Thursday, 28 February 2013

Video: The best accelerated training for CEH?



By 

Firebrand Training - Accredited Training Centre of the Year award - EC-Council
Firebrand Training has once again won the EC-Council Accredited Training Centre of the Year award - for a fourth time in a row!

Jay Bavisi, President of EC-Council congratulated us personally, stating in the video that we are the largest supplier of Certified Ethical Hackers in Europe and that it gave him no doubt in knowing that “Firebrand has one of the best residential accelerated training for the Certified Ethical Hacker program in Europe”.


To embed this video copy the text in the box below:





Jay Bavisi, President of EC-Council stated: “The annual EC-Council Awards highlight the commitment and achievements of our global partners and trainers that have contributed to the information security community I congratulate all of the winners for their achievements and dedication to the Information Security industry in their respective region”

When we went to Miami to pick up the Training Centre of the Year award from EC-Council at the Hacker Halted conference, we learned some pretty scary facts from the last year:

  • 174 million data records were stolen
  • 96% of hacks weren't even slightly difficult
  • 85% took two weeks or more to discover
  • 92% were discovered by a third party (how embarrassing is that?!)


About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Video: C|CISO by EC-Council



By 

What is a CISO?

CISO stands for Chief Information Security Officer and is a title given to those responsible for the IT security and are at the highest level of that field.

EC-Council released its C|CISO accreditation to develop skills in executing an information security management strategy in alignment with organisational goals.
CISO - Certified Chief Information Security Officer

“CISO equips information security leaders with tools to protect against security breaches by actively improving the current information technology security solutions, enforcing regulatory requirements and aligning IS with the strategic needs and goals of their business. This skill set enables the CISO to be the best guardian of their organization’s digital assets.”

Benefits of becoming a certified CISO

Getting a CISO certification will make you stand out from others in the competitive ranks of senior IS Professionals. CISO provides your employers with the assurance that as a CISO certified executive leader, you possess the proven skills, knowledge and experience to plan and oversee information security for the whole company.

CISO is regarded as the highest title within the information security profession.

Jay Bavisi, the President of EC-Council, talks about the CISO credential and why it's becoming a vital certification for organisations to have in order to protect their systems. Watch below.


To embed this video copy the text in the box below:




“CISO is a unique designation that has been designed in cooperation with industry leaders to identify a solid blend of functional and executive IT job roles and skill requirements.” Jay Bavisi, President of EC-Council.


About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Video: CEH v8 - Certified Ethical Hacker



By 

Certified Ethical Hacker - CEH v8 CEHv8 logo


Jay Bavisi, Co-Founder and President of EC-Council, gave us some information on the highly anticipated Version 8 of the powerful Certified Ethical Hacker (CEH v8) credential. Watch below.



To embed this video copy the text in the box below:



If you want to enter the IT security industry (the fastest growing sector in the IT industry), CEH is the one to go for. As an ethical hacker, you’d attempt to penetrate the networks or computers of the organisation you work for. Why would you do this? "White hat" ethical hackers are widely sought after to help find and fix the vulnerabilities that would otherwise be exploited by "black hat" criminal hackers. Demand for CEH professionals continues to grow. Due to the alarming increase in cyber attacks over the past decade, organisations are looking for ways to protect themselves and tighten their security. The CEH course and certification covers all that is needed to identify system vulnerabilities and countermeasures.


Video Transcript:
My name is Jay Bavisi, and I'm the President and co-founder of EC-Council, the owners and creators of the Certified Ethical Hacking credential. I think what's interesting about the Certified Ethical Hacker Version 8 are a couple of things.

First and foremost, it's the credential of EC-Council that has obtained the prestigious ANSI17024 ISO/IEC 17024 accreditation status. We are one of the very few organizations in the world that have obtained this very rigorous accreditation standard, and we're very proud of that. We're now going to be able to offer the same experience to the users that are going to be actually attaining this credential through our training partners across the world.

