Thursday, 25 August 2016

Firebrand win EC-Council Accredited Training Centre of the Year 2016


As part of the EC-Council Global Awards 2016, Firebrand Training has been named Accredited Training Centre of the Year (Europe). This extends a record breaking achievement to an eighth successive year, a reflection of our continued dedication to delivering excellence and quality across our full range of accelerated EC-Council courses. 

This includes the globally recognised Certified Ethical Hacker (CEH) and exciting new Certified Chief Information Security Officer (CCISO) certifications. 



atc-of-the-year-2016




Firebrand Lead Instructor for EC-Council courses, Richard Millet, was also recognised in the EC-Council Circle of Excellence. This is the fourth time Richard has been honoured for his achievements by EC-Council - being named previously as Instructor of the Year in 2014 and entering the instructor Circle of Excellence in 2011 and 2015.


EC-Council-Circle-of-Excell


Speaking about the awards, Firebrand Training Co-Founder, Robert Chapman said:

"We are immensely proud to be named EC-Council Accredited Training Centre of the Year for the eighth year in succession. Here at Firebrand, we pride ourselves on providing accelerated learning of the highest calibre. Our aim is to quickly develop the vital skills and knowledge our customers need to defend their business from the growing cyber threat. 

To be recognised by EC-Council is an honour and shows we continue to deliver on our promise."

Jay Bavisi, President of EC-Council, gave his opinion on the awards:

"We have some of the best training organisations representing EC-Council across the globe and they have again demonstrated the commitment to high quality training, winning them awards again this year."


How the awards were won


Chosen from over 700 training centres, 107 countries and a wide range of EC-Council certified instructors, Firebrand proved its distinction in picking up the Accredited Training Centre of the Year award (Europe) and Instructor Circle of Excellence (Europe) award. Firebrand and Richard Millet met the extensive and rigorous criterion EC-Council have in place to be awarded as the best in Europe in both of these categories.

The Accredited Training Centre of the Year award seeks to acknowledge training centres that provide the greatest level of information security training. Some of these courses include EC-Council’s flagship Certified Ethical Hacker, the Computer Hacking Forensics Investigator, the Network Security Administrator and the ECSA.

The Instructor Circle of Excellence (Europe) award acknowledge instructors that epitomise the industry's best practices, while raising standards and contributing to a growing body of knowledge surrounding information security. 


Offering the latest EC-Council courses

As an official EC-Council training partner, Firebrand offers the very latest accelerated certification courses. This includes the recent addition of the CCISO certification, for which Firebrand were selected as the launch partner for England.

This CCISO course is aimed at developing the next generation of senior-level information security executives. The credential focuses on developing the technical skills needed of a Chief Information Security Officer, while also teaching the application of information security management principles from an executive management viewpoint. 




Thursday, 11 August 2016

Why CISSP is a must have certification, now more than ever


ISC2's CISSP course is essential if your pursuing a senior role in Information Security. CISSP provides an extensive overview of the Common Body of Knowledge (CBK): a compendium of information security practices and standards compiled and continually updated by (ISC)2.

CISSP is integral in developing an extensive understanding of information security and has gained importance as a key component in the selection process for management-level information security positions. But, for those that are unfamiliar, here are the top reasons why CISSP is the certification to choose, now more than ever.


1. Worldwide recognition:


A certification is only as good as the recognition attached to it. Unlike many standard certs, CISSP boasts industry wide recognition, acknowledged in 2015 by SC Magazine (for the fifth time) as the ‘Best Professional Certification Program’.

This Gold Standard credential is not only recognised by the world’s leading multinationals - such as Google, IBM and P&G - it’s also deemed a requirement in 56% of cyber jobs in the contracting industry. If you’re looking to take on the complicated world of IT security, a CISSP certification is a must have.






2. Job competence:


In the 2015 (ISC)2 Global Workforce Study, the report found that the attributes that best characterise ‘successful’ information security professionals came down to a broad understanding of the security field, communication skills and awareness of the latest security threats. 


2015 (ISC)2 Global Information Security Workforce Study

CISSP’s core content, seen in the domains listed below, actively seeks to develop this wide range of information and security management. The CISSP CBK consists of the following eight domains:
  • Security and Risk Management: Addresses a broad spectrum of general information security and risk management topics.
  • Asset Security: Addresses the collection, handling and protection of information throughout its life cycle. 
  • Security Engineering: Is the practice of building information systems and related architecture that continue to deliver the required functionality in the face of threats that may be caused by malicious acts. 
  • Communication and Network Security: Encompasses the network architecture, transmission methods, transport protocols, control devices and the security measures used to maintain the confidentiality, integrity and availability of information transmitted over both private and public communication networks. 
  • Identity and Access Management: Involves provisioning and managing the identities and access used in the interaction of humans and information systems, of disparate information systems and even between individual components of information systems. 
  • Security Assessment and Testing: Involves the evaluation of information assets and associated infrastructure using various tools and techniques for the purposes of identifying and mitigating risk. 
  • Security Operations: Involves the application of information security concepts and best practices to the operation of enterprise computing systems.
  • Software Development Security: Involves the application of security concepts and best practices to production and development software environments. 
The Global Workforce study also compares the job roles of (ISC)2 members versus non-members. 

The findings show those with an (ISC)2 certification such as CISSP, although in possession of a wide range of information, are more likely to take on specialised job roles. Examples of such specialist positions include Security Consultant, Security Architect, Information Assurance Manager or Security Advisor. Nannette Ripmeester, founder of Expertise in Labour Mobility, believes these “specific skills are valued more [by employers] because they are more difficult to teach”. Non-members, however, are more likely to have generalist IT roles such as Network Administrator, Security Systems Administrator or Technical Consultant. 



