Showing posts with label CISSP training. Show all posts
Showing posts with label CISSP training. Show all posts

Thursday, 11 August 2016

Why CISSP is a must have certification, now more than ever


ISC2's CISSP course is essential if your pursuing a senior role in Information Security. CISSP provides an extensive overview of the Common Body of Knowledge (CBK): a compendium of information security practices and standards compiled and continually updated by (ISC)2.

CISSP is integral in developing an extensive understanding of information security and has gained importance as a key component in the selection process for management-level information security positions. But, for those that are unfamiliar, here are the top reasons why CISSP is the certification to choose, now more than ever.


1. Worldwide recognition:


A certification is only as good as the recognition attached to it. Unlike many standard certs, CISSP boasts industry wide recognition, acknowledged in 2015 by SC Magazine (for the fifth time) as the ‘Best Professional Certification Program’.

This Gold Standard credential is not only recognised by the world’s leading multinationals - such as Google, IBM and P&G - it’s also deemed a requirement in 56% of cyber jobs in the contracting industry. If you’re looking to take on the complicated world of IT security, a CISSP certification is a must have.






2. Job competence:


In the 2015 (ISC)2 Global Workforce Study, the report found that the attributes that best characterise ‘successful’ information security professionals came down to a broad understanding of the security field, communication skills and awareness of the latest security threats. 


2015 (ISC)2 Global Information Security Workforce Study

CISSP’s core content, seen in the domains listed below, actively seeks to develop this wide range of information and security management. The CISSP CBK consists of the following eight domains:
  • Security and Risk Management: Addresses a broad spectrum of general information security and risk management topics.
  • Asset Security: Addresses the collection, handling and protection of information throughout its life cycle. 
  • Security Engineering: Is the practice of building information systems and related architecture that continue to deliver the required functionality in the face of threats that may be caused by malicious acts. 
  • Communication and Network Security: Encompasses the network architecture, transmission methods, transport protocols, control devices and the security measures used to maintain the confidentiality, integrity and availability of information transmitted over both private and public communication networks. 
  • Identity and Access Management: Involves provisioning and managing the identities and access used in the interaction of humans and information systems, of disparate information systems and even between individual components of information systems. 
  • Security Assessment and Testing: Involves the evaluation of information assets and associated infrastructure using various tools and techniques for the purposes of identifying and mitigating risk. 
  • Security Operations: Involves the application of information security concepts and best practices to the operation of enterprise computing systems.
  • Software Development Security: Involves the application of security concepts and best practices to production and development software environments. 
The Global Workforce study also compares the job roles of (ISC)2 members versus non-members. 

The findings show those with an (ISC)2 certification such as CISSP, although in possession of a wide range of information, are more likely to take on specialised job roles. Examples of such specialist positions include Security Consultant, Security Architect, Information Assurance Manager or Security Advisor. Nannette Ripmeester, founder of Expertise in Labour Mobility, believes these “specific skills are valued more [by employers] because they are more difficult to teach”. Non-members, however, are more likely to have generalist IT roles such as Network Administrator, Security Systems Administrator or Technical Consultant. 



3. (ISC)2 Membership:

Once you have completed an (ISC)2 certification and subject to annual maintenance fees, you become an (ISC)2 member. This membership offers plenty of resources and benefits that can help further your knowledge and network. Some of these include:

  • Access to a vast network: With over 110,000 members across 160 countries, you will gain access to other CISSP certified individuals and the shareable knowledge of this community. 

  • The opportunity to earn CPEs - critical for maintaining your certification in good standing

  • Discounts on industry conferences and access to free online events. 

  • Access to industry-leading research: Includes the ISC Journal and the Global Information Security Workforce Study. 
  • Security central: An exclusive resource that researches and tracks vulnerabilities using proprietary, state-of-the-art algorithms to aggregate, categorise and prioritise vulnerabilities affecting tens of thousands of products.
  • Industry recognition: An event acknowledging distinguished information security professionals. 
  • Digital badges: Allows you to share your credentials online through the use of a badge.

4. Earning potential:


The CISSP certification proves you have the advanced skills, knowledge and commitment required, to command higher wages.

