networking Devices
The candidate will demonstrate the ability to audit network device configurations and access controls, including routers and switches.

Auditing Unix Access and Permissions
The candidate will demonstrate the ability to audit Unix access controls, including user accounts, groups, passwords, log files, and permissions.

Auditing Unix Services and System Information
The candidate will demonstrate the ability to audit Unix systems using common techniques, tools and scripting commands to determine process information and system configurations.

Auditing Web Applications
The candidate will demonstrate the ability to audit web application authentication, session management, in transit data security, and data at rest controls for vulnerabilities to common attacks (including SQL injection, XSS, CSRF).

Auditing Windows Access and Permissions
The candidate will demonstrate the ability to audit Windows access controls, including user accounts, groups, passwords, log files, and permissions.

Auditing Windows Services and System Information
The candidate will demonstrate the ability to audit Windows systems using common techniques, tools and scripting commands to determine process information and system configurations.

Web Application Overview and Web Server Security
The candidate will demonstrate understanding of web application protocols (including HTTP and HTML) as well as the ability to audit web server configurations using manual and tool-based techniques.

Vulnerability Assessment
The candidate will demonstrate the ability to conduct a vulnerability assessment using common tools and methods.


GIAC Certified Windows Security Administrator (GCWN)

Dynamic Access Control
The candidate will be able to plan and implement a Data Loss Prevention (DLP) solution using the built-in Dynamic Access Control features in Windows Server, including the use of file classification tagging and claimsbased access control.

Operating System and Applications Hardening
The candidate will be able to plan and implement a comprehensive hardening strategy for the Windows operating system and other popular applications which are vulnerable to client-side exploits, using techniques such as patch management, application whitelisting, applying security templates through Group Policy, UEFI Secure Boot, and whole drive encryption with BitLocker.

PKI Management
The candidate will be able to plan and implement a Public Key Infrastructure (PKI) using Windows Server for the sake of secure authentication, smart cards, data encryption, and digital signatures.

Restricting Administrative Compromise
The candidate will be able to plan and implement a strategy to reduce how often hackers or malware can compromise administrative accounts and to reduce the harm which follows from an administrative
compromise, using techniques such as constrained delegation of authority, role-based access control, limiting unnecessary privileges, secure authentication, and proper management of service accounts and scheduled tasks.

Securing Network Traffic and Ports
The candidate will be able to plan and implement a strategy to secure vulnerable network protocols and listening ports, using techniques such as IPSec port permissions, IPSec payload encryption without a VPN, host-based firewalling, Group Policy management of firewall and IPSec rules, and certificate-based authentication to wireless access points and Ethernet switches (PEAP-TLS) using RADIUS servers.

Securing PowerShell
The candidate will be able to plan and implement a strategy to secure the use of PowerShell, including execution policy, code signing, and User Account Control restrictions.


GIAC Certified Forensic Examiner (GCFE)

The topic areas for each exam part follow:

Browser Forensics
The individual will demonstrate a solid understanding of Browser Forensics

Digital Forensics Fundamentals
The candidate will demonstrate an understanding of forensic methodology, key forensics concepts, and identifying types of evidence on current Windows operating systems.

Evidence Acquisition, Preparation and Preservation
The candidate will demonstrate understanding of evidence chain-of-custody and integrity, E-discovery concepts, evidence acquisition and preservation, and the tools and techniques used by computer forensic examiners.

File and Program Activity Analysis
The candidate will demonstrate an understanding of how the Windows registry, file metadata, memory, and filesystem artifacts can be used to trace user activities on suspect systems.

Log Analysis
The candidate will demonstrate an understanding of the purpose of the various types of Windows event, service and application logs, and the types of information they can provide.

System and Device Profiling and Analysis
The candidate will demonstrate an understanding of the Windows registry structure, and how to profile Windows systems and removable devices.

User Communications Analysis
The candidate will demonstrate an understanding of forensic examination of user communication applications and methods, including host-based and mobile email applications, Instant Messaging, and other software and Internet-based user communication applications.


GIAC Certified Incident Handler (GCIH)

The topic areas for each exam part follow:

Incident Handling: Identification
The candidate will demonstrate an understanding of important strategies to gather events, analyze them, and determine if we have an incident.

Incident Handling: Overview and Preparation
The candidate will demonstrate an understanding of what Incident Handling is, why it is important, and an understanding of best practices to take in preparation for an Incident.

Buffer Overflows and Format String Attacks
The candidate will demonstrate an understanding of how buffer overflows and format string attacks work and how to defend against them.

Covering Tracks: Networks
The candidate will demonstrate an understanding of how attackers use tunneling and covert channels to cover their tracks on a network, and the strategies involved in defending against them.

Covering Tracks: Systems
The candidate will demonstrate an understanding of how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks.

Denial of Service Attacks
The candidate will demonstrate a comprehensive understanding of the different kinds of Denial of Service attacks and how to defend against them.

Exploiting Clients on the LAN
The candidate will demonstrate an understanding of how attackers use IP spoofing techniques and utilities such as Netcat to exploit clients on the LAN.

Incident Handling: Containment
The candidate will demonstrate an understanding of high-level strategies to prevent an attacker from causing further damage to the victim after discovering the incident.

Incident Handling: Recovery and Lessons Learned
The candidate will demonstrate an understanding of the general approaches to get rid of the attacker’s artifacts on compromised machines, the general strategy to safely restore operations, and the importance of the incident report and lessons learned meetings.

Network Sniffing
The candidate will know what network sniffing is, how to use common sniffing tools, and how to defend against sniffers.

Password Attacks
The candidate will demonstrate a detailed understanding of the three methods of password cracking.

Reconnaissance
The candidate will demonstrate an understanding of public and open source reconnaissance techniques.

Scanning: Host Discovery
The candidate will demonstrate an understanding of the tools and techniques used for host discovery on wired and wireless networks.

Scanning: Network and Application Vulnerability scanning and tools
The candidate will demonstrate an understanding of the fundamentals of network and application vulnerability scanners, common commercial and open source tools, and how to defend against them.

Scanning: Network Devices
The candidate will demonstrate an understanding of techniques and tools used to map firewall policies and evade IDS/IPS detection.

Scanning: Service Discovery
The candidate will demonstrate an understanding of the tools and techniques used for network mapping, port scanning, and passive fingerprinting techniques and how to defend against them.

Session Hijacking and Cache Poisoning
The candidate will demonstrate an understanding of tools and techniques used to perform session hijacking and cache poisoning, and how to respond and prepare against these attacks.

Techniques for maintaining access
The candidate will demonstrate an understanding of how backdoors, trojan horses, and rootkits operate, what their capabilities are and how to defend against them.

Virtual Machine Attacks
The candidate will demonstrate an understanding of the virtual machine environment from an attackers perspective, including targets and detection, and how to defend against threats.

Web Application Attacks
The candidate will demonstrate an understanding of the value of the Open Web Application Security Project (OWASP), as well as different Web App attacks such as account harvesting, SQL injection, Cross-Site Scripting and other Web Session attacks.

Worms, Bots & Bot-Nets
The candidate will demonstrate a detailed understanding of what worms, bots and bot-nets are, and how to protect against them.