Thursday, 27 June 2013

Record haul for Firebrand at the Microsoft Apprentice Awards


By 


Microsoft hosted the annual IT Apprentice of the Year awards at the House of Commons this week. Apprentices from Firebrand’s scheme picked-up three awards – Apprentice Employer of the Year, plus runner-up and an honourable mention in the headline Apprentice of the Year category.

Some of the nominated apprentices with Charlotte Preece, Firebrand’s Apprentice Assessor


Signalling the importance of apprenticeships to the economy and the IT sector, the ceremony was attended by several government ministers, MPs and Microsoft directors. Hugh Milward, Director of Corporate Affairs at Microsoft, explained: “There is a huge wealth of talent here in the UK and it’s really important to celebrate the achievements of these apprentices. The great news is that these young people are now firmly on the career ladder; 93% of Microsoft apprentices stay with our partner businesses and move into a fully qualified role. These awards recognise their hard work, determination and achievements so far, which will stand them in good stead for a successful career in IT and will help maintain the talent pipeline we have in the UK.
The Microsoft apprenticeship programme is part of the company’s Get On programme, which aims to help 300,000 British 16-24 year olds into work by 2015. Microsoft is partnering with Firebrand and 30,000 IT businesses across the UK to help achieve this.
  

Three happy apprentices


Ten Firebrand apprentices were shortlisted for awards, from a pool of hundreds across the country. Here are the three winners:

Apprentice Employer of the Year


 - Winner: Adatis (Tom Davis)

Apprentice of the Year

 - Runner-up: Billie Elliott, employed by Hull Trinity House Academy

 - Honourable mention: Charlotte Allen, Chorus

Tom Davis
Charlotte Allan
Billie Elliott, runner-up for Apprentice of the Year, was given her award by the Minister of State for Employment. She said: “I’ve really enjoyed my time at Trinity House Academy so far and I’m so happy to have won this award. My apprenticeship has made me even keener to work in IT and has given me a chance to get the skills I need to do that. I would like to say thank you to Microsoft and Trinity House Academy for giving me this opportunity.”

Billie was recognised for her hard work throughout the apprenticeship, and for her consistently-high level of resourcefulness and maturity. While her manager was unavailable for work for a six-week period, she worked hard to improve her knowledge and skills, whilst also having the sole responsibility for maintaining the academy’s IT network.

If you’re interested in employing an apprentice – or maybe becoming an apprentice yourself – visit the Firebrand Apprenticeships website.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 26 June 2013

Cloud security flaws: "My entire digital life was destroyed"


By 


Cloud has had a number of security concerns since its release and the concerns are becoming a reality for many victims. 

The idea of the cloud is to store everything in one place; the obvious downside to this is that it makes everything much more vulnerable to be stolen. And when we mean everything, we mean EVERYTHING. 

This is becoming a major concern as cloud is the new 'big thing' to happen to the  IT industry; with Apple pushing its iCloud, Amazon pushing its AWS, Google starting to push it too and the big one Microsoft with its increasingly popular cloud based Windows 8. 

So if these security issues are not going to be dealt with, many are going to suffer the same consequences Wired blogger Mat Honan did when he had his “digital life destroyed in the space of just 1 hour”.

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
Photo: Ariel Zambelich/Wired. 
His story exposes several security faults in many customer service systems - in this case Apple and Amazon. 

All the hackers had to do was contact Apple support who gave them access to his iCloud account. 

Then they contacted Amazon support who gave them access see small parts of sensitive information, such as the 4 last digits of his credit card number.

These 4 digits were then used to pass Apple security questions and gain further information which lead to the following chaos.

"First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook."

Read more on MAT Honan's story here.

How do you feel about cloud security? Has anything like this happened to you?

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Monday, 24 June 2013

Penetration testers


By 


It’s a regular occurrence. Someone or something connected to the net is under attack.

Luckily, firewalls, spam filters and other standard defences stop most of those attacks. But when you become the target, your defences won’t be enough. Hackers have become more and more discreet, even a mail from your colleagues can open the door to your computer and data.

How do we defend ourselves and our companies from such attacks?

Penetration testers and ethical hackers attempt to shrug the company’s defences, find a way to repair it and install a better defence.

"They pay us to replicate the same kinds of attacks used by the bad guys, the cyber criminals," said John Yeo, European head of Trustwave's SpiderLabs pen test team.

Ethical hackers are getting more and more in demand as the number of cyber-attacks increase.

"They are not 15-year-olds doing it from their bedrooms," said Mathias Elvang, head of security company Sentor. We need people like Matthias or John who use them skills and knowledge to secure your privacy.

Naturally, banks and others financial institutions are primary targets. "The closer you are to cash, the closer you'll be to getting attacked. The importance lies not in what you are doing but in quantifying the risks you face", said Christian Angerbjorn, a former in-house pen tester at one of the UK's High Street banks and now security head at IF Insurance.

Companies pay a lot to secure their servers and data as it is a small price to pay for the damages an attack could cause.

Mr Yeo stated that a lot of people are easy hacked and it makes them realise the potential danger and how much a simple e-mail can do. He added that being caught out via a penetration test can be a powerful learning experience.

"The most important thing is what risks you expose and what damage could that do", said Mr Angerbjorn. He added that the majority of pen tests succeed and even worse are never detected.

In a recent interview by the BBC, Michele Orru demonstrates 'social engineering' hacking attacks through emails.

Get Adobe Flash player

Read the full article by the BBC here.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Thursday, 20 June 2013

CEH v8 released!


By 



EC-Council have finally released the much awaited CEH v8, which now contains 20 of the most up-to-date hacking domains you'll need. Whether it's to strengthen the security of your company or start your own Ethical Hacking career.

The new enhancements includes: core content updates, new content flow, new concepts and attacks, the latest hacking techniques, pentesting components, and many more. Here are some of the latest updates v8 will focus on:
  • Security issues in the latest operating systems. Including Windows 8 and Windows Server 2012
  • Existing threats to operating environments dominated by Windows 7 and other operating systems
  • The latest hacking attacks targeted to mobile platform and tablet computers and countermeasures to secure mobile infrastructures
To beat a hacker, you must think like on and this is exactly what being a Certified Ethical Hacker is all about. Hacking has quickly moved from being something weird and rebellious to a clear sign of power and intelligence. It is now one of the most desired information securities training programs every professional wants.

The course covers all domains needed to test system vulnerabilities and employ countermeasures. The attempts are made using the same methods and techniques as a Hacker.

The objective is to ensure your organisations vulnerabilities and security flaws are found before they are exploited by hackers. Ethical hackers mimic the approach adopted by hackers with minimum disruption in services. The extent of the tests depends on the contract between the ethical hacker and the organisation.

CEH v8 - EC-Council logo

The Certified Ethical Hacker certification is vendor neutral and enhances the skill sets of security administrators, network administrators, security auditors and other IT professionals. 

Master the ethical hacking methodology and use it in penetration testing or in as ethical hacking situation. Finf out more about the Certified Ethical Hacker v8 certification here.

Jay Bavisi, Co-Founder and President of EC-Council, recently spoke to us about the highly anticipated Version 8 of the Certified Ethical Hacker (CEH v8) credential. Watch below:




To embed this video copy the text in the box below:


About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Tuesday, 18 June 2013

‘Unhackable’ Cryptography


By 


As computers get faster, and more powerful. And hackers get smarter and more sophisticated, it's getting harder to protect sensitive information transmitted over the internet.

But hacking sensitive data might become a thing of the past as researchers have almost perfected the most sophisticated way of encrypting information. Quantum cryptography - but now without the optical fibers that are usually required.

The idea was developed by Cambridge University engineers in the UK and by Toshiba’s European research laboratory. It takes everything a step closer to what is now being dubbed ‘unhackable’ and can soon be introduced into credit card transactions.

What is Quantum Cryptography?

Quantum cryptography was developed from the laws of quantum theory to create what could be uncrackable codes that can even show if they've been messed around with or snooped on. The reason it's uncrackable is because it works with the laws of quantum physics. If you try to observe a photon particle, it reacts differently as to how it would react if you were not observing it. It is rather hard to explain so I'll leave that part to an expert. Alex Filippenko explains it with the double helix experiment in the video below.



Quantum cryptography uses single photons, the smallest particles of light, in different orientations to produce a continuous binary code, or "key," for encrypting information. The rules of quantum mechanics ensure that anyone intercepting the key is detected, providing highly secure key exchange.

Cryptography
A similar technique is already being used by governments and the military but one of the issues caused by it is that the quantum keys to encode and decode the information have to be sent on single photons (particles of light) across an optical fibre separate from the line carrying the data itself. This made it extremely complicated and expensive - especially for long distances. But this has now changed.

Andrew Shields from Toshiba Research in Cambridge stated: "The requirement of separate fibres has greatly restricted the applications of quantum cryptography in the past, as unused fibres are not always available for sending the single photons, and even when they are, can be prohibitively expensive,".

"Now we have shown that the single photon and data signals can be sent using different wavelengths on the same fibre."

The Toshiba system, outlined in research published in the journal Physical Review X, still requires an advanced detector that picks up the encryption key in a time window of just 100 millionths of a micro-second, at the expected arrival time of the single photons.

The detector is able to filter out 'noise' in the fibre which is caused by data itself therefore avoiding the cost of dedicated optical fibre lines.

Previously, quantum cryptography did work on shared optical fibres but only through short distances, with low capacity rates, or with data moving only in one direction.

The researchers state that their system can move data back and forth over 50 km with the encryption.

Learn about Cryptography

Opportunities in IT security are popping up everywhere so why not take it? Get the right security certification and earn on average £50,000. Here are two certs which are highly respected, guarantee career advancement and teaches you about cryptography. Read about the top IT security certifications, what you'll learn and how much you can earn here.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Friday, 14 June 2013

Why you need to get certified


By 


So you’re already working in a company, and you’re already in a good position… Why bother getting certified and spend all of that time out the office? Especially if you already have a college degree and have been working for a number of years for that one employer?

In a recent survey by ManageElite, it was found that the top 11 pain points when it comes to training (in order of painfulness) are:

 1.      Lack of time to conduct training

 2.      Scheduling employees for training

 3.      Training doesn't stick

 4.      Cost/budget

 5.      Trainees don't listen or pay attention

 6.      Getting manager buy-in

 7.      Upper management buy-in and support

 8.      Finding training that fits our situation

 9.      Keeping training material current

 10.     Quality of training materials

 11.     No time to research, prepare materials

But before you come to any conclusions about getting certified, here are a few points you should consider:

Market yourself by getting certified!
CISA certification ISACAYou may think you don’t need to be marketable because you’re not planning on taking a new job anytime soon. But that should make you want to prove even more that you’re at the top of your game. You must show your value to the business. Certifications help prove that that your skills are still relevant and they are a particularly unbiased indicator of your skills.

Certifications show your value!
Having the latest certifications shows that your skills are up to date and could get you in line for a promotion or for the next role. It also shows your employer that you’re a valuable member of the team and that you’re willing to learn new things. You’ll be able to make a stronger argument for the next version of a technology you want to introduce into your company.

Stay up-to-date!
Going back to an earlier point; you might have your BA, BS, MBA, etc… but just how long ago was that? Certifications are proof that you’re keeping your skills and knowledge current and up to date. You’re passing the industry’s measurement of knowledge based on their skill assessments. Nothing will make you stand out to management like taking on additional education and getting business relevant certifications, especially when they’re not required and you’re setting a new bar for the organisation.

Get hired!
In CompTIA’s Employer Perceptions of IT Training and Certification report in 2011, they found that 86% of hiring managers indicate IT certifications are a high priority during the candidate evaluation process. The report also found that eight in ten HR executives verify certifications among job candidates.  In the 2012 Microsoft Certification Program Satisfaction Study, it was found that 91% of hiring managers consider certification as part of their hiring criteria.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Tuesday, 11 June 2013

MCSE SharePoint 2013 exam tips


By 

MCSE SharePoint 2013 logo
SharePoint 2013 is part of the new version of Office making it easier to stay connected, access files, and maintain messaging security. The MCSE SharePoint certification proves that you have expertise in helping your company organise, sync, collaborate, and share information.

Here are the top five tips to passing your MCSE SharePoint 2013 exams from Joel Jefferey - our SharePoint instructor.

Top five tips for your SharePoint 2013 exam


1. Pace yourself
You have a limited amount of time and a lot of questions to answer. Give yourself a time limit per question - and stick to it.

2. Look out for clues in later questions
Sometimes you can find two or three questions spread over the course of an exam that, when read together, can only have one logical combination of correct answers.

3. Eliminate the stupid choices
Although all question choices in the exam must be viable areas of SharePoint 2013's object model or platform, there are usually still one or two obviously incorrect choices which helps narrow down the correct answer.

4. Look out for trick questions
Sometimes Microsoft puts in choices that are more applicable to a previous version of a product or technology, but which would not work on the new platform.

5. Leave no question unanswered
There is no "negative" marking in Microsoft exams. You only accumulate points for correct answers; no additional marks are deducted for incorrect choices.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Friday, 7 June 2013

The single tweet that crashed the stock market


By 


On the morning of the 23rd of April, the Associated Press agency, a powerful media outlet in the US with over 2 million followers on twitter, tweeted a disturbing message to the world: “Breaking: Two explosions in the White House and Barack Obama is injured”.

Associated Press twitter hacked
Within minutes, the message got retweeted thousands of times, the New York stock exchange was in high alert and traders anticipated the impact of the news on the economy. Dow Jones Industrial Average, which collects the top US listed companies’ share prices, fell by 100 points and the stock market was in chaos.

Not too much time passed before the White House confirmed to the press that nothing had happened, and the market recovered.  It then quickly became clear that AP’s twitter account had been hacked. A group calling themselves the Syrian Electronic Army claimed responsibility for the hack. They are said to support the Syrian president Bashar Al-Assad, and have targeted several media outlets such as the BBC and the Guardian.

After some research by IT security professionals, they found that an “impressively disguised phishing email” sent to an AP journalist allowed the hackers to extract data and the password for the AP’s official Twitter.

A financial trader stated that after reading the tweet, he had the same feeling when hearing about the 11th September attacks, and he knew it will affect market a lot. He added: “When I realized it was a fake tweet I was outraged and ashamed that the market was able to be manipulated so easily.”

On top of seeing first-hand the affect an attack like this can have on the financial market, it’s scary to know how easy it is for hackers to steal information from a central pillar on the global economy’s information. All of the employees have since been briefed about cyber security and phishing attacks.

The attack brings up the question; is your government and media outlets prepared and ready for similar attacks? We recently mentioned that the UK government announced plans to allocate £650 million to cyber security as part of its four-year National Cyber Security Programme. But is it enough? Read morehere.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Thursday, 6 June 2013

Last minute tips for passing your ISACA CISA or CISM exam


By 


Updated on 16/07/2015
CISM ISACA logo
ISACA's CISA and CISM are must-have certifications for any IT security professional working with information security systems. 

These high prestige certifications are difficult to attain, but if you follow these tips, you'll be better prepared to achieve them:

  • Read through the ISACA Exam Candidate Information Guide 2015, which you can find here.
  • By now you've probably read or re-read ISACA’s CISA or CISM review manual which provides you with the content, structure and other topics of the exam. Highlight key areas and devote extra attention and time to them. Don't leave anything to chance.
  • Join the discussions in ISACA’s Study Communities – click here for the CISA group and here for the CISM group. 
  • In case you haven’t got the CISA/CISM Practice Questions Database v15 resource, ISACA also offers free CISA and CISM Self-Assessment tests which will help identify gaps in your knowledge that are in need of further study. Here are the links - CISM Self-Assessment and CISA Self-Assessment.
  • Stay old school. Take notes and read things out loud. Both will help you memorise concepts more easily.
  • Once you're confident, and can explain most if not all the basic concepts of CISA or CISM, then read review questions, answers and explanations.
  • This is not a university or high school exam. Think like an IT Auditor and not like a student. You have to manage tasks the best way by making the best decisions.
  • Many students find that the hardest part is visualizing the concepts, which you’ll need to do in the exam. So try to prepare some of your own before hand.
  • As you’re probably aware, you can’t take the CISA or CISM review manuals into the exam, so try to skim through the key areas 30 min before the exam.

CISA ISACA logoOne thing to note is that the markers don’t want to know if you are the strongest in IT related systems, they just want to be sure you’re competent enough and can make the best decisions, evaluate and review IT security and audit related issues.

Here are some more general revision tips to ensure your exam success:
  • Frequent breaks are essential. Don’t expect your brain to focus for hours, if you don’t give it some rest. Take a 5-10 minute break for every hour spent with studying
  • Drink plenty of water as it helps you to think and most importantly it hydrates you.
  • Avoid caffeine. Coffee, Coke or Red Bull, they will only make you feel more anxious, so cut them out of your “exam diet”.
  • Before the test, do some exercise. It gets your blood flowing and relaxes you. It also increases your alertness.
And one last thing, try to relax! Visualise your goal: your name on this certification (or your slightly different CISM certification).

CISA certification template

Do you need more information/inspiration? Check out these great CISM & CISA resources:
Or watch these two videos of CISA and CISM certified professionals.


Good luck.


About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 5 June 2013

Global spending for IT Security to reach £25 billion next year


By 


According to the International Data Corporation (IDC), the global spending for IT security is to reach £25billion by next year.

It has come to no surprise with the enormous rise of cyber attacks seen around the world. with unending waves of attacks that seem to get more and more difficult to deal with.  Even MI5 is battling "astonishing" levels of cyber-attacks in the UK industry and Symantec has stated in their 2011 report that they recorded thousands of hacking events every second.

Israel is a global leader in this sector and is home to around 200 companies, most of which are important players in the industry. The Israel Institute has stated that the annual export of IT Security is estimated to be worth around £1billion and is predicted to grow 10 – 15%.

Richard Anton, chairman of the British Private Equity and Venture Capital Association (BVCA) has stated that "The UK is missing a trick by not investing in more Israeli IT security - their technology is world-beating. The US has embraced it and the UK uses it well in the commercial sector but not so much in the government sector", he added that "We certainly have a need for it. Cyberwarfare is real. It's not just stuff in stories."

In a report from the Cabinet Office, British businesses have suffered about £21 billion a year from cyber crime.

In 2010, the government announced plans to allocate £650 million to cyber security as part of its four-year National Cyber Security Programme.

The never ending IT security threats continue to grow, and is having an enormous influence on the demand for security professional. IT security has become the fastest growing sector in the IT industry.

Opportunities in IT security is growing and growing so why not jump on the bandwagon? Get the right security certification and earn on average £50,000. Here are three certs which are highly respected and will guarantee advancement.


Top three security certs


1. CISSP - (ISC)2


CISSP professionals are always in demand and many businesses now require it. It’s one of the key certs employers look for to fill management-level information security positions. Having a CISSP shows that you have a strong knowledge of security concepts and methodologies. This cert is very well known in the IT security community and according to itjobswatch.co.uk, the average salary for a CISSP professional is £50,000.
  

2. Certified Ethical Hacker (CEH) - EC-Council


The CEH certification from the EC-Council is widely recognised as an entry into the hacking world. As an ethical hacker aka (white hat hacker), you’d attempt to penetrate the networks or computers of the organisation you work for. Ethical hackers do this in order to help find and fix the vulnerabilities that would otherwise be exploited by "black hat" criminal hackers.

Demand for CEH professionals continues to grow with the alarming increase in cyber attacks. Organisations are looking for new ways to protect themselves and tighten their security. The CEH course and certification covers all that is needed to identify system vulnerabilities and countermeasures. According to itjobswatch.co.uk, the average salary for a CEH professional is £40,000.

3. Security+ - CompTIA


Security+ is offered by the world renowned CompTIA. Having this certification shows that you have a strong understanding of security concepts, cryptography, access control, and the tools and procedures to respond to security issues. You’ll also learn about disaster recovery methods, risk management, and compliance and operational security. From the skills gained in this course, y
ou’ll be able to prevent cyber attacks, and effectively deal with security events. The Security+ cert is widely known in the industry and just like CISSP it is often a requirement for the security team - including the U.S Department of Defense’s IT department. According to itjobswatch.co.uk, the average salary for a Security+ professional is £47,000.

Note, it's worth checking the links to itjobswatch.co.uk for each of the certs, as average salaries can vary over time. Read the following article to see more of the top IT security certifications: http://www.crisp360.com/news/top-5-it-security-certifications

About the Author:
Julian writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Julian is the companies Digital Marketer.