CISSP
Shon Harris
Certified Information Systems Security Professional
Certified Information Systems Security Professional
Resources > Presentations
Shon Harris CISSP
CISSP Training
Shon Harris Resources

The following is a simplistic overview of how the authentication protocol Kerberos works. Kerberos is a very complex protocol and we are just looking at a small component of it. Kerberos has been used as an authentication protocol in the UNIX world for years and is now the default authentication protocol in the Windows world.

View Presentation


Shon Harris and other team members would like to share with you the materials we have been asked to present at different conferences. We will continually be updating this page with more presentations, so please check back often.

If you would like to use any of our material, please e-mail us at info@logicalsecurity.com for permission first and please indicate that the material came from our web site.

The DoD Information Assurance Certification and Accreditation Process(DIACAP)
Logical Security is pleased to offer the following free introductory lesson for DIACAP. In this module you will learn about the following:
  • History of DoD Certification and Accreditation(C&A) Policies
  • Previous C&A Process: The DoD Information Technology Security Certification and Accreditation Process(DITSCAP)
  • Motivation for the new C&A Process: the DoD Information Assurance Certification and Accreditation Process(DIACAP)
  • Key Concepts of DIACAP
  • Key Personnel and their Roles and Responsibilities
  • 5 Phases of DIACAP
  • DIACAP Process Workflow
  • Elements of a DIACAP Package
  • Certification Process and Documents

Click here to access the DIACAP Module

Allen Harper, CISSP, is the president and founder of n2netsecurity, Inc. in North Carolina. In October 2007, he retired from the military as a Marine Corps Major. He recently returned from Iraq, where he served as the IT Officer for MNF-W and was responsible for all DoD IT in western Iraq. He has 20 years of IT/Security experience. He holds an MS in Computer Science from the Naval Post Graduate School and a BS in Computer Engineering from North Carolina State University. Allen led the development of the GEN III honeywall CDROM, called roo, for the Honeynet Project. While stationed at the Defense Information Assurance Agency (DISA), he created and led the DoD Honeygrid Project, accrediting and implementing the new honeynet technology. Allen was a co-author of "Gray Hat", the ethical hacker's handbook published by McGraw Hill in 2004; the second edition will be published this fall. He served on the winning team (sk3wl of r00t) in the 2004 DEFCON Capture the Flag contest. He is an active instructor for Blackhat, Inc. where he teaches the subject of exploiting. Allen has worked as a security consultant for the Internal Revenue Service (IRS). His interests include reverse engineering, vulnerability discovery, and all forms of ethical hacking.


Attacks on Information Systems Increase – What to do?
The security profession and security education needs to be standardized, if we are going to considered it a true profession. It is time to demystify security activities, require “security professionals” to have a baseline of knowledge, and have some agreed upon level of standardization when it comes to assessments, analysis, and penetration testing.

View Presentation

Analysis of Information Systems Attacks
It is always important to understand the devastating effects that security breaches have upon companies, organizations, and nations. These are some of collaborative statistics.

View Presentation

The 360 Security Model – A holistic approach to corporate security
Organizations are too dependent upon consultants, managed services, and products when it comes to their organizational security posture. It does not mean that these tools are unnecessary, but it is important for organizations to understand that these are just tools . Today, many people are making purchasing decisions (for consultants, managed services, products) in an informed manner and many times it is based out of fear instead of knowledge. We need to start looking at new and better ways to properly educate these individuals on what comprises a real security program. The 360 Security Model combines training and consulting in a new and more effective way of educating the right levels of organizations.

View Presentation

Vulnerability Management – Let’s get it right this time
Vulnerability management has been around for years and we have all heard about the vulnerability management lifecycle. So why are companies still being compromised? Because they are not developing the framework and the necessary processes BEFORE they attempt vulnerability management. Vulnerability management is a complex process that has many integrated components. If an organization does not understand each of theses and development, implement, and maintain the necessary supporting processes – then it usually ends up being ineffective and expensive.

View Presentation

Information Security – From Chaos to Structure
With increased legal liability and responsibility for information security falling on corporations, how should the corporation proceed to adequately protect themselves form this exposure? It is time to take a serious look at the correct approach to the implementation of security in a structured and layered manner. It begins with increased security awareness and skills within the corporate hierarchy which is the basis for establishing the foundation of security. From that strong foundation, those skilled individuals may now cost effectively implement appropriate controls to assure the proper level of protection.

View Presentation


© 2007 Logical Security, Inc.  
Certified