Showing posts with label Cyber Security. Show all posts
Showing posts with label Cyber Security. Show all posts

Thursday, 9 June 2016

Discover 5 new accelerated IT security courses from Firebrand

 By Sarah Morgan


With over 700 million data records estimated to have been stolen in 2015, security is currently one of the most sought-after skills in IT. It is expected that the cyber security industry will be short of 1.5 million skilled professionals by 2019, as demand outstrips supply. For businesses, it is more important than ever to stay ahead of cyber criminals, implementing rigorous IT security infrastructure. Demand for skilled IT security professionals has never been higher. 
The costs of cyber crime to businesses are huge.
Photo courtesy of Flickr / SEOPlanter

This has fuelled demand for cyber security certifications alongside the development of brand new ones. Firebrand has released five new accelerated certification courses at the forefront of IT security. Below we breakdown the key information of these new certifications, highlighting what skills they’ll teach you and what makes each of them unique.

1. AXELOS Cyber Resilience: Foundation & Practitioner (RESILIA™)


The AXELOS RESILIA course gives you the knowledge and skills to prevent, detect and respond to organisational cyber attacks. It teaches you to manage the components of Cyber Resilience and blends the techniques with your existing managerial systems. It covers topics like risk management, cyber security resilience operations and continual improvement. It is the perfect certification to give you a managerial overview of implementing cyber security best practice.

Firebrand’s accelerated 3 day course, which is 50% faster than traditional training, covers both the Foundation and Practitioner curriculums and includes both exams at our training centre. This certification is from AXELOS, the creators of the world famous PRINCE2.


2. ISACA Certified Cybersecurity Practitioner (CSX)


ISACA, the creators of the CISA and CISM certifications, have recently released the CSX Practitioner. It is one of the most hands-on cyber security courses available, teaching you real-world skills you can implement immediately. It does this through five domains: Identify, Detect, Protect, Respond and Recover. These cover every stage of a potential cyber attack, giving you the complete range of knowledge and skills. Specific skills you’ll learn include implementing cybersecurity controls, analysing and monitoring network output and escalating incidents and attacks. 

Our accelerated 9 day course is 44% faster than traditional training and includes learning half of your skills through practical lab exercises in a virtual cyber environment. You’ll sit a practical performance based exam, demonstrating your skills as a cyber security first responder.


3. EC-Council Certified Chief Information Security Officer (CCISO)


The CCISO teaches you to master the technical aspects of security management through the five domains of EC-Council's CCISO Body of Knowledge. These are Governance, Information Security Management Controls and Auditing Management, Management – Projects and Operations, Information Security Core Competencies and Strategic Planning & Finance. You’ll learn knowledge and skills in areas like information security laws, regulations and guidelines, the Audit Management Process and security strategic planning.

Firebrand is the exclusive launch partner for the CCISO in England. Our 3 day course is 25% faster than traditional training and includes the exam. It’s creators, EC-Council, are the force behind the popular Certified Ethical Hacker certification.


4. GIAC Security Essentials (GSEC)

Photo courtesy of Flickr / Yuri Samoilov

The GSEC course from GIAC is among the most popular entry-level security certifications on the market. It is designed to build the strong foundations of your cyber security knowledge or bridging any gaps in your existing knowledge of IT security fundamentals. The GSEC covers a huge range of security topics like firewalls, DNS, common types of attacks, authentication and password management and vulnerability scanning.

Firebrand’s GSEC course is only 5 days (28% faster than traditional training) and is ideal for developing the knowledge of security professionals as well as managers. GIAC are also the providers of the GICSP certification in IT security. 


5. GIAC Penetration Tester (GPEN)


Learn specialist penetration testing skills with GIAC’s GPEN course. It teaches you to assess networks and find vulnerabilities that could be maliciously exploited. Penetration testing skills are rare and valuable to employers. The GPEN certification proves you have diversified your security skills into a unique and technical area .These skills increase your worth to employers. The GPEN covers areas like reconnaissance, web application probing and advanced password attacks.

On our accelerated 5 day course (28% faster than traditional training), you’ll conduct a real penetration test, giving you practical skills that are relevant and can make an immediate impact in the real-world. Plus, GIAC are the official certification body of The SANS Institute. 


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Monday, 16 May 2016

5 reasons to get ISACA CSX Practitioner certified

 By Sarah Morgan


The current shortage of cyber security skills is a massive employment opportunity. According to government research, two-thirds of big UK businesses have been targeted by a cyber attack in the last 12 months. This means businesses are searching desperately for people with the skills to make sure they’re not the victim of the next high-profile cyber attack.

The CSX Practitioner is one of the newest cyber security certifications on the market. It can be the perfect way to get the cyber security skills to take advantage of this massive opportunity. Below are the five best reasons why you should be looking to get CSX Practitioner certified.

1. Opportunity for employment


There are more cyber attacks happening than ever before, with over 700 million data records estimated to have been stolen in 2015. These include companies like TalkTalk
(157,000 records stolen, costing £60 million), EBay (145 million records stolen, costing an estimated £18 million), Target (70 million records stolen, costing £100 million) and T-Mobile (15 million records stolen, costing £13.2 million).

Cyber security job growth, at 74%, has increased at twice the rate of the overall IT jobs market since 2007. It is expected that by 2019, the industry will be short of 2 million cyber security professionals. This means there isn’t enough properly trained protection for businesses, creating a huge demand for professionals with high-level cyber security skills. The CSX Practitioner course will develop the cyber security skills that businesses are seeking. Whilst achieving the certification is the proof you have these skills.
Image courtesy of Sira Anamwong
/freedigitalphotos.net

2. Potential future career earnings


The CSX Practitioner course develops the technical security skills required in job roles like Cyber Security Analyst or Cyber Security Engineer. These roles command competitive salaries averaging around £50,000+  (all average salaries according to itjobswatch.co.uk).

The CSX Practitioner certification is the starting point for a journey towards many high-level cyber security roles. After you’ve progressed your career with experience in the cyber security industry, you’ll be able to aim for roles like Cyber Security Consultant (£62,500), Cyber Security Architect (£70,000), Cyber Security Manager (£70,000) and Head of Cyber Security (£97,500). You can also follow the CSX pathway, progressing onto the Specialist, then the Expert certifications. These will help you grow your cyber security skills throughout your career. This means starting your cyber security career with a CSX Practitioner certification gives you the potential to eventually reach a six figure salary at the top level.

3. Develop hands on skills


A key feature of the new CSX, is the hands-on nature of the skills covered. You’ll learn practical skills in all stages of the cyber security process simulating real-world scenarios. These include analysing network output, executing incident response plans, detecting incidents and performing disaster recovery plans. These are skills you’ll be able to directly implement in your IT security role. You’ll learn to identify, detect, respond to and recover from cyber attacks. Its practical nature and broad curriculum set it aside from most other IT security certifications currently on the market.

4. Learn the latest skills


As one of the newest certifications in the cyber security industry, the skills in the CSX Practitioner course are the hottest available. Getting CSX Practitioner certified guarantees you’ll have skills that can protect your business from the latest techniques threatening your business, identifying threats before they occur, implementing precautions to minimise threats and recovering from attacks. The Cybersecurity Nexus program has been developed to provide you with skills in five cyber security areas. These are:
Image courtesy of jscreationzs/freedigitalphotos.net

1. Identify
2. Detect
3. Protect
4. Respond
5. Recover

These are designed to cover the whole cyber security process, ensuring you have skills to deal with cyber attacks through every stage.

5. World renowned


ISACA have a 45 year history in which they’ve produced some of IT’s most respected certifications. Their CISA and CISM certifications are two of the most sought-after in the industry and these are supported by their CRISC and CGEIT certifications. This means you know you’re getting your cyber security skills from an industry trusted and globally recognised source. On top of this, the reputations of ISACA and the CSX extend worldwide. This means you can benefit from your certification wherever your career should take you.

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.


Monday, 29 February 2016

2016's Cyber Security skills gap

 By Sarah Morgan


The growing IT skills gap and its implications for the global economy is a known issue throughout the industry. It’s the net result of an industry outpacing the supply of professionals needed to facilitate employer demand, effectively stifling growth. Cyber security is an area within IT where the demand for professionals continues to grow. This is due to greater number and publicity of cyber-attacks on all businesses. If not addressed, implications could be serious with attacks likely to continue to grow in frequency and severity.

ISACA are makers of major security courses like the Certified Cybersecurity Practitioner CSX, CISA, CISM and CRISC, and they’ve recently produced an infographic that has revealed some interesting and eye-opening statistics. These statistics have come from surveys conducted by ISACA themselves, as well as IBM’s 2015 Cost of Data Breach Study, UK House of Lords Digital Skills Committee and more. As providers of certifications to cyber security professionals, ISACA are using these statistics to help close the gap where the crucial IT security skills are most needed, as well as increase awareness about the skills shortages. Below, is a breakdown of each stat highlighted by ISACA and their individual and collective implications on the IT industry. Make sure you check out the ISACA infographic at the bottom of the post.

The costs of the cyber security skills gap


In 2014, $1 billion worth of personally identifiable information (PII) was stolen. This means there have been many more stolen since, through 2015 and beyond. As large as this figure is, more unidentifiable records that cannot be traced are highly likely to have been stolen too. This marks a huge amount of money stolen from businesses and economies. On top of this, there are the costs beyond money, like the breach of a customer’s privacy. This type of cost can mean stolen passwords, accounts, addresses, phone numbers or credit card details. These damages can cause loss of personal finance, credit card fraud or even identity fraud. Combined, this shows how cyber security threats are heavily draining businesses and individuals. 

Unfortunately, the severity of these financial implications appears to be increasing. It is estimated $150 million will be the average cost of a data breach by 2020. This is roughly £107 million. The 2015 average in the UK was £1.46 million, more than doubling the 2014 figure of £600,000.This staggering figure, as well as the soaring increase, shows the need to increase security in all businesses, now. Technology and hacking techniques are continuing to advance and if your security is not sufficient and updated, you could be left vulnerable. The huge figure, as well as it’s meteoric rise, forces business managers to take company-wide action, rather than dumping the burden entirely onto IT departments.

97% of security professionals surveyed in ISACA’s 2015 APT study believe advanced persistent threats (APTs) represent a credible threat to national security and economic stability. These opinions come from knowledgeable professionals within the security industry, which is reason enough to take notice of this imminent and serious threat to our businesses and economy. Many businesses ignorantly and naively settle for sub-par IT security systems, but every business is a potential target and if you are not prepared, the consequences could be crippling.

The regularity of cyber security breaches


In the same ISACA survey, professionals from 1 in 4 organisations have experienced an APT attack. This shows the regularity of cyber attacks, as well as how widespread they now are. It’s also worth mentioning that 3 in 4 organisations also believe they will be targeted in the near future, again reiterating how every business needs to be aware and prepared for cyber attacks.

1 in 2 believe the IT security department is unaware of all of the organisations Internet of Things (IOT) devices and 74% believe the likelihood of an organisation being hacked through IOT devices is high or medium. In our increasingly connected world, there are connectivity capabilities on a staggering amount of devices, in our business and personal lives. All of these devices have the potential to become avenues that hackers can target to infiltrate a business. It is important for everyone in the company to be aware of the potential security risks, especially the IT department.


Image courtesy of pat138241 at FreeDigitalPhotos.net


The need for cyber security professionals


2 million will be the number of cyber security professionals the industry will be short of by 2019. Numbers are often bandied about to estimate the number of cyber security professionals needed in the cyber security sector, and it’s difficult to determine the exact demand in the UK. However, it’s clear that 2 million reflects the trend in the current cyber security jobs market and is a worrying size considering the severity of threats. In the EMEA region, stats from (ISC)² estimate there will be 1.2 million cyber security roles that are constrained by a lack of supply in the industry. 

The growth of demand for cyber security professionals is 3x the growth of the overall IT jobs market. On top of this, when compared to the overall jobs market, that stat grows to 12x. Also, a study from US New and World Report states that demand for cyber security professionals is growing at a rate of 36.5% through to 2022. 

Looking slightly deeper in the cyber security jobs market, 64% of organisations believe just half or fewer of applicants for open security jobs are qualified. This highlights how the jobs market has become stagnant for employers due to the cyber security skills gap. At the bottom of this scale, many business are having to settle for candidates that aren’t good enough. A potential side effect is that professionals in the industry don’t have the skills to properly protect their business.


How can we develop more cyber security skills?


53% of organisations experience delays as long as 6 months to find qualified security candidates. This means it’s becoming more difficult, costly and time-consuming to find the right cyber security skills for employers to protect their business and assets. One avenue through which the skills gap can be closed is Apprenticeships. The UK government is heavily investing in cyber security, with Chancellor George Osbourne promising an extra £1.9 billion by 2020. Much of this investment will fund two new cyber security focused apprenticeships, the Cyber Security Professional and Cyber Security Analyst. Offered by Firebrand, these trailblazer apprenticeships are an excellent avenue to upskill staff, unrestricted by age limitations. 

89% of consumers believe it is important for organisations to have cyber security certified employees. Another side effect of cyber security gaining more attention, is consumers becoming more aware of its importance. Customers are recognising it’s vital for businesses to have certified cyber security professionals. By getting your security employees certified, not only will they learn and demonstrate more advanced skills, customers will recognise, value and appreciate the extra commitment to cyber security. This is another eye-opener to how important cyber security certifications are, and from a source you probably didn’t expect.

77% of women said that no teacher or careers advisor mentioned cyber security as a career – for men it’s 67%. The lack of women in IT has been a trend for much longer than the cyber security skills gap. It’s clear that the cause of this goes far deeper into society and change starts with giving children the opportunity and encouragement to get valuable IT skills at an early age. The 67% figure for men, shows the problem is not unique to women. The root of the issue is that IT security is not taught in the school curriculum. This causes children, and their teachers too, to be unaware that cyber security is a career choice – one with excellent prospects. 


What’s the solution?


The first step to help close the cyber security skills gap, is for government and business leaders to realise the dangers that the skills gap presents. Thankfully, this is starting to happen. Back in November 2015 Chancellor George Osbourne announced that the UK government was planning to invest £1.9 billion into cyber security. This type of commitment needs to continue, with business leaders and managers investing in cyber security training. This is important to give cyber security professionals the skills they need to properly protect businesses from cyber attacks. If these skills are in place throughout the UK, attacks will be prevented and the numbers reduced.

Also, the structure of education around cyber security needs to change. If the government were to introduce cyber security as part of the curriculum, it would encourage more children to choose cyber security careers. The government must continue to increase their investment into cyber security apprenticeships. This would encourage more young people and businesses to undertake apprenticeships, developing skills and successful cyber security careers. Finally, general awareness needs to increase around cyber security. This would help people take more steps to help prevent cyber attacks. These actions would change the culture of dusting cyber security under the carpet, and getting more skilled cyber security professionals into the industry to protect our businesses and economy.




About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 30 November 2015

Cyber security red alert on Cyber Monday


Cyber Monday creates an ideal opportunity for malicious hackers to attack your business systems. As company servers are hammered by millions of genuine requests from eager buyers, the opportunity for a hacker to breach your system undetected increases. The consequences of which can be severe, considering the financial and public image implications a single breach can create. 

The current strain being exerted on IT infrastructure is strikingly similar to a common hacking technique. The tactic involves a single hacker targeting a network, followed by hundreds of hackers joining the attack to create a diversion. The noise created by the hundreds of additional hacker presents a smoke screen, enabling the initial hacker to breach the system. 

Attacks like these can collapse your infrastructure, forcing websites and whole servers offline. They are becoming all too common as cyber criminal look to cash in on the details stolen. 


Protecting your assets on Cyber Monday 


Today, on Cyber Monday, you should remain vigilant, especially if you're an online retailer. Loyal customers are currently creating the diversionary tactic which could allow a hacker to breach your system. If your attention is being distracted by sales, you should start focusing on security. 

A single breach could expose your data to criminals, or take your website offline for hours. Not only will you miss out on the valuable revenue created by these marketing ploys, the financial ramifications of a breach could collapse your business. Take TalkTalk for example, November’s breach of the telecoms giant is estimated to cost the organisation in the region of £30-35 million. 

Take the following steps to protect your assets on this busy day: 
  • Ensure you follow routine daily security checks – do not let your IT team be distracted by sales
  • Segment systems on separate protected networks – this tactic ensures that if one system or network is breached, an attacker won’t then have free roam to take down multiple systems simultaneously 
  • Increase monitoring of endpoint devices – pay regular and close attention to public facing systems to ensure any suspicious activity doesn’t go undetected. Now is the time to be paranoid, it’s the ideal time for an attack 

Future planning 


Whilst Cyber Monday is high risk, it’s important to prepare for the long term. A cyber-attack can happen at any time, it’s vital you and your team have the security skills implement a long term strategy. 

Investing in training employees is critical. Certification courses like the Certified Ethical Hacker and CISSP will develop the technical and strategic skills required to protect your company assets. You can learn to attack your own systems to identify weaknesses or devise a comprehensive and water tight security system. Stay vigilant.

Friday, 24 July 2015

4 new Cyber Security certifications in 2015


By Tobin Chapman


It is more important than ever for you to protect your company against cyber-attacks. According to a recent government survey, cyber-crime costs UK businesses a reported £27 billion a year

Each individual breach can cost large businesses as much as £1.15 million on average. A huge stigma exists around cyber fraud due to the damage it can have to a company’s reputation. This has meant that as much as 85% of fraud and cyber-crime goes unreported.

Demand for cyber security skills is going up as businesses are increasingly recognising the need to protect their assets. To meet this demand, we’ve seen a series of new cyber security courses launched in 2015. 

There have been new courses from established security vendors as well as existing vendors entering the market for the first time.

Earning a high level Cyber security certification can net you a career earning as much as £82,500, according to ITJobsWatch. The release of these new certifications will help you develop the skills you need to protect your business from a cyber-attack.


AXELOS RESILIA™


RESILIA CertificationRESILIA™ is a methodology for cyber resilience. It employs best practice techniques and standards that you or your business can apply. In short it helps you be ‘resilient’ against attacks through being able to detect, respond to and recover from cyber-attacks. 

AXELOS has developed a course aligned to RESILIA allowing you develop the skills required to implement the methodology. Completing the course and achieving the qualification allows you to make he most of RESILIA whilst demonstrating you have the skills to do so. RESILIA is AXELOS’ first cyber security certification.  

Employing certified people that can react and act on cyber-attacks is critical for maintaining the integrity of your business. RESILIA ensures this by keeping your reputation intact, customers loyal and operations up and running.  

With Firebrand's 5 day accelerated RESILIA course, you can certify in just 5 days.


(ISC)2 Certified Cloud Security Professional


CCSP Logo Stacked
Cloud is currently one of the fastest growing technologies, with 4 in 5 UK businesses using cloud services. When discussing cloud, security continues to be a primary concern for businesses. Without having access to the physical servers that your data is stored on it is important to do everything possible to protect it. 

CCSP certification recognises this, developed by (ISC)2 and Cloud Security Alliance, the course gives professionals a deep-seated knowledge and competency through hands on experience.

By attending the course, you'll learn:


  • Architectural concepts and design requirements
  • Cloud data security
  • Cloud platform & infrastructure security
  • Cloud application security
  • Compliance


Cisco Cybersecurity Specialist



Cisco’s first cybersecurity certification is designed for professional security analysts. Thecybersecurity specialist certification covers important areas of competency, including event monitoring, security event, alarm and traffic monitoring and incident response. 

With no prerequisites is it a course available to anyone who needs to be able to mitigate and avoid cyber-attacks in their day to day job, or anyone who wishes to move into a profession involving cyber security. 


ISACA Cybersecurity Nexus



ISACA’s Cybersecurity Nexus program is designed to be the most comprehensive and desirable certification on the market. The course does not rely solely on knowledge, but tests in a virtual ‘cyber lab’ environment in order to prove actual technical skill, ability and performance. 

It is available at three levels; Practitioner, Specialist and Expert: 

CSX Practitioner – made up of three courses and gives a foundation of knowledge in ISACA’s five areas of cyber security; Identify, Detect, Protect, Respond and Recover. Firebrand offers an accelerated 9 day course which combines all 3 courses - 40% faster than traditional training. 

CSX Specialist – This gives you the option to specialise in any of the five areas, with a course available for each. (coming soon)

CSX Expert – This is the highest level available and shows you are a master-level security professional capable of identifying, analysing, responding to and mitigating the most complex cyber security incidents. (coming soon)



Some businesses may find certain qualifications more useful than others. If you’d like to find out more about which certification is right for you, you can read more on Firebrand's dedicated security section, or give us a call on 080 80 800 888.



Friday, 12 December 2014

Fast track your career into Cyber Security in 2015

 By 

Continuing growth in salaries, a shortage of skilled professionals and a rapid increase in available jobs make a career in cyber security a real prospect. Follow this guide to fast track your career into cyber security in 2015...

If you’re considering a career in cyber security then 2015 could be the year for you. The hacking of Sony Pictures is the latest in a string of high profile attacks, which continues to put recruitment of skilled cyber security professionals top of the agenda.
placeholder

Cyber security vacancies in the UK have doubled in the last year, with demand outstripping supply, according to a recent study by Technojobs. Combine this with of a 10% growth in the average salary for UK cyber security professionals, now £57,000, and increased Government support and it’s easy to see why the current climate is perfect for employment in the field of cyber security.


Follow these tips to fast track your career into cyber security in 2015…



1. Find the right job for you


First things first, work out which job is right for you. Whether you want to become a Computer Forensics Investigator, Information Security Analyst or Penetration Tester, it’s important to know what the job entails.
SANS have compiled a list of the top 20 Information Security and Cyber security jobs which you can use to track down job descriptions on the major job boards.


2. Get certified


Sometimes the quickest way into the cyber security sector is to get certified. In fact the majority of commercial cyber security and defense-related IT Security jobs require security certifications as a prerequisite. So the lack of certification may be the only thing standing between you and your cyber security career. Find out.


If you are looking at entry-level positions then the CompTIA Security+ and Microsoft MTA Security Fundamentals are a great place to start.

Those considering a more advanced position would be well placed to consider EC-Council’s Certified Ethical Hacker (CEH) certification or ISACA’s Certified Information Security Manager (CISM) certification.
Then there is the industry gold standard Certified Information Systems Security Professional (CISSP) from (ISC)2, for those eyeing up a position in Senior Management.
This is merely scratching the surface, there are a range of security certifications available from other renowned vendors including Cisco, Symantec and GIAC.


3. Make sure you have the right experience


This echoes back to the first point, when you’re looking at job descriptions, scope out the level of experience required for the job in question. You may realise that you don’t have the right experience at this stage, but at least you know what you’ll need to be working towards.
For those looking at starting a career, this may mean taking a non cyber security-related job as a stepping-stone. As pointed out in a fantastic post from Ira Wrinkler in Computerworld:

“You cannot be expected to protect computers if you don’t know how to administer a computer system, you can’t secure a system that you can’t properly configure on your own, you can’t secure a database if you aren’t fluent in the database management system, and you certainly can’t write secure code if you can’t code at all.”

A great way to bridge the experience gap at the entry level is through voluntary work experience or internships. Keep your eyes peeled, they are everywhere.


4. Get your CV in shape



This can be applied to any industry, but always make sure your CV is up to scratch. This will be the first impression you make to a potential employer, get it wrong and it will be the last.
Having past experience in the recruitment sector here’s my top advice:

  • Ensure your CV is tailored to each individual position. This includes a covering letter outlining why you want the job and why they should consider you.
  • You need to make an impact in the first few lines, so highlight relevant experience and achievements from the outset.
  • Don’t waffle, if your CV is more than 2 pages then it’s too long.
  • No spelling mistakes, with modern day spell check it’s unforgivable.


5. Consider signing up with a recruitment agency



This advice is perhaps more for the seasoned professional, but signing up with a specialist recruitment agency can significantly improve your chances of landing that coveted role. Yes you’ll have to go through an interview, but once on the books there are numerous benefits.

A good recruitment consultant will:

  • Have in depth understanding of the industry and some powerful connections
  • Advise you on how to improve your CV and interviewing skills
  • Sell you into employers, even if that employer isn’t currently looking
  • Get the first shot at a high profile position that may never make a job site
So there we have it, five tips to set you on your way to a new cyber security career in 2015. I wish you every success.



Author Profile

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the Industry for almost 3 years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint, Windows Server and Exchange Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor.

Tuesday, 18 November 2014

Big Data: A big security challenge



By Debra Littlejohn Shinder

Big Data – the collection of large and complex sets of data that include both structure and unstructured information – is widely touted as one of the most important current trends in computing, along with Bring Your Own Device/mobility and of course, the cloud. In fact, the convergence of these technologies is seen by many as the top IT challenges of this decade. 

Much has been said and written about the security implications of BYOD, mobile devices and cloud services, but the security aspects of big data don’t seem to get quite as much attention. This is true even though companies are accumulating and analyzing huge amounts of information – not just terabytes, but petabytes – and some of it could cause big problems if it fell into the wrong hands. 

Image courtesy of Renjith Krishnan at FreeDigitalPhotos.net
After all, the real point of collecting such massive amounts of data is not just to be a data hoarder; the objective is to subject it to analytics that can provide the company’s decision-makers with insights into aspects of their business that can have an impact on the organization’s efficiency, reputation and bottom line. But we all know that information that can be used for good can also be used for nefarious purposes, and if those business insights became public and/or were revealed to competitors, the impact on the company could be very negative indeed.

The security challenge of big data is complicated by another of those hot trends we mentioned above; many companies don’t have the storage capacity on premises to handle the amounts of data involved, so they store all that data in the cloud. Some do so in the mistaken believe that turning their data over to a cloud storage provider means they also get to hand off all of the responsibility for securing that data. 

For some companies, this might even be a reason for the decision to store the data in the cloud in the first place. You could argue that large cloud providers have far more resources to put into securing the data than your organization does. Cloud data centers are heavily guarded fortresses that employ high dollar physical and technological security mechanisms. 

Image courtesy of Stuart Miles at FreeDigitalPhotos.net
This line of reasoning makes sense – but the cloud shouldn’t be an excuse to abdicate your ultimate responsibility for the protection of your sensitive information. If there is a breach, your customers will blame you, not the cloud provider, because you are the one to whom they entrusted their information. This does double if you’re doing business in a regulated industry – financial, healthcare, a publicly traded corporation, a retail business that processes payment cards, etc. You won’t be able to pass the buck if you’re found to be out of compliance or in violation of standards. 

As with information security in general, the key to securing big data is to take a multi-layered approach. One important element in protecting the huge quantity of data that often contains bits and pieces of personal information about many individuals is de-identification – the separation of identifying information from the rest of the information pertaining to a person. Unfortunately, the counterpart to de-identification is re-identification, the art and science of putting all those pieces back together to discern identities from the de-identified data. 

In a report last summer, Gartner concluded that over 80 percent of organizations don’t have a consolidated data security policy across silos, and that in order to prevent breaches, they need to take a more data-centric approach to security. 

Of course, many of the security concerns and solutions that apply to big data are the same ones that apply to protecting any sensitive data. However, one thing that makes big data especially challenging is that it often passes through many more different systems and applications in the process of turning all that unstructured mess into useful information. 

Companies may use applications and storage methods for which security was not a design priority, so that they have to tack on security solutions after the fact. Since much of big data is unstructured, it’s often stored in non-relational databases such as NoSQL, which were not built with security in mind. Traditional firewalls and other security solutions weren’t designed to handle distributed computing that is at the heart of big data. Automated moving of data between tiers in a multi-tiered storage system can make it difficult to keep track of where the data is physically located, which poses a security issue.

Close attention to “middleware” security mechanisms, extensive and accurate logging of data tracking, and real-time monitoring are essential components of a security strategy that encompasses the challenges of big data.

You can find more information about securing data in the cloud here.  

Author Profile

Debra Littlejohn Shinder, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security.

She is also a tech editor, developmental editor and contributor to over 20 additional books. Her articles are regularly published on TechRepublic's TechProGuild Web site and WindowSecurity.com, and has appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine.

Thursday, 3 July 2014

Succeed in the CISSP exam with these 4 tips

CISSP is a global standard, widely recognized as the information and cybersecurity benchmark certification. It’s an advanced cert that demonstrates a wealth of IT security knowledge and experience.  As a result, typical salaries have risen to upwards of £55,000 in the UK.

Cybersecurity professionals have never been in greater demand. What’s more, Sebastien Cobut, vice president of IT recruitment specialist Volt states that, ‘internal statistics suggest a continuing increase in both demand and pay rates for IT security professionals, across both UK and continental operations.’



'A day in the life of a CISSP certified professional'

Whilst the CISSP-certified are in demand, as you might imagine, it’s not an easy qualification to achieve.  You’ll need 5 years of paid information security experience (or 4 years with a degree) to take the mammoth 6 hour exam.  For an information security professional, preparation for the CISSP exam has been likened to that of a runner preparing for his first marathon.

Like any advanced qualification, it can be achieved if you’re committed - here are 4 tips to help those preparing or thinking about going for a CISSP cert.

1. Prepare to pass

Before you embark on your training course, it will be worth your time to evaluate your existing knowledge in line with the CISSP CBK (common body of knowledge). You might find that your idea of the domains differs to their actual definitions and this could seriously misinform what you study.

Sort and rank domains according to your knowledge level and from there, assign a hierarchy based upon how familiar you are with them. This will allow you to allocate your time smartly and ensure you don’t neglect any of the domains. 

Commitment is the key to passing your CISSP
Image courtesy of imelechon / morgueFile
2. Don’t waste time; start studying now

Yes, it’s an obvious one, but it can’t be stressed enough. The CISSP cert demonstrates you have a wealth of knowledge across a lot of different information security topics. Even if you’re already an expert in the majority of the domains, there will likely be some you will have to learn from scratch.

3. Choose good study materials

CISSP’s All-in-one Exam Guide 6th Edition comes highly recommended. It’s a great preparation tool that covers all 10 CISSP exam domains.  Familiarise yourself with these domains before the commencement of your training course and you’ll be well positioned to pass the exam.

The official study guide comes courtesy of (ISC)2 and is recognised as one of the best tools for studying the CISSP exam. Try to select a variety of study materials and make sure they are up-to-date. Don’t just settle on one guide either, try to experience a few different guide and handbooks.  

Study forums can be a great asset to anyone studying the CISSP, especially if you don’t personally know anyone else studying for the CISSP exam. If you ever need to ask a very specific question, or simply want to speak to people revising for the same exam as you, these forums can prove invaluable. Try and regularly browse these IT forums, the more involved you can get, the more you’ll learn. It’ll help you stay motivated to be metaphorically around people in the same position as you.

4. Minimise stress

Completing an important exam is stressful, especially if its 6 hours long. It’s important not to get flustered. Don’t let your hard work be hindered by any stress you feel. If you studied well and have some good experience, it should all come naturally.

Concluding thoughts

If you’re not the kind of learner that can shut themselves away for hours on end, there is a better alternative. Study CISSP at Firebrand and you’ll get certified in just 7 days on an all-inclusive course. You could begin looking for a senior role in IT security within a week with our unique accelerated training.

Friday, 25 October 2013

Cyber Security Challenge UK


By 


Protecting ourselves against cyber-attacks and preserving the availability and integrity of key systems has become a highly complex challenge, as attackers continue to come up with more sophisticated methods. The UK is full of talented individuals with excellent potential to become cyber security experts.


Cyber Security Challenge UK is dedicated to find that hidden talent and bring it into the field of IT security. The Challenge is working closely with industry leaders and experts from all across the globe to design and develop a series of competitions to test the nation’s cyber security skills.

Sponsored by the likes of the SANS Institute the Challenge aims to overcome the growing skills gap in cyber security by motivating and supporting new talent to pursue a career in the industry. 


To find out more about the Challenge and how it can impact on your career, visit the official Cyber Security Challenge UK website. 

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 4 October 2013

Adobe suffers data breach affecting 2.9 million


By 


Adobe’s been hit by a major data breach. According to the company’s announcement, the attack affected 2.9 million of its customers. The stolen data contained names, passwords, as well as credit and debit card numbers.

Brad Arkin, Adobe's Chief Security Officer said: "We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident."

Adobe stated that all personal data was encrypted, therefore the risk for fraud or identity theft is low.
However, there are no details on the kind of encryption or security Adobe used for the stolen data.


Besides the initial breach, Adobe suffered a second attack, resulting in the loss of source codes to products, such as Acrobat, ColdFusion and ColdFusion Builder.

As a corrective measure Adobe started to reset some passwords and contact customers whose debit or credit card details were affected. 

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 18 February 2013

Skills gap leaves Britain vulnerable to cyber crime




By 



A shortage of IT security experts is leaving Britain vulnerable to the threat of internet attacks and cyber war research shows.

Cyber crime costs the country hundreds of millions of pounds every year and the skills shortage is not helping. The country’s critical infrastructure that supports government, emergency services, utilities and transport is at risk of online attacks, the National Audit Office warned.

The report stated “these services are essential to daily life… and their protection from cyber attacks is crucial”.

Figures in the government, academia and business claimed that the shortage crisis could last for two decades. The current pipeline of graduates and practitioners would not meet demand.

The NAO report added that “this shortage of ICT skills hampers the UK’s ability to protect itself in cyber-space and promote the use of the internet both now and in the future”.

How much?
The report comes after a large amount of warnings about cyber crime, which is currently estimated to cost up to £27billion a year in Britain alone. Foreign secretary William Hague has stated that computer systems which supported the London Olympics were attacked every day during the event.

Closing the Gap
Britain’s brightest computer brains came together on Saturday at the offices of the internet security company - Sophos for a cyber war game designed to find the most talented individuals.

Cyber security firms confirmed that it has become increasingly difficult to find the best computer minds because the teaching in schools and universities is not up to standard.

The Cyber Security Challenge UK logoThe Cyber Security Challenge UK was set up as a competition in 2010 to encourage the UK to get rid of the digital skills gap.

During the challenge, candidates encounter creations of both cyber criminal gangs and nation states in a virtual environment. They take on the role of forensics and defence specialists working for the UK Government. All attacks are based on real-life scenarios. Candidates then presented their findings to a panel of judges and made recommendations on actions to be taken.

Sophos LogoThe most successful participants are likely to be offered jobs or bursaries that will help them start a career in the industry.

250,000 new viruses are released on the internet every day, and 30,000 websites fall victim to malicious software every 24 hours.

Governments around the world are investing heavily on improving cyber capabilities in order to protect everything from banks to nuclear reactors, water purification plants to the national grid.

Firebrand Training caught up with James Lyne, Sophos Director of Technology Strategy at CompTIA's EMEA conference. He spoke to spoke to us about the importance of cyber security education. Watch the interview below.


To embed this video copy the code in the box below.


Video Transcript:
Hi. My name is James Lyne and I'm the Director of Technology Strategy at Sophos. Today at the CompTIA conference we've been running a panel about how to encourage the next generation of cyber security talent, and how to more effectively get the message across to existing employees within businesses today.

It's been one of the huge challenges of the past 20 years of security. Really the outcome of the panel was that, while we're making a lot of progress, there's a lot of attention on this issue in everything from public sector and government, through to small businesses. We've still got a long way to go, in particular in the area of new devices like mobile phones.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.