Showing posts with label CISSP training. Show all posts
Showing posts with label CISSP training. Show all posts

Thursday, 11 August 2016

Why CISSP is a must have certification, now more than ever


ISC2's CISSP course is essential if your pursuing a senior role in Information Security. CISSP provides an extensive overview of the Common Body of Knowledge (CBK): a compendium of information security practices and standards compiled and continually updated by (ISC)2.

CISSP is integral in developing an extensive understanding of information security and has gained importance as a key component in the selection process for management-level information security positions. But, for those that are unfamiliar, here are the top reasons why CISSP is the certification to choose, now more than ever.


1. Worldwide recognition:


A certification is only as good as the recognition attached to it. Unlike many standard certs, CISSP boasts industry wide recognition, acknowledged in 2015 by SC Magazine (for the fifth time) as the ‘Best Professional Certification Program’.

This Gold Standard credential is not only recognised by the world’s leading multinationals - such as Google, IBM and P&G - it’s also deemed a requirement in 56% of cyber jobs in the contracting industry. If you’re looking to take on the complicated world of IT security, a CISSP certification is a must have.






2. Job competence:


In the 2015 (ISC)2 Global Workforce Study, the report found that the attributes that best characterise ‘successful’ information security professionals came down to a broad understanding of the security field, communication skills and awareness of the latest security threats. 


2015 (ISC)2 Global Information Security Workforce Study

CISSP’s core content, seen in the domains listed below, actively seeks to develop this wide range of information and security management. The CISSP CBK consists of the following eight domains:
  • Security and Risk Management: Addresses a broad spectrum of general information security and risk management topics.
  • Asset Security: Addresses the collection, handling and protection of information throughout its life cycle. 
  • Security Engineering: Is the practice of building information systems and related architecture that continue to deliver the required functionality in the face of threats that may be caused by malicious acts. 
  • Communication and Network Security: Encompasses the network architecture, transmission methods, transport protocols, control devices and the security measures used to maintain the confidentiality, integrity and availability of information transmitted over both private and public communication networks. 
  • Identity and Access Management: Involves provisioning and managing the identities and access used in the interaction of humans and information systems, of disparate information systems and even between individual components of information systems. 
  • Security Assessment and Testing: Involves the evaluation of information assets and associated infrastructure using various tools and techniques for the purposes of identifying and mitigating risk. 
  • Security Operations: Involves the application of information security concepts and best practices to the operation of enterprise computing systems.
  • Software Development Security: Involves the application of security concepts and best practices to production and development software environments. 
The Global Workforce study also compares the job roles of (ISC)2 members versus non-members. 

The findings show those with an (ISC)2 certification such as CISSP, although in possession of a wide range of information, are more likely to take on specialised job roles. Examples of such specialist positions include Security Consultant, Security Architect, Information Assurance Manager or Security Advisor. Nannette Ripmeester, founder of Expertise in Labour Mobility, believes these “specific skills are valued more [by employers] because they are more difficult to teach”. Non-members, however, are more likely to have generalist IT roles such as Network Administrator, Security Systems Administrator or Technical Consultant. 



3. (ISC)2 Membership:

Once you have completed an (ISC)2 certification and subject to annual maintenance fees, you become an (ISC)2 member. This membership offers plenty of resources and benefits that can help further your knowledge and network. Some of these include:

  • Access to a vast network: With over 110,000 members across 160 countries, you will gain access to other CISSP certified individuals and the shareable knowledge of this community. 

  • The opportunity to earn CPEs - critical for maintaining your certification in good standing

  • Discounts on industry conferences and access to free online events. 

  • Access to industry-leading research: Includes the ISC Journal and the Global Information Security Workforce Study. 
  • Security central: An exclusive resource that researches and tracks vulnerabilities using proprietary, state-of-the-art algorithms to aggregate, categorise and prioritise vulnerabilities affecting tens of thousands of products.
  • Industry recognition: An event acknowledging distinguished information security professionals. 
  • Digital badges: Allows you to share your credentials online through the use of a badge.

4. Earning potential:


The CISSP certification proves you have the advanced skills, knowledge and commitment required, to command higher wages.

The challenging standards require students to have at least 5 years of experience in two of the eight (ISC)2 domains listed above. Additionally, the student must complete a 250 question multiple choice exam in order to be officially certified.

Although a difficult process, requiring students to fully understand the CBK and framework of information security practices and standards, the return on investment makes it one of the most highly sought after courses available. 


Those with a CISSP certification command an average an salary of £76,700, compared with £62,500 for similar job titles without a CISSP certification.



5. Growing demand for Security Professionals/Higher spending on IT security:


CISSP has and is likely to always remain a well-performing certification, but what makes it so special today?

As businesses become increasingly dependent on information technology, the importance of cyber security has never been so important. Cybersecurity Ventures projects $1 trillion will be spent globally on cyber security from 2017 to 2021. Editor-In-Chief, Steve Morgan, stated that “IT analyst forecasts are unable to keep pace with the dramatic rise in cyber-crime”. Forbes echoed this in a recent article, stating that the booming cyber security market is expected to grow from $75 billion in 2015 to $170 billion by 2020.

Despite the industry experiencing rapid growth, (ISC)2 found that by 2019 there will be a shortage of 1.5 million information security professionals. So, not only is CISSP a qualification that can propel your IT career, its current high demand in a growing industry make 2016 the best time to start. 





Monday, 30 November 2015

Cyber security red alert on Cyber Monday


Cyber Monday creates an ideal opportunity for malicious hackers to attack your business systems. As company servers are hammered by millions of genuine requests from eager buyers, the opportunity for a hacker to breach your system undetected increases. The consequences of which can be severe, considering the financial and public image implications a single breach can create. 

The current strain being exerted on IT infrastructure is strikingly similar to a common hacking technique. The tactic involves a single hacker targeting a network, followed by hundreds of hackers joining the attack to create a diversion. The noise created by the hundreds of additional hacker presents a smoke screen, enabling the initial hacker to breach the system. 

Attacks like these can collapse your infrastructure, forcing websites and whole servers offline. They are becoming all too common as cyber criminal look to cash in on the details stolen. 


Protecting your assets on Cyber Monday 


Today, on Cyber Monday, you should remain vigilant, especially if you're an online retailer. Loyal customers are currently creating the diversionary tactic which could allow a hacker to breach your system. If your attention is being distracted by sales, you should start focusing on security. 

A single breach could expose your data to criminals, or take your website offline for hours. Not only will you miss out on the valuable revenue created by these marketing ploys, the financial ramifications of a breach could collapse your business. Take TalkTalk for example, November’s breach of the telecoms giant is estimated to cost the organisation in the region of £30-35 million. 

Take the following steps to protect your assets on this busy day: 
  • Ensure you follow routine daily security checks – do not let your IT team be distracted by sales
  • Segment systems on separate protected networks – this tactic ensures that if one system or network is breached, an attacker won’t then have free roam to take down multiple systems simultaneously 
  • Increase monitoring of endpoint devices – pay regular and close attention to public facing systems to ensure any suspicious activity doesn’t go undetected. Now is the time to be paranoid, it’s the ideal time for an attack 

Future planning 


Whilst Cyber Monday is high risk, it’s important to prepare for the long term. A cyber-attack can happen at any time, it’s vital you and your team have the security skills implement a long term strategy. 

Investing in training employees is critical. Certification courses like the Certified Ethical Hacker and CISSP will develop the technical and strategic skills required to protect your company assets. You can learn to attack your own systems to identify weaknesses or devise a comprehensive and water tight security system. Stay vigilant.

Thursday, 5 November 2015

The 5 hottest IT jobs and how to get them with Free Training For Life

 By Sarah Morgan

Firebrand’s Free Training For Life competition offers you the chance to win accelerated training completely free, for the rest of your life. There are no restrictions. This means you can choose from Firebrand’s portfolio of 200+ accelerated courses, which includes names like Microsoft, Cisco, CompTIA and (ISC)2.

Winning Free Training For Life has the potential to help you get your dream job, so we’ve mapped out the five hottest jobs right now and selected the certifications you need to secure them.


1. Chief Information Security Officer (CISO)


Security is one of the hottest topics out there at the moment, partly due to the staggering amount of high-profile cyber-attacks that have cost names like, EBay, Sony and most recently TalkTalk, millions. Chief Information Security Officer is one of the top jobs in the field. The average advertised salary is £110,000 according to itjobswatch.co.uk and they are now in high demand. CISOs are responsible for developing and implementing security policies and the company’s security architecture.

To get on the path to becoming a Chief Information Security Officer, you could start with the CompTIA A+ or Network+. The A+ and Network+ will teach you the fundamentals in PC hardware, security and networking that will be highly useful in the future.

(ISC)2’s SSCP is also a great value certification that you can do after a year’s IT security experience. This will begin to teach you advanced skills like cryptography, risk, response and recovery, and dealing with malicious code. This will put you in a great position to become a CISO in the future.

3-5 years into your career, ISACA’s CISA would be perfect to give you IS audit and control skills to ensure the business’s security procedures can protect its information assets. You could follow up with the CISM to get skills like risk and incident management and program development. This will help you move into information security management, and eventually the CISO role.

Many see (ISC)2’s CISSP as the best IT security certification you can aim for, and it will certainly help you get into a CISO role. The CISSP will help you master both the management and technical aspects of the field, giving you security engineering, communication and network security skills. There are also extensions to the CISSP that offer in-depth skills if you have a specific need for them. The CISSP-ISSAP includes further detail in areas like access control systems and security architecture analysis. Also, the CISSP-ISSEP can teach you further skills in technical management and risk management. These can help you master your CISO role.





2. Cloud Infrastructure Architect


The cloud technology market is growing rapidly. Because of this, demand for IT professionals with cloud skills has never been higher. Cloud Infrastructure Architect is one of the most sought after positions. The role involves migrating and integrating applications to the cloud, and managing cloud servers. The average advertised salary according to itjobswatch.co.uk is £70,000.

