BLOG

Resources for Educators
& Professionals

 

The Importance of Teaching Microsoft Windows Security in an Ever-Evolving Cybersecurity Landscape

by  Robert Shimonski     Nov 16, 2023
man_flannel_code

In the rapidly evolving field of cybersecurity, staying up to date with the latest strategies and tools is critical. Cybersecurity instructors must equip students with the knowledge and skills needed to protect sensitive information and defend against cyber threats.

Title card with author rob shimonski

To support this mission, I aim to answer a few key questions around teaching Microsoft Windows security.

Read on to learn my key takeaways for cybersecurity instructors who are planning to teach Windows security as part of their curriculums.

With organizations moving from on premises to the cloud, how has teaching Windows Security in the last 3-5 years changed? What are key ways for instructors to teach cloud/Azure security in the classroom?

With organizations starting to adopt cloud and undergoing digital transformation into a data driven world, the main concepts of security have not changed but application, the technology in which security is applied to and conducted on has in fact changed quite radically.

For example, while some companies can start their journey in the cloud, many cannot. Companies who already run their own data centers and have a substantial investment within their organization need to conduct a smart migration. While doing so, they expand their digital footprint exponentially thus causing more exposure.

Another example is that when companies decide to use cloud technologies, they need to rely more on a shared responsibility model with the cloud provider when applying security concepts and again, the application of security concepts can change while using this new model and the underlying technology that supports it.

What are a few key tools and techniques that you teach around decreasing risks arising from vulnerabilities in Microsoft Windows operating systems and applications?

The main concept I teach is to always develop a “hardening” mindset. Do not deploy what you do not need. Any services, systems, functions, tools, additional connections—literally anything you do not need—do not apply or use.

Instead, install and use the bare minimum that is needed to do the job. This applies to the concepts of least privilege as well (those who use the system are only allowed to do exactly what they need to do). I feel that by doing this you can immediately reduce the attack surface and possibility of vulnerability and exploitation. The next step is to ensure that everything is tested, patched/updated and scanned “OK” for use.

How do you reinforce the theories and concepts that students are learning in your classroom?

Theory and concepts when reinforced with practical application create better outcomes. There are always developments in technology (like cloud, AI/ML, DevSecOps and so on) and the best way to learn them and how to apply security concepts to them is to get your hands dirty. 

The more you do in practice, the more you can reinforce the theory. I believe you always need both to really drive home tough concepts but to also get better at applying them in practice. 

Do you have any advice for instructors who are teaching Windows Security for the first time?

Stay on top of current trends. The basics normally do not radically change—encryption is encryption, but we need to deal with new ways to apply it, new attacks that require it, stronger level of it that must be developed and deployed.

This is but one of many, many examples however the lesson learned here is that we must always continue to be interested in learning as instructors—more so than our students so that we can be on top of the ever-changing landscape of technology and how to secure it.

Security Strategies in Windows Platforms and Applications, Fourth Edition

Security Strategies in Windows Platforms and Applications, Fourth Edition focuses on new risks, threats, and vulnerabilities associated with the Microsoft Windows operating system, placing a particular emphasis on Windows 11, and Windows Server 2022.

Request Your Review Copy 
Security Strategies in Windows Platforms and Applications, Fourth Edition
About the Author:

Robert Shimonski, CASP+, CySA+, PenTest+, is a technology executive specializing in healthcare IT for one of the largest health systems in America. In his current role, Rob is responsible for bringing operational support into the future with the help of new technologies such as cloud and artificial intelligence. His current focus is on deploying to Cloud (Azure, AWS, and Google), DevOps, DevSecOps, AIOps, digital transformation, machine learning, IoT, and the development of new technologies in healthcare. Over the past 10 years, Rob has focused on producing new technology advancements in healthcare technology to include AI/ML, Big Data, Cloud, and analytics. Rob spent many years in the technology “trenches” doing networking and security architecture, design, engineering, testing, and development. A go-to person for all things security related, Rob has been a major force in deploying security-related systems for 25+ years. Rob also worked for various companies reviewing and developing curriculum as well as other security-related books, technical articles, and publications based on technology deployment, testing, hacking, pen testing, and many other aspects of security. Rob holds dozens of technology certifications, including SANS.org GIAC, GSEC, and GCIH as well as many vendor-based cloud specialized certifications from Google, Microsoft Azure, and Amazon AWS.

Related Content:

Stay Connected

Categories

Clear

Search Blogs

Featured Posts

The Importance of Teaching Microsoft Windows Security in an Ever-Evolving Cybersecurity Landscape

by  Robert Shimonski     Nov 16, 2023
man_flannel_code

In the rapidly evolving field of cybersecurity, staying up to date with the latest strategies and tools is critical. Cybersecurity instructors must equip students with the knowledge and skills needed to protect sensitive information and defend against cyber threats.

Title card with author rob shimonski

To support this mission, I aim to answer a few key questions around teaching Microsoft Windows security.

Read on to learn my key takeaways for cybersecurity instructors who are planning to teach Windows security as part of their curriculums.

With organizations moving from on premises to the cloud, how has teaching Windows Security in the last 3-5 years changed? What are key ways for instructors to teach cloud/Azure security in the classroom?

With organizations starting to adopt cloud and undergoing digital transformation into a data driven world, the main concepts of security have not changed but application, the technology in which security is applied to and conducted on has in fact changed quite radically.

For example, while some companies can start their journey in the cloud, many cannot. Companies who already run their own data centers and have a substantial investment within their organization need to conduct a smart migration. While doing so, they expand their digital footprint exponentially thus causing more exposure.

Another example is that when companies decide to use cloud technologies, they need to rely more on a shared responsibility model with the cloud provider when applying security concepts and again, the application of security concepts can change while using this new model and the underlying technology that supports it.

What are a few key tools and techniques that you teach around decreasing risks arising from vulnerabilities in Microsoft Windows operating systems and applications?

The main concept I teach is to always develop a “hardening” mindset. Do not deploy what you do not need. Any services, systems, functions, tools, additional connections—literally anything you do not need—do not apply or use.

Instead, install and use the bare minimum that is needed to do the job. This applies to the concepts of least privilege as well (those who use the system are only allowed to do exactly what they need to do). I feel that by doing this you can immediately reduce the attack surface and possibility of vulnerability and exploitation. The next step is to ensure that everything is tested, patched/updated and scanned “OK” for use.

How do you reinforce the theories and concepts that students are learning in your classroom?

Theory and concepts when reinforced with practical application create better outcomes. There are always developments in technology (like cloud, AI/ML, DevSecOps and so on) and the best way to learn them and how to apply security concepts to them is to get your hands dirty. 

The more you do in practice, the more you can reinforce the theory. I believe you always need both to really drive home tough concepts but to also get better at applying them in practice. 

Do you have any advice for instructors who are teaching Windows Security for the first time?

Stay on top of current trends. The basics normally do not radically change—encryption is encryption, but we need to deal with new ways to apply it, new attacks that require it, stronger level of it that must be developed and deployed.

This is but one of many, many examples however the lesson learned here is that we must always continue to be interested in learning as instructors—more so than our students so that we can be on top of the ever-changing landscape of technology and how to secure it.

Security Strategies in Windows Platforms and Applications, Fourth Edition

Security Strategies in Windows Platforms and Applications, Fourth Edition focuses on new risks, threats, and vulnerabilities associated with the Microsoft Windows operating system, placing a particular emphasis on Windows 11, and Windows Server 2022.

Request Your Review Copy 
Security Strategies in Windows Platforms and Applications, Fourth Edition
About the Author:

Robert Shimonski, CASP+, CySA+, PenTest+, is a technology executive specializing in healthcare IT for one of the largest health systems in America. In his current role, Rob is responsible for bringing operational support into the future with the help of new technologies such as cloud and artificial intelligence. His current focus is on deploying to Cloud (Azure, AWS, and Google), DevOps, DevSecOps, AIOps, digital transformation, machine learning, IoT, and the development of new technologies in healthcare. Over the past 10 years, Rob has focused on producing new technology advancements in healthcare technology to include AI/ML, Big Data, Cloud, and analytics. Rob spent many years in the technology “trenches” doing networking and security architecture, design, engineering, testing, and development. A go-to person for all things security related, Rob has been a major force in deploying security-related systems for 25+ years. Rob also worked for various companies reviewing and developing curriculum as well as other security-related books, technical articles, and publications based on technology deployment, testing, hacking, pen testing, and many other aspects of security. Rob holds dozens of technology certifications, including SANS.org GIAC, GSEC, and GCIH as well as many vendor-based cloud specialized certifications from Google, Microsoft Azure, and Amazon AWS.

Related Content:

Tags

Clear