The challenging standards require students to have at least 5 years of experience in two of the eight (ISC)2 domains listed above. Additionally, the student must complete a 250 question multiple choice exam in order to be officially certified.

Although a difficult process, requiring students to fully understand the CBK and framework of information security practices and standards, the return on investment makes it one of the most highly sought after courses available. 


Those with a CISSP certification command an average an salary of £76,700, compared with £62,500 for similar job titles without a CISSP certification.



5. Growing demand for Security Professionals/Higher spending on IT security:


CISSP has and is likely to always remain a well-performing certification, but what makes it so special today?

As businesses become increasingly dependent on information technology, the importance of cyber security has never been so important. Cybersecurity Ventures projects $1 trillion will be spent globally on cyber security from 2017 to 2021. Editor-In-Chief, Steve Morgan, stated that “IT analyst forecasts are unable to keep pace with the dramatic rise in cyber-crime”. Forbes echoed this in a recent article, stating that the booming cyber security market is expected to grow from $75 billion in 2015 to $170 billion by 2020.

Despite the industry experiencing rapid growth, (ISC)2 found that by 2019 there will be a shortage of 1.5 million information security professionals. So, not only is CISSP a qualification that can propel your IT career, its current high demand in a growing industry make 2016 the best time to start. 





Monday, 30 November 2015

Cyber security red alert on Cyber Monday


Cyber Monday creates an ideal opportunity for malicious hackers to attack your business systems. As company servers are hammered by millions of genuine requests from eager buyers, the opportunity for a hacker to breach your system undetected increases. The consequences of which can be severe, considering the financial and public image implications a single breach can create. 

The current strain being exerted on IT infrastructure is strikingly similar to a common hacking technique. The tactic involves a single hacker targeting a network, followed by hundreds of hackers joining the attack to create a diversion. The noise created by the hundreds of additional hacker presents a smoke screen, enabling the initial hacker to breach the system. 

Attacks like these can collapse your infrastructure, forcing websites and whole servers offline. They are becoming all too common as cyber criminal look to cash in on the details stolen. 


Protecting your assets on Cyber Monday 


Today, on Cyber Monday, you should remain vigilant, especially if you're an online retailer. Loyal customers are currently creating the diversionary tactic which could allow a hacker to breach your system. If your attention is being distracted by sales, you should start focusing on security. 

A single breach could expose your data to criminals, or take your website offline for hours. Not only will you miss out on the valuable revenue created by these marketing ploys, the financial ramifications of a breach could collapse your business. Take TalkTalk for example, November’s breach of the telecoms giant is estimated to cost the organisation in the region of £30-35 million. 

Take the following steps to protect your assets on this busy day: 
  • Ensure you follow routine daily security checks – do not let your IT team be distracted by sales
  • Segment systems on separate protected networks – this tactic ensures that if one system or network is breached, an attacker won’t then have free roam to take down multiple systems simultaneously 
  • Increase monitoring of endpoint devices – pay regular and close attention to public facing systems to ensure any suspicious activity doesn’t go undetected. Now is the time to be paranoid, it’s the ideal time for an attack 

Future planning 


Whilst Cyber Monday is high risk, it’s important to prepare for the long term. A cyber-attack can happen at any time, it’s vital you and your team have the security skills implement a long term strategy. 

Investing in training employees is critical. Certification courses like the Certified Ethical Hacker and CISSP will develop the technical and strategic skills required to protect your company assets. You can learn to attack your own systems to identify weaknesses or devise a comprehensive and water tight security system. Stay vigilant.

Wednesday, 9 September 2015

Your Ultimate CISSP FAQ

 By Sarah Morgan

The CISSP is a hugely popular certification that carries a great deal of prestige and may be something you’re striving for in the future.

How much do you really know about the CISSP? This ultimate CISSP FAQ will start from the basics to ensure you know all there is to know about this gold standard security certification.

Q: What is a CISSP?

A: CISSP stands for Certified Information Systems Security Professional. Achieving the certification proves you are accomplished at the management level of information security. Developed by globally recognised (ISC)2, it has become established and well-respected within the industry and is now a key component in the selection process of Chief Information Officers.



Q: What does the course cover?

A: The CISSP course begins by ensuring you understand the concepts and principles behind information security and why they are important. You’ll then build up to learn how to protect your business from various angles and how to apply management skills to information security through (ISC)2’s eight domains.

Everything you’ll cover will be from (ISC)2’s CISSP CBK (common body of knowledge). This ensures what you learn is approved and thorough, covering all components of information security management. The full list of the domain titles are as follows:


  • Domain 1 – Security and Risk Management 
  • Domain 2 – Asset Security
  • Domain 3 – Security Engineering
  • Domain 4 – Communication and Network Security
  • Domain 5 – Identity and Access Management
  • Domain 6 – Security Assessment and Testing
  • Domain 7 – Security Operations
  • Domain 8 – Software Development Security


Q: How will it help me on a day-to-day basis?

A: The skills you’ll learn on your CISSP course will improve the depth of your knowledge, filling in gaps, and making you more skilled at what you already know and do. You will also become more proficient and prepared for dealing with a vast range of security threats.

For example, the breadth of topics covered ranges from cryptography to implementing disaster recovery processes. Whatever your current or future job role in information security, you’re sure to gain knowledge and skills that will help you on a daily basis.

Q: Who is the CISSP aimed at?

A: The CISSP is an advanced certification. This means it is directly aimed at senior and experienced security professionals who will realistically be able to pass the exam and find it useful.

However on a more grand scale, anyone looking into senior information security roles can target the CISSP as a long term goal. Even if you’re not quite the perfect candidate to take the CISSP yet, there’s nothing stopping you in the long term.

Q: What jobs can I do with a CISSP?

A: The CISSP has the potential to lift you into security roles that are the pinnacle of the field. Below are just a small sample of the sorts of job roles that you could access after becoming CISSP certified:


  • Chief Information Security Officer
  • IT Security consultant
  • Senior Security Engineer
  • Head of Cyber strategy
  • Security Specialist
  • Chief Security Architect
  • Security Assurance Analyst
  • Technology Consultant Manager
  • Cyber Security Senior Manager
  • Information Risk Manager
  • Head of Risk & Compliance




Q: How much can I expect to earn with a CISSP?

A: Of course the salary you can earn depends on what else is in your skillset and the job roles listed above do have varying salaries. According to itjobswatch.com, the lower tier of the jobs you could be doing average salaries between £40,00-£50,000. These are roles like IT Security Consultant, Security Specialist and Security Assurance Analyst.

However, the more senior roles, like Chief Information Security Officer, Head of Cyber Strategy, Chief Security Architect and Cyber Security Senior Manager, average salaries between £70,000-£100,000. The CISSP is one of the best certifications as a gateway to such high level jobs with that kind of salary and responsibility – especially in a field with such intense competition.

Q: Can anyone take the CISSP course?

A: Because the CISSP is such an advanced certification, there are prerequisites that you must meet before you are able to sit the course.

Initially, you must have at least five years of professional information security experience, as well as a university degree. The nature of the security industry also requires you to agree and commit to the Code of Ethics and criminal history check. On top of this, after passing the certification, your application must be endorsed by another qualified information security professional.

However, do not be put off. These prerequisites are only in place to ensure that you and have the experience and ability to pass the course and put what you’ve learnt into practice in the real world afterwards.

Q: What happens if I don’t meet the prerequisites?

A: If you don’t currently meet the requirements for the CISSP – (ISC)2 offer a range of courses for varying experience and skill level. The full list here.

The SSCP is designed for those who don’t meet the CISSP prerequisites. Also developed by (ISC)2 from its CBK, it covers seven very similar domains, at a lower level. The bonus is, it only requires one year of experience in the information security field – a fantastic stepping stone to get you onto the CISSP.

There are also many other security certifications that can help boost your skills. From EC-Council’s Certified Ethical Hacker, to CompTIA’s Security+, there is a certification out there than can help you get the skills you want in the security industry, whatever your current situation.

Q: What are the exams like?

A: The CISSP exam consists of 250 multiple–choice, four option questions. It’s a lot of questions, but you have six hours in which to do them. All exams are meant to test you and prove that you are a certain standard, otherwise the certification wouldn’t be worth anything. The CISSP is no different and is a tough exam to pass, hence the qualities stated in the prerequisites. But don’t feel daunted, obviously people do pass it, it just takes commitment and hard work. It’s also worth noting that the exam questions change every two weeks, so you’re not facing the same questions each time.

Q: What happens if I fail?

A: Obviously nobody likes to fail, but it doesn’t mean the end of your aspirations and possibility of you getting CISSP certified. (ISC)2 policy states you can retake an exam 3 times in a year. If it’s the first time you’ve failed it, you’ll be able to sit another exam just 30 days afterwards.

Q: When can I get on a CISSP course and get certified?

A: The CISSP is a hugely popular course, which is why there is usually always a course running soon that you can get yourself on. At Firebrand there is between 1 and 3 courses a month. The Firebrand course is also just seven days and also includes the official (ISC)2 exam at the end of it. That means depending on availability, you could be CISSP certified by the end of next week.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 1 July 2015

CISSP or SSCP - which certification is right for you?


If you’re looking into an ISC2 information security course, deciding between CISSP training and SSCP training courses can often be confusing. We’re aiming to clarify the difference between the two, and ensure your decision is as simple as possible.

Who are they aimed at?


CISSP training, looks to attract Chief Information Security Officers, Security Managers, Consultants and Analysts, as well as, Directors of Security. In short, those in senior managerial security roles.

SSCP is aimed at those who are currently in a hands on role in information security. Network Security Engineers, Security Administrators and Systems Engineers for example.

Prerequisites?


CISSP training requires a minimum of 5 years of professional experience within the information security field. An endorsement is also required to ensure you meet the course standard. Previous certifications such as CISM, CEH or SEC+ would be a boost.

As SSCP is an entry level information security course, only 1 year of experience is required.

What is covered?


CISSP training has a top down, all-encompassing security strategy. As quoted on the ISC2 website, you’ll learn advanced security practices covering the 8 domains covered in the CISSP CBK:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security



SSCP is run from the bottom up giving IT workers a broad idea of how best to be aware of information security, as well as focusing on the related technical skills. SSCP covers 7 domains, again from the website:
  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security


Salaries


Having a CISSP certification could be a gateway into a Chief Information Officer role, with an average salary, according to itjobswatch.com, of £110,000.

The SSCP certification allows you to be versatile in a variety of information security roles. The average salary for a Security Administrator according to itjobswatch.com is £42,500

What Does a CISSP or SSCP do?


A CISSP has the potential to work with nationwide or even global management teams, creating security strategies and helping workers to be able to best do their job in implementing those strategies.


Because those with a SSCP are well rounded, they are able to adapt to many different day to day situations. A SSCP can expect a great amount of variety because of their skillset.

Have a look at these videos to find out more:






About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 13 April 2015

Crack the new CISSP CBK with these CISSP training resources


By Sarah Morgan


Your CISSP exam and curriculum is changing. With the release of a brand new exam blueprint and updated CISSP domains imminent, the material you're revising now will soon be out of date.

The switch will be made on April 16th 2015, when the ten CISSP CBK domains will be reduced to eight.


As a result of this refresh, the CISSP exam will be altered to reflect the new CBK changes (but will remain the same format). Any training or revision material you use must also be updated, or you’ll risk revising irrelevant content!

Don’t get caught out by the 2015 domain refresh. Take a look at these up-to-date revision resources, aligned to the 8 brand new CISSP domains.


1. Official (ISC)2 Guide to the CISSP CBK, Fourth Edition (ISC2 Press) Hardcover – 10 Apr 2015 
ISBN-13: 978-1482262759

Released last week, you don’t get any more up-to-date than (ISC)2’s Official Guide to the CISSP CBK.

This official guide, endorsed by (ISC)2 and edited by Adam Gordon, covers the refreshed technical content added to the CISSP CBK. The book provides a comprehensive guide to the eight CISSP domains and includes illustrated examples, practical exercises and real-life scenarios.

How to buy it:


And remember, if you’re an (ISC)2 member, you’ll get 50% off Official (ISC)2 textbooks!


2. The NEW 2015 CISSP Exam. Brace Yourself (and prepare yourself)! Webcast with Dave miller

Dave Miller has been an IT security specialist since 1980, is a published author and lecturer. So it’s no surprise he’s been following the new CISSP CBK with interest.

His comprehensive webcast, originally hosted March 17th 2015, is now available for free online at Oreily.com. The 93 minute webcast covers an abundance of CISSP topics including:

  • A review of the 2012 CISSP certification exam
  • The new CISSP 2015 examination
  • CISSP certification requirements
  • New test-worthy topics
  • How to prepare for the new CBK and CISSP exam
  • Conclusion: Q&A

To watch the webcast, sign up here.


3. (ISC)2 Overview & Key areas of knowledge in the 8 new CISSP domains

(ISC)2 has released a candidate information bulletin in line with the new CISSP exam blueprint. This massive document includes overviews of each of the 8 brand new CISSP domains alongside the key areas of knowledge you’ll need to understand to pass your exam.

This resource is excellent for any professional who needs a quick refresher on what’s contained in the new CISSP domains.

However, don’t treat the information found here as replacements for experience or knowledge - (ISC)2 state that, “[The candidate information bulletins] were developed to provide candidates with basic information…the outlines are not intended to be in-depth reviews of the examination.”

Access the document here.


4. (ISC)2 sample exam questions

Also included in the (ISC)2 CISSP candidate bulletin are sample questions, aligned to the new exam blueprint. We’ve included them below:


1. Which one of the following is the MOST important security consideration when selecting a new computer facility?

a. Local law enforcement response times
b. Adjacent to competitors’ facilities
c. Aircraft flight paths
d. Utility infrastructure

2. Which one of the following describes a SYN flood attack?

a. Rapid transmission of Internet Relay Chat (IRC) messages
b. Creating a high number of half-open connections
c. Disabling the Domain Name Service (DNS) server
d. Excessive list linking of users and files

3. Which one of the following is a limitation of fuzzing, as it relates to secure software development best practice?

a. Access to the source code is required
b. Not all discovered issues are exploitable
c. Issues must be accessible through an open interface
d. Is not suitable where code development is outsourced

Find the answers on Page 33 of the CISSP candidate bulletin.


Got a burning CISSP question?

If you’ve got more questions, take a look at our CISSP FAQ covering the new exam blueprint.

And if you need to get certified with accelerated CISSP training, good news – Firebrand are the only authorised (ISC)2 partner in the UK and will be teaching the latest 2015 CISSP material from the 20th April 2015.


Related articles:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 31 October 2014

(ISC)2 CISSP – Official vs. Unofficial


By 


Unofficial training can often seem like a more viable alternative to its official counterpart. It may often be cheaper, but it’s a false economy – you might not be aware of all the benefits of official training.

How much better really is it to get your CISSP with an official (ISC)2 provider?

Instructors


With an authorised (ISC)2 training provider, you’ll be learning from official CISSP instructors, vetted and trained by (ISC)2 themselves.

Conversely, unauthorised instructors are not taught or trained to deliver official (ISC)2 material.  There’s no vetting process for unauthorised instructors, so you’ll be relying on your training providers opinion and this might not align with (ISC)2’s strict guidelines.


Course material


When going official you’ll get the latest (ISC)2 training materials.  When considering that the CISSP exam questions are entirely rewritten roughly every two months, possessing this up-to-date material is crucial.

(ISC)2 make sure their exams continually evolve and stay current with information security trends and practices.  Every CISSP exam even features a set of secret ‘dummy questions’ (questions which won’t count towards your final score but are used by (ISC)2 to gauge the suitability of new exam questions).

(ISC)2 are clearly committed to staying up-to-date. To beat the CISSP exam, you’ll have to as well. This means getting access to official (ISC)2 course material.

Use unofficial course material and you run the risk of studying a dated curriculum and obsolete materials. This is because unofficial courses simply don’t have access to the official material.


Practice exam papers


We’ve all taken advantage of practice exam papers as a brilliant method of revision. Nothing can beat the realism that a practice paper provides; knowing exactly what you’re up against can often mean the difference between a pass and a fail.

Going into an exam without having seen a past paper can be a gruelling experience. Luckily, authorised (ISC)2 training providers have access to official past papers.

Unfortunately, unauthorised training providers just don’t have access to these infinitely useful revision tools. Worst case scenario you’ll be working on questions which just aren’t aligned to the exam your about to take.


Taking the exam


Official (ISC)2 training providers are able to provide your exams onsite. That means you won’t have to spend £498 on the exam voucher and get yourself down to an exam centre.

Instead, you’ll just be sitting your exam in the same facility that you’re already studying in. As you might imagine, unofficial providers can’t offer the exam – you’ll have to make your own arrangements.


Bonus: Get CISSP certified with the only official (ISC)2 provider in the UK

Firebrand are immensely proud to be the only official (ISC)2 training provider in the UK. This CISSP course just doesn't compare. Here’s just how different it is:


You’ll get certified in only 7 days and still get more hours of learning than anywhere else

Firebrand’s official (ISC)CISSP Boot Camp is just 7 days. This includes taking and passing your CISSP exam as well as receiving your instant exam results at the training facility on the last day of the course.

You’re learning day will last from 9:00am to 9:00pm – that’s 12 hours of actual training each day. With the best similar training providers you’ll only be learning from 9:00am – 5:00pm.

On day 6 of our 7 day course, you’ll get an entire 12 hour exam preparation day. During this day your (ISC)authorised instructor will explain the methods and techniques you need to know to pass your exam.

No distractions

You’ll be better prepared to achieve first-time success when you can focus entirely on achieving your CISSP for seven entire days. And once your exam is completed on your last day, your objective is complete, in no time at all.

You’ll essentially be putting a ‘Do Not Disturb’ sign up on the door to your life. So far Firebrand has trained over 55,000 students in this total-immersion and distraction free environment.

And…

That’s not to mention that other training courses don’t provide accommodation, an exam voucher or even exam delivery.

Find out more about Firebrand’s unique CISSP course on the Firebrand website.

Related articles:

-          How to become a CISSP
About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 16 May 2014

Who said IT security wasn’t fun? Check out the funniest CISSP video, ever!


By 

The CISSP is an advanced level certification for information security professionals. As one of the most prestigious security certs, it gets a lot of attention from tech publications, forums and blogs, including ours.

Earlier this week we presented you with four killer resources to prepare you for CISSP exam success, and now we are bringing you something different, but equally killer to conclude this week.

Who said IT security wasn’t fun?

With the CISSP under your belt, you’ll be an expert in developing and managing security standards, policies, and procedures within your organisation. This is all very serious because millions of pounds may depend on your company's security systems, but don’t think that security professionals don’t have a sense of humour.

Javvad Malik is a blogger, publisher, critic and most importantly an IT security professional. Javvad is a true CISSP-enthusiast, as you may recall him from an earlier post, where he demonstrated how to rock a CISSP.

Besides running his own blog, Javvad is also one third of the unholy Infosec Trinity, known as Host Unknown.

I'm a C I Double S P



According to a recent interview with (ISC)2 Board Members Wim Remes and Dave Lewis the CISSP membership “may be seen as middle aged and out of touch.”

Well, Javvad and his trustee companions Andrew and Thom beg to differ. As they wrote on their Host Unknown blog: “the CISSP has always been for people of varied backgrounds and skills, and like a good pair of flared corduroys, has never really gone out of fashion.”

But a simple blog post won’t fully justify their views, so the tech-triumvirate took it even further to prove their point. And what could possibly be a better way to do that, than recreating a timeless classic by Mr Curtis Jackson, aka 50 Cent (30p at today’s exchange rate).

About the Author:        
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.

Tuesday, 13 May 2014

Three killer resources to prepare you for CISSP exam success

By

As we move into 2014, demand for skilled cyber security professionals holding the CISSP credential is at an all time high. Continued media coverage of high profile hacks and a growing skills gap within the cyber security industry will only continue to fuel that demand. 

As it stands there are currently 4607 certified CISSP's in the UK, according (ISC)2 member count, yet ITJobsWatch reports more than 1000 vacancies highlighting the CISSP certification as a requirement. With an average salary of £56,125 (up 12.25% on 2013) and the plethora of available jobs, now has never been a better time to consider becoming a CISSP. 

So to help you on your way to becoming a certified CISSP, we've put together three killer resources to help prepare you for exam success.


Buy the Official CISSP CBK


In my opinion, it's always best to go official, so make sure you get your hands on, the Official (ISC)² Guide to the CISSP CBK (common body of knowledge). It might be more expensive than other guides and it's often tempting to go for a cheaper alternative, but that is often a false economy with the Official guide being more comprehensive and up to date. If an exam vendor isn't providing you with one of the best guides to success, then something is certainly amiss.

The current CISSP CBK guide is in its Third Edition and is reflective of all the latest developments in what is an ever-changing field. Examples of new topics reflective of these developments include mobile security and cloud computing. You can attain the guide in three formats:
  • Hardcover
  • iTunes - can be bought in single modules or all ten domains
  • Kindle - can be bought in single modules or all ten domains


Work through the CISSP Essentials Security School


Another fantastic and FREE resource from Search Security is the CISSP Essentials Security School. You'll have to trade your name and email to set-up an account, but in return you'll get 10 lessons covering each domain, 450 minutes of video presentations, an insiders guide to each domain and a quiz simulating prep questions reflective of the real exam.

The resource is put together by Shon Harris a CISSP, MCSE and President of Logical Security.


Free CISSP webcasts straight from (ISC)2


(ISC)2 released a series of ten free CISSP webcasts which will run you through exactly what you need to know before attempting the exam. They consist of a detailed overview of each domain covered in the exam as well as all the knowledge expected of a CISSP. This is a must view before you even consider taking an exam.



So there you have it, three killer resources to help you prepare for exam success. If you're still in doubt about the value of CISSP, check out this short video. 


About the Author

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the Industry for almost 3 years years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint and Windows Server and Exchange Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor among others.

Thursday, 1 May 2014

The hottest IT certifications to advance your career with the latest technology


By 

The Information Technology market offers thousands of great opportunities with some uniquely varied roles. However, as most industries, IT has also got its hottest areas. This post discusses those popular areas, including the must-have certifications and how they can make your CV stand out from the rest.

Security

Hackers continuously develop their tricks and techniques to access and misuse privileged data. And because information will always be precious to its owners; its protection will never go out of fashion. As a result of this, skilled IT security professionals are still in extremely high demand.

How would you decide whether someone is qualified enough to defend your data? Employers often refer to certifications when recruiting, because they very clearly demonstrate the skills and knowledge their holders possess.

If IT security is the field you (want to) work in, the CISSP by (ISC)2 is a must-have. This certification is designed for security pros, who are actively involved in critical decision making. CISSP holders have the knowledge, understanding and expert skills in order to manage security standards, policies and procedures within their organisation.


The cert demonstrates your competence in various security topics, including cloud computing, app development security, mobile security and risk management. In order to obtain the CISSP credential, you must tick a bunch of boxes, including a minimum of five years’ experience in at least two CISSP domains. (ISC)2 offers great resources to help you prepare for getting your certification. You can download the exam outline and also watch informative webcasts about the CISSP domains for free.

Cloud Computing

A recent research by Dworin Consulting shows that 39% of respondents expect an increasing need for cloud computing training by the end of 2014. This should not come as a surprise to any IT pro, because cloud computing is currently one of the hottest areas in the industry.



Silicon Angle compiled a comprehensive list of cloud stats published by the likes of Gartner, Cisco and Forbes.  According to this list end-user spending on cloud services could exceed £100 billion by 2015. The list also shows that 82% of companies reported savings by moving to the cloud and more than 60% of businesses use the cloud for performing IT-related operations.

There are more and more certifications available in the field of cloud computing, thus it’s hard to name the undisputed champ of cloud certs.

CompTIA’s Cloud Essentials is a great cert to start with because it teaches you the fundamental concepts of cloud computing. This certification demonstrates your knowledge of the different cloud types, their impact on IT service management as well as the risks of cloud computing.

If you’re looking to take your cloud competency even further, Cloud+ by CompTIA could be your next step. With the Cloud+ under your belt you’ll have knowledge of virtualisation in the cloud, network management, storage provisioning and other key topics.



Big Data

Big Data has been one of the top IT buzzwords in the last few years and it’s likely to stay that way. Big Data is oftentimes described with the 3V model, i.e. it is high volume, high velocity and high variety. However, there’s a lot more to defining Big Data according to Timo Elliott, who shares seven definitions in his article.

Regardless of which definition you decide to side with, one thing’s certain: Big Data is a big deal. Gartner’s research revealed that the number of companies investing in Big Data tech increased by 6% (from 58 to 64 per cent) since 2012. The findings also indicated that 19% intends to make an investment in the next 12 months, while a further 15% considers investing in the next two years.

To succeed in Big Data you must master the skills and techniques of Apache Hadoop. Cloudera offers the following two Hadoop related certifications:
These certifications prove your knowledge and skills in writing, maintaining, optimising (CCDH) as well as configuring, deploying, maintaining and securing (CCAH) an Apache Hadoop cluster. 



Software-Defined Networking (SDN)

Software-Defined Networking (SDN) is a relatively new concept in the designing, building and management of networks. In SDN the network’s control and forwarding planes are separated in order to allow easier optimisation for each.

Due to SDN’s relatively recent inception, there is a lack of available training; however the Cisco Learning Network (CLN) is working on the solution. CLN believes that SDN can be defined and referred to as programmability. Therefore, training must augment the understanding of networking with programming skills.



The Cisco Learning Network provides a detailed breakdown of how traditional IT roles will evolve following the SDN paradigm-shift. Although the complete certification for Network Programmability is not yet available, CLN offers a six-module introductory course on their website. 

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 7 February 2012

How much is your security worth?

Computerworld reports that companies are willing to pay more for certified information security professionals.

A report by New Canaan reveals that certified professionals earn 10 to 15% higher salaries than non-certified individuals. Certifications worth the most in the field of information are CISSP, CISA and CISM.

“The demand for certified security professionals has been on the rise for some time now. Some high profile breaches like Sony, Nintendo and even the CIA have made companies nervous about their own customer data being compromised” says Robert Chapman, CEO of Firebrand Training.

This trend in IT security certs shows that it’s not just the government regulation that makes the businesses invest more in security. It is to ensure that the company and their customers don’t lose valuable data and personal information.

Friday, 30 July 2010

The Most In-Demand Certs

In this month's Certification Magazine, Dave Willmer looks at the certifications that are most attractive to employers. Dave explains: "An industry-recognized certification can provide you with a competitive edge whether you’re looking for a new position or trying to advance within your current firm." The top certs are:

Certified Information Systems Security Professional (CISSP)

The (ISC)2 CISSP is a vendor-neutral certification that includes: access control, cryptography, operations security, and security architecture and design. CEOs rank security as the second-hardest functional area to fill.

Microsoft Certified Systems Engineer (MCSE)

The Microsoft MCSE is a great differentiator because you must sit seven exams in order to pass it. Dave points out: "Job candidates who have earned any Microsoft certification have an edge in the job market."

Project Management Professional (PMP)

Firebrand Training offers more than just IT certifications. The Project Management Institute PMP is relevant to project managers in any industry - particularly IT. You need three-to-five years of project management experience in order to sit the course. This, alongside the certification, demonstrates extreme dedication and knowledge.

Certified Network Associate (CCNA)

The Cisco CCNA certification proves that you can successfully administer medium-size route and switched Cisco networks. Students sit Exams 640-822 and 640-816. On completing Exam 640-822, the student automatically becomes Cisco CCENT certified too. Two for one!


Friday, 9 April 2010

Rate your salary: CISSP certification

The GoCertify website lists the average salaries for those with some of the most highly sought-after certifications.

On the CISSP certification page, salaries are listed for job roles such as Security Engineer, Data Security Analyst and Computer Security Specialist. Information is provided by PayScale.

With Firebrand Training you could be CISSP certified and recognising your earning potential within seven days.



Tuesday, 9 March 2010

The proof that training and certification gains you a better salary

According to a report produced by TechRepublic, professionals who undertake business-related training increase their annual salary by an average of $3,000 (£2,000).

In fact, those who gained an IT or project management certification during the past five years earned an average of $5,000 (£3,300) more than their colleagues.
The survey was completed by more than 19,500 IT and business professionals.

Skill sets that organisations will be looking to add in 2010 were also revealed. This included: project management, virtualization, data security, and business analysis.


If you don't want to be left behind, why not take the Firebrand route to accelerated certification? If you want to remain ahead of the gain, check out the courses below: