1 of 86

Just because… Security Awareness is for everyone! (Just be SAFE!)

Justin David Pineda

President & Principal Consultant

justinp@pinedacybersecurity.com

https://pinedacybersecurity.com/

Just be SAFE! | J. Pineda | May 2026

2 of 86

Welcome to the Workshop!

Just be SAFE! | J. Pineda | May 2026

3-day Workshop from 8am-5pm.

Course notes and materials provided.

Answers to exercises should be placed in the template provided.

3 of 86

Links for all related materials

Just be SAFE! | J. Pineda | May 2026

SLIDE DECK

EXERCISES

WORKSHEET

REFERENCES

4 of 86

Getting to Know

(Speed Introduction)

  • Name:
  • Position/Role:
  • What are your expectations in the course?

Just be SAFE! | J. Pineda | May 2026

5 of 86

About the Facilitator: Justin Pineda

Industry

Certs

Academe

Pineda Cybersecurity

Alorica

Ingram Micro

Bnext Inc.

JG Summit Holdings Inc.

The Coca-Cola Company

Silversky/Perimeter Security

DPO ACE, CISSP, ISO/IEC 27032, ISO/IEC 27035, ISO 27034, ISO 42001, ISO 27001, CISM, CEH, GWAPT, GMOB, CEH, Security+, CCNA, IBM DB2, ISO 27002, Cato SASE, Parallels RAS, ITILv3, APMG CISM, ISC2 Trainer

Asian Institute of Management (AIM)

DLS-CSB

Asia Pacific College

LPU

NU

San Beda

Mapua

TIP

Page 5

6 of 86

Learning Process

Just be SAFE! | J. Pineda | May 2026

Answer the Pre-Test

Participate in the Discussion

Share Insights & Answer Exercises

Answer the Post-Test

* A PDF Glossary of Cybersecurity terms is also uploaded for reference.

7 of 86

Just be SAFE! | J. Pineda | May 2026

8 of 86

Just be SAFE! | J. Pineda | May 2026

9 of 86

Just be SAFE! | J. Pineda | May 2026

10 of 86

Just be SAFE! | J. Pineda | May 2026

11 of 86

Just be SAFE! | J. Pineda | May 2026

12 of 86

Just be SAFE! | J. Pineda | May 2026

13 of 86

Learning Outcomes

L1: Identify the threats, vulnerabilities, and risks in the organization.

L2: Learn common and contemporary security incidents in every � key department in the organization.

L3: Learn different ways of handling and mitigating security � incidents.

L4: Analyze and answer cybersecurity case scenarios.

Just be SAFE! | J. Pineda | May 2026

14 of 86

Common Security Misconception

That there are only 2 teams:

Attackers (Red) and Defenders (Blue)

Just be SAFE! | J. Pineda | May 2026

15 of 86

But in the actual practice…

There are seven (7) teams.

Just be SAFE! | J. Pineda | May 2026

16 of 86

Survey – Which cybersec color are you interested to explore?

    • Blue Team (Defend)
    • Red Team (Breakers)
    • Purple Team (Integrate)
    • Green Team (Automate)
    • Yellow Team (Build)
    • Orange (Educate)
    • White (Manage)
  • Why did you choose that cybersecurity color?

Just be SAFE! | J. Pineda | May 2026

17 of 86

Just be SAFE! | J. Pineda | May 2026

18 of 86

Just be SAFE! | J. Pineda | May 2026

19 of 86

Confidentiality

  • Degree to which access to information is restricted to a defined group authorized to have this access.
  • Includes measures to protect privacy

Just be SAFE! | J. Pineda | May 2026

DFA probes data breach into PHL passport tracking system

(Businessworld, Nov 2021)

20 of 86

Integrity

  • Degree to which the information is up to date and without errors.

    • Correctness
    • Completeness

Just be SAFE! | J. Pineda | May 2026

21 of 86

Availability

    • Timeliness
      • The information systems are available when needed;
    • Continuity
      • The staff can carry on working in the event of a failure;
    • Robustness
      • There is sufficient capacity to allow all staff in the system to work.

Just be SAFE! | J. Pineda | May 2026

  • Degree to which information is available for the user and for the information system that is in operation the moment the organization requires it.

22 of 86

Defense in Depth (DiD)

  • There should be multiple layers of security before gaining access to the data.

Just be SAFE! | J. Pineda | May 2026

23 of 86

Security Service and Mechanisms

  • Security Service – how objectives are manifested.
  • Security Mechanisms – solutions we can implement in the enterprise.
    • Inconvenient Truth:
      • 1.You cannot protect everything from everyone.
      • 2.There are not enough resources and money in the world to totally mitigate all risks.
      • 3.Focus on protecting the most important information first, that which must be protected, and that with the highest risk.

Just be SAFE! | J. Pineda | May 2026

24 of 86

Service & Mechanism Example

Just be SAFE! | J. Pineda | May 2026

Goal: I want to focus on physical security

Security Services: (1)Personnel security; (2) Access control

Security Mechanisms: (1) Security clearance, training, rules of behavior; (2) Biometrics, proximity card, mantraps;

25 of 86

Operational Model of Security

Just be SAFE! | J. Pineda | May 2026

For many years, the focus was on prevention.

Protection = Prevention

For example: Use of Firewall

(Conklin et al, 2011)

26 of 86

Operational Model (cont’d)

  • But what are the realities of a network environment?
  • How about Zero-day attacks?
  • How about DDoS on port 80?

Just be SAFE! | J. Pineda | May 2026

27 of 86

Operational Model (cont’d)

Just be SAFE! | J. Pineda | May 2026

28 of 86

Security Principles (cont’d)

Least Privilege – an object should only have the rights and privileges necessary to perform its task with no additional permissions.

Case of User Privilege:

Linux – sudo su (super user)

Microsoft – default admin

Just be SAFE! | J. Pineda | May 2026

29 of 86

Types of Least Privilege

  • Separation of Duties – For a given task, more than 1 person should be involved
  • Implicit Deny – If no rule states give access, then access shouldn’t be granted
  • Job Rotation – Not relying on 1 individual too heavily on a security expertise

Just be SAFE! | J. Pineda | May 2026

30 of 86

Diversity of Defense

    • Do not rely on a single brand of security device.
    • Why should companies NOT rely on a single brand of security device?

Just be SAFE! | J. Pineda | May 2026

31 of 86

Diversity of Defense

    • Why should companies NOT rely on a single brand of security device?

Just be SAFE! | J. Pineda | May 2026

Because if a VULNERABILITY is FOUND in a particular brand, NO MATTER how many devices you have, ALL OF THEM ARE VULNERABLE.

32 of 86

Diversity of Defense

    • Why should companies NOT rely on a single brand of security device?

Just be SAFE! | J. Pineda | May 2026

Because if a VULNERABILITY is FOUND in a particular brand, NO MATTER how many devices you have, ALL OF THEM ARE VULNERABLE.

33 of 86

Security through Obscurity

    • Feeling of security by hiding the asset and thinking that nobody else will think the same way.
    • Is practicing Security through Obscurity a good practice?

Just be SAFE! | J. Pineda | May 2026

34 of 86

Security through Obscurity (STO)

    • From Daniel Messler: “An example of security by obscurity is when someone has an expensive house outfitted with the latest lock system, but the way you open the lock is simply by jiggling the handle.”

Just be SAFE! | J. Pineda | May 2026

35 of 86

Cost Benefit Analysis (CBA)�

  • The cost of safeguard or protection should not be greater than the value of the asset.

Just be SAFE! | J. Pineda | May 2026

36 of 86

Cost Benefit Analysis (CBA)�

  • The cost of safeguard or protection should not be greater than the value of the asset.

Just be SAFE! | J. Pineda | May 2026

37 of 86

Information Security Management System (ISMS)

  • An ISMS provides a systematic approach to managing information security risks.
  • ISO/IEC 27001 establishes requirements for implementing, maintaining, and continually improving an ISMS.

Just be SAFE! | J. Pineda | May 2026

38 of 86

Just be SAFE! | J. Pineda | May 2026

39 of 86

Role of Auditing in Information Security

  • Auditing verifies whether security processes and controls are implemented and effective.
  • Audits rely on evidence and objective evaluation.

Just be SAFE! | J. Pineda | May 2026

40 of 86

Role of Auditing in Information Security

  • An information systems security audit:
    • Evaluates effectiveness of information security processes
    • Identifies gaps and opportunities for improvement
    • Supports continual improvement and compliance

Just be SAFE! | J. Pineda | May 2026

41 of 86

Security Relationships

Just be SAFE! | J. Pineda | May 2026

Threat Agent

Threat

Vulnerability

Risk

Asset

Exposure

Safeguard

Gives rise to

Exploits

Leads to

Can damage

And causes

Can be counter-measured by a

Directly affects

42 of 86

Security Relationship: �PhilHealth Data Breach

Just be SAFE! | J. Pineda | May 2026

Cybercriminal

Threat agent/actor

Medusa Ransomware

Threat

Expired Antivirus

Vulnerability

Personal Information

Asset

43 of 86

Activity: Which is which? �

  • Identify the
    • VULNERABILITY
    • THREAT
    • THREAT ACTOR
    • SAFEGUARD

Just be SAFE! | J. Pineda | May 2026

44 of 86

Activity: Which is which?

  • Identify the
    • VULNERABILITY
    • THREAT
    • THREAT ACTOR
    • SAFEGUARD

  • HACKTIVIST

Just be SAFE! | J. Pineda | May 2026

45 of 86

Activity: Which is which?

  • Identify the
    • VULNERABILITY
    • THREAT
    • THREAT ACTOR
    • SAFEGUARD

  • ANTI-MALWARE

Just be SAFE! | J. Pineda | May 2026

46 of 86

Activity: Which is which?

  • Identify the
    • VULNERABILITY
    • THREAT
    • THREAT ACTOR
    • SAFEGUARD

  • PHISHING

Just be SAFE! | J. Pineda | May 2026

47 of 86

Activity: Which is which?

  • Identify the
    • VULNERABILITY
    • THREAT
    • THREAT ACTOR
    • SAFEGUARD

  • NO PIN CODE MOBILE PHONE

Just be SAFE! | J. Pineda | May 2026

48 of 86

Activity: Which is which?

  • Identify the
    • VULNERABILITY
    • THREAT
    • THREAT ACTOR
    • SAFEGUARD

  • RANSOMWARE

Just be SAFE! | J. Pineda | May 2026

49 of 86

Activity: Which is which?

  • Identify the
    • VULNERABILITY
    • THREAT
    • THREAT ACTOR
    • SAFEGUARD

  • SCRIPT KIDDIES

Just be SAFE! | J. Pineda | May 2026

50 of 86

Activity: Which is which?

  • Identify the
    • VULNERABILITY
    • THREAT
    • THREAT ACTOR
    • SAFEGUARD

  • OUTDATED WEB BROWSER VERSION

Just be SAFE! | J. Pineda | May 2026

51 of 86

Activity: Which is which?

  • Identify the
    • VULNERABILITY
    • THREAT
    • THREAT ACTOR
    • SAFEGUARD

  • TROJAN

Just be SAFE! | J. Pineda | May 2026

52 of 86

Cyber Threat Environment

Cyber Threat

  • Activity intended to compromise the security of an information system by altering the availability, integrity, or confidentiality of a system or the information it contains.

Cyber Threat Environment

  • Online space where cyber threat actors conduct malicious cyber threat activity.

Just be SAFE! | J. Pineda | May 2026

53 of 86

Cyber Threat Environment

  • What apps and websites do you use?

Just be SAFE! | J. Pineda | May 2026

54 of 86

Namechk

Just be SAFE! | J. Pineda | May 2026

55 of 86

Namechk

Just be SAFE! | J. Pineda | May 2026

56 of 86

Namechk

  • Limit the apps that process your data!
  • Deactivate those apps that you are not using
  • No need to create accounts every time.
  • There is an opt out provision

Just be SAFE! | J. Pineda | May 2026

57 of 86

Cyber Threat Actor and Motivation

Just be SAFE! | J. Pineda | May 2026

Cyber Threat Actor

Motivation

Nation-states

Geopolitical

Cybercriminals

Profit

Hacktivists

Ideological

Terrorist Groups

Ideological Violence

Thrill-Seekers

Satisfaction

Insider Threats

Discontent

Anonymous

Hacktivists

Employee Negligence

Insider Threats

58 of 86

Cyber Threat Surface

  • Refers to all the available endpoints that a threat actor may attempt to exploit in Internet-connected devices within the cyber threat environment.

Just be SAFE! | J. Pineda | May 2026

59 of 86

Where to begin in the organization?

Just be SAFE! | J. Pineda | May 2026

Always participate in security awareness activities.

Report security incidents to the IT team.

Follow organization’s information security policies.

Be proactive in voicing out concerns to improve security.

60 of 86

Social Engineering

Just be SAFE! | J. Pineda | May 2026

Psychological attack where attackers trick or fool victims.

Key Points:

Train employees what social engineering is

How to spot most common indicators of social engineering

What to do when they spot one

61 of 86

Just be SAFE! | J. Pineda | May 2026

62 of 86

Just be SAFE! | J. Pineda | May 2026

63 of 86

Just be SAFE! | J. Pineda | May 2026

64 of 86

Just be SAFE! | J. Pineda | May 2026

65 of 86

Just be SAFE! | J. Pineda | May 2026

66 of 86

Just be SAFE! | J. Pineda | May 2026

67 of 86

Just be SAFE! | J. Pineda | May 2026

68 of 86

Just be SAFE! | J. Pineda | May 2026

69 of 86

Just be SAFE! | J. Pineda | May 2026

70 of 86

Just be SAFE! | J. Pineda | May 2026

71 of 86

Just be SAFE! | J. Pineda | May 2026

72 of 86

Just be SAFE! | J. Pineda | May 2026

73 of 86

Just be SAFE! | J. Pineda | May 2026

74 of 86

Just be SAFE! | J. Pineda | May 2026

75 of 86

Just be SAFE! | J. Pineda | May 2026

76 of 86

Just be SAFE! | J. Pineda | May 2026

77 of 86

Scenario 1: Instant Promotion

You receive a confidential email from your organization’s CEO informing you that you are being promoted, but you are instructed not to tell anyone yet. You verify that the email appears to have come from the CEO’s account. However, the CEO asks you to send copies of your last two months’ payslips to a different email address for “review.” The email also states that if you fail to send the documents within the day, the promotion opportunity will be given to someone else.

What would you do in this situation?

Just be SAFE! | J. Pineda | May 2026

78 of 86

Scenario 2: Surprise Penalty

Someone from the accounting department received an email claiming that the company would incur a penalty for failing to submit certain government documents on time. Concerned about the issue, she clicked the link in the email to view more information. She then downloaded and opened an attached PDF file. Upon opening the file, ransomware was executed, encrypting her computer and spreading to other machines across the network.

If you were in the office and discovered this incident, what actions would you take?

Just be SAFE! | J. Pineda | May 2026

79 of 86

Knowledge Check # 1

  1. Which principle ensures information is accessible when needed?
  2. Integrity
  3. Confidentiality
  4. Availability
  5. Authentication

Just be SAFE! | J. Pineda | May 2026

80 of 86

Knowledge Check # 2

2. What does ISMS stand for?

  1. Information Security Monitoring Standard
  2. Information Security Management System
  3. Internal Security Management Service
  4. Integrated System Monitoring Solution

Just be SAFE! | J. Pineda | May 2026

81 of 86

Knowledge Check # 3

3. Which of the following is an example of a security control?

  1. Data breach
  2. Encryption
  3. Malware
  4. Human error

Just be SAFE! | J. Pineda | May 2026

82 of 86

Knowledge Check # 4

4. What is the main purpose of information security auditing?

  1. Increase sales
  2. Evaluate effectiveness of controls
  3. Hire employees
  4. Reduce hardware costs

Just be SAFE! | J. Pineda | May 2026

83 of 86

Knowledge Check # 5

5. Which principle protects information from unauthorized modification?

  1. Availability
  2. Integrity
  3. Confidentiality
  4. Accountability

Just be SAFE! | J. Pineda | May 2026

84 of 86

References and Further Reading

  • ISO/IEC 27001:2022 – Information Security, Cybersecurity and Privacy Protection — Information Security Management Systems — Requirements
  • ISO/IEC 27002:2022 – Information Security Controls
  • PECB Certified ISO/IEC 27001 Lead Auditor Training Materials (Version 14.0)
  • https://hyperproof.io/resource/a-comprehensive-guide-to-isms/

Just be SAFE! | J. Pineda | May 2026

85 of 86

Terminologies

  • Information Security - Protecting information from unauthorized access, use, change, or loss
  • ISMS (Information Security Management System) - Framework for managing and improving information security
  • Confidentiality - Allowing access only to authorized users
  • Integrity - Keeping information accurate and complete
  • Availability - Ensuring information and systems are accessible when needed
  • Risk - Potential impact of uncertainty on objectives
  • Control - Safeguard used to reduce security risks
  • Audit - Evaluation of controls for compliance and effectiveness

Just be SAFE! | J. Pineda | May 2026

86 of 86

Just because… Security Awareness is for everyone! (Just be SAFE!)

Justin David Pineda

President & Principal Consultant

justinp@pinedacybersecurity.com

https://pinedacybersecurity.com/

Just be SAFE! | J. Pineda | May 2026