There are many structural changes that we have brought in with Certified Ethical Hacker Version 8 to ensure that the entire user experience, the entire learning experience is really enhanced and improved. To mention a few, Certified Ethical Hacker Version 8 will see massive immersion of the
user to skills based competency from the previous knowledge based competency, and we have done that by the introduction of the EC-Council iLab environment, which requires the student to actually do what they claim they think they can do, both in a classroom environment and  eventually when they attain the certification.

So students will actually be sitting in a classroom, no longer just understanding the theory or the concepts or the tools that they play with. But they'll actually be experiencing a real life scenario through the complex iLab environment. We're talking of an entire IT infrastructure that's collaborative in nature, where you will have different students actually planting flags. Some of them are playing defense, some of them are playing attack, and some of them are conducting actual penetration tests right there in the classroom. That's what the Certified Ethical Hacker
Version 8 brings to the table that we were never able to do without the iLab's technology.

The second most interesting thing about Certified Ethical Hacker Version 8 is that we're the first organization in the world to have actually mapped our course to the newly released Microsoft Windows 8 and Microsoft Server 2012 platform. So students will not be dealing with archaic technology and archaic vulnerabilities, but they will actually be dealing with the real life environment of what they're going to be facing in their employment in the months to come, from the time they obtain the certification.

The third and the most interesting thing about the learning of the Certified Ethical Hacker Version 8 is that we have understood that a student needs to experience far more learning than beyond the five days that they experience in a classroom environment. We think that the only way
you will reduce the gaps of information security leaks that organizations face is if we can have a learning experience that goes throughout the year and throughout the lifespan of the information security professional.

We're doing that by launching a brand new platform called Aspen. It's code name Aspen, and you can google aspen.eccouncil.org. You'll be able to see that we're able to provide a holistic student experience, where a student will get to a classroom, they will then be able to print the evaluations and be able to take the exams. They'll be able to get to a bookstore that provides them with courses beyond the five day CH program. They'll be able to see some of the most cutting edge videos, so that they can increase their knowledge after they have attained their Certified Ethical Hacker credential. They will have, through this platform, ability to be able to interact and connect with other information security experts from around the world.

So it's a completely aggressive, expansive platform that will allow the learner to actually learn throughout their lifespan, and we're very excited to be able to bring that experience to the user through our respected and highly accredited training partners from all across the world.


About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Video: Hacker Halted 2012 overview



By 

Although hurricane Sandy hit at the worst possible time, Hacker Halted 2012 was still hugely successful, with over 600 security enthusiasts still managing to make it.

Hacker Halted 2012 MiamiThe Hacker Halted Conference by the EC-Council was a lot of fun. It also included training led by well-known industry names such as security expert Jack Daniel and the CHFI class by Robert Reed. At the end of the training they even got to take the exam.

After the 4 days of training, the main conference kicked off with many top-tier speakers and short break out session presentations. Some of the break out presentations included golden techniques and advanced tactics.

Not only did the conference have everything that a growing IT security professional would want from an industry standpoint, but it also had the world renowned South Beach by its side and a party that the EC-Council hosts for the conference attendees which has always blown them away.

The hackers conference is now in its 14th year with the objective to “raise international awareness towards increased education and ethics in IT Security.”

The presentations included the following subjects:

    Eric Lopez EC-Council
  • Threats & Counter Measures
  • Incident Response & Computer Forensics
  • Secure Programming
  • Business Continuity & Disaster Recovery
  • Social Engineering
  • Virtualization Security
  • Mobile Security
  • Malware and Botnets
  • Physical Security
  • Governance
  • Policies & Standard
After the conference, Firebrand Training caught up with the organiser of the event and Director of Online Learning - Eric Lopez, who gave us an overview what had happened. He talks about the successful Hackers vs CISO’s debate and the highly enjoyable hackathon competition. Watch the full interview below:


To embed this video copy the text in the box below:

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 27 February 2013

What most schools don't teach.


By 



I was in the process of putting together a post for the Little Miss Geek Campaign; a campaign to inspire young females to become tech pioneers, when I stumbled across a an inspirational video from code.org titled "What most school's don't teach". The video went live less than 24 hours ago and has already had more than one million hits. Not surprising considering the video boasts some of the most revered minds in the Tech industry.

