Wednesday, 31 July 2013

Data breaches linked to cyber skills shortage - the importance of certification


The shortage of skilled professionals in cyber security is responsible for the high levels of data breaches according to the (ISC)² Global information Security Workforce Study (GISWS). This is having a weighty effect on the global economy, according to the study of more than 12,000 information security professionals worldwide conducted by Frost & Sullivan.

Lack of qualified professionals is the top concern of over half (56%) of chief information security officers (CISOs) alongside hacking. Hacktivism (43%) and cyber-terrorism (44%) are also major worries.

The report concludes that the major shortage of skilled cyber security professionals is negatively impacting organisations and their customers.

The executive director of (ISC)², Hord Tipton, stated that data breaches have an economic effect: “Now, more than ever before, we’re seeing an economic ripple effect occurring across the globe as a result of the dire shortage of qualified information security professionals we’ve been experiencing in recent years”. He added: “Underscored by the study findings, this shortage is causing a huge drag on organisations. More and more enterprises are being breached, businesses are not able to get things done, and customer data is being compromised.”

Given the high levels of cyber espionage, hactivism, and nation-state threats, Tipton stated that the time is now for the public and private sectors to join forces and close this critical gap.  “We must focus on building a skilled and qualified security workforce that is equipped to handle today’s and tomorrow’s most sophisticated cyber threats”.

In the 2011 GISWS, it was found that there is a problem upstream, a major shortage of software development professionals trained in security. With cloud security, bring-your-own-device (BYOD) and social network, there is more threats from malware and mobiles devices.

According to the report, a multi-disciplinary approach is required to address the risks in BYOD and cloud computing. 74% of respondents thought new security skills are required to meet the BYOD challenge and 68% that social media is a security concern, with content filtering being the top security measure used.

“The business model of cyber criminals is changing and therefore information security professionals need to change to address that and adapt their approach to new and emerging technologies,” said Richard Nealon, co-chairman (ISC)2 Advisory Board for Europe, Middle-East and Asia.

“This survey shows that we need to rethink our approach to the skills challenge. We need to look at the problem from the top down, not the bottom up,” added the managing director, John Colley.

Other key findings from the study include:

Information security is a stable and growing profession. Over 80% of respondents reported no change in employer or employment in the past year, and 58% reported receiving a raise in the past year.  

The number of professionals is projected to grow steadily by more than 11% a year over the next five years. The average annual salary for (ISC)² certified professionals is £66,330 globally, which is 33% higher than professionals without an (ISC)² certification.

Knowledge and certification is considered highly important in job placement and advancement. Almost 70% view certification as an important indicator of competency when hiring. Almost half of companies (46%) require certification. 60% of those surveyed plan to acquire certifications in the next 12 months, and the CISSP is still the top certification in demand. 

This figure is the same for the UK. If you want to find out more about certifications, we recently wrote an article on our top four IT security certs, you can find it here.

How to boost cyber security skills:

To end the shortage of cyber security skills, three actions are required according to Richard Nealon, co-chairman (ISC)2 Advisory Board for Europe, Middle-East and Asia.

1.   More engagement from businesses is needed with the IT security profession. Opportunities need to be made available to existing and prospective infosec professionals and provide incentives to stay. “By providing internships, for example, businesses can open the door and enable people to see if they are suited to a career in infosec,” said Nealon. He added that “The average age of skilled information security professionals in the UK is 43, we are not getting enough young people into organisations where they can learn as they work”.

2.   The Government needs to take on its responsibility of further promoting IT security as a key skill that is essential to the protection of critical national infrastructure. Nelson stated that “Government should encourage scholarships and help create training and employment opportunities”. 

3.   The educational industry should work harder to ensure their IT courses have a stronger focus on security. They should also offer more courses on cyber security and make them attractive to prospective students. “For example, a course in ‘forensic cyber security’ is much more attractive than a ‘bachelor is information security’,” said Nealon. “There is also a gender imbalance that needs to be addressed. Worldwide, 89% of infosec professionals are male, but in the UK the figure is 93%,” he added. These institutions should further promote IT security as a career, particularly to women as the gender imbalance is not good for the industry.

