Showing posts with label certified ethical hacker. Show all posts
Showing posts with label certified ethical hacker. Show all posts

Monday, 1 August 2016

Becoming a Certified Ethical Hacker - 5 things you need to know

Photo Credit - The Preiser Project
‘Ethical hacker’ may sound like a contradiction in terms, but as the saying goes, ‘it takes one to know one’.

Businesses are increasingly realising the value of employing ‘white hat’ (ethical) hackers to employ the same tools and techniques as the nasty ‘black hat’ hackers, to find and close their IT systems’ security vulnerabilities.

If you’re serious about a career as an ethical hacker, gaining a certification is a powerful way to
demonstrate your expertise, and boost your employment prospects.


1) One certification to rule them all 


There is a wide selection of IT security certifications, for all levels of experience, and with various biases towards either the technical or managerial sides. But for ethical hacking the choice is easy, as one certification is regarded as the gold standard: the EC-Council Certified Ethical Hacker (CEH). By way of evidence: on ITJobsWatch, in the past 3 months 258 jobs cited ‘Ethical Hacker’ or ‘Ethical Hacking’, but 343 explicitly cited ‘EC-Council Certified Ethical Hacker (CEH)’.

The latest version of CEH, v9, was introduced at the end of 2015, so make sure this is the one you study. It offers incredibly comprehensive coverage of the latest techniques and methodologies, based upon the expertise of the world-leading experts at the EC-Council (International Council of Electronic Commerce Consultants). To give you an idea of the certification’s scope, you’ll gain exposure to over 2200 hacker tools.

You don’t need decades of previous experience in order to take the CEH certification. The EC-Council suggests two years’ IT security experience, although this is flexible if you have previous IT-related qualifications.

2) Do a course 


There’s often a choice with certifications whether to take a course, or self-study. With CEH, self-study is rather challenging, because it’s difficult to gain sufficient practice and ensure you are not accidently breaking the law!

On an official CEH course, you practice your skills on EC-Council's 140 labs covering a vast range of security vulnerabilities. Ethical hacking, probably more than any other IT skill, requires you to ‘think outside of the box’, so realistic mind-stretching practice environments are essential.

3) Be a child 


Ethical hacking is a creative and exploratory process. Yes, there is a suite of standard tools and techniques with which you need to be comfortable, but a mindset of almost child-like curiosity is essential. You’ll constantly need to find unexpected ways of using existing systems to expose the back doors that everyone else has overlooked.

The CEH course places a strong emphasis on teaching you to ‘think like a hacker’. It’s your job to take the red pill, and actively explore how deep the rabbit hole goes.

4) With great power comes great responsibility 


Perhaps as important as curiosity is a strong sense of responsibility. The CEH teaches you the same techniques that ‘black hat’ hackers use for malicious purposes. Consequently, you’re required to sign a form stating that you won’t misuse your knowledge.

The Computer Misuse Act, which mandates prison sentences for hacking, has no provision for curiosity or good intentions – so only ever attack live systems when you have explicit permission from the owner!

5) It’s big money 


Cyber attacks affected 1 in 4 UK businesses in 2015, costing the economy a staggering £34 billion. The cost of each breach was £1.46 million on average. It’s no surprise, then, that businesses are crying out for skilled staff to combat the problem – and they’re willing to pay.

As you may have gathered, the shortfall in certified ethical hackers is rapidly driving up salaries. The current median salary is a very respectable £57,500, having risen from £50,000 two years ago.

Tuesday, 29 September 2015

Why now is the time to become a Certified Ethical Hacker

 By Sarah Morgan

Cyber criminals are using increasingly more advanced technologies to breach the security of high-profile businesses. The list of companies and institutions hacked now include Ebay, Sony, Target, AOL, the NHS and even the US Military. Even after such massive security scandals, some dating back almost 10 years, companies are only now realising how crucial IT security is to their success. 

Because of this, now more than ever, businesses want professionals who can demonstrate skills in ethical hacking. Read on to discover the reasons why there has never been a better time to become a Certified Ethical Hacker.

Large scale investment


According to Microsoft’s Digital Crimes Unit, 1 in 5 businesses have been the subject of a cyber-attack. This means it’s a matter of when, not if, more high-profile security breaches will happen. As a result companies are recruiting and training Certified Ethical Hackers to make sure it isn’t them. Because of this, demand for Certified Ethical Hackers continues to climb, almost indefinitely.

In addition, BT has recently launched an ethical hacking service for customers in financial services. This service is designed to help organisations in retail and investment banking to protect their business from security breaches and cyber-attacks. If other big businesses follow suit and begin to offer full-scale services like BT’s, the demand for Certified Ethical Hackers will increase significantly. 

With 1000s of jobs currently advertised, and the future growth potential, this is just one of the reasons why there has never been a better time for you to attain EC-Council' Certified Ethical Hacking credential.


Investment from small and medium businesses


It's not just global organisations investing in ethical hacking to ensure their names aren’t headline news for the wrong reasons. Small and medium businesses are increasingly realising the need to increase investment in IT security to future proof their business.

In recent interview with the BBC, Steven Harrison, Lead Technologist at IT services firm Exponential-e, states there can often be a knowledge gap between small business and industry giants. To bridge this gap, small businesses are increasingly investing in developing the skills of ethical hackers to tighten up their security. The goal is to prepare themselves as they expand into the cloud, social media and other advancing technologies. 

If you work for a small or medium business, now is a fantastic time to encourage your boss to invest in training you as a Certified Ethical Hacker.


Removing the stigma


When the title of “ethical hacker” was first mentioned, some businesses were cautious of employing those with the skills to hack their systems. For obvious reasons, businesses were reluctant to hand over the keys to their company’s security. They were fearful of disgruntled employees who knew every detail of their security systems and how to access their most sensitive data.

However, ethical hackers have proven time and again their value by protecting businesses from cyber-attacks that have devastating potential. Companies are also more aware of the rigorous background checks for criminal records and codes of conducts that all ethical hackers must pass and sign.

This is good news, as the types of attacks that are threatening businesses are becoming increasingly more common and complex. The best way to counter this threat is to employ a Certified Ethical Hacker to discover and patch weaknesses in security. 

The realisation of the worth of ethical hackers means more businesses are looking to employ and train Certified Ethical Hackers for protection. They are much more willing to open their doors to you.


Image courtesy of chanipipat at FreeDigitalPhotos.net




EC-Council Certified Ethical Hacker v.9.0


EC-Council recently released the new and updated version of the Certified Ethical Hacker certification. Because the CEH certification is the pinnacle in the field of ethical hacking, when the course is updated, it provides the latest knowledge and skills available. Version 9 is no different and has added new vulnerabilities and attack vectors. 

Now is the perfect time to bring your skills up to date and set yourself apart from other professionals.


Boost your security skills


The demand for Certified Ethical Hackers is only set to increase in businesses of all sizes. As technology continues to advance, so will the threats to the businesses using it. These businesses will need to protect themselves, one of the best ways to do that is through Certified Ethical Hackers.

So, insummery here is why there has never been a better time for you to become a Certified Ethical Hacker:

1. Big business are investing heavily in recruitment and training of Certified Ethical Hackers. The emergence of ethical hacking as a service ins only going to create yet more jobs.

2. Small and medium businesses are investing more in developing ethical hacking hacking skills, meaning you have more chance of improving your knowledge and skills.

3. Reduced stigma and a greater appreciation of the value of ethical hackers means more and more companies are opening their doors to Certified Ethical Hackers.

4. The release of CEH v9 means you can bring your skills up to date and be at the forefront of ethical hacking.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 


Wednesday, 9 September 2015

Your Ultimate CISSP FAQ

 By Sarah Morgan

The CISSP is a hugely popular certification that carries a great deal of prestige and may be something you’re striving for in the future.

How much do you really know about the CISSP? This ultimate CISSP FAQ will start from the basics to ensure you know all there is to know about this gold standard security certification.

Q: What is a CISSP?

A: CISSP stands for Certified Information Systems Security Professional. Achieving the certification proves you are accomplished at the management level of information security. Developed by globally recognised (ISC)2, it has become established and well-respected within the industry and is now a key component in the selection process of Chief Information Officers.



Q: What does the course cover?

A: The CISSP course begins by ensuring you understand the concepts and principles behind information security and why they are important. You’ll then build up to learn how to protect your business from various angles and how to apply management skills to information security through (ISC)2’s eight domains.

Everything you’ll cover will be from (ISC)2’s CISSP CBK (common body of knowledge). This ensures what you learn is approved and thorough, covering all components of information security management. The full list of the domain titles are as follows:


  • Domain 1 – Security and Risk Management 
  • Domain 2 – Asset Security
  • Domain 3 – Security Engineering
  • Domain 4 – Communication and Network Security
  • Domain 5 – Identity and Access Management
  • Domain 6 – Security Assessment and Testing
  • Domain 7 – Security Operations
  • Domain 8 – Software Development Security


Q: How will it help me on a day-to-day basis?

A: The skills you’ll learn on your CISSP course will improve the depth of your knowledge, filling in gaps, and making you more skilled at what you already know and do. You will also become more proficient and prepared for dealing with a vast range of security threats.

For example, the breadth of topics covered ranges from cryptography to implementing disaster recovery processes. Whatever your current or future job role in information security, you’re sure to gain knowledge and skills that will help you on a daily basis.

Q: Who is the CISSP aimed at?

A: The CISSP is an advanced certification. This means it is directly aimed at senior and experienced security professionals who will realistically be able to pass the exam and find it useful.

However on a more grand scale, anyone looking into senior information security roles can target the CISSP as a long term goal. Even if you’re not quite the perfect candidate to take the CISSP yet, there’s nothing stopping you in the long term.

Q: What jobs can I do with a CISSP?

A: The CISSP has the potential to lift you into security roles that are the pinnacle of the field. Below are just a small sample of the sorts of job roles that you could access after becoming CISSP certified:


  • Chief Information Security Officer
  • IT Security consultant
  • Senior Security Engineer
  • Head of Cyber strategy
  • Security Specialist
  • Chief Security Architect
  • Security Assurance Analyst
  • Technology Consultant Manager
  • Cyber Security Senior Manager
  • Information Risk Manager
  • Head of Risk & Compliance




Q: How much can I expect to earn with a CISSP?

A: Of course the salary you can earn depends on what else is in your skillset and the job roles listed above do have varying salaries. According to itjobswatch.com, the lower tier of the jobs you could be doing average salaries between £40,00-£50,000. These are roles like IT Security Consultant, Security Specialist and Security Assurance Analyst.

However, the more senior roles, like Chief Information Security Officer, Head of Cyber Strategy, Chief Security Architect and Cyber Security Senior Manager, average salaries between £70,000-£100,000. The CISSP is one of the best certifications as a gateway to such high level jobs with that kind of salary and responsibility – especially in a field with such intense competition.

Q: Can anyone take the CISSP course?

A: Because the CISSP is such an advanced certification, there are prerequisites that you must meet before you are able to sit the course.

Initially, you must have at least five years of professional information security experience, as well as a university degree. The nature of the security industry also requires you to agree and commit to the Code of Ethics and criminal history check. On top of this, after passing the certification, your application must be endorsed by another qualified information security professional.

However, do not be put off. These prerequisites are only in place to ensure that you and have the experience and ability to pass the course and put what you’ve learnt into practice in the real world afterwards.

Q: What happens if I don’t meet the prerequisites?

A: If you don’t currently meet the requirements for the CISSP – (ISC)2 offer a range of courses for varying experience and skill level. The full list here.

The SSCP is designed for those who don’t meet the CISSP prerequisites. Also developed by (ISC)2 from its CBK, it covers seven very similar domains, at a lower level. The bonus is, it only requires one year of experience in the information security field – a fantastic stepping stone to get you onto the CISSP.

There are also many other security certifications that can help boost your skills. From EC-Council’s Certified Ethical Hacker, to CompTIA’s Security+, there is a certification out there than can help you get the skills you want in the security industry, whatever your current situation.

Q: What are the exams like?

A: The CISSP exam consists of 250 multiple–choice, four option questions. It’s a lot of questions, but you have six hours in which to do them. All exams are meant to test you and prove that you are a certain standard, otherwise the certification wouldn’t be worth anything. The CISSP is no different and is a tough exam to pass, hence the qualities stated in the prerequisites. But don’t feel daunted, obviously people do pass it, it just takes commitment and hard work. It’s also worth noting that the exam questions change every two weeks, so you’re not facing the same questions each time.

Q: What happens if I fail?

A: Obviously nobody likes to fail, but it doesn’t mean the end of your aspirations and possibility of you getting CISSP certified. (ISC)2 policy states you can retake an exam 3 times in a year. If it’s the first time you’ve failed it, you’ll be able to sit another exam just 30 days afterwards.

Q: When can I get on a CISSP course and get certified?

A: The CISSP is a hugely popular course, which is why there is usually always a course running soon that you can get yourself on. At Firebrand there is between 1 and 3 courses a month. The Firebrand course is also just seven days and also includes the official (ISC)2 exam at the end of it. That means depending on availability, you could be CISSP certified by the end of next week.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Friday, 6 March 2015

Frequently Asked Questions about EC-Council’s CEH certification


By Sarah Morgan


With the recent spate of high profile hacks targeting the biggest and wealthiest, you might not be surprised to learn that EC-Council’s Certified Ethical Hacker cert is experiencing a boost in popularity.

As malicious hacking and cybertheft become increasingly prevalent in our lives, the CEH will continue to gain in importance. A lack of information security knowledge and investment is often to blame for data and system breaches – it’s clear that organisations need professionals with advanced security skills.

In response to this growing need, more and more professionals are looking to the CEH as a way of gaining new security skills and securing a rewarding career as an Ethical Hacker.

There’s a lot to learn about this popular cert - let’s take a look at the most frequently asked questions about EC-Council’s CEH certification.


Q. What actually is an Ethical Hacker?

A. Ethical hackers attempt to penetrate a computer system or network with the aim of finding security vulnerabilities that could otherwise remain undetected. However, unlike malicious hackers, ethical hackers are given permission to undertake these controlled attacks.

Without these harmless penetration tests, security holes could remain unseen, leaving the organisation in a position that a malicious hacker could exploit.

pat138241 / FreeDigitalPhotos.net


Become an Ethical Hacker and you’ll learn to use the same techniques and tools as a cybercriminal. However, instead of exploiting these vulnerabilities, as an Ethical Hacker you’ll document security holes and provide actionable advice on how they can be fixed.


Q. How much does an ethical hacker earn?

Ethical hackers earn an average advertised salary of £55,000 according to data from ITJobsWatch.


Q. Why should I get the CEH cert?

A. The CEH is a brilliant introduction into the world of Ethical Hacking. You’ll finish your certification with an in demand set of skills covering Intrusion Detection, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

Plus, if you need to break into the field of ethical hacking or penetration testing, the CEH will put you ahead of other uncertified job applicants (assuming you similar experience).

It’s a benchmark certification for ethical hackers - “CEH is the original standard,” says Albert Whale, president and chief security officer at IT Security, Inc.


Q. Is the CEH necessary to get a job in Ethical Hacking?

A. The CEH is the most well-known certification in Ethical Hacking, but it’s not an absolute requirement. At their most basic, certifications are simply a supplement to real-world experience - without this you will only get so far.

This certification will help you break into the Ethical Hacking profession, but you’re not guaranteed a career. You’ll get great skills and a renowned certification, but you’ll still need experience to back it all up.


Q. What prerequisites do I need to take an EC-Council course?

A. This cert sits in the sweet spot between entry level qualifications like CompTIA’s Security+ and advanced certs like the CISSP.

Before attending a CEH training course you should ideally possess at least two years IT experience, a good knowledge of TCP/IP, Windows Server and a basic familiarity with Linux and/or Unix.


Q. Will I be taught by a real hacker?

A. At EC-Council’s accredited training centres you’ll be trained by experienced security professionals. You won’t be taught by a 17-year-old reformed hacker – EC-Council adheres to a strict code of ethics and employs experienced instructors with a clean reputation.


Q. Isn’t it irresponsible to teach people how to hack?

A. The more we know about how the ‘bad guys’ operate, the more secure our systems, data and networks will be. Whilst the knowledge you’ll gain on a CEH course has the potential to be misused, many would argue this far outweighs the benefits of teaching thousands of IT professionals how to better protect their businesses.

To help highlight responsibility, EC-Council requires all of their students to sign an agreement, agreeing to respect the knowledge and not misuse it. You’ll also be required to agree to abide by all legal laws of the land in the use of your new knowledge and skills.


Q. How is the exam structured?

A. To achieve your CEH v8 certification you’ll need to pass exam 315-50 at a Prometric or Pearson VUE test centre. This exam is a 125 question, multiple choice paper covering the 19 CEH domains. To gain your CEH cert, you’ll need to score at least 70%.

Take a look at EC-Council’s site for more information on your CEH exam.


Q. What is the current version of the CEH certification?

A. Released in 2013, CEH v8 is the current version of the certification and introduced new modules in Social engineering and IPv6. CEH v7 retired on October 31st 2013 – you will no longer be able to take this exam.


Q. Do I have to recertify my CEH?

A. As of January 1st 2009, all EC-Council certifications will be valid for three years. However, to maintain your certification you will be required to achieve 120 credits (per certification) during the three years after you certify.

These credits can be gained in the following ways:

  • Attending conferences
  • Writing research papers
  • Reading material on realated subjects
  • Attending webinars

Qualifying activities must have been completed during the three year window after you achieve your certification.

More information on EC-Council’s recertification policy can be found here.


Q. What is EC-Council Aspen?

A. Aspen is a gateway to portals, products and services provided by EC-Council for its registered members.

As a member you’ll be able to place orders on products and courseware, view your certification(s) continuing education scheme and maintain your certs with EC-Council.

Access Aspen here.

Related Articles:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 17 December 2014

Best IT certifications for 2015


By Sarah Morgan


Getting certified is a brilliant way to prove that you are as skilled as you say you are. But a certification doesn’t stand alone – if you can’t apply it, what’s the point? Now that 2014 draws to an end, let’s take a look at some of the best IT certifications for 2015 that will advance you to the next stage in your career.

The need for qualified IT professionals is now massively outpacing the supply – it’s estimated that Britain alone will need 500,000 new IT professionals over the next five years. And with the widespread uptake of technologies, like Cloud and virtualisation, getting certified in 2015 really will make all the difference.

2014 saw a barrage of cyber-attacks inflicted upon businesses around the world. In fact, more organisations fell victim to cybercriminals in 2014 than 2013, the US State of Cybercrime revealed. And reports are already predicting an increase in cybercrime for 2015.

So from security to cloud and project management qualifications - getting certified for 2015 could be one of the best decisions you make next year. Here's our list of the best IT certifications for 2015.


1. Microsoft MCSA: Windows Server 2012 

Support for Windows Server 2003 ends July 14th, 2015. Using the system after end of support could cost you up to £120,000 a year in custom support. You will also lose the ability to process online transactions via Visa & Mastercard as Windows Server 2003 will fail to adhere to PCI compliance.

Despite warnings from Microsoft, estimates from HP suggest 11 million systems are still running Windows Server 2003. This could be a cripple your business, come 2015, considering the estimated 3 to 18 months it takes to migrate a datacentre of 100+ servers.

Thousands of businesses will now be migrating to Windows Server 2012, making the MCSA: Windows Server 2012 certification a valuable asset. Get this cert and you’ll reduce the hassle of migration and be able to make the most of your new server software faster.

Start planning your migration today (if you haven’t already) and make it a smooth process for your organisation by taking the MCSA: Windows Server 2012 course.


2. EC-Council Certified Ethical Hacker

There was a 50% chance you were a victim of cybercrime in 2014, data from Microsoft revealed. The same is true for one-in-five small and medium businesses.

Certifications like EC-Council’s CEH are now becoming increasingly sought after for businesses of all sizes. After all, nobody wants to face a crippling security breach like Sony’s recent attack.

Protect your business from cyber attacks like this (image from Sony's recent breach)



























Take on the CEH in 2015 and you’ll get comprehensive ethical hacking and networking security training. On this course you’ll learn how to conduct penetration tests against your own systems. With the knowledge of a hacker at your disposal, you’ll identify and close security holes that a cybercriminal could otherwise exploit.

The CEH certification also qualifies you for a wide range of roles within IT security from Forensics Analyst to Application Security architect.


3. (ISC)2 CISSP

In the past year alone, cyber security vacancies have doubled with demand now overwhelming supply, according to data from Technojobs.

The CISSP is a global standard and widely recognised as the information and cybsersecurity benchmark cert. Achieve it and you’ll display solid proof of your rounded IT security experience as well as a common baseline and standardisation of knowledge.


Certifications like the CISSP are in demand (2014 saw a 10% growth in the average salary for cyber security professionals) as they are frequently required for the majority of senior roles within cyber security.


Protect your organisation from IT security threats of all kinds - find out how to become a CISSP.


4. Microsoft MCSA: Office 365

Take the Microsoft MCSA: Office 365 and position yourself to take advantage of Microsoft’s new Cloud focus. This is also your first step to achieving Microsoft’s new Cloud Productivity competency for your business.


Achieve this certification and you’ll use the power of the cloud to save time, money and free up your business’s resources. You’ll get the skills required to set up an Office 365 tenant, including federation with existing user identities. If you evaluate, deploy and maintain Office 365 services, or plan to in the future – this is the course for you.



5. VMware® vSphere 5.5 

Businesses continue to embrace virtualisation technology as a way to reduce cost and complexity of critical applications. ‘The always-on-business will become the norm across the globe’ writes Don Williams, Vice president at Veeam Software.

Users want continuous access and to keep up, businesses have turned to virtualisation technologies to provide this. Products like VMware’s vSphere enable businesses to virtualise their server resources and aggregate them into logical pools for use across the entire business.

vSphere 5.5 is the fix for costly infrastructure sprawl as it allows your business to run multiple operating systems and applications on a single computer. Gone are the days of having multiple servers running at sub-optimal capacity - virtualisation technology gives increased productivity by reducing physical servers and ensuring each is running at full capacity.

Learn how to apply virtualisation technology within your organisation in 2015, with VMware’s official vSphere 5.5 certification. Find out more here, but bear in mind, this certification may change with the release of vSphere 6 sometime in 2015.


6. Microsoft Specialist: Developing Microsoft Azure Solutions 

Cloud technology is growing and demand for Cloud qualified professionals is growing with it. In 2014, 56% of IT departments couldn’t find qualified staff to support their cloud projects and demand for ‘cloud-ready’ IT professionals is also set to grow by 26% in 2015, IDC reports.

Microsoft's Public Cloud offering, Microsoft Azure, continues to grow with more than 1000 new customers joining everyday. After investing $15 billion in building and maintaining the global datacentres that power the Azure platform, it’s clear Microsoft have big plans in the Public Cloud space for 2015. You can tap into the demand for cloud skilled professionals by looking at the newly released Microsoft Specialist certifications focusing on the Azure platform.



If you’re a developer, the Developing Microsoft Azure Solutions certification is a brilliant way to gain a greater understanding of the Azure platform in 2015. This specialist course, built for developers, teaches you how to establish your own Azure virtual network environment, construct Azure Virtual Machines, host azure websites and design resilient cloud applications.

If you already hold the MCSD: Web Applications cert, this qualification is a brilliant way for you to get a rounded understanding of the Azure platform for 2015.

To achieve the certification you’ll have to pass the Microsoft Exam: 70-532.


7. Implementing Microsoft Azure Infrastructure Solutions

This is the second of Microsoft’s new specialist Azure certifications. With it, you’ll learn how to migrate your on-premise infrastructure to Azure. You’ll also learn how to:
  • Plan and implement data services based on SQL
  • Deploy and configure websites
  • Publish content through CDNs
  • Integrate on premise Windows AD with Azure AD
To achieve the certification you’ll have to pass the Microsoft Exam: 70-533.


8. AXELOS PRINCE2 Foundation and Practictioner

PRINCE2 is the de-facto standard for project management in the UK and is held by 63% of all project management professionals. With over a million exams taken globally, it’s already recognised as the world’s most popular project management methodology.

This qualification covers the management, control and organisation of a project. It embodies years of project management best-practice and provides a flexible and adaptable framework that suits different projects.

The PRINCE2 remains a sought-after certification for 2015 as employers continue to demand this qualification for their project management roles.


9. Microsoft MCSE: Private Cloud

The MCSE: Private Cloud certification focuses on the skills to combine Windows Server and System Centre 2012 to build a private cloud for your business. This certification requires the MCSA: Windows Server 2012 as a prerequisite. 

To boost the uptake of this already popular cert, Microsoft have launched various initiatives to help IT professionals get the prerequisites for this in-demand cloud certification.

To find out more about how to get the MCSE: Private Cloud certification, check out Microsoft Evangelist, Keith Mayer’s step-by-step guide. Or, if self-study isn’t for you, take a look at this accelerated course.


10. CompTIA A+

Many an IT professional’s career has been built upon the solid foundations of the CompTIA A+ certification. In fact, over 1,000,000 people have achieved the A+ in the past 20 years.

Major brands - like Dell, HP and Lenovo – require that their technicians are A+ certified in order to service their products. It’s even supported by government branches like the US Department of Defence.

The skills you’ll get from this certification are vendor neutral, meaning they’ll remain universally applicable across your entire IT career.

If you’re new to IT then this cert is one of the best ways to break into the industry. Take the CompTIA A+ and set yourself up with a comprehensive base of IT knowledge for 2015.


If we missed any great certifications you’re planning on taking in the New Year, please comment below!

We supported our best IT certifications for 2015 with a lot of our popular blogs from 2014, take a look at them below:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Thursday, 27 November 2014

How the new Sony hack proves security isn’t taken seriously


By 


Sony Pictures was crippled this week when cybercriminals forced the shutdown of their internal systems.

Imagine getting into work on Monday morning, booting-up your PC and being greeted with this:


It feels like something out of a cheesy 90’s spy-thriller but this is the reality that Sony Pictures employees had to deal with on Monday…and are still dealing with 4 days later.

Yes, Sony’s internal network had become the next victim of cybercrime in this recent spate of hacking. It’s a clear message for organisations: invest in your cybersecurity or this could happen to you.

Warning messages threatening to release data ‘secrets’, if undisclosed demands were not met, appeared on all internal computers, preventing login. The message also displayed ‘#GOP’ – pointing to a group named Guardians of Peace.

As of Thursday morning, the network remains down on many Sony offices and according to information reportedly shared by employees, it could be down for weeks.

Hackers also targeted Twitter accounts associated with Sony Pictures, leaving the same message and calling out Sony Pictures CEO:
























You, the criminals including Michael Lynton will surely go to hell. Nobody can help you.

If that wasn’t enough, the digital image also showed Michael Lynton’s head, edited into some form of Night Of The Living Dead landscape. These hackers clearly want to capitalise on the fear they can strike into the world’s biggest businesses.

One reddit user, posted a copy of a message allegedly displayed on the hacked network. The redditor explained, “I used to work for Sony Pictures. My friend still works there and sent me this. It's on every computer all over Sony Pictures nationwide.”

The post explained how the public could gain access to the 217.6mb .ZIP file, allegedly containing lists pulled from the organisations internal network.: “These two files are the lists of secret data we have acquired from SPE,” and that “Anyone who needs the data, send an email titled To the Guardians of Peace to the following email addresses.” A list of e-mail addresses attached to anonymous email services like Yopmail and Disgard.email followed.

Reddit users jumped at the opportunity to scour the allegedly leaked filed. A thread on the breach claims that the .ZIP file contains passwords of Sony employees, copies of passports of actors associated with Sony films and masses of Outlook archival data.

How Sony responded

In the typical damage-mitigating style of big companies experiencing big problems, Sony issued a statement saying the firm is investigating the ‘IT matter.’
Well that’s a relief.

Hack me once, shame on you

Sony is no stranger to being hacked. The infamous PlayStation Network hack of 2011, in which 77 million personal details were stolen, resulted in complete outage of the service for 24 days.
At the time it was one of the largest data breaches in history and remains a black mark on the Japanese company’s reputation.

As recently as August 2014 we watched as another major attack, once again, befell the PlayStation network. The service was forced offline once more, though this time for a single day.

Could your business survive a hacking attack?

Clearly, Sony has failed to invest sufficiently in their cybersecurity and organisations must learn from their costly mistakes.

Organisations need to begin investing in professionals with the skills necessary to prevent intrusions like Sony’s from ever happening.

Qualifications like EC-Council’s Certified Ethical Hacker (CEH) are valuable to keep organisations secure. By employing or training professionals and helping them to achieve certifications like the CEH, businesses can proactively defend and prevent these crippling attacks.

Ethical hackers can conduct staged penetration tests against your business – will your defences hold up against a real hacker? Either way, you’ll get real insight into how you can improve your security and protect your organisations valuable data. After all, the techniques that Ethical hackers use are identical to those employed by cybercriminals.

The need for certified ethical hackers is real and with every data breach this point is hammered home.
20% of small and medium sized businesses have been targeted by cybercriminals in the past year, costing the global economy $500 billion annually. And it’s getting worse: reports already predict an increase in cybercrime next year.

In fact, with more advanced hacking tools, we can expect more targeted attacks on businesses small and large.

Sony’s latest breach is a strong message to businesses: invest in cybersecurity or face the consequences.  

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 20 January 2014

The benefits of the Certified Ethical Hacker certification


By 


Certified Ethical Hacker, or CEH, certification is one of the hottest picks for IT security professionals pursuing a career in penetration testing. However, it’s often overlooked as a viable certification option by most information security pros. Although the certification is a must-have for penetration testers, its benefits are not limited only to this small niche of professionals.

The CEH exam is a relatively new credential in the IT certification industry, but its importance and influence have grown quickly. Provided by EC-Council, the CEH exam was the first certification to bring the so-called dark side of IT into the limelight. Before the CEH exam, there was no certification that taught the methods and tools that hackers use to penetrate computer systems. The CEH exam focuses on how hackers find and exploit vulnerabilities. The course includes everything from the tools of the trade to ethics.

What many security professionals do not yet realise is that the benefits of studying for and achieving this certification stretch beyond the field of penetration testing and into everyday network and application security. In addition to meeting the regulatory standards for employment for many top security positions, you can gain a wealth of knowledge that is otherwise not easy to obtain.  Besides your unique, new title, you’ll also get the following benefits, if you decide to get your CEH certification:

Understanding risks and vulnerabilities

The CEH course is made up of the following task and knowledge domains:

Task domains
  • System development and management
  • System analysis and design
  • Security testing
  • Reporting
  • Mitigation
  • Ethics

Knowledge domains
  • Background
  • Analysis/Assessment
  • Security
  • Tools
  • Procedures
  • Policy
  • Ethics

These domains are comprehensive and form a solid foundation for understanding how vulnerabilities affect organisations on a day-to-day basis.

Thinking like a hacker

The CEH course gives “white hat” IT professionals a glimpse into the mindset of a typical hacker. The focus of an IT professional is always on keeping bad guys out and maintaining secure systems. Over time, many IT pros develop a reactionary mindset. Battling with the bad guys will always involve reacting to threats and events as they occur, but it’s far more valuable and powerful to understand how the bad guys think and to be able to anticipate their moves. By learning the hacker mindset, you’ll be able to take a more proactive approach and see beyond current security tools and policies to know where and how an attacker might try to gain access to your network.

Learning how exploits evolve

Besides demonstrating the hacker mindset, the CEH course also provides valuable insight into the entire life cycle of an exploit. For many security professionals, the way exploits evolve to take advantage of vulnerabilities is a mystery. While security pros are trained to prevent and respond to known vulnerabilities, little attention is paid to the life cycle of the exploit itself, from its conception to its destructive use in the real world. The level of insight gained by becoming a CEH allows you to look at exploits and vulnerabilities objectively and to spot potential attack vectors and weaknesses before the hackers do.

Learning about the tools of the trade

Another overlooked benefit of the CEH certification is the amount of knowledge you can get regarding the tools of the hacker trade. While most IT pros have experience with at least some of the tools used by a CEH, they often lack the in-depth knowledge that’s required to use these tools for criminal purposes. Learning how malicious attackers use various tools allows you to better secure your networks, applications, and other assets.

To learn more about Ethical Hacking and its benefits, watch the following video with EC-Council President Jay Bavisi:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Thursday, 17 October 2013

Hacker Halted Europe Interviews - Jay Bavisi


By 


In October, EC-Council’s Hacker Halted came to Europe for the first time. Firebrand attended the conference in Reykjavik, Iceland and interviewed industry experts about the hottest topics in cyber security.

The first speaker is EC-Council’s co-founder and president Jay Bavisi, who summarises the main points of his presentation, entitled “The Cyber Security Quagmire: Finding the Panacea”.


His keynote speech compared the challenges faced by IT security companies to those faced by pharmaceutical companies. Mr Bavisi pointed out that while the pharmaceutical industry already managed to overcome diseases such as small pox through vaccinations, the IT security industry is still struggling to achieve similar success against the threats of cyberspace.


He also added that EC-Council would be launching new secure coding courses, as well as a different E|CSA & L|PT exam in 2014. The new exam will be 100% practical, requiring students to perform a penetration test on EC-Council’s virtual bank.




Make sure you check the blog regularly, as we'll post more interviews from Hacker Halted Europe 2013.

About the Author:       
Peter writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself.

Thursday, 26 April 2012

Companies to spend 14% more on IT security


Information Shield, in its 2011 Information Security and Data Privacy Staffing Survey, which polled 190 organisations in 34 countries, reveals that IT security staffing budgets are expected to rise by 14%.

RSA chief Arthur Coviello stated that, “never have the attacks been as targeted, with the aim of breaching one organisation as a stepping stone to breaching others.” Cyber-attacks have reached scary levels of sophistication, and the demand for ethical hackers and other ‘cyber ninjas’ has been on the rise.

Monday, 7 November 2011

Sony, Nintendo and now Adidas. Is Your Company Next?

A couple weeks ago we wrote about the second cyber-attack on Sony and how they learned from their lesson. The German Sportswear company Adidas had to take their website content offline after suffering from what they describe as a "sophisticated, criminal cyber-attack". Millions of user’s details were compromised and as soon as Adidas discovered the incident they had put extra security measures in place to protect their visitors.

In a statement Adidas has: 


"Nothing is more important to us than the privacy and security of our consumers' personal data," 


"We appreciate your understanding and patience during this time".


The news follows a series of attacks against Sony earlier in the year and 29 chemicals firms were last week reported to be targeted for a series of cyber-attacks. Once again this illustrates how sophisticated and dangerous these attacks have become.


Companies have started taking their security very seriously now, and with the big names' security being breached, it is inevitable they'll be more stringent in the future. The demand for certified ethical hackers will rise, as they'll look to combat the looming threat of hackers.


Our Certified Ethical Hacking course trains professionals as "cyber defenders" in 5 days.

Wednesday, 7 July 2010

Halting Hackers with Honeypots

Active surveillance of network and computer systems is expensive and time-consuming (and often fruitless). And this philosophy can mean that hackers remain undetected. A key issue with surveillance is that it can be tough to differentiate between legitimate and illegitimate activities.

A honeypot creates false targets that, when accessed, triggers an alarm. For example, if a hacker attempts to access an IP address that is not used. Likewise, a port-based honeypot could highlight requests on unused TCP ports. As Network World explains, "Entire computers, or even networks of computers, can be created to lure attackers."

Fully explore the complexities before implementing honeypots - as the law probably views this as 'entrapment,' and therefore couldn't lead to prosecution.

Monday, 1 March 2010

Certified Ethical Hacking officially approved by DoD


The U.S. Department of Defense (DoD) has announced official approval of the EC-Council Certified Ethical Hacker (CEH) certification program. It is now a baseline skills requirement for U.S. computer network defenders (CNDs).

The Certified Ethical Hacker requirement falls under DoD Directive 8570. This directive provides clear guidance to information assurance training, certification and workforce management.


Military service, contractors, and foreign employees across all job descriptions must show 100% compliance with the new Certified Ethical Hacker training requirement by 2011.


The Certified Ethical Hacker qualification tests the certification holder's knowledge in the mindset, tools and techniques of a hacker, and carries the tag line: "To beat a hacker, you must think like one."


"CEH has been selected due to the immense technical and tactical nature of the certification," said Jay Bavisi, co-founder and president of EC-Council. "It is one of the most technically advanced certifications on the directive for CND professionals. While other policy-based programs add value, CEH prepares the U.S. CNDs to combat hackers in real time, defending U.S. interests globally."

More information about EC-Council and Directive 8570 can be found on the EC-Council website.


Firebrand Training won EC-Council's Training Company of the Year award, and w
e provide the following EC-Council certifications/courses: