New Cybersecurity Maturity Model Certification requirements create surge in demand for auditor training
With the highly anticipated Cybersecurity Maturity Model Certification (CMMC) regulations just beginning to be implemented, there’s a soon-to-be booming market for cybersecurity auditors with the skills to meet the new requirements.
What is the Cybersecurity Maturity Model Certification (CMMC)?
The CMMC regulations being rolled out by the Department of Defense are designed to help protect important information from cyber incidents. Under the new rules, Pentagon contractors and suppliers will be required to adhere to certain standards of security and to be certified by third-party auditors. Organizations will be required to meet different levels of security requirements depending on the type of work they do.
FREE role-guided training plans
That’s why LX Labs author and senior instructor Ken Magee said the timing couldn’t be better for auditors to assess their current skills — and get a jump on preparing for the changes occurring because of the new regulations.
He should know. Ken is the president and owner of Data Security Consultation and Training and has been involved with cybersecurity auditing for more than 14 years. He’s also the author of the new Cybersecurity Auditing Fundamentals Learning Path in Infosec Skills.
Cybersecurity Auditing Fundamentals
Build your cybersecurity auditing skills
The new learning path includes four courses to help master the controls needed to mitigate your organization's risks to confidentiality, integrity and availability. You’ll learn about:
- An auditor’s role in reviewing cybersecurity controls and understanding defense-in-depth
- Why security governance is critical to maintaining confidentiality, integrity and availability
- The different components of cybersecurity operations
- The different types of digital assets and the controls to protect them
“There is a great level of technical detail that's required to be able to audit network and network components, databases and database controls, and the operating systems and controls built into them,” Ken said. “We are the subject matter experts when it comes to controls, because we'll look at an environment and find the weaknesses.”
“Once you find a weakness, the client is going to want to know how to fix it. So we also need to communicate intelligently and explain to them what controls will work given the problem the organization is experiencing.”
In addition to authoring the Cybersecurity Auditing Fundamentals Learning Path, Ken is developing Infosec Skills’ new DoD CMMC Preparation Boot Camp. The five-day boot camp provides a comprehensive overview of the CMMC requirements as well as practical recommendations and tools to help DoD contractors achieve CMMC certification.
What does a cybersecurity auditor do?
Ken said the problems and issues auditors regularly see can vary, but it helps to be able to detect patterns and anomalies.
“You might see a server in the DMZ that has the system administrator account locked out,” Ken said. “On one particular day that’s no big deal. Maybe the person forgot their password. But if that's a repeated pattern over time, it could be an indication there's been a brute-force attack.”
Other common red flags for auditors include watching for unauthorized access or the breaking of acceptable use policies, such as people using their work computers to browse the internet for things they shouldn't be doing.
“All organizations have to manage their own people, and that's one of the big issues we have in security,” Ken said. “That's the insider threat. There’s also other countries trying to find out what we're doing through economic espionage or stealing intellectual data. Everybody wants to know what everybody else is doing so they can mimic product or data knowledge without having to actually develop it themselves.”
The changing role of the auditor
Ken is encouraged about the expanding role auditors are now shouldering. The increased responsibility reflects on the trust being placed in the profession to help keep organizations secure.
“We’re not just auditors anymore,” Ken said. “The federal government now has security control assessors. They're auditing, but they’re really providing an assessment of the existing controls as to whether they're working or not. So in a way, we go from being simply IT auditors to being risk assessors. We've become spokespeople for the organization in terms of where the organization has risk, and that's vitally important.”
About J Kenneth (Ken) Magee
Ken is President and owner of Data Security Consultation and Training, LLC. He holds a bachelor’s degree from Robert Morris College in PA and a master’s degree from Fairleigh Dickinson University in NJ. He has taught cybersecurity at many different venues, including the JAG school at the University of Virginia, KPMG Advisory University, Microsoft and several major federal financial institutions and government agencies. Ken has also taught cybersecurity classes in the UK, Ireland, Germany, Canada and Mexico.
As Chief Information Security Officer for the Virginia Community College System, Ken’s focus was standardization of security around the ISO 27000 series framework. Writing is one of his passions and he has authored and/or co-authored several courses, including CISSP, CISA, CISM, CGEIT, CRISC, DoD Cloud Computing SRG and a course for training Security Control Assessors using NIST SP 800-53A. In addition to many years in IT, Ken has achieved a number of certifications in the cyber security/information security field, including CISSP, SSCP, CCSP, CAP, ISSMP, ISSAP, ISSEP, CISM, CISA, CAC (Cybersecurity Audit Certificate), CEH, ISO9000LA, ISO14001LA, ISO27001PA, Security+, CySA+, CASP, CTT+, CPT, GSEC, GSNA, GWAPT, CIA, CGAP, CFE, MCP, MCSA, MCSE and MCT
When not teaching, writing or consulting, Ken devotes his spare time to animal rescue, (dogs and cats from no-kill shelters), being a student of language (French) and music (Banjo), and doing research about his Scottish heritage, the Knights Templar and British Navy sailing ships from the late 1700s.
- Expert instruction
- Hands-on labs
- Unlimited access
In this Series
- New Cybersecurity Maturity Model Certification requirements create surge in demand for auditor training
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity