Here I have shared my University of San Diego CSOL 570 final project which includes two trade studies of network visualization and detection tools. In my case I chose to evaluate open source tools, The Security Onion and OpenVAS. Trade studies form an important part of a cyber security professionals responsibilities. We need to ensure that a product we may have experience with in other parts of our current organization or even in other organizations will in fact meet the needs of our current organization. Not all tools work in all environments, so ensuring that we evaluate a particular tool or product for use in our company ensures that we are expending corporate resources in an ethical and responsible manner.
Another factor to consider is that tools and products change over time. One product may become superior and better suited for the goals of the organization, whereas another existing product may become less suitable or decrease in it's effectiveness over the lifetime of the product. It's important to continually evaluate the effectiveness of our tools and ensure we take advantage of the best products and make the wisest investments for our organizations. This also plays into one final aspect of trade studies, and that is that they often help maintain skills.
As a cyber security professional, our field changes frequently, even more than the already fluid technology field. By continuously reviewing products, installing them, reviewing their capabilities, and evaluating their effectiveness we are also ensuring that we maintain our technical skillsets. At a more senior level this is less important, however, even senior cyber security professionals benefit by improving their understanding of technical details. This course helped to enforce these ideas and refresh my technical skills.
Another factor to consider is that tools and products change over time. One product may become superior and better suited for the goals of the organization, whereas another existing product may become less suitable or decrease in it's effectiveness over the lifetime of the product. It's important to continually evaluate the effectiveness of our tools and ensure we take advantage of the best products and make the wisest investments for our organizations. This also plays into one final aspect of trade studies, and that is that they often help maintain skills.
As a cyber security professional, our field changes frequently, even more than the already fluid technology field. By continuously reviewing products, installing them, reviewing their capabilities, and evaluating their effectiveness we are also ensuring that we maintain our technical skillsets. At a more senior level this is less important, however, even senior cyber security professionals benefit by improving their understanding of technical details. This course helped to enforce these ideas and refresh my technical skills.
References
- Offensive Security Inc. “Our Most Advanced Penetration Testing Distribution, Ever.” Kali Linux, n.d. https://www.kali.org/.
- Nmap.org. Nmap. Retrieved from https://nmap.org/
- Wireshark Foundation. Download. Retrieved from https://www.wireshark.org/
- Security Onion Solutions, LLC. Security Onion. Retrieved from https://securityonion.net/
- Greenbone Networks GmbH. Open Vulnerability Assessment Scanner. Retrieved from http://www.openvas.org/