“It’s my job to rethink and challenge the things we already know,” says Ralph Skywa, an IT consultant at Bechtle Nuremberg, quoting Ms Januszkiewicz. The statement also sums up the most important lesson he’s learned at the event—and it’s especially true in the field of IT security.
During the training, Ms Januszkiewicz demonstrated that, when securing a server against attacks, “deny” doesn’t always mean “deny”. “Like with Unix-based systems, the order of the rules makes a difference,” explains Mr Skywa. “That came as a surprise to several of us because we had previously been taught something else.” It’s not just her depth of knowledge that makes Ms Januszkiewicz stand out from the crowd. She also demonstrates how to put it to use so that each participant can apply it after the training is over.
Raising awareness of problematic issues.
“Security is an increasingly important topic for customers,” says Mr Skywa. Still, in his day-to-day business he often witnesses people taking a rather relaxed approach to it. More often than not, they’re trying to lock the stable door after the horse has already bolted. This is where Mr Skywa sees the most potential: “The masterclass gave us a wealth of essential information to help us better advise our customers and raise awareness about security issues.” He gives an example, stating,
“Especially mid-size companies still consider their basement server —usually it’s hardly ever administrated—as more secure than, say, storing data in the cloud. But if you look at the server’s setup, it’s easy to identify vulnerabilities and issues.”
Mr Skywa has helped many customers over the course of his career as an IT consultant. “Their servers are just sitting in a corner somewhere, with no protection from dust or other environmental hazards,” he laments. “And forget about finding a proper, let alone strategically planned, backup system. They don’t have professional firewalls or other security mechanisms either. It’s like an open invitation for attacks.”
Four days of in-depth instruction on hacking and securing.
The content and timeline of the masterclass was split into two parts. In order to understand how hackers attack Windows systems, training participants spent the first two days learning a wide range of attack scenarios. A specific training lab was even built for this purpose, allowing scenarios to be recreated while the presentation was will going on.
The last two days then revolved around how to protect systems from attacks. Mr Skywa explains, “We received a lot of information and tips in those four days. There are several settings that we’ll be configuring differently from now on when securing servers and end devices—simply because we now have a better understanding of how they work.” With respect to the challenges he faces every day, he adds, “Strategically planned backups and IT security are like insurance. You hope you’ll never need them, but if worst comes to worst, at least the damage is limited.”
Mr Skywa was very satisfied with the training itself, the trainer and her team, as well as the services provided on site. “Paula is extremely likeable, experienced and knowledgeable. She has so much to share! Even though I had already looked into security-related topics before the training, I didn’t realize just how detailed this course would be until the first day. My expectations were far surpassed, especially since I had been worried initially whether my English would be good enough for the subject matter at hand. Paula speaks English very clearly and takes her time explaining.”
Mr Skywa was also thrilled by the technology, saying, “The training lab worked without a hitch the entire week.” This training lab, implemented by Ms Januszkiewicz’s company, CQURE, is a virtual test environment in which training participants can practice what they’ve learned by carrying out attacks and implementing security measures at will. “I would recommend this masterclass to anyone who works with Microsoft, whether it’s Active Directory, Exchange, SQL Server or IT security in general. There’s something for everyone!” Mr Skywa was equally impressed with the Münster training centre, explaining, “When I last visited two years ago, it was still in the old building. The relocation alone has made a huge difference. The sunlit rooms, top-shelf technical equipment and services provided during the event—all of it was outstanding. Silke Dall’s team is excellent at what they do.”
Paula Januszkiewicz is a globally renowned security expert and Microsoft security trainer. In addition to being named a Microsoft Most Valuable Professional (MVP), she is a popular speaker and has been voted No. 1 Conference Speaker multiple times at large conferences such as Microsoft Ignite. As co-founder of CQURE, a security consultancy, she advises clients around the world while also conducting training events to raise awareness about security and teach IT experts the intricacies of Windows administration.
Ralph Skywa is an IT consultant specialising in Microsoft infrastructure. He began working for Bechtle Darmstadt in November 2016 before switching to Bechtle Nuremberg in March 2019.