Typically, a business will use one established cloud provider which could restrict the training you’ll need. The restriction-less Free Training For Life however, would give you access to the wide range of cloud certifications, like the following, that teach you the skills to become a Cloud Infrastructure Architect.

The Microsoft Specialist: Implementing Microsoft Azure Infrastructure Solutions certification would give you the skills to migrate existing on-premises infrastructure to Azure. You’d also learn to manage the systems in the future.

The Microsoft MCSA: Windows Server 2012 R2 certification will give you the skills to manage and deploy Windows Server 2012 and components like active directory domain services and AD FS. It also offers cloud skills that will help you become a Cloud Infrastructure Architect. This is because the system includes cloud technology and is so widely used.

The Microsoft MCSE: Private Cloud will teach you how to build your Microsoft private cloud, very useful in a Cloud Infrastructure Architect role. It covers skills like deploying private cloud services, problem management, optimising a cloud infrastructure and configuring a self-service and multi-tenant private cloud.

Another option is VMware’s vSphere [V6] certification which includes elements of cloud technology. This will teach you skills in virtual machine management, configuring and managing virtual storage and networks, and installing and maintaining vSphere.


3. Certified Ethical Hacker


Certified Ethical Hackers are those who are able to counteract and prevent the threat that malicious hackers pose to businesses. The increasing danger that these malicious hackers are posing, is making the demand for Certified Ethical Hackers soar. According to itjobswatch.co.uk the average advertised salary for an ethical hacker is £55,000.

To begin on the path to a Certified Ethical Hacker role, you need systems and networking foundations. The Microsoft MTA Networking, Security & Windows Server Administration, CompTIA A+ or Network+ would all be great certifications to get those skills. The MTA does not cover the same hardware topics as the A+ or Network+, but does offer more content about server administration and will lean towards Microsoft technology.

Following on, the Security+ can give you more detailed security skills, covering topics like compliance and operational security, access control and identity management, and cryptography. Similarly, Cisco’s CCNA will boost your skills in the networking area. This will teach you skills in areas like LAN switching technologies, IP addressing and routing technologies, and network device security.

After two years’ IT experience, you should be ready to sit your Certified Ethical Hacker course. This will give you the knowledge to fill an ethical hacking role. You’ll learn advanced skills in areas like Trojans and backdoors, viruses and worms, session hijacking and SQL interjection. These are necessary and vital skills in the arsenal of an ethical hacker, so you can comprehensively check the security of a business and cover gaps that could be maliciously exploited.

The Computer Hacking Forensics Investigator is a further certification that can boost your skills in the forensics process, improving your skills in responding to an attack. This could really make you stand out in the ethical hacking field.


4. Web Developer


Every modern business needs a website, meaning web developers with skills to create and maintain them, are in high demand. According to itjobswatch.co.uk, the average salary for a Web Developer is £37,500.

To give yourself the fundamental web development skills, an MTA in Software Development Fundamentals or HTML5 App Development Fundamentals would be suitable. You’ll learn core programming and general software development skills that’ll be useful in any web development role.

To get the high level skills you need to become a web developer, you could sit the Microsoft MCSD: Web Applications. This will teach you how to create and deploy modern web applications, whilst giving you an introduction to coding languages like HTML5, CSS3 and JavaScript. It also teaches you basic programming skills like program logic, developing user interfaces and storing data.



5. Project Manager


Free Training For Life has the potential to take your career into project management. The skills in this field are versatile and useful in many areas of business. According to itjobswatch.co.uk, Project Managers have an average salary of £52,500.

You should begin with the PRINCE2 Foundation and Practitioner. It provides a framework for managing projects that is the most popular of its kind in UK. It teaches you how to structure and manage your projects, including planning and organisation techniques. It also covers potential changes and risks to your projects.

Once you meet the prerequisites, you can progress onto PMI’s PMP. This covers more detailed planning and tight regulation of your projects, helping you improve the success rate of your projects. You’ll learn to regulate budgets, communications, quality management and more.

Learning to apply the agile methodology will also help you become a more successful project manager. The PRINCE2 Agile will teach you to combine PRINCE2 and agile in your projects. You’ll learn agile fundamentals and how to tailor the management process around those fundamentals. This will help you react more effectively to unpredictable changes. 



Free Training For Life has no restrictions, meaning you can take your career in any direction you choose. For the rest of your life, stay at the cutting edge in your career by gaining high-quality skills and certifications that can open doors to places you’ve never considered.

You can sit courses from vendors such as (ISC)2, APMG, AXELOS, CISCO, CompTIA, EC-Council, ISACA, Linux, Microsoft, The Open Group and many more. Free Training For Life lets you dream big and accelerate your career with any course you choose. 

You can enter Free Training For Life here and see Firebrand’s full portfolio of accelerated courses here.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 9 September 2015

Your Ultimate CISSP FAQ

 By Sarah Morgan

The CISSP is a hugely popular certification that carries a great deal of prestige and may be something you’re striving for in the future.