So what do Bill Gates, Mark Zuckerberg and Jack Dorsey, three of the brightest, most inspirational and lets not forget richest tech leaders of our generation have in common? They all learnt to code from a very young age.


You can check out the original video on Code.org's YouTube page - What most schools don't teach

The career opportunities for coders is vast,  the sector skills council predicts employment growth in IT to grow 1.62 per cent per year till the year 2020. On average that's an expected growth of 129,000 new job opportunities  for the next 7 years. Amazingly this coincides with a fall in the number of students taking IT related GCSE's and A-Levels.

In 2012, IT represented only 0.4 per cent of all A-Levels in the UK, despite providing more than 5 per cent of Jobs. Campaigns like Little Miss Geek and Code Club are fantastic initiatives set up to inspire children at a grass roots level.

But you don't have to be 10 years old to get into coding, with numerous job opportunities and an average salary of £35,500 (*source IT Jobs Watch) why not start today and take a look our range of Microsoft MTA Certifications . For the more advanced programmers out there looking to back their experience with a certification, why not check out the latest range of  .Net Courses

About the Author:
Edward is a member of the Marketing team overseeing the Content Strategy and SEO for Firebrand Training's portfolio of websites. 

Tuesday, 26 February 2013

Video: EC-Council and its Ethical Hackers



By 


EC-Council LogoJay Bavisi is the Co-Founder and President of EC-Council, a global leader in information security education, training, and certification.

The EC-Council was formed after 9/11, and has since addressed the issues of cyber security.

They’re also the vendor and developer of the world famous Certified Ethical Hacker (CEH) certification. They also own the Computer Hacking Forensic Investigator (CHFI), Secure Analyst (ECSA), and Licensed Penetration Tester (LPT) certification programs.

His audiences include executives of the most successful companies in the world such as Merrill Lynch, Microsoft, Shell, HSBC, Hewlett Packard, IBM, American Express, Royal Australian Air Force, Government of Zhuhai, China Mobile and A&T Solutions, among others.

Mr Bavisi regularly shares his insights with law & policy makers at various international conferences and seminars such as, Interop Las Vegas, CSI, Techno Security, Techno Forensics and most recently the world renowned Hacker Halted which is hosted by EC-Council.

As mentioned in a previous post, we went to the 2012 Hacker Halted in Miami to pick up the Training Centre of the Year award from EC-Council. While we were there, we managed to get an interview with Jay Bavisi himself who spoke to us about EC-Council, cyber security and their credentials.


To embed this video copy the text in the box below:



Jay has appeared regularly on several local and international television shows and print medias, including being interviewed by CNN and Fox Business News regarding information security and ethical hacking. His views have been sought by internationally acclaimed publications including Time, Washington Post, The Herald Tribune, The Wall Street Journal, The Gazette and The Economic Times. His views were also featured by ABC News, USA Today, The Christian Science Monitor, Boston and Gulf News. 

Want to see more of Jay Bavisi's interviews? Check out EC-Councils Hacker videos here: www.eccouncil.org/home/hacking_videos


Video Transcript:

My name is Jay Bavasi, and I'm the President and Co-Founder of the International Council of E-commerce Consultants, commonly known as the EC-Council. EC Council was founded ten years ago with one mission in mind and that is to raise the level of awareness and capability in the wall of cyber- security. There was a time when 9/11 had just happened and a lot of out of the box questions in cyber-security were raised. What would organizations do and what would governments do to address challenges that they face in a new era of cyber-war?

At that point in time, obviously, cyber war was very much a topic of Hollywood fiction, and as the world has seen it's no longer the case. The escalation of challenges that countries and governments are facing is real and the importance of a certification bodies like EC Council is to address the gaps that exist in these spaces.

So EC Council has got multiple certifications like the Certified Ethical Hacker, Certified Hacking Forensics Investigator, the License Penetration Testing Certifications. All of these credentials are meant to create cyber-security professionals that are actually out there to defend institutions, to defend organizations and to defend governments across the world.


About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.

Monday, 25 February 2013

Video: The Global CyberLympics



By 


Global CyberLympics LogoThe Global Cyberlympics is an international cybersecurity competition where teams from different countries compete to take the title of the number one cybersecurity team in the world.

The Global CyberLympics was thought up by the President of EC-Council - Jay Bavisi. He created the global competition to make ethical hacking more accepted, practiced and demonstrated without any discrimination around the world.

In just 2 years, there are over 2,500 participants representing 52 countries. And to the surprise of many, cybersecurity experts were coming from all over the globe, including small countries like Mongolia.

Holland are the champions for the second time running in the CyberLympics winning the 2011 and 2012 games.

This year’s competition is set to start in July with 1200 participants per continent. Round one is based around Forensics. Round 2 is CND-Lite. Round 3 is Pen test. And the final round which is held in Atlanta, USA is the world championships and is based around all areas of cybersecurity.

To find out more about how you can join and represent your country in the CyberLympics, click here.

Jay Bavisi, President of EC-Council talks about the Global CyberLympics and how it was started. Watch the full interview below.


To embed this video copy the text in the box below:

Global CyberLympics - Cyber Olympics


About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, , IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.

Top 5 Certifications to Start Your IT Career in 2013



By 




Thinking of getting into IT? Here’s a list of the top five certifications that we think are the most effective way of entering the IT world. Once you have completed one of these, you can start your IT career, gain experience and gain higher certifications that will land you that powerful salary:

The A+ certification is considered a benchmark and stepping stone for people who want to enter the IT World. The Comptia A+ certification is the industry standard for computer support technicians. You’ll gain the skills and knowledge in installation, preventative maintenance, networking, security and troubleshooting. It is part of the certification track for corporations such as Microsoft, Hewlett-Packard, Cisco and Novell, and has become a requirement for their engineers. There are almost a million IT professionals worldwide who have certified in A+ since the program’s beginning in 1993. CompTIA also offers its popular Network+ certification which you can gain with the A+ in just 7 days. You'll gain the skills and knowledge necessary to configure and operate a variety of networking products. Combined, the A+ and Network+ certifications are backed by major computer hardware and software vendors, distributors, resellers and publications. According to itjobswatch.co.uk, the average salary for a A+ professional is £23,500 and for a Network+ professional is £23,250.


More than 95% of companies around the world use Microsoft products and technologies. Now's your chance to be a part of it. The MTA certification is the first stepping stone for all Microsoft certifications. The MTA is part of Microsoft’s new range of certifications which are very popular. Gaining this cert offers a stepping stone onto the more powerful and respected MCSA and MCSE certifications. This year will see many companies now looking for the updated Microsoft certs, which is why many MCITP aspirants are being directed to MCSA and MCSE. Learn more about the new Microsoft certs and the paths to take here: How to become a Microsoft Certified Professional.


In a Linux Jobs report, eight in ten recruiters said that hiring a Linux talent was a priority in 2012. The popularity for Linux has not stopped growing, and will continue to grow throughout  2013. This CompTIA course provides you with the basic hardware, software, and networking skills necessary to function in an entry-level Linux role. It also offers a stepping stone to the more powerful Linux certs such as the LPI level 2 and level 3According to itjobswatch.co.uk, the average salary for a LPI professional is £25,000.


4. CCNA (Cisco Certified Network Associate)

CCNA is a great way to enter the IT industry. But requires dedicated training and some may find it hard if they are completely new to IT. You can first take the CCENT to get more familiar with the material. Cisco certifications are world renowned and respected. Having a CCNA shows that you have the ability to setup, troubleshoot, monitor, upgrade and maintain networking hardware based on Cisco equipment. Once you gain your certification, and some experience, you can move on to more advanced certifications like CCNPAccording to itjobswatch.co.uk, the average salary for a CCNA professional is £38,500.


5. CompTIA Security+

The Security+ is one of the highest paying security certifications and again offered by the vendor neutral CompTIA. It's considered an important stepping stone for a career in IT security. It demonstrates that you have a strong knowledge of security concepts, cryptography, access control, and the tools and procedures to respond to security incidents. You’ll also learn about disaster recovery methods, risk management, and compliance and operational security. Once gained, You’ll then be able to anticipate and prevent cyber attacks, and effectively deal with security events. The Security+ cert is greatly recognised in the industry, many companies have it as a requirement including the U.S Department of Defense’s IT department. It's important to note that although this is considered an entry level cert for security, you must first have at least an A+ certification. to understand the core concepts. According to itjobswatch.co.uk, the average salary for a Security+ professional is £60,000. If you want to find out more about the top IT security certifications, see our recent blog post here.


As you can see, CompTIA dominates the list as the best entry level certification provider. You can find out more about who CompTIA is in our recent blog post

Firebrand caught up with Terry Erdle, the Executive Vice President for CompTIA at the EMEA conference. He spoke to us about leveraging CompTIA programmes to educate and certify the IT workforce. Watch the full interview below where he talks about some of the new content and certifications coming out.



To embed this video copy the text in the box below:

Are there other IT certifications to consider?

If you think we missed one, let us know in the comment section below. It all depends on what sector of the industry you would like to enter. The further you go with your certifications, the more specific your skills will become. Good luck in starting your IT career in 2013.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.

Friday, 22 February 2013

Video: CompTIA - its history and its certs



By 


CompTIA provides vendor-neutral certifications around the world and is widely recognized in the IT industry. They offer 16 certification exams in PC support, networking, servers, training, Linux, security, IT sales, green IT and more.

CompTIA stands for The Computing Technology Industry Association and has been delivering top class certification exams for over 15 years.

Its certifications have become one of the most recognised in the industry. Thousands of companies now depend on CompTIA standards to provide a reliable predictor of employee success.

Companies with their own certification programs also rely on CompTIA exams to provide an industry standard for foundation-level skills sets as prerequisites or electives in their certification programs.

CompTIA supports the IT industry through education, advocacy and philanthropy initiatives.

Here are some of their top certifications:

  • CompTIA A+ certification is for entry-level IT technician’s and covers preventative maintenance, basic networking, installation, troubleshooting, communication and professionalism.
  • CompTIA A+N+ certification is a dual course which is entry-level through to networking professional, covers managing, maintaining, troubleshooting, operating and configuring basic network infrastructure.
  • CompTIA Security+ certification is for experienced security professionals, and it covers system security, network infrastructure, cryptography, assessments and audits.
  • CompTIA Server+ certification is for experienced IT professionals and covers areas such as RAID, SCSI, managing multiple CPUs and disaster recovery.
  • CompTIA RFID+ certification is for RFID professionals and covers installation, maintenance, repair and troubleshooting of RFID products.
  • CompTIA Project+ certification is for project managers and the covers the entire process of project management, including initiation, planning, execution, acceptance, support and closure.
  • CompTIA Strata certification is an ideal stepping stone to an entry level IT career. Many Strata certificate holders continue their careers further by earning higher-level IT certifications.
You can view the complete roadmap here to plan your career.


Firebrand caught up with Vice President for CompTIA - John McGlinchey, who spoke to us about the company, its history and its programmes to educate and certify the IT workforce. Watch the full interview below:



To embed this video copy the text in the box below:

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, , IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 20 February 2013

Video: Jack Daniel teaches us to drink hack responsibly


By 


Nope, I’m not talking about the infamous whiskey maker being a hacker. But as you’ll soon find out, the Jack Daniel we are talking about is a bit of legend himself.

As mentioned in a previous post, Firebrand Training went to Miami for the annual Hacker Halted event hosted by EC-Council. The event aimed to raise awareness towards increased education and ethics in information security.

Jack Daniel IT SecurityHacker Halted featured many world-renowned experts and high-level speakers such as Jack Daniel himself, as well as some of the best technology companies showcasing their products and services.

Jack Daniel - pictured on the right - supports several information security and technology organisations and is also a technology activist. Mr Daniels co-founded the Security B-Sides events, where security enthusiasts gather, share and learn in an open environment (which has expanded to London - more on that below).

Hacker Halted provides the most sought after technical training and certification classes offered through Hacker Halted Academy by top training companies and led by well-respected instructors.

Firebrand caught up with 'the guy with the beard' at Hacker Halted, and he told us about the world of hacking and its social responsibility. Watch the interview below where you quickly find out that hackers are not just coming out from teenage bedrooms, but developing from the most surprising backgrounds.