3. (ISC)2 Membership:

Once you have completed an (ISC)2 certification and subject to annual maintenance fees, you become an (ISC)2 member. This membership offers plenty of resources and benefits that can help further your knowledge and network. Some of these include:

  • Access to a vast network: With over 110,000 members across 160 countries, you will gain access to other CISSP certified individuals and the shareable knowledge of this community. 

  • The opportunity to earn CPEs - critical for maintaining your certification in good standing

  • Discounts on industry conferences and access to free online events. 

  • Access to industry-leading research: Includes the ISC Journal and the Global Information Security Workforce Study. 
  • Security central: An exclusive resource that researches and tracks vulnerabilities using proprietary, state-of-the-art algorithms to aggregate, categorise and prioritise vulnerabilities affecting tens of thousands of products.
  • Industry recognition: An event acknowledging distinguished information security professionals. 
  • Digital badges: Allows you to share your credentials online through the use of a badge.

4. Earning potential:


The CISSP certification proves you have the advanced skills, knowledge and commitment required, to command higher wages.

The challenging standards require students to have at least 5 years of experience in two of the eight (ISC)2 domains listed above. Additionally, the student must complete a 250 question multiple choice exam in order to be officially certified.

Although a difficult process, requiring students to fully understand the CBK and framework of information security practices and standards, the return on investment makes it one of the most highly sought after courses available. 


Those with a CISSP certification command an average an salary of £76,700, compared with £62,500 for similar job titles without a CISSP certification.



5. Growing demand for Security Professionals/Higher spending on IT security:


CISSP has and is likely to always remain a well-performing certification, but what makes it so special today?

As businesses become increasingly dependent on information technology, the importance of cyber security has never been so important. Cybersecurity Ventures projects $1 trillion will be spent globally on cyber security from 2017 to 2021. Editor-In-Chief, Steve Morgan, stated that “IT analyst forecasts are unable to keep pace with the dramatic rise in cyber-crime”. Forbes echoed this in a recent article, stating that the booming cyber security market is expected to grow from $75 billion in 2015 to $170 billion by 2020.

Despite the industry experiencing rapid growth, (ISC)2 found that by 2019 there will be a shortage of 1.5 million information security professionals. So, not only is CISSP a qualification that can propel your IT career, its current high demand in a growing industry make 2016 the best time to start. 





Monday, 1 August 2016

Becoming a Certified Ethical Hacker - 5 things you need to know

Photo Credit - The Preiser Project
‘Ethical hacker’ may sound like a contradiction in terms, but as the saying goes, ‘it takes one to know one’.

Businesses are increasingly realising the value of employing ‘white hat’ (ethical) hackers to employ the same tools and techniques as the nasty ‘black hat’ hackers, to find and close their IT systems’ security vulnerabilities.

If you’re serious about a career as an ethical hacker, gaining a certification is a powerful way to
demonstrate your expertise, and boost your employment prospects.


1) One certification to rule them all 


There is a wide selection of IT security certifications, for all levels of experience, and with various biases towards either the technical or managerial sides. But for ethical hacking the choice is easy, as one certification is regarded as the gold standard: the EC-Council Certified Ethical Hacker (CEH). By way of evidence: on ITJobsWatch, in the past 3 months 258 jobs cited ‘Ethical Hacker’ or ‘Ethical Hacking’, but 343 explicitly cited ‘EC-Council Certified Ethical Hacker (CEH)’.

The latest version of CEH, v9, was introduced at the end of 2015, so make sure this is the one you study. It offers incredibly comprehensive coverage of the latest techniques and methodologies, based upon the expertise of the world-leading experts at the EC-Council (International Council of Electronic Commerce Consultants). To give you an idea of the certification’s scope, you’ll gain exposure to over 2200 hacker tools.

You don’t need decades of previous experience in order to take the CEH certification. The EC-Council suggests two years’ IT security experience, although this is flexible if you have previous IT-related qualifications.

2) Do a course 


There’s often a choice with certifications whether to take a course, or self-study. With CEH, self-study is rather challenging, because it’s difficult to gain sufficient practice and ensure you are not accidently breaking the law!

On an official CEH course, you practice your skills on EC-Council's 140 labs covering a vast range of security vulnerabilities. Ethical hacking, probably more than any other IT skill, requires you to ‘think outside of the box’, so realistic mind-stretching practice environments are essential.

3) Be a child 


Ethical hacking is a creative and exploratory process. Yes, there is a suite of standard tools and techniques with which you need to be comfortable, but a mindset of almost child-like curiosity is essential. You’ll constantly need to find unexpected ways of using existing systems to expose the back doors that everyone else has overlooked.

The CEH course places a strong emphasis on teaching you to ‘think like a hacker’. It’s your job to take the red pill, and actively explore how deep the rabbit hole goes.

4) With great power comes great responsibility 


Perhaps as important as curiosity is a strong sense of responsibility. The CEH teaches you the same techniques that ‘black hat’ hackers use for malicious purposes. Consequently, you’re required to sign a form stating that you won’t misuse your knowledge.

The Computer Misuse Act, which mandates prison sentences for hacking, has no provision for curiosity or good intentions – so only ever attack live systems when you have explicit permission from the owner!

5) It’s big money 


Cyber attacks affected 1 in 4 UK businesses in 2015, costing the economy a staggering £34 billion. The cost of each breach was £1.46 million on average. It’s no surprise, then, that businesses are crying out for skilled staff to combat the problem – and they’re willing to pay.

As you may have gathered, the shortfall in certified ethical hackers is rapidly driving up salaries. The current median salary is a very respectable £57,500, having risen from £50,000 two years ago.