About the Author:
Julian writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Julian is the companies Digital Marketer.

Monday, 29 July 2013

The World's Biggest Data Breaches in one Infographic


Major data breaches, leaks and hacks are becoming more and more common. But beginning to understand the sheer numbers involved may be hard.

Information is Beautiful created a brilliant interactive infographic of the world's biggest data breaches, highlighting some of the most high-profile attacks. It lets you filter by organisation, method of leak, and gives you a brief description of the breach with a source to full articles. It really puts the importance of IT security into perspective and is really rather distressing.

The infographic includes all of the most recent attacks in 2013 such as the recent incidents with Evernote, LivingSocial, Facebook, LinkedIn, Yahoo and Twitter.

But it seems that technology companies aren't the only ones at risk. "Video gaming sites and organizations have suffered the most," said David McCandless, who runs Information is Beautiful. He adds that “in terms of sheer numbers of records breached, they really get owned."

The healthcare industry also faced its share of serious data breaches, which is worrying considering the sensitivity of the data.

The infographic also shows the huge T.K. Maxx security breach in 2007 that put more than 45 million credit and debit card users at risk. The scary thing is that many slip under the radar meaning the illustration may just be showing the tip of the iceberg.

McCandless stated that "some companies such as Twitter are upfront and transparent about getting the news out as soon as they are hacked, while others like Apple are super uncommunicative".

You can click on each attack to learn more about what happened. Click here to check it out.

About the Author:
Julian writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Julian is the companies Digital Marketer.

Friday, 26 July 2013

A guide to the Microsoft Technology Associate (MTA) Networking Fundamentals Certification


What is the MTA?

The Microsoft Technical Associate (MTA) programmes are entry-level training and certification in the fundamentals of IT Infrastructure, Database and Software Development, designed by Microsoft, with the MTA Networking Fundamentals programme focusing on the IT Infrastructure track. By completing this programme and passing the associated online exam, it can be used as a stepping stone to the Microsoft Certified Technology Specialist (MCTS) exams.

The purpose of the MTA Networking Fundamentals programme is to provide an overview to candidates on the essentials of networking principles. Being a Microsoft exam you will be learning the foundations of Windows Server and any potential candidates are expected to have hands-on experience with networking management tools, DNS, TCP/IP, and an understanding of the names resolution process and network protocols and topologies.

Target Audience

The Networking Fundamentals programme is associated with the IT Infrastructure track and is intended for those candidates who are interested in building a career in desktop support, server maintenance or cloud services. Potential candidates

for this programme could be looking to enhance their knowledge and understanding in networking, or could already be in a support role and looking for career progression.

What You Will Learn

The curriculum is segmented into 3 domains, containing 14 learning objectives in total:

1. Understanding Networking Infrastructures

1.1. Understand the concepts of the Internet, intranet, and extranet

This objective may include but is not limited to: VPN, security zones, firewalls.

1.2. Understand local area networks (LANs)
This objective may include but is not limited to: perimeter networks; addressing; reserved address ranges for local use (including local loopback IP), VLANs; wired LAN and wireless LAN.

1.3. Understand wide area networks (WANs)
This objective may include but is not limited to: leased lines, dial-up, ISDN, VPN, T1, T3, E1, E3, DSL, and cable and their characteristics (speed, availability).

1.4. Understand wireless networking
This objective may include but is not limited to: types of wireless networking standards and their characteristics (802.11A, B, G, N including different GHz ranges), types of network security (for example, WPA/WEP/802.1X), point-to-point (P2P) wireless, wireless bridging.

1.5. Understand network topologies and access methods.
This objective may include but is not limited to: star, mesh, and ring.

2. Understanding Network Hardware

2.1. Understand switches
This objective may include but is not limited to: transmission speed; number and type of ports; number of uplinks; speed of uplinks; managed or unmanaged switches; VLAN capabilities; Layer 2 and Layer 3 switches, security options; hardware redundancy; support; backplane speed; switching types, MAC table; understanding capabilities of hubs vs. switches.

2.2. Understand routers
This objective may include but is not limited to: transmission speed considerations, directly connected routes, static routing, dynamic routing (routing protocols), default routes; routing table and how it selects best routes; routing table memory, NAT, software routing in Windows Server.

2.3. Understand media types
This objective may include but is not limited to: cable types and their characteristics, including media segment length and speed; fibre optic; twisted pair shielded or nonshielded; cabling, wireless; susceptibility to external interference (for example, machinery, power cables); susceptibility to electricity (for example, lightning), susceptibility to interception.

3. Understanding Protocols and Services

3.1. Understand the OSI model
This objective may include but is not limited to: OSI model; TCP model; examples of devices, protocols, and applications and which OSI/TCP layer they belong to; TCP and UDP; well-known ports for most-used purposes (not necessarily Internet); packets and frames.

3.2. Understand IPv4
This objective may include but is not limited to: addressing, subnetting; NAT, static IP, gateway; APIPA; network classes, classful/classless IP addressing; reserved address ranges for local use (including local loopback IP).

3.3. Understand IPv6
This objective may include but is not limited to: subnetting; IPconfig; why use IPv6; addressing; IPv4toIPv6 tunneling protocols to ensure backwards compatibility; dual IP stack; subnetmask; gateway; ports; packets; reserved address ranges for local use (including local loopback IP)

3.4. Understand names resolution
This objective may include but is not limited to: DNS, WINS, steps in the name
resolution process

3.5. Understand networking services
This objective may include but is not limited to: DHCP, IPsec, remote access

3.6. Understand TCP/IP
This objective may include but is not limited to: tools such as ping; tracert; pathping; Telnet; IPconfig; netstat, reserved address ranges for local use (including local loopback IP); protocols.

Sample Questions

Below are some examples of the types of multi-choice questions you may be asked to the exam.

Q1. Which IEEE standard relates to WLAN

   A. 1394
   B. 802.3
   C. 802.5
   D. 802.11

Q2. Which layer of the OSI Model do bridges work on?
   A. Layer 1
   B. Layer 2
   C. Layer 5
   D. Layer 7

Q3. You would like clients in one subnet to receive IP addresses from a DHCP server in a different subnet. What feature would the interconnecting router need to support?
   C. DNS
   D. None of the above

From an Academic POV…

This programme can be embedded into any IT curriculum starting from Level 2 provision, with particular links to the IT Professional certification track. Delivery styles will vary, but it is recommended that students really embrace the MTA curriculum and training providers use a good blend of hands-on resources and plenty of intense revision sessions. Typical delivery time is between 3-6 days, including exam.

As this is a Microsoft programme learners and training providers often find the MTA programmes are fun to teach and students who have a passion for Networking will fully benefit from its course content.

From an IT Professional POV…

If you are just starting your career in IT and have developed a keen interest in the Infrastructure track, then there is no better place to start building up your professional vendor portfolio than with the MTA Networking Fundamentals exam. As you can see from the certification path below the MTAs provide an excellent foundation to your future in IT. 

Other related MTA exams are 98-349 Windows Operating System Fundamentals; 98-365 Windows Server Administration Fundamentals and 98-367 Security Fundamentals.

MTA Benefits
  • A qualification that is sought after
  •  Helps towards MCTS/MCSA Level Certifications
  • Validates Fundamentals
  • Microsoft Certification on your CV!

Exam Details

Code:                        98-366
Duration:                    45 Minutes
No. of Questions:       35
Pass Mark:                 70% (25 Qs Correct)
Question Format:        Multi-Choice, Drag & Drop
Exam Vendors:           Certiport & Prometric

Considering attaining your MTA Certification?

Firebrand are one of the few IT Training companies in the UK who off the the full range of MTA certifications. To find out more about the courses offered, check the links below.

Author Bio
This article was written by Adrian Davies, Apprenticeship Development Manager at Firebrand Training. Adrian has been in the IT Training industry since 2001 and prior to Firebrand was the Curriculum Manager for Pearson PLC. 

Thursday, 25 July 2013

Last chance! TechNet subscription service shutting down


Microsoft is retiring its top software deals subscription. It was announced yesterday that in just 1 month it will shut down its TechNet subscriptions after the 15 year service. Microsoft has other, similar programs, but none as generous as TechNet.
The online Technet blogs and customer support forums will still be live, but a letter was sent to subscribers by Microsoft today announcing plans to retire the TechNet subscriptions service. New subscriptions will no longer be available after August 31, 2013, and the subscription service will shut down as current subscribers' contracts end.

From 1998, TechNet offered its subscriptions massive packets of CDs, and evolved into download options as broadband connections became common. The services have historically been one of the best deals around for IT professionals.

For an annual subscription fee of just a few hundred pounds, subscribers get the right to download virtually all of the desktop and server software Microsoft sells, with multiple product keys. The software itself is licensed for evaluation purposes only, that restriction however is part of the license agreement and is not enforced in the software itself.

The TechNet subscription was so popular because of this loophole; enthusiasts would use the platform to access cheap software then use the multiple product keys to activate rather than following the “evaluation only” rule.

This aspect was very popular in software piracy where subscribers would sell on the product keys with counterfeit software at “discount prices”. Despite Microsoft seeking to crack down on piracy through the platform in 2010 and 2012, you need only search Google or any ‘respecting’ torrent site to find these product keys in their thousands.

Last chance
Many have been left disappointed as a result of these changes. So with just 37 days to go, ensure you make the most of this offer for the final time by renewing or purchasing your subscription before the cut-off date - August 31, 2013.

More information on Subscriptions Retirement
You can check out Microsoft’s Subscriptions Retirement FAQ, with some of the main points below:

  • New subscribers have until August 31, 2013, to purchase an annual subscription.
  • Newly purchased subscriptions must be activated by September 30, 2013.
  • Current subscribers will continue to receive their benefits until their contract ends which for most retail purchases is limited to a year.
  • Existing subscribers with an end date before September 30, 2013, may renew for an additional year as long as they purchase prior to the August 31, 2013, cut-off.
  •  Subscribers with an active Microsoft Certified Training account will continue to access their program benefits until March 31, 2014.
  • MVP’s will still receive a free copy of Visual Studio Premium through an MSDN subscription.
  • The MSDN subscription will remain unchanged.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 17 July 2013

A guide to Microsoft's Enterprise Technology - Infographic


Microsoft have been creating and launching leading business and enterprise technology for more than 30 years. 

In response to Microsoft's release of new flagship products SQL Server 2014, Windows Server 2012 R2 and System Center 2012 R2, we decided to create a comprehensive guide to Microsoft's full range of technology. After pondering several formats and seeking out some crack designers we settled on an infographic as the best way to display the information.

Check out the graphic below and let us know your thoughts. If you want to see a super-size version you can also find it on our website

Copy and Paste the following to embed on your own site:

Hopefully once reading you will know about the full range of enterprise and business technology available from Microsoft. Whether it be email communication, project management, website development, customer relations management, security, live chat or data storage, management and insight (the list goes on) .....Microsoft have a product for you.

Special thanks goes to Ashley Petrons and Bill Farmer from Hutt River, who were integral in the design and launch of this graphic.

Author Bio: Edward is a member of the Marketing team focussing on Technical writing and Community Engagement for Firebrand. Working in the Industry for over 2 years, Edward has experience with Microsoft Technologies including SharePoint and Windows Server and Exchnage Server. Edward writes for a variety of Blogs and Publications on all things Technology