Where do I go from here? That's the title of the lesson. But it's really where do you go from here? I want you to understand a few things about proactive security. Proactive security is the best thing that you can do for your security existence, security posture, protecting your systems for your organization, for you. Security is not going away. There's a reason why security, or information security, has such a large unemployment, or under unemployment rate, because we can't find enough people to protect our systems. No matter what industry that you're in, you need to be more proactive. The more proactive you are, the better off you are. And you're going to try to stay one step ahead of the attackers. If you're constantly improving your systems in the security posture that you have on those systems, the better off you are. And the better that you're going to say ahead of the attackers. Get other people involved in being proactive about security. Conduct security assessments. If you have other organizations, especially if you're in higher education, go to the university down the street. Here in Colorado, we have a great working relationship with all the other higher education institutions. And sure, we'll conduct penetration tests for Colorado College down the street. We've offered this before. You test our systems, and we'll test yours. Perform auditing as well. Get your auditors involved in proactive security. Make sure that they're aware of what's going on. Educate yourself and others. Get external partners involved, like join your local ISSA chapter. Just found out last night that the Colorado Springs chapter which I'm a part of has been selected as the ISSA's chapter of the year. We're the second largest in the world, our chapter is. Be involved in ISSA. It's a great networking organization. Get your internal teams involved as well. Make them practice security on a regular basis. Make sure that your staying on top of security. That's what these entire courses, or if you're in specialization, that's what this entire specialization is about, being proactive about security. If you not educating yourself at least 30 minutes a day, on what is happening in security, or really in technology in general, your potential threats are winning because you're not paying attention to what has been coming up. Look at Ars Technica. Look at US-CERT. Look at ISSA. Be involved in learning about security on a constant basis. Taking this course on Coursera is a great start. Understanding your environment and testing your environment can help your security postures as well. We've already talked about penetration testing. When the NSA leaked all the information to Microsoft several months ago, and said, here is all the exploits or here's some of the exploits, I'm sure NSA has a lot more, here are the exploits that we have for Windows systems. And they've leaked from shadow brokers. We said, you know what? It's not a problem. Do you know why? Because we understood immediately when it came out, we had it already patched. We knew where we wanted to go. And we had the incident response plan in place if anything happened. So, understanding technology and understanding threats that could be coming in helped us be proactive where we were just able to say, nope, we're protected. Even though the entire world, I don't know how many companies I had calling me because, how are you going to patch WannaCry? I said it's not a problem, because you know what? We patched it already. We've been proactive about our security. We have defense in-depth in place to make sure that we are not compromised in any which way. So, I hope you enjoyed the course. If you need anything, if you want to chat, email address is listed. You can go to my personal website or my academic website on the university. I'll be more than happy to answer questions for you if you just email me. If you want to bounce ideas off of me, not a problem, because you know what? It's being proactive. I've been there, I've been in your shoes and trying to understand how my security posture is affected by this or that.