How much do you really know about the CISSP? This ultimate CISSP FAQ will start from the basics to ensure you know all there is to know about this gold standard security certification.

Q: What is a CISSP?

A: CISSP stands for Certified Information Systems Security Professional. Achieving the certification proves you are accomplished at the management level of information security. Developed by globally recognised (ISC)2, it has become established and well-respected within the industry and is now a key component in the selection process of Chief Information Officers.



Q: What does the course cover?

A: The CISSP course begins by ensuring you understand the concepts and principles behind information security and why they are important. You’ll then build up to learn how to protect your business from various angles and how to apply management skills to information security through (ISC)2’s eight domains.

Everything you’ll cover will be from (ISC)2’s CISSP CBK (common body of knowledge). This ensures what you learn is approved and thorough, covering all components of information security management. The full list of the domain titles are as follows:


  • Domain 1 – Security and Risk Management 
  • Domain 2 – Asset Security
  • Domain 3 – Security Engineering
  • Domain 4 – Communication and Network Security
  • Domain 5 – Identity and Access Management
  • Domain 6 – Security Assessment and Testing
  • Domain 7 – Security Operations
  • Domain 8 – Software Development Security


Q: How will it help me on a day-to-day basis?

A: The skills you’ll learn on your CISSP course will improve the depth of your knowledge, filling in gaps, and making you more skilled at what you already know and do. You will also become more proficient and prepared for dealing with a vast range of security threats.

For example, the breadth of topics covered ranges from cryptography to implementing disaster recovery processes. Whatever your current or future job role in information security, you’re sure to gain knowledge and skills that will help you on a daily basis.

Q: Who is the CISSP aimed at?

A: The CISSP is an advanced certification. This means it is directly aimed at senior and experienced security professionals who will realistically be able to pass the exam and find it useful.

However on a more grand scale, anyone looking into senior information security roles can target the CISSP as a long term goal. Even if you’re not quite the perfect candidate to take the CISSP yet, there’s nothing stopping you in the long term.

Q: What jobs can I do with a CISSP?

A: The CISSP has the potential to lift you into security roles that are the pinnacle of the field. Below are just a small sample of the sorts of job roles that you could access after becoming CISSP certified:


  • Chief Information Security Officer
  • IT Security consultant
  • Senior Security Engineer
  • Head of Cyber strategy
  • Security Specialist
  • Chief Security Architect
  • Security Assurance Analyst
  • Technology Consultant Manager
  • Cyber Security Senior Manager
  • Information Risk Manager
  • Head of Risk & Compliance




Q: How much can I expect to earn with a CISSP?

A: Of course the salary you can earn depends on what else is in your skillset and the job roles listed above do have varying salaries. According to itjobswatch.com, the lower tier of the jobs you could be doing average salaries between £40,00-£50,000. These are roles like IT Security Consultant, Security Specialist and Security Assurance Analyst.

However, the more senior roles, like Chief Information Security Officer, Head of Cyber Strategy, Chief Security Architect and Cyber Security Senior Manager, average salaries between £70,000-£100,000. The CISSP is one of the best certifications as a gateway to such high level jobs with that kind of salary and responsibility – especially in a field with such intense competition.

Q: Can anyone take the CISSP course?

A: Because the CISSP is such an advanced certification, there are prerequisites that you must meet before you are able to sit the course.

Initially, you must have at least five years of professional information security experience, as well as a university degree. The nature of the security industry also requires you to agree and commit to the Code of Ethics and criminal history check. On top of this, after passing the certification, your application must be endorsed by another qualified information security professional.

However, do not be put off. These prerequisites are only in place to ensure that you and have the experience and ability to pass the course and put what you’ve learnt into practice in the real world afterwards.

Q: What happens if I don’t meet the prerequisites?

A: If you don’t currently meet the requirements for the CISSP – (ISC)2 offer a range of courses for varying experience and skill level. The full list here.

The SSCP is designed for those who don’t meet the CISSP prerequisites. Also developed by (ISC)2 from its CBK, it covers seven very similar domains, at a lower level. The bonus is, it only requires one year of experience in the information security field – a fantastic stepping stone to get you onto the CISSP.

There are also many other security certifications that can help boost your skills. From EC-Council’s Certified Ethical Hacker, to CompTIA’s Security+, there is a certification out there than can help you get the skills you want in the security industry, whatever your current situation.

Q: What are the exams like?

A: The CISSP exam consists of 250 multiple–choice, four option questions. It’s a lot of questions, but you have six hours in which to do them. All exams are meant to test you and prove that you are a certain standard, otherwise the certification wouldn’t be worth anything. The CISSP is no different and is a tough exam to pass, hence the qualities stated in the prerequisites. But don’t feel daunted, obviously people do pass it, it just takes commitment and hard work. It’s also worth noting that the exam questions change every two weeks, so you’re not facing the same questions each time.

Q: What happens if I fail?

A: Obviously nobody likes to fail, but it doesn’t mean the end of your aspirations and possibility of you getting CISSP certified. (ISC)2 policy states you can retake an exam 3 times in a year. If it’s the first time you’ve failed it, you’ll be able to sit another exam just 30 days afterwards.