To embed this video copy the code in the text box below.


About Security B-Sides

Security B-Sides is a community-driven event built for and by information security community members. It is where conversations for the next-big-thing are happening and the Security B-Sides London team is bringing this back to London.

The volunteers for Security B-Sides London were inspired by the framework of the original Security B-Sides event in the USA which was co-founded by Jack Daniel himself. Security B-Sides events are free, community events organised by local individuals, with the express goal of enabling a platform for information dissemination.

Their next event in London is happening on April 24th 2013 Kensington and Chelsea Town Hall. For more information, visit: http://www.securitybsides.org.uk/


Jack Daniel Interview Video Transcript:
My name is Jack Daniel. I'm the Technical Products Manager at Tenable Network Security. We're the folks that created Nessus and our line of enterprise vulnerability management and SIM tools. I'm here at Hacker Halted and I gave a talk yesterday on social responsibility in hacking.

I have a background of small business Network and Security Administrator, Systems Admin for many years. I got more and more involved in security as various things were broken into or compromised. Somehow I ended up, after starting my career as an auto mechanic many decades ago, I ended up as a security specialist, and have been in vendor space for the past five years or so at Astaro, which is now part of Sophos, and then I joined Tenable about a year and a half ago. I've been working in vulnerability management and SIM log analysis for the past year or so.

I'm here at Hacker Halted. The talk I gave yesterday was responsibility and reality. It's about the more human side of hacking, the more social responsibility side. It's interesting, and I think it's part of the culture, of those of us that consider ourselves hackers. Within the hacker culture definition, not the mainstream media definition of criminal, or cybercriminal, but within those of us who see ourselves as challenging things.

The progression that I use to define that is that I think there are some characteristics, even at an event like this, even at Defcon, people will get into an argument over the details and the semantics of it, but there are some things that are common. One of them, I think, is truly, curiosity. A child-like curiosity and sense of wonder and wanting to know how things work, and you like to push things to the limits. The realization that I had as I got into the hacker culture was that it was a lot like my background as a petrol head or gear head. I want to push things to the limit until they break. And then I want to fix it, but fix it better, so I can push it to the limit even farther.

So there's this cycle that I think that sums up a lot of hacking, which also sums up a lot of motor sports, which is break it, fix it, but improve as you fix, and then repeat that. Push it to the limit. Find what fails, solve that problem, and keep doing so. And the great thing is that in hacking, in this sense, as opposed to being a motor head, you don't get to the point that what breaks is you, because your brakes fail at 180 miles an hour.

That's sort of that mentality, and it gives us a lot of challenges, but some of the things that a lot of people believe that we owe each other a responsibility, and I happen to believe that. I think there are a lot of things, but one of the things I wanted to stress though is that a lot of people have challenges that keep them from being able to volunteer, donate, contribute back to the community, and that's okay.

I don't want to cause a guilt trip for anybody, but we do, especially for those of us who are fortunate enough to make a career out of information security, so even though it's not pure hacking, the information security aspects of hacking is what we do for a living. We tend to be well paid. We tend to work long hours. But we tend to be well paid and well-connected and get to travel and other things.

So I really believe that we have an obligation to contribute to that. And that's what I talked about. There are things that you can do, and one of the things, it's not all altruism. If you are part of the community, you gain visibility. One of the things that that get you is better career opportunities. People appreciate you. And no matter where you are, if anybody is interested enough to show up at an event like this, they know something that somebody else doesn't, and it may be at a Linux user group, or somewhere else, but there's somebody that can take advantage of that expertise or that skill set, and gain from it.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.

Tuesday, 19 February 2013

Hacker Halted: Security Challenges of 2013


EC-Council - Hacker Halted 2012
By 



Firebrand Training recently went to Miami to pick up the Training Centre of the Year award from EC-Council - at their Hacker Halted conference. We learned some pretty scary facts from the last year:
  • 174 million data records were stolen
  • 96% of hacks weren't even slightly difficult
  • 85% took two weeks or more to discover
  • 92% were discovered by a third party (how embarrassing is that?!)
We also got a chance to interview Founder of Optima Consulting and C|CISO (Certified Chief Information Security Officer) - Juan Gomez-Sanchez – who spoke to us about the biggest security challenges we will face in 2013. Watch the interview below:


To embed this video copy the code in the text box below.


Video Transcript:
My name is Juan Gomez-Sanchez. I am the Founder and Principal for Optima Consulting. I have about 18 years of experience, specifically leading security organizations as a practitioner. I was invited to the CISO summit by the EC Council to talk about the security challenges in 2013 and beyond. I do welcome this opportunity. It is actually challenging times. There are game changers that are actually changing the way we actually react to all of these security situations and concerns as a whole. I would position those issues in four different buckets, so to speak.

The first one is one of the biggest issues that we have in the industry today is that security is actually tagged against compliance all the time. Unfortunately those are completely different things. So the question is compliance versus security. What we have seen overtime is that compliance has actually overtaken security, just because organizations need to be able to show compliance to any given regulation and falsely understanding or thinking that that is actually going to make them more secure. Organizations are dealing with this situation on a daily basis, whether it's here in the U.S. or anywhere in the world, where regulations are taking a foothold on how security  organizations are actually being effective or not.

So, what we have here is a myopic perspective on security trying to fit security when compliance is actually driving it. That absolutely is not a good thing. So, the right approach to this is to actually have a security program that, as a byproduct, shows you the compliance that you actually need. By the way, as a byproduct of a good security program, you also get other things. You get a good risk management process, and maybe even, if you want to think about this as a market differentiator, your competitors are actually going to be looking at you and you need to differentiate yourself. Security is actually more often being used as that differentiator. So you want it. Your customers want it. Your citizens want it. So why not use it as a business enabler rather than actually something that you have to comply with such as with regulations? So that's the first one is compliance versus security.

I would say that the second big issue that we're dealing with from an industry perspective is the fact that security is still being perceived as a technical problem. It truly is not. The technical component of this is minute. It's small compared to the big risk about dealing with security in a holistic perspective. Security is about organizations. It's about procedures. It's about, of course, technology. But that, again, is actually a small component of that. Case in point, risk management, all security programs should follow risk management process, which is, by definition, not an IT process. The perfect example is things such as background checks, which I understand it's not universal. There are countries and places where you cannot do this. But the fact that you have to impose under certain regulations or security programs background checks is not a technology issue. However, it's a very important control.

So what you have right now is security organizations being basically put into the technology field, which I believe is actually a contradiction to what we're actually trying to do here. Because technology is there to actually enable organizations to do things more efficiently, and so should actually be security. But the problem is that it actually goes beyond the technology component. That's actually a problem.

I would say the third problem that we're having to deal with is that security is still not viewed as a business enabler. As I said before, customers and citizens today demand security. The only good way to actually deal with this situation is to actually convince your CEOs, your CFOs that without the level of security for your organization and protecting the data
associated with your organizations, you're not going to get and achieve those business goals that the organization has set forth today. So security has to sit side-by-side with all the stakeholders from a business perspective to be able to actually go and make those decisions. That unfortunately is not happening.

Now, the fourth issue that we're dealing with is the fact that insecurity is becoming the norm. If you take a look across the world, the number of breaches and things like that, it's mind-boggling. The numbers are rising. 2011 was actually a bad year, and 2012 is actually becoming worse. What you are having to do is to react. The security industry is a reactive industry, and unfortunately every so often, every few years, the security industry gets slapped in the face saying, "Hey, you need to catch up."


About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.

20 billion app downloads in a year! and 1.4 Billion smartphones



By 


Remember when we were happy enough with a phone that did exactly what the name suggested? Perhaps with a game of ‘snake’ every so often.

But since the iPhone and the rise of the touchscreen, there has been an ever increasing desire for new apps.
Apple App Store logo
Apple users downloaded 20 billion apps last year alone. That’s almost 3 apps for every person on this planet!

Last year had so many downloads that the figure represents about half of the 40 billion downloaded to iPhones, iPads and iPods since the App store was launched in 2008.

Last month alone saw a record 2 billion apps downloaded due to the launch of several new Apple devices just in time for Christmas sales.

Apple revealed that it had paid developers (who created around 775,000 worldwide) over £4.4 billion.

Last year among the top paid apps were Whatsapp Messenger at 69p, Draw Something at £1.99 and Angry Birds Space at 69p.

Olly Mann, tech expert and presenter on LBC 97.3 has stated that the app boom will continue in 2013. Adding that “Downloads in the Android, Amazon and Windows app stores will continue to grow too, so this isn’t solely Apple’s wheelhouse.”

Google Play app store for Android devices got to 25 billion downloads in September 2012.

This increasingly growing industry is a very lucrative one, and many are jumping at the opportunity. Especially now with the big release of Windows 8 devices.

Windows 8 Sells 20 million copies since November

Windows Store printscreenIn the ten weeks since its launch, Windows 8 has sold 60 million copies, announced Tami Reller, CFO of Microsoft’s Windows division, at the Consumer Electronics Show (CES 2013) in Las Vegas.

Mobility is taking over!

By the end of 2013, there will be 1.4 billion smartphones in use: 798 million of which will run Android, 294 million will run Apple’s iOS, and 45 million will run Windows Phone, according to a study by ABI Research. The worlds population is at 7 billion, meaning that there will be one phone for every five people.

Firebrand Training caught up with Business Group Director for GFK, Carl West at the CompTIA EMEA conference. GFK is a market research company who track what consumers are buying. He gave us some astonishing facts about mobility, watch the interview below.


 
To embed this video copy the code in the text box below.



Video Transcript

My name is Carl West. I'm Business Group Director for GFK. We are a market research company. We operate in 115 countries around the world. Essentially what we do is we track what the consumer is buying, the channel pull rather than channel push.

Today I'm going to be talking about mobility. We've got a panel debate coming up with the CompTIA EMEA event. It's quite ironic really. Here I am talking about mobility, and then you look at this little pen here. On the end this is why mobility is so important now, and this illustrates it. This is a little touch thing on the end which works with your iPod, your iPad, your Samsung Galaxy tab. Just this little device here says why these media tablets and these ultra-mobile devices are becoming part and parcel of what we do.

We're going to be talking about that. We're going to be talking about the fact that smartphones are now becoming the defacto form factor in the UK. In December 2011, 24.9 million handsets, smartphone handsets have been sold over the past six years. That's an installed base, 24.9 million smartphones. Now you think about where smartphones came from in the space of the last two, three years, we've now got more smartphones in the market than we have the old feature phones. Actually these devices are, in most cases, more powerful than some of the computers we had five years ago.

So, mobility is really, really important right now. The other thing that we'll be talking about today are some bring-your-own devices. Now more and more of us are buying these consumerized devices. We take them into the workplace. We're using them. Our IT managers don't know we're using them. In fact, I do it. I bring my tablet into work, and I use it side by side with my work machine.

These managers, the IT managers, in these businesses have to learn how they work with these type of devices. The first thing all the IT managers will say, they'll say about security. They'll say about policy. They'll say about data privacy, all of those elements. But what we're trying to do and what we'll talk about in the mobility debate today is how as an organization it's a way of engaging with your customers again, and actually it's a way of engaging with your employees.

Cisco came out with some research. In 17 countries they did basically a questionnaire, and 89% of the executives said that their own staff already bring their own devices into work. So, if they're bringing these devices into work, why not embrace it and make it a perk of working for that organization rather than putting a brick wall up and saying, "No, we don't accept these devices."

Take the opportunity

Take the first steps in becoming an app developer with an MTA Mobile Development Fundamentals and MTA Gaming Development Fundamentals certification.  They can both can be gained together in just 4 days. They’ll help you be on your way to succeeding in advanced certification courses.

You can also take the MCSD: Windows Store Style Apps course where you’ll learn how to create Windows Store style apps using C#. The MCSD certification will prove your ability to design and develop beautiful, elegant apps that are alive with activity for the cloud. You can also learn to create Windows Store style apps using HTML5 on the MCSD: Windows Store Style Apps course. Both take just 9 days



About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, , IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.