Tuesday, 29 September 2015

Why now is the time to become a Certified Ethical Hacker

 By Sarah Morgan

Cyber criminals are using increasingly more advanced technologies to breach the security of high-profile businesses. The list of companies and institutions hacked now include Ebay, Sony, Target, AOL, the NHS and even the US Military. Even after such massive security scandals, some dating back almost 10 years, companies are only now realising how crucial IT security is to their success. 

Because of this, now more than ever, businesses want professionals who can demonstrate skills in ethical hacking. Read on to discover the reasons why there has never been a better time to become a Certified Ethical Hacker.

Large scale investment


According to Microsoft’s Digital Crimes Unit, 1 in 5 businesses have been the subject of a cyber-attack. This means it’s a matter of when, not if, more high-profile security breaches will happen. As a result companies are recruiting and training Certified Ethical Hackers to make sure it isn’t them. Because of this, demand for Certified Ethical Hackers continues to climb, almost indefinitely.

In addition, BT has recently launched an ethical hacking service for customers in financial services. This service is designed to help organisations in retail and investment banking to protect their business from security breaches and cyber-attacks. If other big businesses follow suit and begin to offer full-scale services like BT’s, the demand for Certified Ethical Hackers will increase significantly. 

With 1000s of jobs currently advertised, and the future growth potential, this is just one of the reasons why there has never been a better time for you to attain EC-Council' Certified Ethical Hacking credential.


Investment from small and medium businesses


It's not just global organisations investing in ethical hacking to ensure their names aren’t headline news for the wrong reasons. Small and medium businesses are increasingly realising the need to increase investment in IT security to future proof their business.

In recent interview with the BBC, Steven Harrison, Lead Technologist at IT services firm Exponential-e, states there can often be a knowledge gap between small business and industry giants. To bridge this gap, small businesses are increasingly investing in developing the skills of ethical hackers to tighten up their security. The goal is to prepare themselves as they expand into the cloud, social media and other advancing technologies. 

If you work for a small or medium business, now is a fantastic time to encourage your boss to invest in training you as a Certified Ethical Hacker.


Removing the stigma


When the title of “ethical hacker” was first mentioned, some businesses were cautious of employing those with the skills to hack their systems. For obvious reasons, businesses were reluctant to hand over the keys to their company’s security. They were fearful of disgruntled employees who knew every detail of their security systems and how to access their most sensitive data.

However, ethical hackers have proven time and again their value by protecting businesses from cyber-attacks that have devastating potential. Companies are also more aware of the rigorous background checks for criminal records and codes of conducts that all ethical hackers must pass and sign.

This is good news, as the types of attacks that are threatening businesses are becoming increasingly more common and complex. The best way to counter this threat is to employ a Certified Ethical Hacker to discover and patch weaknesses in security. 

The realisation of the worth of ethical hackers means more businesses are looking to employ and train Certified Ethical Hackers for protection. They are much more willing to open their doors to you.


Image courtesy of chanipipat at FreeDigitalPhotos.net




EC-Council Certified Ethical Hacker v.9.0


EC-Council recently released the new and updated version of the Certified Ethical Hacker certification. Because the CEH certification is the pinnacle in the field of ethical hacking, when the course is updated, it provides the latest knowledge and skills available. Version 9 is no different and has added new vulnerabilities and attack vectors. 

Now is the perfect time to bring your skills up to date and set yourself apart from other professionals.


Boost your security skills


The demand for Certified Ethical Hackers is only set to increase in businesses of all sizes. As technology continues to advance, so will the threats to the businesses using it. These businesses will need to protect themselves, one of the best ways to do that is through Certified Ethical Hackers.

So, insummery here is why there has never been a better time for you to become a Certified Ethical Hacker:

1. Big business are investing heavily in recruitment and training of Certified Ethical Hackers. The emergence of ethical hacking as a service ins only going to create yet more jobs.

2. Small and medium businesses are investing more in developing ethical hacking hacking skills, meaning you have more chance of improving your knowledge and skills.

3. Reduced stigma and a greater appreciation of the value of ethical hackers means more and more companies are opening their doors to Certified Ethical Hackers.

4. The release of CEH v9 means you can bring your skills up to date and be at the forefront of ethical hacking.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 


Wednesday, 16 September 2015

Azure Active Directory: Tomorrow’s Identity Management, Today

   By Debra Littlejohn Shinder

Identity and access management form the backbone of your network security plan, and now with the integration of on-premises and cloud-based services in a hybrid environment, organizations need a solution that will simplify user access to cloud apps and allow them to get to the resources they need no matter what type or brand of computing device they’re using. 

Microsoft’s answer to this is Azure Active Directory, which will not only enable your users to access your SaaS applications and Office 365 but also lets you publish your on-premises web apps so that they can be accessed from computers, tablets or smart phones running Windows, Android, iOS or OS X. 

Your on-premises Active Directory and other directory services can be synchronized automatically with Azure AD. You can sync users, groups and contacts to the cloud and Azure AD supports both directory sync with password synchronization and directory sync with single sign-on:


  • Directory sync with password sync: users can sign into Azure AD with the same username and password they use for accessing the company network.
  • Directory sync with single sign-on:  users can use their company AD credentials to access both cloud and on-premises resources seamlessly. You can even have single sign-on across multiple AD forests using Active Directory Federation Services (ADFS). 


All of this convenience doesn’t come at the cost of security. Users can enjoy all the benefits of single sign-on and administrators can breathe easy knowing that the access channels are secured. 

You have the option of enabling Azure multi-factor authentication to provide more protection for your sensitive and confidential data and applications, and security monitoring will keep you apprised of what’s going on with both your cloud apps and your on-premises apps. 

Active Directory integration tools, Azure Active Directory Sync and Azure Active Directory Synchronization Tool (DirSync) have been replaced by Azure Active Directory Connect, which encompasses their same functionalities and can be downloaded from the Microsoft Azure web site. This tool lets you easily connect your on-premises directories with your Azure AD via a wizard-based interface that will deploy and configure all of the necessary components for you. 


Credit: Microsoft Azure Directory


Azure AD Connect has three parts: Sync Services, AD FS and the health monitoring service (Azure AD Connect Health). AD FS is optional; it’s used to create a hybrid solution with your on-premises AD FS deployment. In order to install Azure AD Connect, you’ll need to have Enterprise Administrator credentials, along with a subscription to Azure and Azure AD Premium (or the trial version). You’ll also need an Azure AD Global Admin account and your AD domain controller needs to be running Windows Server 2008 or above. 

The installation wizard will help you to select the type of synchronization that’s best for your organization (password sync or single sign-on), then it will install the software components that are needed in order to deploy the type of synchronization you chose. After the components are installed, it will verify the integration of the on-premises and cloud directories to ensure that everything is working. 

By default, Azure AD Connect installs an instance of SQL Server 2012 Express, creates the appropriate groups and assigns the necessary permissions to them. However, if you want, you can use a SQL server that you already have. You’ll need to specify its name in the options configuration section of the wizard. You also might want to create an account for the sync services to use instead of using the default account, so that you can choose your own password. When you use the default, Azure AD Connect generates a password automatically and you don’t know what it is. Usually you won’t need to, but there are some advanced tasks that do require you to know and enter the password. 

The quickest and easiest way to integrate your on-premises and cloud directories is to use the Express installation option. It is for single-forest configurations and uses the password hash sync type so users can log onto the cloud with the same password they use for the corporate network. It’s a quick and simple process with just six steps. If you want more options, you want to go with the Custom installation, which lets you choose Federation with AD FS or password sync, lets you add more directories to sync, and gives you far more flexibility and control over identities and features such as Azure AD app and attribute filtering, password and user writeback, and more. Writeback means that password changes made in Azure AD and users created in Azure AD will be written back to the on-premises directory. 

Azure Active Directory brings your on-premises and cloud assets together for maximizing the benefits of both. You can find much more good information about Azure at www.cloudcomputingadmin.com.



Author Profile

Debra Littlejohn Shinder, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security.

She is also a tech editor, developmental editor and contributor to over 20 additional books. Her articles are regularly published on TechRepublic's TechProGuild Web site and WindowSecurity.com, and has appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine.

Monday, 14 September 2015

The Government’s Apprenticeship Levy Will Transform Apprenticeships – And Your Workforce

 By Sarah Morgan

Now apprenticeships have reached the top of the government agenda, investing in IT skills for your workforce is more crucial than ever to successful business.

In a bid to encourage British employers to invest in workforce training and create 3 million quality apprenticeships by 2020, the UK government opened consultations last month for plans to impose a tax levy to businesses to fund apprenticeships nationally.

What is the levy and how may it affect my business?


Whilst complete details are still to be released in autumn 2015, the levy is looking to rapidly enhance the skills of the UK workforce and bring to light the substantial economic benefits of hiring apprentices to businesses. 

A short summary of the levy is outlined below, sourced from the Department for Business Innovation & Skills ‘Apprenticeships Levy’ consultation document:

  • The levy is applied to larger employers, proportionate to the number of employees
  • Unused funding from employers that choose not to invest will be redirected back into the national fund, meaning those who do invest are likely to gain more from the levy than they contribute.
  • Funding will continue to be distributed via a digital voucher system to pay for the training required – regardless of size or sector.
  •  Employers can choose which apprenticeship training they purchase and use their vouchers, transferring the purchasing power to them.
  • Apprenticeships will be given equal legal footing with degrees.
  •  Employer National Insurance contributions for apprentices under 25 will be abolished

In brief, the levy holds greater value if you are committed to training your workforce. As larger competitors will have contributed to the apprenticeships scheme, they are less likely to ‘poach’ employees from those who have invested in training and more likely to become self-sufficient in building a skilled workforce.



IT apprentices – your most valuable investment


Businesses need fresh IT talent. According to the Office for National Statistics and Tech Partnership, the UK has over 130,000 vacant jobs across the IT industry per year and no suitable candidates to fill them, meaning it’s becoming increasingly expensive to hire.

With access to over 700,000 unemployed young people (UK Parliament, 2015) and a lack of IT-related degree graduates, now is the time to train either your own staff or external candidates at little to no cost. Apprenticeships are not age-discriminate and you can still receive government funding regardless of how old your apprentice is.

Firebrand can get you the talent – and fast


IT apprentices training with Firebrand will gain up to 38days of accelerated training at twice the speed, leaving more time for them to develop within your workplace. You’ll gain a certified apprentice with multiple industry-recognised qualifications from Microsoft, Cisco, CompTIA and ITIL.

With the opportunity to adapt your programme to suit the needs of the business, you also won’t be restricted to the ‘standardisation’ of normal apprenticeship programmes and you can choose which certifications will be most relevant to the job role you design.

It couldn’t be easier for you to take on an IT apprentice – we advertise apprenticeships and we recruit the candidates for you, completely free.

To start your search for an apprentice, head to our website.

Invest in your greatest asset now – fast. 


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 9 September 2015

Your Ultimate CISSP FAQ

 By Sarah Morgan

The CISSP is a hugely popular certification that carries a great deal of prestige and may be something you’re striving for in the future.

How much do you really know about the CISSP? This ultimate CISSP FAQ will start from the basics to ensure you know all there is to know about this gold standard security certification.

Q: What is a CISSP?

A: CISSP stands for Certified Information Systems Security Professional. Achieving the certification proves you are accomplished at the management level of information security. Developed by globally recognised (ISC)2, it has become established and well-respected within the industry and is now a key component in the selection process of Chief Information Officers.



Q: What does the course cover?

A: The CISSP course begins by ensuring you understand the concepts and principles behind information security and why they are important. You’ll then build up to learn how to protect your business from various angles and how to apply management skills to information security through (ISC)2’s eight domains.

Everything you’ll cover will be from (ISC)2’s CISSP CBK (common body of knowledge). This ensures what you learn is approved and thorough, covering all components of information security management. The full list of the domain titles are as follows:


  • Domain 1 – Security and Risk Management 
  • Domain 2 – Asset Security
  • Domain 3 – Security Engineering
  • Domain 4 – Communication and Network Security
  • Domain 5 – Identity and Access Management
  • Domain 6 – Security Assessment and Testing
  • Domain 7 – Security Operations
  • Domain 8 – Software Development Security


Q: How will it help me on a day-to-day basis?

A: The skills you’ll learn on your CISSP course will improve the depth of your knowledge, filling in gaps, and making you more skilled at what you already know and do. You will also become more proficient and prepared for dealing with a vast range of security threats.

For example, the breadth of topics covered ranges from cryptography to implementing disaster recovery processes. Whatever your current or future job role in information security, you’re sure to gain knowledge and skills that will help you on a daily basis.

Q: Who is the CISSP aimed at?

A: The CISSP is an advanced certification. This means it is directly aimed at senior and experienced security professionals who will realistically be able to pass the exam and find it useful.

However on a more grand scale, anyone looking into senior information security roles can target the CISSP as a long term goal. Even if you’re not quite the perfect candidate to take the CISSP yet, there’s nothing stopping you in the long term.

Q: What jobs can I do with a CISSP?

A: The CISSP has the potential to lift you into security roles that are the pinnacle of the field. Below are just a small sample of the sorts of job roles that you could access after becoming CISSP certified:


  • Chief Information Security Officer
  • IT Security consultant
  • Senior Security Engineer
  • Head of Cyber strategy
  • Security Specialist
  • Chief Security Architect
  • Security Assurance Analyst
  • Technology Consultant Manager
  • Cyber Security Senior Manager
  • Information Risk Manager
  • Head of Risk & Compliance




Q: How much can I expect to earn with a CISSP?

A: Of course the salary you can earn depends on what else is in your skillset and the job roles listed above do have varying salaries. According to itjobswatch.com, the lower tier of the jobs you could be doing average salaries between £40,00-£50,000. These are roles like IT Security Consultant, Security Specialist and Security Assurance Analyst.

However, the more senior roles, like Chief Information Security Officer, Head of Cyber Strategy, Chief Security Architect and Cyber Security Senior Manager, average salaries between £70,000-£100,000. The CISSP is one of the best certifications as a gateway to such high level jobs with that kind of salary and responsibility – especially in a field with such intense competition.

Q: Can anyone take the CISSP course?

A: Because the CISSP is such an advanced certification, there are prerequisites that you must meet before you are able to sit the course.

Initially, you must have at least five years of professional information security experience, as well as a university degree. The nature of the security industry also requires you to agree and commit to the Code of Ethics and criminal history check. On top of this, after passing the certification, your application must be endorsed by another qualified information security professional.

However, do not be put off. These prerequisites are only in place to ensure that you and have the experience and ability to pass the course and put what you’ve learnt into practice in the real world afterwards.

Q: What happens if I don’t meet the prerequisites?

A: If you don’t currently meet the requirements for the CISSP – (ISC)2 offer a range of courses for varying experience and skill level. The full list here.

The SSCP is designed for those who don’t meet the CISSP prerequisites. Also developed by (ISC)2 from its CBK, it covers seven very similar domains, at a lower level. The bonus is, it only requires one year of experience in the information security field – a fantastic stepping stone to get you onto the CISSP.

There are also many other security certifications that can help boost your skills. From EC-Council’s Certified Ethical Hacker, to CompTIA’s Security+, there is a certification out there than can help you get the skills you want in the security industry, whatever your current situation.

Q: What are the exams like?

A: The CISSP exam consists of 250 multiple–choice, four option questions. It’s a lot of questions, but you have six hours in which to do them. All exams are meant to test you and prove that you are a certain standard, otherwise the certification wouldn’t be worth anything. The CISSP is no different and is a tough exam to pass, hence the qualities stated in the prerequisites. But don’t feel daunted, obviously people do pass it, it just takes commitment and hard work. It’s also worth noting that the exam questions change every two weeks, so you’re not facing the same questions each time.

Q: What happens if I fail?

A: Obviously nobody likes to fail, but it doesn’t mean the end of your aspirations and possibility of you getting CISSP certified. (ISC)2 policy states you can retake an exam 3 times in a year. If it’s the first time you’ve failed it, you’ll be able to sit another exam just 30 days afterwards.

Q: When can I get on a CISSP course and get certified?

A: The CISSP is a hugely popular course, which is why there is usually always a course running soon that you can get yourself on. At Firebrand there is between 1 and 3 courses a month. The Firebrand course is also just seven days and also includes the official (ISC)2 exam at the end of it. That means depending on availability, you could be CISSP certified by the end of next week.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Tuesday, 1 September 2015

How to renew your CompTIA A+ certification


 By 

The IT industry is in a constant state of evolution. Each day brings with it a new security patch, operating system upgrade or revolutionary technology. As an IT professional you need to show your skills and knowledge match the current industry developments. Launched in 2011, CompTIA's Continuing Education (CE) program was created to do just that, ensuring your certifications are kept up to date. 

If you have achieved the CompTIA A+ certification post January 1, 2011, you have a globally-recognized ISO/ANSI accredited certification. As part of the accreditation requirements, this certification expires every three years. 

How to renew you CompTIA A+ certification

A+ CertificationYou can renew your expiring A+ certification using the CE program in the following way:
  • Pass the most current version of the two CompTIA A+ exams:
    • Essentials (Exam 220-801)
    • Practical Application (Exam 220-802)
  • Complete CompTIA CE activities, which will allow you to keep your certification current without retesting
  • Achieve a higher-level CompTIA certification like the Network+, or a higher level industry certification

Your fastest route to CompTIA A+ recertification

The great thing about the CE program, as outlined above, is that you can renew your CompTIA certification by achieving additional industry related certifications. So, not only do you maintain your current certification, you have the opportunity to expand your skill set and certification into another area. 

To renew a certification, you are required to achieve Continuing Education Units. To renew the CompTIA A+ you'll need to acquire 20 . Below are a list of Firebrand's accelerated courses which meet this criteria, allowing you to renew your A+ certification in the shortest time frame possible:

Author Profile

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the Industry for almost 5 years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint, Windows Server and Exchange Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor.