Hello, my name is Greg Williams, I'm a lecturer in the Computer Science Department for the University of Colorado, Colorado Springs. I'm also the Director of Networks and Infrastructure, which you could also call operations. I'm also the Former Information Security Officer and HIPAA Security Officer for the university. My main job, currently as Director of Networks and Infrastructure or if you want to call it operations, is to manage the teams that in the technology for a university that has over 12,000 students on campus. It's considered a medium sized university. So my teams manage everything from telecom to server administration to networks and to the power in the data centers, so we have a full gambit of computer resources that we use at the university and my teams manage all those. So I decided to become innovative again back several years ago, so I got out of computer security. However, once you go into computer security, you really never get out of it. So computer security is always the first and foremost thing that I think of when my teams are implementing a service and it's always the last thing I think about when that system goes through the destruction process as well. So that said, even though I teach computer security on the campus, I practice this on a day-to-day basis. This course is for anyone that is interested in being proactive about computer security. I also hold certifications in forensics and also penetration testing. So you're going to understand through this course so many of the beginning steps of what we go through to do forensics, to do computer investigations in order to penetrate your own networks. This course is designed around those concepts. You have to understand the theory and the methodology behind penetration testing before you just go in and do it. You're going to miss all kinds of things if you just start applying tools instead of the actual process. So you may be a senior executive at a company that needs to understand what your teams are doing or you may be a small business owner looking to understand how do you test your own systems to make sure that they are secure. This course is designed to explore the concepts behind proactivity against threats out there. How do we proactively test ourselves on a day-to-day basis? What happens when we set up a system or a service and we need to see that it's secure enough? What if it's not secure? What do I do then? Are we going to be the weakest link or are we going to be tough and have tested our own systems? This course is designed to approach proactive computer security from a practical perspective. What are we going to do in the real world? How am I going to apply this to my career, for example? Parts of this course are going to introduce you to concepts and help prepare you for industry leading computer security certifications, such as the CISSP and the Security+ certification. My approach to this course and the others in the specialization of proactive computer security is to show you what you're going to see in your career, it's hands-on practical information, not just a bunch of things that you should have to memorize to pass your certification. This course is going to be for anyone that is looking to learn more information about computer security field, from somebody that practices it on a day-to-day basis, not just teaches it. Of course, you must understand the theory behind some of the computer security concepts in order to be able to practice it as well. Let's talk about the modules in this course. The modules are really weeks in the course and there is five of them. The first four, which include Module 1, it's going to introduce the deterrents to the threats. Module 2 is going to examine penetration testing. Module 3 is going to explore the tools for hacking your own infrastructure and to hack your own organization. And Module 4 is going to dive into the effective management of computer security from a practical hands-on perspective. Module 5 is going to take everything that you've learned and apply those overall concepts to a system. Each module has a quiz at the end covering what you've learned or discussed in the previous week. The course project, which is Module 5, is the hands-on application of everything that you've learned over all 4 modules. You must achieve at least an 80% passing grade for all graded content in order to pass the course. There are some technical components to discourse but I will show you how to even set up technical components even further and in your own lab if you wish to do so. I hope that you get excited about this course, I know I am. One of the things that I love to do is hack my own systems. I still hack my own systems because I know that if I do it and I approach the process and I practice proactive security, I'm going to be able to make sure that I have the best security possible for those systems. Being senior management within IT also has shown me a good majority of things throughout my career as well. So no matter if you're senior management trying to understand what your computer security office is telling you or if you need to verify what vendors are trying to tell you as well, this course is going to be for you. So let me tell you a little bit about a story, about this small school which is us and the Heartbleed bug several years ago. We'll talk about Heartbleed in a reading. It's not going to actually be a video but I want you to understand what Heartbleed is. Heartbleed was a serious bug that was introduced in the way that the Internet actually works. TCP connections, so connection based protocols. So if you look at the way servers are secured with TLS, for example, transport layer security, there was a bug introduced that said, hey, I'm returning way more data than I actually should. And I started testing our systems when the patches came out. I started testing our vendors to make sure that the data that I was seeing on their systems was actually patched. And you know what? One of the vendors, it wasn't. So I actually had a hand in shutting down, for several days, a multi-billion dollar corporation, because their systems weren't patched. Not going to tell you who they were but when you're on the phone with a, we'll just say it's a fortune something company, and you've got their senior VPs on the phone and their technical engineers and they say, hey, we've already patched our systems, I have no idea what you're talking about. And then I say, hey, here's the actual output of what your servers are producing and they say, okay, I'll get right back to you. It's not only scary from that perspective but it's also rewarding at the same time that you are doing your job correctly. So the methodology becomes very important in what you are doing for being proactive about security. So I'll see you in lesson one.