Q: When can I get on a CISSP course and get certified?

A: The CISSP is a hugely popular course, which is why there is usually always a course running soon that you can get yourself on. At Firebrand there is between 1 and 3 courses a month. The Firebrand course is also just seven days and also includes the official (ISC)2 exam at the end of it. That means depending on availability, you could be CISSP certified by the end of next week.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 1 July 2015

CISSP or SSCP - which certification is right for you?


If you’re looking into an ISC2 information security course, deciding between CISSP training and SSCP training courses can often be confusing. We’re aiming to clarify the difference between the two, and ensure your decision is as simple as possible.

Who are they aimed at?


CISSP training, looks to attract Chief Information Security Officers, Security Managers, Consultants and Analysts, as well as, Directors of Security. In short, those in senior managerial security roles.

SSCP is aimed at those who are currently in a hands on role in information security. Network Security Engineers, Security Administrators and Systems Engineers for example.

Prerequisites?


CISSP training requires a minimum of 5 years of professional experience within the information security field. An endorsement is also required to ensure you meet the course standard. Previous certifications such as CISM, CEH or SEC+ would be a boost.

As SSCP is an entry level information security course, only 1 year of experience is required.

What is covered?


CISSP training has a top down, all-encompassing security strategy. As quoted on the ISC2 website, you’ll learn advanced security practices covering the 8 domains covered in the CISSP CBK:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security



SSCP is run from the bottom up giving IT workers a broad idea of how best to be aware of information security, as well as focusing on the related technical skills. SSCP covers 7 domains, again from the website:
  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security


Salaries


Having a CISSP certification could be a gateway into a Chief Information Officer role, with an average salary, according to itjobswatch.com, of £110,000.

The SSCP certification allows you to be versatile in a variety of information security roles. The average salary for a Security Administrator according to itjobswatch.com is £42,500

What Does a CISSP or SSCP do?


A CISSP has the potential to work with nationwide or even global management teams, creating security strategies and helping workers to be able to best do their job in implementing those strategies.


Because those with a SSCP are well rounded, they are able to adapt to many different day to day situations. A SSCP can expect a great amount of variety because of their skillset.

Have a look at these videos to find out more:






About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 13 April 2015

Crack the new CISSP CBK with these CISSP training resources


By Sarah Morgan


Your CISSP exam and curriculum is changing. With the release of a brand new exam blueprint and updated CISSP domains imminent, the material you're revising now will soon be out of date.

The switch will be made on April 16th 2015, when the ten CISSP CBK domains will be reduced to eight.


As a result of this refresh, the CISSP exam will be altered to reflect the new CBK changes (but will remain the same format). Any training or revision material you use must also be updated, or you’ll risk revising irrelevant content!

Don’t get caught out by the 2015 domain refresh. Take a look at these up-to-date revision resources, aligned to the 8 brand new CISSP domains.


1. Official (ISC)2 Guide to the CISSP CBK, Fourth Edition (ISC2 Press) Hardcover – 10 Apr 2015 
ISBN-13: 978-1482262759

Released last week, you don’t get any more up-to-date than (ISC)2’s Official Guide to the CISSP CBK.

This official guide, endorsed by (ISC)2 and edited by Adam Gordon, covers the refreshed technical content added to the CISSP CBK. The book provides a comprehensive guide to the eight CISSP domains and includes illustrated examples, practical exercises and real-life scenarios.

How to buy it:


And remember, if you’re an (ISC)2 member, you’ll get 50% off Official (ISC)2 textbooks!


2. The NEW 2015 CISSP Exam. Brace Yourself (and prepare yourself)! Webcast with Dave miller

Dave Miller has been an IT security specialist since 1980, is a published author and lecturer. So it’s no surprise he’s been following the new CISSP CBK with interest.

His comprehensive webcast, originally hosted March 17th 2015, is now available for free online at Oreily.com. The 93 minute webcast covers an abundance of CISSP topics including:

  • A review of the 2012 CISSP certification exam
  • The new CISSP 2015 examination
  • CISSP certification requirements
  • New test-worthy topics
  • How to prepare for the new CBK and CISSP exam
  • Conclusion: Q&A

To watch the webcast, sign up here.


3. (ISC)2 Overview & Key areas of knowledge in the 8 new CISSP domains

(ISC)2 has released a candidate information bulletin in line with the new CISSP exam blueprint. This massive document includes overviews of each of the 8 brand new CISSP domains alongside the key areas of knowledge you’ll need to understand to pass your exam.

This resource is excellent for any professional who needs a quick refresher on what’s contained in the new CISSP domains.

However, don’t treat the information found here as replacements for experience or knowledge - (ISC)2 state that, “[The candidate information bulletins] were developed to provide candidates with basic information…the outlines are not intended to be in-depth reviews of the examination.”

Access the document here.


4. (ISC)2 sample exam questions

Also included in the (ISC)2 CISSP candidate bulletin are sample questions, aligned to the new exam blueprint. We’ve included them below:


1. Which one of the following is the MOST important security consideration when selecting a new computer facility?

a. Local law enforcement response times
b. Adjacent to competitors’ facilities
c. Aircraft flight paths
d. Utility infrastructure

2. Which one of the following describes a SYN flood attack?

a. Rapid transmission of Internet Relay Chat (IRC) messages
b. Creating a high number of half-open connections
c. Disabling the Domain Name Service (DNS) server
d. Excessive list linking of users and files

3. Which one of the following is a limitation of fuzzing, as it relates to secure software development best practice?

a. Access to the source code is required
b. Not all discovered issues are exploitable
c. Issues must be accessible through an open interface
d. Is not suitable where code development is outsourced

Find the answers on Page 33 of the CISSP candidate bulletin.


Got a burning CISSP question?

If you’ve got more questions, take a look at our CISSP FAQ covering the new exam blueprint.

And if you need to get certified with accelerated CISSP training, good news – Firebrand are the only authorised (ISC)2 partner in the UK and will be teaching the latest 2015 CISSP material from the 20th April 2015.


Related articles:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 13 February 2015

CISSP domain changes incoming


By Sarah Morgan


As the modern information security landscape changes, the CISSP exam has to change with it. Effective April 15 2015, the CISSP will be based on a new exam blueprint and feature updated domains.

Refreshed content has been added to the Official CISSP CBK to reflect the most current topics in the information security industry. As a result, the updated CISSP exam will continue to accurately reflect the technical and managerial competence required by information security professionals.




Those familiar with (ISC)2 will not be surprised by their latest domain refresh. As (ISC)2 themselves state – “We conduct this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.”

What’s changing?

Effective 15 April, 2015 the CISSP domains will look like this (find the current domains here):

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) 
  2. Asset Security (Protecting Security of Assets)
  3. Security Engineering (Engineering and Management of Security) 
  4. Communications and Network Security (Designing and Protecting Network Security) 
  5. Identity and Access Management (Controlling Access and Managing Identity) 
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) 
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) 
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security) 

The keen eyed will notice that the domain refresh reduces the number of domains from ten to eight. However, (ISC)2 stress that the CBK remains as comprehensive as ever. Content has been ‘refreshed and reorganised to include the most current information and best practices relevant to the global security industry.’


FAQ


Q. How does the refresh affect the CISSP prerequisites?

A. The prerequisites will not change. You will still be required to possess a minimum of five years of cumulative paid full-time work experience in two out of the eight domains.

Q. I already hold the CISSP – how will these changes affect my CPE submissions?

A. Starting April 15, 2015 all CISSPs will be required to submit their continuing professional education credits in accordance with the refreshed CISSP domains.

Q. Will the new domains affect the number of exam questions, or duration of the exam?

A. No – your CISSP exam will still have the same number of questions and the time you are allotted will not be affected.

Q. Will there be new training materials for the CISSP?

The content within (ISC)2 training materials will be updated to align with the new CISSP domains. See the below table to find the launch dates for these new training products.

Q. Where can I find more information?

A. Refer to (ISC)2’s official FAQ or blog post for more information regarding the CISSP domain refresh.


Related articles:


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 17 December 2014

Best IT certifications for 2015


By Sarah Morgan


Getting certified is a brilliant way to prove that you are as skilled as you say you are. But a certification doesn’t stand alone – if you can’t apply it, what’s the point? Now that 2014 draws to an end, let’s take a look at some of the best IT certifications for 2015 that will advance you to the next stage in your career.

The need for qualified IT professionals is now massively outpacing the supply – it’s estimated that Britain alone will need 500,000 new IT professionals over the next five years. And with the widespread uptake of technologies, like Cloud and virtualisation, getting certified in 2015 really will make all the difference.

2014 saw a barrage of cyber-attacks inflicted upon businesses around the world. In fact, more organisations fell victim to cybercriminals in 2014 than 2013, the US State of Cybercrime revealed. And reports are already predicting an increase in cybercrime for 2015.

So from security to cloud and project management qualifications - getting certified for 2015 could be one of the best decisions you make next year. Here's our list of the best IT certifications for 2015.


1. Microsoft MCSA: Windows Server 2012 

Support for Windows Server 2003 ends July 14th, 2015. Using the system after end of support could cost you up to £120,000 a year in custom support. You will also lose the ability to process online transactions via Visa & Mastercard as Windows Server 2003 will fail to adhere to PCI compliance.

Despite warnings from Microsoft, estimates from HP suggest 11 million systems are still running Windows Server 2003. This could be a cripple your business, come 2015, considering the estimated 3 to 18 months it takes to migrate a datacentre of 100+ servers.

Thousands of businesses will now be migrating to Windows Server 2012, making the MCSA: Windows Server 2012 certification a valuable asset. Get this cert and you’ll reduce the hassle of migration and be able to make the most of your new server software faster.

Start planning your migration today (if you haven’t already) and make it a smooth process for your organisation by taking the MCSA: Windows Server 2012 course.


2. EC-Council Certified Ethical Hacker

There was a 50% chance you were a victim of cybercrime in 2014, data from Microsoft revealed. The same is true for one-in-five small and medium businesses.

Certifications like EC-Council’s CEH are now becoming increasingly sought after for businesses of all sizes. After all, nobody wants to face a crippling security breach like Sony’s recent attack.

Protect your business from cyber attacks like this (image from Sony's recent breach)



























Take on the CEH in 2015 and you’ll get comprehensive ethical hacking and networking security training. On this course you’ll learn how to conduct penetration tests against your own systems. With the knowledge of a hacker at your disposal, you’ll identify and close security holes that a cybercriminal could otherwise exploit.

The CEH certification also qualifies you for a wide range of roles within IT security from Forensics Analyst to Application Security architect.


3. (ISC)2 CISSP

In the past year alone, cyber security vacancies have doubled with demand now overwhelming supply, according to data from Technojobs.

The CISSP is a global standard and widely recognised as the information and cybsersecurity benchmark cert. Achieve it and you’ll display solid proof of your rounded IT security experience as well as a common baseline and standardisation of knowledge.


Certifications like the CISSP are in demand (2014 saw a 10% growth in the average salary for cyber security professionals) as they are frequently required for the majority of senior roles within cyber security.


Protect your organisation from IT security threats of all kinds - find out how to become a CISSP.


4. Microsoft MCSA: Office 365

Take the Microsoft MCSA: Office 365 and position yourself to take advantage of Microsoft’s new Cloud focus. This is also your first step to achieving Microsoft’s new Cloud Productivity competency for your business.


Achieve this certification and you’ll use the power of the cloud to save time, money and free up your business’s resources. You’ll get the skills required to set up an Office 365 tenant, including federation with existing user identities. If you evaluate, deploy and maintain Office 365 services, or plan to in the future – this is the course for you.



5. VMware® vSphere 5.5 

Businesses continue to embrace virtualisation technology as a way to reduce cost and complexity of critical applications. ‘The always-on-business will become the norm across the globe’ writes Don Williams, Vice president at Veeam Software.

Users want continuous access and to keep up, businesses have turned to virtualisation technologies to provide this. Products like VMware’s vSphere enable businesses to virtualise their server resources and aggregate them into logical pools for use across the entire business.

vSphere 5.5 is the fix for costly infrastructure sprawl as it allows your business to run multiple operating systems and applications on a single computer. Gone are the days of having multiple servers running at sub-optimal capacity - virtualisation technology gives increased productivity by reducing physical servers and ensuring each is running at full capacity.

Learn how to apply virtualisation technology within your organisation in 2015, with VMware’s official vSphere 5.5 certification. Find out more here, but bear in mind, this certification may change with the release of vSphere 6 sometime in 2015.


6. Microsoft Specialist: Developing Microsoft Azure Solutions 

Cloud technology is growing and demand for Cloud qualified professionals is growing with it. In 2014, 56% of IT departments couldn’t find qualified staff to support their cloud projects and demand for ‘cloud-ready’ IT professionals is also set to grow by 26% in 2015, IDC reports.

Microsoft's Public Cloud offering, Microsoft Azure, continues to grow with more than 1000 new customers joining everyday. After investing $15 billion in building and maintaining the global datacentres that power the Azure platform, it’s clear Microsoft have big plans in the Public Cloud space for 2015. You can tap into the demand for cloud skilled professionals by looking at the newly released Microsoft Specialist certifications focusing on the Azure platform.



If you’re a developer, the Developing Microsoft Azure Solutions certification is a brilliant way to gain a greater understanding of the Azure platform in 2015. This specialist course, built for developers, teaches you how to establish your own Azure virtual network environment, construct Azure Virtual Machines, host azure websites and design resilient cloud applications.

If you already hold the MCSD: Web Applications cert, this qualification is a brilliant way for you to get a rounded understanding of the Azure platform for 2015.

To achieve the certification you’ll have to pass the Microsoft Exam: 70-532.


7. Implementing Microsoft Azure Infrastructure Solutions

This is the second of Microsoft’s new specialist Azure certifications. With it, you’ll learn how to migrate your on-premise infrastructure to Azure. You’ll also learn how to:
  • Plan and implement data services based on SQL
  • Deploy and configure websites
  • Publish content through CDNs
  • Integrate on premise Windows AD with Azure AD
To achieve the certification you’ll have to pass the Microsoft Exam: 70-533.


8. AXELOS PRINCE2 Foundation and Practictioner

PRINCE2 is the de-facto standard for project management in the UK and is held by 63% of all project management professionals. With over a million exams taken globally, it’s already recognised as the world’s most popular project management methodology.

This qualification covers the management, control and organisation of a project. It embodies years of project management best-practice and provides a flexible and adaptable framework that suits different projects.

The PRINCE2 remains a sought-after certification for 2015 as employers continue to demand this qualification for their project management roles.


9. Microsoft MCSE: Private Cloud

The MCSE: Private Cloud certification focuses on the skills to combine Windows Server and System Centre 2012 to build a private cloud for your business. This certification requires the MCSA: Windows Server 2012 as a prerequisite. 

To boost the uptake of this already popular cert, Microsoft have launched various initiatives to help IT professionals get the prerequisites for this in-demand cloud certification.

To find out more about how to get the MCSE: Private Cloud certification, check out Microsoft Evangelist, Keith Mayer’s step-by-step guide. Or, if self-study isn’t for you, take a look at this accelerated course.


10. CompTIA A+

Many an IT professional’s career has been built upon the solid foundations of the CompTIA A+ certification. In fact, over 1,000,000 people have achieved the A+ in the past 20 years.

Major brands - like Dell, HP and Lenovo – require that their technicians are A+ certified in order to service their products. It’s even supported by government branches like the US Department of Defence.

The skills you’ll get from this certification are vendor neutral, meaning they’ll remain universally applicable across your entire IT career.

If you’re new to IT then this cert is one of the best ways to break into the industry. Take the CompTIA A+ and set yourself up with a comprehensive base of IT knowledge for 2015.


If we missed any great certifications you’re planning on taking in the New Year, please comment below!

We supported our best IT certifications for 2015 with a lot of our popular blogs from 2014, take a look at them below:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 12 December 2014

Fast track your career into Cyber Security in 2015

 By 

Continuing growth in salaries, a shortage of skilled professionals and a rapid increase in available jobs make a career in cyber security a real prospect. Follow this guide to fast track your career into cyber security in 2015...

If you’re considering a career in cyber security then 2015 could be the year for you. The hacking of Sony Pictures is the latest in a string of high profile attacks, which continues to put recruitment of skilled cyber security professionals top of the agenda.
placeholder

Cyber security vacancies in the UK have doubled in the last year, with demand outstripping supply, according to a recent study by Technojobs. Combine this with of a 10% growth in the average salary for UK cyber security professionals, now £57,000, and increased Government support and it’s easy to see why the current climate is perfect for employment in the field of cyber security.


Follow these tips to fast track your career into cyber security in 2015…



1. Find the right job for you


First things first, work out which job is right for you. Whether you want to become a Computer Forensics Investigator, Information Security Analyst or Penetration Tester, it’s important to know what the job entails.
SANS have compiled a list of the top 20 Information Security and Cyber security jobs which you can use to track down job descriptions on the major job boards.


2. Get certified


Sometimes the quickest way into the cyber security sector is to get certified. In fact the majority of commercial cyber security and defense-related IT Security jobs require security certifications as a prerequisite. So the lack of certification may be the only thing standing between you and your cyber security career. Find out.


If you are looking at entry-level positions then the CompTIA Security+ and Microsoft MTA Security Fundamentals are a great place to start.

Those considering a more advanced position would be well placed to consider EC-Council’s Certified Ethical Hacker (CEH) certification or ISACA’s Certified Information Security Manager (CISM) certification.
Then there is the industry gold standard Certified Information Systems Security Professional (CISSP) from (ISC)2, for those eyeing up a position in Senior Management.
This is merely scratching the surface, there are a range of security certifications available from other renowned vendors including Cisco, Symantec and GIAC.


3. Make sure you have the right experience


This echoes back to the first point, when you’re looking at job descriptions, scope out the level of experience required for the job in question. You may realise that you don’t have the right experience at this stage, but at least you know what you’ll need to be working towards.
For those looking at starting a career, this may mean taking a non cyber security-related job as a stepping-stone. As pointed out in a fantastic post from Ira Wrinkler in Computerworld:

“You cannot be expected to protect computers if you don’t know how to administer a computer system, you can’t secure a system that you can’t properly configure on your own, you can’t secure a database if you aren’t fluent in the database management system, and you certainly can’t write secure code if you can’t code at all.”

A great way to bridge the experience gap at the entry level is through voluntary work experience or internships. Keep your eyes peeled, they are everywhere.


4. Get your CV in shape



This can be applied to any industry, but always make sure your CV is up to scratch. This will be the first impression you make to a potential employer, get it wrong and it will be the last.
Having past experience in the recruitment sector here’s my top advice:

  • Ensure your CV is tailored to each individual position. This includes a covering letter outlining why you want the job and why they should consider you.
  • You need to make an impact in the first few lines, so highlight relevant experience and achievements from the outset.
  • Don’t waffle, if your CV is more than 2 pages then it’s too long.
  • No spelling mistakes, with modern day spell check it’s unforgivable.


5. Consider signing up with a recruitment agency



This advice is perhaps more for the seasoned professional, but signing up with a specialist recruitment agency can significantly improve your chances of landing that coveted role. Yes you’ll have to go through an interview, but once on the books there are numerous benefits.

A good recruitment consultant will:

  • Have in depth understanding of the industry and some powerful connections
  • Advise you on how to improve your CV and interviewing skills
  • Sell you into employers, even if that employer isn’t currently looking
  • Get the first shot at a high profile position that may never make a job site
So there we have it, five tips to set you on your way to a new cyber security career in 2015. I wish you every success.



Author Profile

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the Industry for almost 3 years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint, Windows Server and Exchange Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor.