EC-Council

Top 30
Cybersecurity Whitepapers
of 2020
EC-Council Cyber Research
https://blog.eccouncil.org/cyber-research/

Harnessing Knowledge to Defend Cyber Space

Top 30 Cybersecurity Whitepapers of 2020 01
 EC-Council

02 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 03

 Preface
2020 turned the tides on the way organizations used to function. A massive
change in the status quo forced many of us to reconsider our strategies.
This was also the year when online threats became more dangerous
and personal. Cyber attackers innovated their style of operations. They
were quick to breach the new unprotected threat surfaces created when
millions of employees started working from home.

As a result, cybersecurity now dominates the priorities of every

organization as they adapt to a post-COVID world. It is as critical as internet
access itself. While 2020 saw an increase in the number of cyberattacks,
cybersecurity also went through an advancement like never before. The
current cybersecurity posture has become a top priority for industries and
organizations to protect their valuable information and production flow.

At EC-Council, we have a responsibility to ensure that learners and the

business community continue to thrive and develop by assimilating
knowledge. We understand that having related information and awareness
is essential for individuals and organizations to stay ahead of cyber threats.
To this end, we strive, day in and day out, to compile content-rich resources,
which are made freely accessible to the cybersecurity community in the
form of whitepapers, webinars, blogs, online video training, and much
more.

However, such a daunting task would not have been possible without
the amazing contributions we have received from various security
professionals. This list is the “Hall of Fame” compilation of all the subject
matter experts who have contributed to expanding our resources,
especially whitepapers and webinars, for the year 2020.
Jay Bavisi The EC-Council Cyber Research team expresses its heartfelt gratitude and
CEO, EC-Council Group
thanks to each one of these subject matter experts. We’re confident that
this repository of whitepapers is bound to be of great help to students and
cybersecurity professionals in many ways.

04 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 05

Index
Wireless Pen Testing to Protect Wireless Networks Compromise Assessment: How Safe Is Your System
09 45
- Kunal Sehgal - Rishi Rajpal

Artificial Intelligence to Combat Social Engineering Attacks Cybersecurity Controls to Alleviate Cybersecurity Risks and Prevent Data Breaches
11 49
- Puneet Mehta - Abhishek Anand

SOC Analyst to Combat Cyberattacks Guidebook by CISOs During COVID-19

13 51 
- Salman Khwaja - Abbas Kudrati

How to Create an Effective Disaster Recovery Plan in 5 Steps Defend Your Security Posture with DRaaS
17 53
- Rakesh Sharma - Carlos Travagini

Secure Your Network with Possible Defensive Mechanisms Cybersecurity Education: The Best Path to a Rewarding Career
19 57
- Manish Sehgal - Sumit Nigam

Ransomware Attack – What Is It and What Is Its Impact Forensics Strategy: Your Guide to Build One
23 59
- Vinit Sinha - Sachin Yadav

A CISO’s Top Priorities During COVID-19 What Is Penetration Testing? A Step By Step Approach
25 63
- Tom de Haan - Sandeep Jayashankar

Threat Intelligence and Proactive Defense with AI-ML Best Security Controls for a Digital World
27 65
- Ankit Satsangi - Anis Pankhania

Role of a Pen Tester in Ethical Hacking What Is Privilege Escalation and How Does It Work?
31 69
- Rahil Karedia - Amit Ghodekar

How to Keep Your Digital Banking Safe from Rising Threats All About Steganography and How It Works
33 71
- Kishore Chavali - Conan Bradley

A Day in the Life of a Modern CISO Role of Social Engineering in Pen Testing
35 75
- Ramiro Rodrigues - Aditya Khullar

How to Encrypt and Decrypt Your Data Penetration Testing Methods for Internet of Things
39 77
- Dr. Lopa Mudraa Basuu - Tim Chase

Best Strategies to Overcome Disaster Recovery Challenges How to Secure Firewalls Through Penetration Testing
41 81
- Rajiv Sharma - Pappu Mandal

Detecting Crimes Done in the Cloud Vulnerability Assessment: 6 Best Steps to Better Security
43 83
- Hosam Badreldin - Gabriel Mandefu
 Wireless Pen Testing to Protect
Wireless Networks (Using WPA2
Over Advanced WPA3)
Wireless penetration testing has long been believed to be the most
effective way to find exploits and verify whether a system is vulnerable.
Also, it frequently allows the security analyst (ECSA) to find new
vulnerabilities. Penetration testing plays a vital role in the network
security policy of every organization. It gives a bird’s eye perspective
on the current level of network security. It also helps identify what
information is exposed to the public. By imitating attack scenarios with Kunal Sehgal
all the possible situations, wireless penetration testing helps identify
and reduce security risks. Furthermore, it identifies overlooked areas in
Former Managing Director for
terms of security and allows network engineers to improve their current
networking infrastructure. Global Resilience Federation

How to Keep Your Accounts Safe Kunal Sehgal is a cyber evangelist who invests his non-working hours reading, blogging,
and researching on security-related topics. He has earned 17 certifications and degrees,
from Credential Stuffing has co-authored two whitepapers, and is the official reviewer of five published books on
cybersecurity. Professionally, he has accumulated a wealth of experience, over the last
Credential stuffing implies the use of stolen credentials and information
to gain unauthorized access to people’s accounts. Unlike the brute 15+ years, across multiple geographical locations, and is currently working for an MNC
force method, credential stuffing attacks simply automates the login Bank as the Director for Cyber Resilience.
to millions of previously discovered credential pairs using standard web
automation tools. The current manuscript discusses the functioning of https://blog.eccouncil.org/wireless-pen-testing-to-protect-wireless-networks-using-
this attack from the methods of procurement of information to make wpa2-over-advanced-wpa3/
financial gains through it, and its impact upon the cyber industry. This
manuscript highlights the role of automation in web-based applications,
https://blog.eccouncil.org/how-to-keep-your-accounts-safe-from-credential-stuffing/
along with different automated tools used by hackers for credential
stuffing. This manuscript also discusses the scope of this attack and
methods to be incorporated by organizations into their security features
to mitigate its effects.

08 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 09

 Puneet Mehta
Artificial Intelligence to Combat
Social Engineering Attacks Chief Technologist & Principal
Advisor, Global Advisory Service,
Social engineering is on the rise, and organizations need to respond
SDG Corporation
to it appropriately. Humans are usually the weakest factor in
maintaining social security; this is why smart hackers target humans,
not machines. As we know, social engineering attacks are rapidly With over 22+ years of experience in diverse technical, planning, design, and execution
increasing in today’s networks and are weakening the cybersecurity aspects of global cybersecurity & risk programs, Puneet Mehta is a trusted security
chain due to the advancement of digital communication technology. advisor, researcher, author, speaker, and cybersecurity evangelist. As a trusted advisor
to many Fortune Global 500 clients, his area of expertise is diverse across multiple
domains of cybersecurity such as cyber defense, red teaming/penetration testing, threat
hunting & intelligence, cyber incident handling & response, digital forensics, cyber risk
management, cognitive/AI security, IT/ICS security, identity and access, data protection,
application/software security, cyber engineering, security automation, and compliance
initiatives. His current research interest includes the building and operation of large-
scale and cutting-edge security platforms in complex and fast-paced environments.

https://blog.eccouncil.org/artificial-intelligence-to-combat-social-engineering-attacks/

10 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 11

 SOC Analyst to Combat Salman Khwaja
Cyberattacks Manager, Application Security, TPS
Maintaining a SOC (Security Operations Center) is an important Pakistan Pvt. Ltd.
status symbol for various organizations. Very few SOCs are useful
in counteracting/reducing cyberattacks and IT abuse, and there is
Salman Khwaja has over 13+ years of professional experience working as an application
no standard framework available and no clear vision on SOCs. Many
security personnel, technical writer, quality assurance professional, and information
organizations are still left for guidance on how to properly implement
system auditor. His knowledge and experience in application security and security
a SOC. This paper highlights how a SOC can be institutionalized,
operations reflect in his recent EC-Council Cyber Research publication – “SOC Analyst
operated, and maintained.
to Combat Cyberattacks,” which discusses a new approach to SOC analysis based on
artificial intelligence and machine learning.

His wide range of expertise includes process improvement, engineering, strategy

and planning, application security test planning, execution and automation, systems
hardening, configuration management, and information systems audits. He is also a
known speaker at EC-Council Cyber Talks, where he discusses the importance of SOC
in various organizations.

https://blog.eccouncil.org/soc-analyst-to-combat-cyberattacks/

12 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 13

 EC-Council

14 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 15

 How to Create an Effective Rakesh Sharma
Disaster Recovery Plan in 5 Steps
Technical Information Security
When organizations get hacked, how do disaster recovery and Officer (TISO), Citi
business continuity professionals save the day? Disaster Recovery can
be described as the process of mitigating and recovering from the
effects of a cyberattack. A disaster recovery plan/policy not only details With more than 15 years of experience in application and information security, Rakesh
a D-day protocol to be followed upon the realization of the incident Sharma is a cloud architect security expert and a trusted security advisor with a wide
but also, at the core of its process operation, helps the organization range of expertise in the domains of IVR, SaaS, RPA, information security risk reviews,
recover the affected information and assets, in addition to repairing threat modeling, architecture risk reviews, vulnerability assessment & penetration
and restoring the damage done to the business operation. testing, network forensics, sandboxing, situational awareness, etc.

His current research interest lies in the domain of disaster recovery, which is well reflected
in EC-Council’s Cyber Research publication - “How to Create an Effective Disaster
Recovery Plan in 5 Steps.” This whitepaper outlines the impeding cybersecurity risks for
any organization and how they can stabilize their business process and its continuity
quickly after an incident or breach.

https://blog.eccouncil.org/how-to-create-an-effective-disaster-recovery-plan-in-5-
steps/

16 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 17

 Secure Your Network with
Possible Defensive Mechanisms Manish Sehgal
Network security has become crucial to computer users, military,
private, and government organizations. Along with the advancements
Chief Information Security Officer
in our digital lifestyle, the risks involved, and the corresponding (CISO), AU Small Finance Bank
digital security, have also become a significant concern. In such Limited
an environment, the current internet security involved in network
Manish Sehgal has over 22+ years of experience in information security across different
topology and its subsequent security measures applied cannot
industries such as banking, manufacturing, telecom, travel, education, and ITES. As a CISO
work effectively for emerging technologies. Hence, more robust
of AU Small Finance Bank and a trusted advisor to its board members, his specialization
developments are required for every secured network, and the
includes information security project & program management; managing governance,
foremost essential for these developments are the life cycle phases,
risk, and compliance (GRC); risk management; information security controls assessment
such as designing, planning, building, and operating a network that
and implementation; regulatory and compliance audits (internal and external); handling
is essential for an active security policy.
security incidents, and implementing security awareness programs.

His current field of interest involves working with different aspects across multiple layers
of network security, as reflected in his EC-Council Cyber Research publication - “Secure
Your Network with Possible Defensive Mechanisms.” Manish Sehgal is also a speaker on
multiple cybersecurity forums and is a hard-core information security professional and
network security advisor.

https://blog.eccouncil.org/secure-your-network-with-possible-defensive-mechanisms/

18 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 19

 EC-Council

20 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 21

 Ransomware Attack – What Is It Vinit Sinha
and What Is Its Impact Head - Information Security, Cyber
Ransomware is a specific type of malware (malicious software) Security and Data Privacy, Pine Labs
designed to encrypt data stored on computer networks with the
primary objective of obtaining financial gains by selling the decryption
With more than 15 years of experience in information security, cybersecurity, data privacy,
of the target’s information. Ransomware attacks have impacted
and risk management, Vinit Sinha is a multifaceted technical leader. With profound
industries around the globe. With the loss of sensitive information
knowledge and experience in domains such as information security, cybersecurity,
and regular operation disruption, it is estimated to be responsible for data privacy, audit, governance, and compliance, he has delivered optimal solutions to
the loss of hundreds of millions of dollars annually. industries such as automobile, telecom, BFSI, BPO/ITE, etc.

Along with being an advisory board member to EC-Council cybersecurity certifications,

he is also a joint secretary of ISACA New Delhi Chapter and a prominent speaker
advocating for information security solutions against ransomware attacks.

His specializations include identity and access management, threat and vulnerability
management, API security, mobile security, threat intelligence, malware analysis,
governance, compliance, risk management, disaster recovery planning, and business
continuity planning.

https://blog.eccouncil.org/ransomware-attack-what-is-it-and-what-is-it-impact/

22 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 23

 A CISO’s Top Priorities During
COVID-19
Tom de Haan
A CISO is the security leader of the organization. The role of the
CISO is to support the primary business of multiple divisions and Chief Information Security Officer
operations of an organization from a security point of view. Though (CISO), Drechtsteden
from the technical perspective, the key security responsibilities of a
CISO revolve around predicting, identifying, protecting, responding
to, and recovering from cyber threats, the CISO is also responsible
Tom de Haan has more than 20 years of work experience in IT and cybersecurity, which
for looking after governance, compliance, audits, risk management,
includes his position with Vrije University Amsterdam as a Guest Lecturer. As the CISO of
identity and access management, legal and HR, and the enablement
Drechtsteden Municipalities, he works to strengthen the cyber resilience for hundreds of
of various aspects of business operations. They also have responsibility thousands of digital users situated in and around Drechtsteden. While focusing on the
for the selection, training, and formation of a dedicated team of security of vital infrastructures and critical processes, Tom also focuses on updating his
threat intelligence analysts for analyzing and predicting threats and skills through certifications and obtaining knowledge from international conferences.
vulnerabilities. His current research interest revolves around the priorities and responsibilities of a CISO
during the current pandemic that has challenged the security of digital infrastructure
in a completely different way.

https://blog.eccouncil.org/a-cisos-top-priorities-during-covid-19/

24 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 25

 Threat Intelligence and Proactive
Defense with AI-ML
Cyber Threat Intelligence (CTI) has become a trending topic. It is
being considered by many organizations to counter potential cyber
threats. Traditional methodologies can block regular cyber threats,
but today cyber criminals and hackers are using sophisticated/
advanced techniques to attack an organization. Advanced targeted
attacks, including Advanced Persistent Threats (APTs), are one of Ankit Satsangi
the most dangerous attacks that organizations have to deal with.
However, the threats and the techniques that cybercriminals and
Virtual CISO & Security Advisor
hackers employ are constantly evolving, due to which the security
strategies of many businesses have failed.

COVID-19 Remote Working – Ankit Satsangi is a global thought leader and cybersecurity advisor with more than
eight years of experience in cyber resilience. He is currently the global advisory board

Challenges and Impact member for EC-Council’s Incident Response training and certification. His work is closely
engaged with the protection of the network, data, data centers, servers, assets, etc. He
is also engaged with cyber threat intelligence and its applications involving artificial
At the beginning of the year 2020, the COVID-19 outbreak was
intelligence and machine learning, the concepts of which he described in detail in his
declared a pandemic and has caused a huge impact on people’s lives,
recent publication with EC-Council Cyber Research entitled “Threat Intelligence and
families, and organizations’ work culture. With such uncertainties, it
Proactive Defense with AI-ML.”
has become difficult to gauge the difference between real and fake
news. In such a change, cybercriminals are trying to profiteer out of Ankit Satsangi is a security professional with expertise across endpoint and network
this pandemic. protection. His research interests involve, but are not limited to, penetration testing,
incident response, risk management, SOC automation, SOC orchestration, carbon black
incidence response, vulnerability assessment, Data Leakage Prevention (DLP), and social
media and email security.

https://blog.eccouncil.org/threat-intelligence-and-proactive-defense-with-ai-ml/

https://blog.eccouncil.org/covid-19-remote-working-challenges-and-its-impact/

26 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 27

 EC-Council

28 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 29

 Rahil Karedia
Role of a Pen Tester in Ethical
Hacking Team Lead – Threat Intelligence,
Network Intelligence (I) Pvt. Ltd.
Penetration testing is more of an art than a science. It is the process of
trying to gain unauthorized access to authorized resources. To put it
simply, penetration testing is “breaking into your system” to see how Rahil Karedia is a global thought leader with more than five years of experience in the
hard it is to do. It is the main branch of network security evaluation; cybersecurity industry. He is currently leading Threat Intelligence and Security Advisory
the main aim of penetration testing is to provide analysis to discover services at Network Intelligence (I) Pvt. Ltd. He is closely engaged with intelligence-
the vulnerabilities and security threats in a network. driven threat detection, incident handling, and incident response & investigation. He
is also engaged with intelligence-driven cyber risk management, threat landscape
analysis and prediction, attack surface analysis, and threat profiling.

Rahil is currently serving on EC-Council’s Global Advisory Board for CTIA and has jointly
authored a Cyber Research whitepaper on “Role of a Pen Tester in Ethical Hacking” with
EC-Council.

Rahil is also focused on terrorism & cyber terrorism, CBRN terrorism, and human
trafficking & migrant smuggling issues. He has jointly collaborated with the US Army,
US Army TRADOC, and CSFI on four projects related to cyber intelligence, cyberspace
operations, and telecommunication & internet surveillance.

https://blog.eccouncil.org/role-of-pen-tester-in-ethical-hacking/

30 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 31

 How to Keep Your Digital Banking
Safe from Rising Threats Kishore Chavali

As most cybercrimes are committed for the sake of financial gains, it Assistant Vice President, Barclays
is only logical for the banking/financial sector to be the prime target. Investment Bank
Being the most prominent industry to be affected by cyberattacks,
a continuous need arises for the development of security measures
and compliance guidelines for both industry experts and novice Kishore Chavali is an experienced cybersecurity professional with over nine years of
users. This review discusses high-level challenges within the area experience in security advisory, incident management, data privacy, data protection,
and detailed trends of digital banking frauds, the different modes ISO 27001, cryptography, and ITIL. He is currently the Assistant Vice President for
of attacks associated with digital banking such as session hijacking, Data Protection at Barclays Investment Bank and has a strong aptitude for business
cookie hijacking, the man in the middle, etc. It also covers certain development skills. His recent EC-Council Cyber Research publication - “How to Keep
best practices to be followed to keep the payment systems secure. Your Digital Banking Safe from Rising Threats,” discusses different threats impacting
digital banking and online payment modes along with its mitigations. His specializations
in the digital banking and cybersecurity domain include security audits, risk assessment,
network security, information security, data protection, and cryptography.

https://blog.eccouncil.org/how-to-keep-your-digital-banking-safe-from-rising-threats/

32 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 33

 Ramiro Rodrigues
A Day in the Life of a Modern
CISO Director of Security and Risk
Management (CISO), Gartner
Over the last two decades, the role of a CISO has gained significant
importance for businesses. The life of a CISO can vary quite a bit
based on the organization’s size and business complexities. Even With more than 22+ years of experience in information security and IT risk management,
though CISOs work for different domains calling for different job Ramiro Rodrigues is currently the CISO and director of Security and Risk Management
responses, they do, however, face similar challenges and often make at Gartner. He is a researcher and author, with his recent EC-Council Cyber Research
similar quick decisions to help secure their businesses. publication entitled “A Day in the Life of a Modern CISO,” describing the daily challenges
and responsibilities of a Chief Information Security Officer (CISO).

His specializations include cybersecurity architecture and strategy planning, information

security organization and talent management, privacy and data protection officer
(LGPD/GDPR), application and products security in Agile (DevOps and DevSecOps),
cloud security strategy for platforms (IaaS, SaaS, PaaS), third-party risk management,
threat and vulnerabilities management, incident response and cyber investigations,
consumer identity and access management, and culture hacking mindset.

https://blog.eccouncil.org/a-day-in-the-life-of-a-modern-ciso/

34 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 35

 EC-Council

36 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 37

 How to Encrypt and Decrypt Your
Data
The ability to share information between people across the globe
is logically possible only through a compatible channel known
as the network, which is both an important mode of information
transfer throughout the web and also the prime source for its leak. Dr. Lopa Mudraa Basuu
Though continuously protected, the ceaseless advancements in
technologies give threat actors room to grow and develop their Executive Director, Cyber Risk &
tools and methodologies. Encryption is a subset of network defense, Information Security, Sysinnova
wherein the data itself is encrypted or locked while it is being
Infotech
transferred through the channel, such that only the people having the
corresponding key can open or decrypt to read the information. The Dr. Lopa Mudraa Basuu is currently the Executive Director for Cyber Risk & Information
current manuscript discusses the role of the Advanced Encryption Security at Sysinnova Infotech and has 19+ years of rich and versatile experience in this
Standard (AES) in encrypting data in detail, along with its expression domain. She is a cybersecurity evangelist with specializations in enterprise security
using a well-known programming language named Python. The & risk governance portfolio management, strategic alignment of technology with
manuscript, along with the application of AES, thoroughly discusses business & regulatory requirements, cyber defense program management, security
its workings through a description of the different modes of coding operations, security training, architecting network security, security & risk-based audit
life cycle management, and tech-audit & standardization & compliance program life
expressions in application programming interfaces. The article also
cycle management (PCI DSS, SOC, ISO/IEC 27001:2013, ISO 22301:2012, ISO 20000, ISO
describes the benefits of encryption in privacy and risk mitigation
31000, COSO, CobiT, VALIT, ITIL, DAMA, HIPAA, DPF/DSF, WCA).
and tries to reflect the amount of knowledge and resources that go
into encrypting the most basic but essential information required in She has authored EC-Council Cyber Research publications such as “How to Encrypt and
our day-to-day lives. Decrypt Your Data,” discussing the importance and functioning of the AES algorithm.
Dr. Bassu is also a regular speaker and panelist on multiple cybersecurity forums, and
her research interest involves IoT security in automobiles.

https://blog.eccouncil.org/how-to-encrypt-and-decrypt-your-data/

38 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 39

 Best Strategies to Overcome
Disaster Recovery Challenges Rajiv Sharma

Unforeseen and unexpected disaster events are a persistent issue Vice President, EXL Service
in any organization. In the era of digital transformation, technology
solutions and IT enable services to play a critical role in business
resilience in the event of a disruption. One of the most important
activities in the recovery of business is the recovery of the IT Rajiv Sharma is currently the Vice President of EXL Service and has more than 24 years
environment, supporting organizations’ key business processes to a of experience in information technology, cybersecurity, information security governance
steady-state within an acceptable timeline. However, developing an & compliance, and disaster recovery & business continuity planning. His wide range of
effective and robust disaster recovery plan will ensure that IT assets experience involves the identification of cybersecurity risks in an ever-changing cyber
and services, and data would be made available within the agreed threat landscape, as well as designing/recommending, and implementing/establishing
timeline. control environments to mitigate the risks.

Rajiv has in-depth, hands-on experience in the field of cybersecurity risk and
implementation across multiple industries like fast-moving consumer goods (FMCG),
automobile, telecom, manufacturing, retail financial services (banking & capital market),
insurance, and ITeS. His current research interest involves disaster recovery and business
continuity of organizations affected by a breach or other cybersecurity incidents.

https://blog.eccouncil.org/best-strategies-to-overcome-disaster-recovery-challenges/

40 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 41

 Detecting Crimes Done in the
Cloud
Hosam Badreldin
Cloud computing is gaining popularity with the increase in adoption
by various industries and tech firms, but still, not everyone is capable
or aware of cloud forensics. Many firms that adopt cloud facility
Director, Cloud Infrastructure
for application and data storage lack any established well-defined Strategy, Thales
forensic capability. With the growing popularity of the cloud,
crime related to the cloud is also increasing, and with the security
infrastructure of the cloud being handled by the Cloud Services Hosam Badreldin is currently the Director of IT, Cloud Strategy, Security, and
Transformation for Thales and has more than 13 years of experience in cloud infrastructure
Provider (CSP), cloud forensics inabilities put the organization in
security. He is a cybersecurity strategist who is experienced in various sectors such as
an awkward position. This manuscript describes cloud and cloud
education, hospitality, telecommunications, and digital security. His current research
forensics along with some of their process flows, dimensions,
interest deals with cloud security infrastructure, which strongly reflects in his recent
challenges, etc. This manuscript also discusses the Cloud-forensics- EC-Council Cyber Research publication - “Detecting Crimes Done in the Cloud,” which
as-a-Service (CFaaS) as a prominent solution for some of the major touches upon the technical, organizational, and legal dimensions of cloud forensics.
challenges faced by cloud forensics.
His specializations include cloud architect, cloud PaaS, cloud IaaS, decentralized cloud
operations, cloud-based firewall, SD-WAN, vulnerability assessment, risk assessment,
security monitoring and alerting, network monitoring and alerting, auditing, and
compliance.

https://blog.eccouncil.org/detecting-crimes-done-in-the-cloud/

42 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 43

 Compromise Assessment: How
Safe Is Your System
The cybersecurity landscape is frequently changing due to the Rishi Rajpal
rapid development of the latest technologies, and this change is
both beneficial and harmful. Hackers are ramping up their assets Vice President – Global Security,
and technologies to obtain more stealth to bypass the system/ Concentrix Corporation
network defenses of an organization, and due to the existence
of various challenges such as lack of resources, skills, and finance,
not every firewall or network defense is perfect. Thus, the need for Recognized by the CISO platform, Rishi Rajpal is an influential cybersecurity professional
the evaluation of an organization’s digital space for compromises dedicated to the protection of client and corporate data and assets. He currently works
is necessary. By searching for artifacts and indicators that prove as Vice President for Global Security at Concentrix Corporation. His work closely engages
whether a system/network has been compromised or not, the with information security and audit, cloud security, risk management, privacy protection,
corresponding vulnerability and the damage done could be identified incident response, vulnerability assessment, compromise assessment, and much more.
and mitigated. This process of searching for artifacts is called threat
Rishi Rajpal’s recent publication entitled “Compromise Assessment: How Safe Is Your
hunting, and the current manuscript describes in detail the types,
System” with EC-Council Global Services describes the need for organizations and
tools, and challenges of a threat hunting program. industries to adopt compromise assessment as part of their security plan and policy
despite their current defense mechanisms and security protocols.

https://blog.eccouncil.org/compromise-assessment-how-safe-is-your-system/

44 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 45

 EC-Council

46 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 47

 Cybersecurity Controls to
Alleviate Cybersecurity Risks Abhishek Anand
and Prevent Data Breaches
Market Strategy Advisor, Castellum
(Enterprise, Network, End Point) Labs

With the development of advanced technologies and automation,

Abhishek Anand has been part of multiple industry-defining initiatives in both emerging and
cybersecurity controls have become omnipresent. Cybersecurity has developed markets, including South Asia, North America, Africa, the Middle East, and Europe.
become an essential and effective way to handle threats and risks. He has been instrumental in solving problems for large enterprises around issues related to
risk management, cybersecurity, IT strategy, regulatory & compliance, vendor performance, and
It protects data not only by using secure data platforms but also by
outsourcing.
implementing security controls within the network and systems.
Though hackers have unveiled ideas to perform an attack using With over 15+ years of corporate experience, Abhishek has held senior and middle management
positions with leading global professional services firms, including Ernst & Young and PwC,
advanced technology, organizations are becoming more alert in
and technology & telecom leaders, including Bharti Airtel and Reliance Communication. He
safeguarding and strengthening their security postures. specializes in simultaneously managing multiple technologies and innovation initiatives for large
business houses. Some of these include Reliance Jio, Bharti Airtel, CenturyLink, and Millicom. As
part of these engagements, he has led the building of large delivery, product management, and
innovation teams, which have included teams spread across multiple geographies.

Over the last few years, Abhishek has also been active in the startup ecosystem as a consultant
and advisor. These include startups in the cybersecurity, agritech, fintech, and healthcare space.
Abhishek is an advocate of diversity & inclusion and actively works with organizations driving
initiatives around women and child rights.

https://blog.eccouncil.org/cybersecurity-controls-to-alleviate-cybersecurity-risks-and-prevent-
data-breaches-enterprise-network-end-point/

48 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 49

 Guidebook for CISOs During
COVID-19
COVID-19 has forced businesses to adapt to the changes in the
working environment, which in turn has exposed the organizations
Abbas Kudrati
to increasing cyber risks. Most organizations where employees are
working from home have created an opportunity for attackers to take Chief Cybersecurity Advisor-APAC,
advantage of the situation and execute attacks accordingly. A CISO, Microsoft
who leads the security in organizations, faces a lot of challenges to
combat cyber threats and ensure sound security.
With 21+ years of experience in information security, Abbas Kudrati is currently the Chief
“COVID-19 has compelled businesses to adopt new ways of working Cybersecurity Advisor at Microsoft Asia Pacific and has abundant experience in the
to meet new patterns of demand. To fit the business, cybercriminals domains of cloud security, digital transformation, zero-trust network architecture and
have adopted new tactics to exploit the freshly made changes. Can strategy, cybersecurity strategy and road map development, stakeholder engagement,
your cyber controls meet the challenge?” vendor management, security operation, incident management, security governance,
compliance management, enterprise security architecture, and security awareness.
Here are some common challenges CISOs are facing after the
The continuously changing trends in cybersecurity inspire Abbas Kudrati’s area of
COVID-19 outbreak and what preventive measures they should take
research, which very well reflects in his recent EC-Council Cyber Research publication -
to overcome the cyber risks as security leaders.
“Guidebook by CISOs During COVID-19,” which discusses the roles and responsibilities of
a CISO towards the effect of this pandemic upon the cybersecurity domain.

https://blog.eccouncil.org/guidebook-by-cisos-during-covid-19/

50 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 51

 Defend Your Security Posture Carlos Travagini
with DRaaS Chief Information Security Officer
An organization’s IT environment faces overwhelming security (CISO), FIEMG
risks and threats. In order to ensure the continuity of their critical IT
activities, organizations need to be prepared for a significant crisis
beforehand by creating a Disaster Recovery Plan. The development of With a consolidated experience of 19 years in the domain of information technology,
Carlos Travagini is a revered cybersecurity professional who has also served on reputed
cloud computing solutions and their adoption within the companies
panels for Top CISO selection initiatives and is an International Advisory Board member
brought in new practices. One of them is popularly known as Disaster
for CCISO-Americas. He is also a member of ANPPD® - National Association of Data
Recovery as a Service (DRaaS).
Privacy Professionals (Brazil) and Information Systems Audit and Control Association
(ISACA). He is also the author of several articles published in cybersecurity magazines
and websites around the globe.

His experience stretches across creating, maintaining, and auditing policies and
procedures for information security and compliance. He is experienced in a wide range
of methodologies and regulatory entities (LGPD, GDPR, ISO/IEC, NIST, CIS, PCI DSS, SOX,
OSSTM, OWASP, PTES, among others), along with a strong sense of project management.
Carlos Travagini is a researcher enthusiast interested in topics related to information
security, IT/SI budget management in relation to ROI (OPEX/CAPEX), security best
practices (ITIL/COBIT), and much more.

https://blog.eccouncil.org/defend-your-security-posture-with-draas/

52 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 53

 EC-Council

54 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 55

 Cybersecurity Education: The Sumit Nigam
Best Path to a Rewarding Career Executive Director, EC-Council
To inhibit an inevitable cyber attack against a critical infrastructure Global Services
requires highly skilled cyber-literate personnel. Therefore, it merely
depends on the competency level and the potential that the
education system holds. While it is possible to engage or outsource With more than 16 years of professional services experience, Sumit Nigam is a renowned
subject matter expert whose research interests include IT governance & risk management
many security operations, it’s not a feasible option for every business
and enterprise-wide risk management. As the Executive Director for EC-Council Global
and may give rise to many concerns. That’s why a well-founded
Services, he invests his knowledge, experience, and efforts in providing cybersecurity as
cybersecurity education system is needed to frame such capabilities.
a service to organizations across different industries.

Sumit has experience working with top insurance & consulting firms and international
banks, which has enabled him to further his efforts in system & network security,
administration reviews, auditing and reporting (SAS 70, SOC 1&2, etc.), compliance (ISAE
3402 & SOX engagements), IT cost optimization, ERP assessment, Data Analytics, CTCL/
IML, and review of IT General Controls (ITGC).

https://blog.eccouncil.org/cybersecurity-education-the-best-path-to-a-rewarding-career/

56 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 57

 Forensics Strategy: Your Guide to
Build One
Digital forensics can be described as the process of extraction of
important data from an electronic system/network of systems, Sachin Yadav
which can be used as potential evidence against its exploitation or
related cybercrime. Identifying, acquiring, extracting, documenting, Digital Forensic and Incident
and preserving such data from digital media like the computer, Response Lead, Big 4 Consulting
mobile phone, server, or network is done by a team of qualified
Firm
professionals called Digital Forensic Investigators. The digital forensic
team uses multiple tools and platforms to investigate complicated Sachin Yadav is the Digital Forensic and Incident Response Lead at Big 4 Consulting
cybercrimes affecting the compromised system/network. This Firm and has more than 14 years of work experience in the domains of Digital Forensics,
Electronic Discovery, and Incident Response. He has assisted in more than 300
manuscript discusses digital forensics considering the perspective
financial fraud/technology-based investigations in several industries such as financial
of an organization and the protocols to be followed in the wake of services, IT/ITES, media and entertainment, real estate, telecom, government, and
attacks or intrusions. This manuscript also discusses different tools pharmaceuticals. Sachin has investigated a variety of cyber incident response cases that
and technologies used by forensic investigators, along with their included intellectual property theft, data breach, business email compromise, malware/
ransomware cases, online frauds, unauthorized access by employees, misuse of office
functions and benefits. This document is not all-inclusive. Instead, it
assets, and/or IT appliances into banking, pharma, and manufacturing sectors. He further
deals with common situations encountered during the examination assisted his clients’ lawyers in legal proceedings and responses to regulators in India.
of digital evidence.
He assisted a State Government in setting up 40+ digital forensic labs across the state;
led a forensic technology workstream for one of India’s biggest corporate frauds; and
led a forensic collection and preservation of 1,500+ assets for a multinational Indian
company to respond to a US-based regulator. Sachin has also conducted cyber forensic
training for High Court judges, law enforcement agencies, and other clients. He is also a
member of the Global Advisory Board of incident handlers at EC-Council.

https://blog.eccouncil.org/forensics-strategy-your-guide-to-build-one/

58 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 59

 EC-Council

60 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 61

 What Is Penetration Testing? A
Step By Step Approach
Penetration testing has become an essential part of digital and Sandeep Jayashankar
information security in most organizations. Much is known about
various tools and technical methods used to conduct a well-planned Lead Product Security Architect,
penetration test. But running an effective and successful test requires PayPal
a certain standard agreed upon and consistently followed by different
organizations worldwide. These standards and best practices cover
everything related to a penetration test, and the current manuscript With more than 14 years of experience in information security and software development
attempts to highlight these aspects in brief. The whitepaper touches combined, Sandeep Jayashankar currently leads the product security efforts at PayPal.
upon all the significant phases involved in a penetration test, i.e., He has demonstrated experience in both offensive and defensive areas while supporting
communication, reasoning, intelligence gathering, threat modeling, the finance industry to develop their applications and infrastructure securely. His
vulnerability research, exploitation, and post-exploitation in a concise expertise and research interests include application security, penetration testing, red
form. These best practices provide an undisputable value to the final teaming, secure software development, and security architecture.

reports in which the entire process is captured in the most relatable

Sandeep has profound knowledge of industry-wide followed best practices for
format to the specified audience. penetration testing and application security for both web and mobile platforms. He is a
speaker, a columnist, and a member of the EC-Council CASE Advisory Board.

https://blog.eccouncil.org/what-is-penetration-testing-a-step-by-step-approach/

62 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 63

 Anis Pankhania
Best Security Controls for a
Senior Director - Security Operations
Digital World & Compliance, Capgemini
The objective of this whitepaper is to discuss how specialized sets
of controls can be tailored to avert various types of cyber risks and
threats. It explores multiple sets of threats affecting devices and Anis Pankhania is Capgemini’s Senior Director - Security Operations & Compliance,
Managed Services, CIS India. Prior to this, he was Head - Security Compliance & Data
networks across enterprises and the security requirements of each
Privacy at Vodafone Idea Ltd for 7.5 years. Pankhania has also served in various leadership
organization to avert them.
and managerial positions at companies like Aircel, IBM, and Airtel.

In his nearly 23 years of experience, he has played an integral role in designing &
implementing pragmatic IT strategies and IT security & transformation projects that
enabled revenue growth and reduced costs. He also led projects to set up data centers
and multi-site facilities from scratch, including IT infrastructure, information security,
network security, cybersecurity, and workspace transformation for 30K+ users. He
became a NEXT100 & NEXTCSO winner in 2017.

https://blog.eccouncil.org/best-security-controls-for-a-digital-world/

64 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 65

 EC-Council

66 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 67

 What Is Privilege Escalation and
How Does It Work? Amit Ghodekar

Privilege escalation is one of the most crucial steps performed by an Global Head Cybersecurity,
attacker after gaining access to a system. A hacker can issue several Cover-More Group
actions from a breached unprivileged system, but they are limited
due to many imposed restrictions. Thus, in order to gain more
maneuvering capabilities, a hacker intends to provide permissions Amit Ghodekar is the Global Cybersecurity Head at Cover-More Group and an influential
and escalate privileges of a system, user, or application. The current CISO (Chief Information Security Officer) with more than 15 years of experience in
manuscript attempts to describe different types and methods such information security, threat intelligence, incident handling, incident response, risk
as DLL hijacking, Dylib hijacking, Spectre, Meltdown, etc., which assessment and management, threat landscape analysis and prediction, attack surface
are widely used by hackers to escalate privileges, along with their analysis, ISO 27001 ISMS, data loss prevention, mobile device management, endpoint
mitigation strategies. protection, protecting privileges, and much more.

Amit Ghodekar’s recent manuscript published with EC-Council’s Cyber Research entitled
“What Is Privilege Escalation and How Does It Work?” touches upon the importance of
privileged access and how malicious hackers could exploit the privileges. It also describes
mitigation against privilege escalation.

https://blog.eccouncil.org/what-is-privilege-escalation-and-how-does-it-work/

68 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 69

 All About Steganography and
How It Works
Conan Bradley
Steganography is an important method utilized by malicious and
genuine activists, hackers, and security engineers to carry out Detective Sergeant,
secret communication by hiding sensitive messages/information New Zealand Police
under cover of media or other information. This process of hiding
information within another requires multiple complicated
algorithms, techniques, and methodologies. The current manuscript Conan Bradley is a Detective Sergeant in the New Zealand Police and has been involved
briefly touches upon steganography and why it is called the art of in investigating serious crime and delivering training for 23 years. His role involves
invisible or secret communication, along with an example through managing the detective training program and delivering national training to constables
coding of one of its types in Python. The manuscript also describes and detectives in the cybercrime/security arenas.
some of the multiple techniques and methodologies that are part
He is also a lecturer, designer, and member of the Computer Science Advisory panel at
of and help generate different steganograms for a different type of
Unitec Institute of Technology, New Zealand, where he teaches students the concepts
information or media.
involved in the following papers: HTCS5700 (Cybersecurity Principals), HTCS6701 (Info
System Security), HTCS6705 (Ethical Hacking), and Digital Forensic Investigations.
Conan is currently a member of the International Association of Cyber & Economic
Crime Professionals (IACECP) hosted by the FBI and NW3C, a member of the New
Zealand Institute of Intelligence Professionals (NZIIP), and an International Advisory
Board Member for EC-Council.

https://blog.eccouncil.org/all-about-steganography-and-how-it-works/

70 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 71

 EC-Council

72 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 73

 Role of Social Engineering in Pen
Testing
Aditya Khullar
Social engineering is the use of psychological and social manipulation
techniques by malicious hackers to obtain and exploit sensitive
information. The same approach could be used by ethical hackers/
Senior Manager - Risk Management,
penetration testers to test an organization’s preparedness against Interglobe Aviation
them and detect any vulnerabilities present. This manuscript
discusses the role of social engineering in penetration testing
along with its different types and how the penetration tester could Aditya Khullar is an international speaker, writer, visionary, and cybersecurity leader
with more than 13 years of experience spanning a range of industry sectors, including
use these to exploit an organization’s security infrastructure. This
IT-ITES, Research, Telecom, Digital Wallets, Finance & Banking, Real Estate, Hospitality,
manuscript divides the multiple types of social engineering attacks
and Aviation. He has worked with technology giants like Paytm, Oyo, and HCL/UIDAI
into a classification based on the presence of an ethical hacker and
to secure their digital infrastructure and is continuing to do so as the Senior Manager -
discusses its mitigation methods. The manuscript also discusses Risk Management for Interglobe Aviation.
different psychological principles that could be used in conjunction
with the social engineering attacks to increase the success rate. Aditya is a cybersecurity and data privacy practitioner with multiple awards such as the
Economic Times Enterprise Security Award, Enterprise Innovator of the Year Award, CISO
of the Year Award, InfoSec Maestros Award, AMITY Excellence Award for Innovation, Top
CSO 100 Award, NEXT100 CIO Award, Dynamic CISO of the Year, Cyber Sentinel Award,
Digital Leader Award, and Change Agent Award of the Year. He is also an international
speaker and celebrated columnist whose research interest includes risk management,
data privacy, penetration testing, and much more.

https://blog.eccouncil.org/role-of-social-engineering-in-pen-testing/

74 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 75

 Penetration Testing Methods for
Internet of Things Tim Chase
Internet of Things (IoT) security is a trending issue due to the
exponential growth and incorporation of IoT into various businesses
Director of Field Security, Collibra
and sectors, but IoT penetration testing is different from its traditional
counterparts as it includes all the components of digital infrastructure
across both information and operations technology domains. The
current manuscript describes the various attack vectors and modes As the current Director of Field Security at Collibra, Tim Chase is responsible
for building a field level security program that interfaces with customers and
an IoT penetration tester could pick for testing the multitude of IoT
compiles  informative resources regarding the security built into Collibra’s data
components such as devices, vehicles, electronics, software, sensors,
intelligence platform. He has nearly 20 years of experience with digital and information
network, and much more. This manuscript attempts to provide brief
security architecture, which augments his ability to manage security and risks, a much-
information on various attack modes available to the penetration needed trait to build a robust security program. 
tester or ethical hacker in each IoT architecture layer.
Tim Chase carries a strong technical experience in testing and quality control endorsed
by many software & security engineers and leaders and is also an expert at resolving
challenging security incidents. He is a member of the Global Advisory Board for
EC-Council, and his current research includes IoT pen testing, application security,
DevOps, container security, Software Development Life Cycle (SDLC) testing, etc. He is
a renowned speaker and columnist associated with multiple cybersecurity forums, as
well as a hard-core information security professional who takes pride in coaching and
mentoring strong teams that deliver excellence in technology and business.

https://blog.eccouncil.org/penetration-testing-methods-for-internet-of-things/

76 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 77

 EC-Council

78 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 79

 How to Secure Firewalls Through
Penetration Testing
Firewalls are the most important network security elements and
Pappu Mandal
one of the most targeted components due to their presence on
the perimeter of the network. Though firewalls claim to be effective
against malicious attempts, due to it being the first line of defense and
Cyber Forensic Analyst, Specialist
bearing the motoring’s responsibility, the network traffic is subjected Advisory & Intervention Group
to multiple and repeated threats of attack. Malicious attackers and
applications can misuse even the simplest protocols to bypass
the firewall’s control, hence mandating the need for penetration Pappu Mandal is a Digital Forensics Analyst and Penetration Tester with a demonstrated
history of working in the computer/network security industry. He has a strong experience
testing in order to understand the risk an organization might face
in cyber forensics due to his role as a Security Researcher with Bugcrowd, and as an
concerning its cyber operations. The current manuscript discusses
analyst with Specialist Advisory & Intervention Group, and as a certified information
firewall penetration testing and touches upon the different modes
security professional and ethical hacker. His research interests include network and
of attack, such as spoofing, tunneling, proxying, etc., from which the firewall security, digital forensics, data acquisition, e-discovery, open-source investigation,
penetration tester could choose to construct a pen testing strategy cybersecurity technologies, vulnerability assessment (VA), configuration review of
to bypass the firewall. The manuscript also touches upon some of network devices & servers, and secure network architecture reviews.
the popular tools used in the penetration testing process. https://blog.eccouncil.org/how-to-secure-firewalls-through-penetration-testing/

80 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 81

 Vulnerability Assessment: 6 Best
Steps to Better Security Gabriel Mandefu
Some of the key concepts in the information security world have
two aspects: technical, which refers to the use of a technology-
Operational Business Analyst, Tenke
based methodology to secure your business, and non-technical, Fungurume Mining S.A.R.L.
which refers to the governance aspect of the security of a company.
Risk and vulnerability assessment are part of those concepts. These
terminologies are taught no matter which career path you choose With more than ten years of experience in information security and management, Gabriel
Mandefu is an experienced security analyst. He is currently the analyst for operational
in InfoSec. Tons of free material is available online, as well as formal
business at Tenke Fungurume Mining SARL, where he is responsible for providing
training courses on this subject. However, as with any business, the
technical and network security support to the business operations and is in charge of
audience is the first consideration. Those materials are written with
maintaining various mining technologies available such as IBIS Radar, GroundProbe,
a target reader/student in mind. Hence, most of the time, just one Maptek, Dispatch, MineCare, Canary, NavStar, StarLIMS, Minesight, etc. Gabriel is also an
aspect of the concept is emphasized. experienced IT professional, which helps him in bridging the gap between information
technology, operations technology, and information security while training his clients in
the use of their applications and software. His current area of research interest includes
information security, 5G technology, operational technology, SCADA systems, etc.

https://blog.eccouncil.org/vulnerability-assessment-6-best-steps-to-better-security/

82 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 83

 EC-Council

84 Top 30 Cybersecurity Whitepapers of 2020 Top 30 Cybersecurity Whitepapers of 2020 85

 EC-Council

86 Top 30 Cybersecurity Whitepapers of 2020