Showing posts with label cissp. Show all posts
Showing posts with label cissp. Show all posts

Thursday, 5 November 2015

The 5 hottest IT jobs and how to get them with Free Training For Life

 By Sarah Morgan

Firebrand’s Free Training For Life competition offers you the chance to win accelerated training completely free, for the rest of your life. There are no restrictions. This means you can choose from Firebrand’s portfolio of 200+ accelerated courses, which includes names like Microsoft, Cisco, CompTIA and (ISC)2.

Winning Free Training For Life has the potential to help you get your dream job, so we’ve mapped out the five hottest jobs right now and selected the certifications you need to secure them.


1. Chief Information Security Officer (CISO)


Security is one of the hottest topics out there at the moment, partly due to the staggering amount of high-profile cyber-attacks that have cost names like, EBay, Sony and most recently TalkTalk, millions. Chief Information Security Officer is one of the top jobs in the field. The average advertised salary is £110,000 according to itjobswatch.co.uk and they are now in high demand. CISOs are responsible for developing and implementing security policies and the company’s security architecture.

To get on the path to becoming a Chief Information Security Officer, you could start with the CompTIA A+ or Network+. The A+ and Network+ will teach you the fundamentals in PC hardware, security and networking that will be highly useful in the future.

(ISC)2’s SSCP is also a great value certification that you can do after a year’s IT security experience. This will begin to teach you advanced skills like cryptography, risk, response and recovery, and dealing with malicious code. This will put you in a great position to become a CISO in the future.

3-5 years into your career, ISACA’s CISA would be perfect to give you IS audit and control skills to ensure the business’s security procedures can protect its information assets. You could follow up with the CISM to get skills like risk and incident management and program development. This will help you move into information security management, and eventually the CISO role.

Many see (ISC)2’s CISSP as the best IT security certification you can aim for, and it will certainly help you get into a CISO role. The CISSP will help you master both the management and technical aspects of the field, giving you security engineering, communication and network security skills. There are also extensions to the CISSP that offer in-depth skills if you have a specific need for them. The CISSP-ISSAP includes further detail in areas like access control systems and security architecture analysis. Also, the CISSP-ISSEP can teach you further skills in technical management and risk management. These can help you master your CISO role.





2. Cloud Infrastructure Architect


The cloud technology market is growing rapidly. Because of this, demand for IT professionals with cloud skills has never been higher. Cloud Infrastructure Architect is one of the most sought after positions. The role involves migrating and integrating applications to the cloud, and managing cloud servers. The average advertised salary according to itjobswatch.co.uk is £70,000.

Typically, a business will use one established cloud provider which could restrict the training you’ll need. The restriction-less Free Training For Life however, would give you access to the wide range of cloud certifications, like the following, that teach you the skills to become a Cloud Infrastructure Architect.

The Microsoft Specialist: Implementing Microsoft Azure Infrastructure Solutions certification would give you the skills to migrate existing on-premises infrastructure to Azure. You’d also learn to manage the systems in the future.

The Microsoft MCSA: Windows Server 2012 R2 certification will give you the skills to manage and deploy Windows Server 2012 and components like active directory domain services and AD FS. It also offers cloud skills that will help you become a Cloud Infrastructure Architect. This is because the system includes cloud technology and is so widely used.

The Microsoft MCSE: Private Cloud will teach you how to build your Microsoft private cloud, very useful in a Cloud Infrastructure Architect role. It covers skills like deploying private cloud services, problem management, optimising a cloud infrastructure and configuring a self-service and multi-tenant private cloud.

Another option is VMware’s vSphere [V6] certification which includes elements of cloud technology. This will teach you skills in virtual machine management, configuring and managing virtual storage and networks, and installing and maintaining vSphere.


3. Certified Ethical Hacker


Certified Ethical Hackers are those who are able to counteract and prevent the threat that malicious hackers pose to businesses. The increasing danger that these malicious hackers are posing, is making the demand for Certified Ethical Hackers soar. According to itjobswatch.co.uk the average advertised salary for an ethical hacker is £55,000.

To begin on the path to a Certified Ethical Hacker role, you need systems and networking foundations. The Microsoft MTA Networking, Security & Windows Server Administration, CompTIA A+ or Network+ would all be great certifications to get those skills. The MTA does not cover the same hardware topics as the A+ or Network+, but does offer more content about server administration and will lean towards Microsoft technology.

Following on, the Security+ can give you more detailed security skills, covering topics like compliance and operational security, access control and identity management, and cryptography. Similarly, Cisco’s CCNA will boost your skills in the networking area. This will teach you skills in areas like LAN switching technologies, IP addressing and routing technologies, and network device security.

After two years’ IT experience, you should be ready to sit your Certified Ethical Hacker course. This will give you the knowledge to fill an ethical hacking role. You’ll learn advanced skills in areas like Trojans and backdoors, viruses and worms, session hijacking and SQL interjection. These are necessary and vital skills in the arsenal of an ethical hacker, so you can comprehensively check the security of a business and cover gaps that could be maliciously exploited.

The Computer Hacking Forensics Investigator is a further certification that can boost your skills in the forensics process, improving your skills in responding to an attack. This could really make you stand out in the ethical hacking field.


4. Web Developer


Every modern business needs a website, meaning web developers with skills to create and maintain them, are in high demand. According to itjobswatch.co.uk, the average salary for a Web Developer is £37,500.

To give yourself the fundamental web development skills, an MTA in Software Development Fundamentals or HTML5 App Development Fundamentals would be suitable. You’ll learn core programming and general software development skills that’ll be useful in any web development role.

To get the high level skills you need to become a web developer, you could sit the Microsoft MCSD: Web Applications. This will teach you how to create and deploy modern web applications, whilst giving you an introduction to coding languages like HTML5, CSS3 and JavaScript. It also teaches you basic programming skills like program logic, developing user interfaces and storing data.



5. Project Manager


Free Training For Life has the potential to take your career into project management. The skills in this field are versatile and useful in many areas of business. According to itjobswatch.co.uk, Project Managers have an average salary of £52,500.

You should begin with the PRINCE2 Foundation and Practitioner. It provides a framework for managing projects that is the most popular of its kind in UK. It teaches you how to structure and manage your projects, including planning and organisation techniques. It also covers potential changes and risks to your projects.

Once you meet the prerequisites, you can progress onto PMI’s PMP. This covers more detailed planning and tight regulation of your projects, helping you improve the success rate of your projects. You’ll learn to regulate budgets, communications, quality management and more.

Learning to apply the agile methodology will also help you become a more successful project manager. The PRINCE2 Agile will teach you to combine PRINCE2 and agile in your projects. You’ll learn agile fundamentals and how to tailor the management process around those fundamentals. This will help you react more effectively to unpredictable changes. 



Free Training For Life has no restrictions, meaning you can take your career in any direction you choose. For the rest of your life, stay at the cutting edge in your career by gaining high-quality skills and certifications that can open doors to places you’ve never considered.

You can sit courses from vendors such as (ISC)2, APMG, AXELOS, CISCO, CompTIA, EC-Council, ISACA, Linux, Microsoft, The Open Group and many more. Free Training For Life lets you dream big and accelerate your career with any course you choose. 

You can enter Free Training For Life here and see Firebrand’s full portfolio of accelerated courses here.


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 9 September 2015

Your Ultimate CISSP FAQ

 By Sarah Morgan

The CISSP is a hugely popular certification that carries a great deal of prestige and may be something you’re striving for in the future.

How much do you really know about the CISSP? This ultimate CISSP FAQ will start from the basics to ensure you know all there is to know about this gold standard security certification.

Q: What is a CISSP?

A: CISSP stands for Certified Information Systems Security Professional. Achieving the certification proves you are accomplished at the management level of information security. Developed by globally recognised (ISC)2, it has become established and well-respected within the industry and is now a key component in the selection process of Chief Information Officers.



Q: What does the course cover?

A: The CISSP course begins by ensuring you understand the concepts and principles behind information security and why they are important. You’ll then build up to learn how to protect your business from various angles and how to apply management skills to information security through (ISC)2’s eight domains.

Everything you’ll cover will be from (ISC)2’s CISSP CBK (common body of knowledge). This ensures what you learn is approved and thorough, covering all components of information security management. The full list of the domain titles are as follows:


  • Domain 1 – Security and Risk Management 
  • Domain 2 – Asset Security
  • Domain 3 – Security Engineering
  • Domain 4 – Communication and Network Security
  • Domain 5 – Identity and Access Management
  • Domain 6 – Security Assessment and Testing
  • Domain 7 – Security Operations
  • Domain 8 – Software Development Security


Q: How will it help me on a day-to-day basis?

A: The skills you’ll learn on your CISSP course will improve the depth of your knowledge, filling in gaps, and making you more skilled at what you already know and do. You will also become more proficient and prepared for dealing with a vast range of security threats.

For example, the breadth of topics covered ranges from cryptography to implementing disaster recovery processes. Whatever your current or future job role in information security, you’re sure to gain knowledge and skills that will help you on a daily basis.

Q: Who is the CISSP aimed at?

A: The CISSP is an advanced certification. This means it is directly aimed at senior and experienced security professionals who will realistically be able to pass the exam and find it useful.

However on a more grand scale, anyone looking into senior information security roles can target the CISSP as a long term goal. Even if you’re not quite the perfect candidate to take the CISSP yet, there’s nothing stopping you in the long term.

Q: What jobs can I do with a CISSP?

A: The CISSP has the potential to lift you into security roles that are the pinnacle of the field. Below are just a small sample of the sorts of job roles that you could access after becoming CISSP certified:


  • Chief Information Security Officer
  • IT Security consultant
  • Senior Security Engineer
  • Head of Cyber strategy
  • Security Specialist
  • Chief Security Architect
  • Security Assurance Analyst
  • Technology Consultant Manager
  • Cyber Security Senior Manager
  • Information Risk Manager
  • Head of Risk & Compliance




Q: How much can I expect to earn with a CISSP?

A: Of course the salary you can earn depends on what else is in your skillset and the job roles listed above do have varying salaries. According to itjobswatch.com, the lower tier of the jobs you could be doing average salaries between £40,00-£50,000. These are roles like IT Security Consultant, Security Specialist and Security Assurance Analyst.

However, the more senior roles, like Chief Information Security Officer, Head of Cyber Strategy, Chief Security Architect and Cyber Security Senior Manager, average salaries between £70,000-£100,000. The CISSP is one of the best certifications as a gateway to such high level jobs with that kind of salary and responsibility – especially in a field with such intense competition.

Q: Can anyone take the CISSP course?

A: Because the CISSP is such an advanced certification, there are prerequisites that you must meet before you are able to sit the course.

Initially, you must have at least five years of professional information security experience, as well as a university degree. The nature of the security industry also requires you to agree and commit to the Code of Ethics and criminal history check. On top of this, after passing the certification, your application must be endorsed by another qualified information security professional.

However, do not be put off. These prerequisites are only in place to ensure that you and have the experience and ability to pass the course and put what you’ve learnt into practice in the real world afterwards.

Q: What happens if I don’t meet the prerequisites?

A: If you don’t currently meet the requirements for the CISSP – (ISC)2 offer a range of courses for varying experience and skill level. The full list here.

The SSCP is designed for those who don’t meet the CISSP prerequisites. Also developed by (ISC)2 from its CBK, it covers seven very similar domains, at a lower level. The bonus is, it only requires one year of experience in the information security field – a fantastic stepping stone to get you onto the CISSP.

There are also many other security certifications that can help boost your skills. From EC-Council’s Certified Ethical Hacker, to CompTIA’s Security+, there is a certification out there than can help you get the skills you want in the security industry, whatever your current situation.

Q: What are the exams like?

A: The CISSP exam consists of 250 multiple–choice, four option questions. It’s a lot of questions, but you have six hours in which to do them. All exams are meant to test you and prove that you are a certain standard, otherwise the certification wouldn’t be worth anything. The CISSP is no different and is a tough exam to pass, hence the qualities stated in the prerequisites. But don’t feel daunted, obviously people do pass it, it just takes commitment and hard work. It’s also worth noting that the exam questions change every two weeks, so you’re not facing the same questions each time.

Q: What happens if I fail?

A: Obviously nobody likes to fail, but it doesn’t mean the end of your aspirations and possibility of you getting CISSP certified. (ISC)2 policy states you can retake an exam 3 times in a year. If it’s the first time you’ve failed it, you’ll be able to sit another exam just 30 days afterwards.

Q: When can I get on a CISSP course and get certified?

A: The CISSP is a hugely popular course, which is why there is usually always a course running soon that you can get yourself on. At Firebrand there is between 1 and 3 courses a month. The Firebrand course is also just seven days and also includes the official (ISC)2 exam at the end of it. That means depending on availability, you could be CISSP certified by the end of next week.

 About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.

Wednesday, 1 July 2015

CISSP or SSCP - which certification is right for you?


If you’re looking into an ISC2 information security course, deciding between CISSP training and SSCP training courses can often be confusing. We’re aiming to clarify the difference between the two, and ensure your decision is as simple as possible.

Who are they aimed at?


CISSP training, looks to attract Chief Information Security Officers, Security Managers, Consultants and Analysts, as well as, Directors of Security. In short, those in senior managerial security roles.

SSCP is aimed at those who are currently in a hands on role in information security. Network Security Engineers, Security Administrators and Systems Engineers for example.

Prerequisites?


CISSP training requires a minimum of 5 years of professional experience within the information security field. An endorsement is also required to ensure you meet the course standard. Previous certifications such as CISM, CEH or SEC+ would be a boost.

As SSCP is an entry level information security course, only 1 year of experience is required.

What is covered?


CISSP training has a top down, all-encompassing security strategy. As quoted on the ISC2 website, you’ll learn advanced security practices covering the 8 domains covered in the CISSP CBK:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security



SSCP is run from the bottom up giving IT workers a broad idea of how best to be aware of information security, as well as focusing on the related technical skills. SSCP covers 7 domains, again from the website:
  • Access Controls
  • Security Operations and Administration
  • Risk Identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security


Salaries


Having a CISSP certification could be a gateway into a Chief Information Officer role, with an average salary, according to itjobswatch.com, of £110,000.

The SSCP certification allows you to be versatile in a variety of information security roles. The average salary for a Security Administrator according to itjobswatch.com is £42,500

What Does a CISSP or SSCP do?


A CISSP has the potential to work with nationwide or even global management teams, creating security strategies and helping workers to be able to best do their job in implementing those strategies.


Because those with a SSCP are well rounded, they are able to adapt to many different day to day situations. A SSCP can expect a great amount of variety because of their skillset.

Have a look at these videos to find out more:






About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 13 April 2015

Crack the new CISSP CBK with these CISSP training resources


By Sarah Morgan


Your CISSP exam and curriculum is changing. With the release of a brand new exam blueprint and updated CISSP domains imminent, the material you're revising now will soon be out of date.

The switch will be made on April 16th 2015, when the ten CISSP CBK domains will be reduced to eight.


As a result of this refresh, the CISSP exam will be altered to reflect the new CBK changes (but will remain the same format). Any training or revision material you use must also be updated, or you’ll risk revising irrelevant content!

Don’t get caught out by the 2015 domain refresh. Take a look at these up-to-date revision resources, aligned to the 8 brand new CISSP domains.


1. Official (ISC)2 Guide to the CISSP CBK, Fourth Edition (ISC2 Press) Hardcover – 10 Apr 2015 
ISBN-13: 978-1482262759

Released last week, you don’t get any more up-to-date than (ISC)2’s Official Guide to the CISSP CBK.

This official guide, endorsed by (ISC)2 and edited by Adam Gordon, covers the refreshed technical content added to the CISSP CBK. The book provides a comprehensive guide to the eight CISSP domains and includes illustrated examples, practical exercises and real-life scenarios.

How to buy it:


And remember, if you’re an (ISC)2 member, you’ll get 50% off Official (ISC)2 textbooks!


2. The NEW 2015 CISSP Exam. Brace Yourself (and prepare yourself)! Webcast with Dave miller

Dave Miller has been an IT security specialist since 1980, is a published author and lecturer. So it’s no surprise he’s been following the new CISSP CBK with interest.

His comprehensive webcast, originally hosted March 17th 2015, is now available for free online at Oreily.com. The 93 minute webcast covers an abundance of CISSP topics including:

  • A review of the 2012 CISSP certification exam
  • The new CISSP 2015 examination
  • CISSP certification requirements
  • New test-worthy topics
  • How to prepare for the new CBK and CISSP exam
  • Conclusion: Q&A

To watch the webcast, sign up here.


3. (ISC)2 Overview & Key areas of knowledge in the 8 new CISSP domains

(ISC)2 has released a candidate information bulletin in line with the new CISSP exam blueprint. This massive document includes overviews of each of the 8 brand new CISSP domains alongside the key areas of knowledge you’ll need to understand to pass your exam.

This resource is excellent for any professional who needs a quick refresher on what’s contained in the new CISSP domains.

However, don’t treat the information found here as replacements for experience or knowledge - (ISC)2 state that, “[The candidate information bulletins] were developed to provide candidates with basic information…the outlines are not intended to be in-depth reviews of the examination.”

Access the document here.


4. (ISC)2 sample exam questions

Also included in the (ISC)2 CISSP candidate bulletin are sample questions, aligned to the new exam blueprint. We’ve included them below:


1. Which one of the following is the MOST important security consideration when selecting a new computer facility?

a. Local law enforcement response times
b. Adjacent to competitors’ facilities
c. Aircraft flight paths
d. Utility infrastructure

2. Which one of the following describes a SYN flood attack?

a. Rapid transmission of Internet Relay Chat (IRC) messages
b. Creating a high number of half-open connections
c. Disabling the Domain Name Service (DNS) server
d. Excessive list linking of users and files

3. Which one of the following is a limitation of fuzzing, as it relates to secure software development best practice?

a. Access to the source code is required
b. Not all discovered issues are exploitable
c. Issues must be accessible through an open interface
d. Is not suitable where code development is outsourced

Find the answers on Page 33 of the CISSP candidate bulletin.


Got a burning CISSP question?

If you’ve got more questions, take a look at our CISSP FAQ covering the new exam blueprint.

And if you need to get certified with accelerated CISSP training, good news – Firebrand are the only authorised (ISC)2 partner in the UK and will be teaching the latest 2015 CISSP material from the 20th April 2015.


Related articles:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 13 February 2015

CISSP domain changes incoming


By Sarah Morgan


As the modern information security landscape changes, the CISSP exam has to change with it. Effective April 15 2015, the CISSP will be based on a new exam blueprint and feature updated domains.

Refreshed content has been added to the Official CISSP CBK to reflect the most current topics in the information security industry. As a result, the updated CISSP exam will continue to accurately reflect the technical and managerial competence required by information security professionals.




Those familiar with (ISC)2 will not be surprised by their latest domain refresh. As (ISC)2 themselves state – “We conduct this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.”

What’s changing?

Effective 15 April, 2015 the CISSP domains will look like this (find the current domains here):

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity) 
  2. Asset Security (Protecting Security of Assets)
  3. Security Engineering (Engineering and Management of Security) 
  4. Communications and Network Security (Designing and Protecting Network Security) 
  5. Identity and Access Management (Controlling Access and Managing Identity) 
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing) 
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery) 
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security) 

The keen eyed will notice that the domain refresh reduces the number of domains from ten to eight. However, (ISC)2 stress that the CBK remains as comprehensive as ever. Content has been ‘refreshed and reorganised to include the most current information and best practices relevant to the global security industry.’


FAQ


Q. How does the refresh affect the CISSP prerequisites?

A. The prerequisites will not change. You will still be required to possess a minimum of five years of cumulative paid full-time work experience in two out of the eight domains.

Q. I already hold the CISSP – how will these changes affect my CPE submissions?

A. Starting April 15, 2015 all CISSPs will be required to submit their continuing professional education credits in accordance with the refreshed CISSP domains.

Q. Will the new domains affect the number of exam questions, or duration of the exam?

A. No – your CISSP exam will still have the same number of questions and the time you are allotted will not be affected.

Q. Will there be new training materials for the CISSP?

The content within (ISC)2 training materials will be updated to align with the new CISSP domains. See the below table to find the launch dates for these new training products.

Q. Where can I find more information?

A. Refer to (ISC)2’s official FAQ or blog post for more information regarding the CISSP domain refresh.


Related articles:


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Wednesday, 17 December 2014

Best IT certifications for 2015


By Sarah Morgan


Getting certified is a brilliant way to prove that you are as skilled as you say you are. But a certification doesn’t stand alone – if you can’t apply it, what’s the point? Now that 2014 draws to an end, let’s take a look at some of the best IT certifications for 2015 that will advance you to the next stage in your career.

The need for qualified IT professionals is now massively outpacing the supply – it’s estimated that Britain alone will need 500,000 new IT professionals over the next five years. And with the widespread uptake of technologies, like Cloud and virtualisation, getting certified in 2015 really will make all the difference.

2014 saw a barrage of cyber-attacks inflicted upon businesses around the world. In fact, more organisations fell victim to cybercriminals in 2014 than 2013, the US State of Cybercrime revealed. And reports are already predicting an increase in cybercrime for 2015.

So from security to cloud and project management qualifications - getting certified for 2015 could be one of the best decisions you make next year. Here's our list of the best IT certifications for 2015.


1. Microsoft MCSA: Windows Server 2012 

Support for Windows Server 2003 ends July 14th, 2015. Using the system after end of support could cost you up to £120,000 a year in custom support. You will also lose the ability to process online transactions via Visa & Mastercard as Windows Server 2003 will fail to adhere to PCI compliance.

Despite warnings from Microsoft, estimates from HP suggest 11 million systems are still running Windows Server 2003. This could be a cripple your business, come 2015, considering the estimated 3 to 18 months it takes to migrate a datacentre of 100+ servers.

Thousands of businesses will now be migrating to Windows Server 2012, making the MCSA: Windows Server 2012 certification a valuable asset. Get this cert and you’ll reduce the hassle of migration and be able to make the most of your new server software faster.

Start planning your migration today (if you haven’t already) and make it a smooth process for your organisation by taking the MCSA: Windows Server 2012 course.


2. EC-Council Certified Ethical Hacker

There was a 50% chance you were a victim of cybercrime in 2014, data from Microsoft revealed. The same is true for one-in-five small and medium businesses.

Certifications like EC-Council’s CEH are now becoming increasingly sought after for businesses of all sizes. After all, nobody wants to face a crippling security breach like Sony’s recent attack.

Protect your business from cyber attacks like this (image from Sony's recent breach)



























Take on the CEH in 2015 and you’ll get comprehensive ethical hacking and networking security training. On this course you’ll learn how to conduct penetration tests against your own systems. With the knowledge of a hacker at your disposal, you’ll identify and close security holes that a cybercriminal could otherwise exploit.

The CEH certification also qualifies you for a wide range of roles within IT security from Forensics Analyst to Application Security architect.


3. (ISC)2 CISSP

In the past year alone, cyber security vacancies have doubled with demand now overwhelming supply, according to data from Technojobs.

The CISSP is a global standard and widely recognised as the information and cybsersecurity benchmark cert. Achieve it and you’ll display solid proof of your rounded IT security experience as well as a common baseline and standardisation of knowledge.


Certifications like the CISSP are in demand (2014 saw a 10% growth in the average salary for cyber security professionals) as they are frequently required for the majority of senior roles within cyber security.


Protect your organisation from IT security threats of all kinds - find out how to become a CISSP.


4. Microsoft MCSA: Office 365

Take the Microsoft MCSA: Office 365 and position yourself to take advantage of Microsoft’s new Cloud focus. This is also your first step to achieving Microsoft’s new Cloud Productivity competency for your business.


Achieve this certification and you’ll use the power of the cloud to save time, money and free up your business’s resources. You’ll get the skills required to set up an Office 365 tenant, including federation with existing user identities. If you evaluate, deploy and maintain Office 365 services, or plan to in the future – this is the course for you.



5. VMware® vSphere 5.5 

Businesses continue to embrace virtualisation technology as a way to reduce cost and complexity of critical applications. ‘The always-on-business will become the norm across the globe’ writes Don Williams, Vice president at Veeam Software.

Users want continuous access and to keep up, businesses have turned to virtualisation technologies to provide this. Products like VMware’s vSphere enable businesses to virtualise their server resources and aggregate them into logical pools for use across the entire business.

vSphere 5.5 is the fix for costly infrastructure sprawl as it allows your business to run multiple operating systems and applications on a single computer. Gone are the days of having multiple servers running at sub-optimal capacity - virtualisation technology gives increased productivity by reducing physical servers and ensuring each is running at full capacity.

Learn how to apply virtualisation technology within your organisation in 2015, with VMware’s official vSphere 5.5 certification. Find out more here, but bear in mind, this certification may change with the release of vSphere 6 sometime in 2015.


6. Microsoft Specialist: Developing Microsoft Azure Solutions 

Cloud technology is growing and demand for Cloud qualified professionals is growing with it. In 2014, 56% of IT departments couldn’t find qualified staff to support their cloud projects and demand for ‘cloud-ready’ IT professionals is also set to grow by 26% in 2015, IDC reports.

Microsoft's Public Cloud offering, Microsoft Azure, continues to grow with more than 1000 new customers joining everyday. After investing $15 billion in building and maintaining the global datacentres that power the Azure platform, it’s clear Microsoft have big plans in the Public Cloud space for 2015. You can tap into the demand for cloud skilled professionals by looking at the newly released Microsoft Specialist certifications focusing on the Azure platform.



If you’re a developer, the Developing Microsoft Azure Solutions certification is a brilliant way to gain a greater understanding of the Azure platform in 2015. This specialist course, built for developers, teaches you how to establish your own Azure virtual network environment, construct Azure Virtual Machines, host azure websites and design resilient cloud applications.

If you already hold the MCSD: Web Applications cert, this qualification is a brilliant way for you to get a rounded understanding of the Azure platform for 2015.

To achieve the certification you’ll have to pass the Microsoft Exam: 70-532.


7. Implementing Microsoft Azure Infrastructure Solutions

This is the second of Microsoft’s new specialist Azure certifications. With it, you’ll learn how to migrate your on-premise infrastructure to Azure. You’ll also learn how to:
  • Plan and implement data services based on SQL
  • Deploy and configure websites
  • Publish content through CDNs
  • Integrate on premise Windows AD with Azure AD
To achieve the certification you’ll have to pass the Microsoft Exam: 70-533.


8. AXELOS PRINCE2 Foundation and Practictioner

PRINCE2 is the de-facto standard for project management in the UK and is held by 63% of all project management professionals. With over a million exams taken globally, it’s already recognised as the world’s most popular project management methodology.

This qualification covers the management, control and organisation of a project. It embodies years of project management best-practice and provides a flexible and adaptable framework that suits different projects.

The PRINCE2 remains a sought-after certification for 2015 as employers continue to demand this qualification for their project management roles.


9. Microsoft MCSE: Private Cloud

The MCSE: Private Cloud certification focuses on the skills to combine Windows Server and System Centre 2012 to build a private cloud for your business. This certification requires the MCSA: Windows Server 2012 as a prerequisite. 

To boost the uptake of this already popular cert, Microsoft have launched various initiatives to help IT professionals get the prerequisites for this in-demand cloud certification.

To find out more about how to get the MCSE: Private Cloud certification, check out Microsoft Evangelist, Keith Mayer’s step-by-step guide. Or, if self-study isn’t for you, take a look at this accelerated course.


10. CompTIA A+

Many an IT professional’s career has been built upon the solid foundations of the CompTIA A+ certification. In fact, over 1,000,000 people have achieved the A+ in the past 20 years.

Major brands - like Dell, HP and Lenovo – require that their technicians are A+ certified in order to service their products. It’s even supported by government branches like the US Department of Defence.

The skills you’ll get from this certification are vendor neutral, meaning they’ll remain universally applicable across your entire IT career.

If you’re new to IT then this cert is one of the best ways to break into the industry. Take the CompTIA A+ and set yourself up with a comprehensive base of IT knowledge for 2015.


If we missed any great certifications you’re planning on taking in the New Year, please comment below!

We supported our best IT certifications for 2015 with a lot of our popular blogs from 2014, take a look at them below:



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 12 December 2014

Fast track your career into Cyber Security in 2015

 By 

Continuing growth in salaries, a shortage of skilled professionals and a rapid increase in available jobs make a career in cyber security a real prospect. Follow this guide to fast track your career into cyber security in 2015...

If you’re considering a career in cyber security then 2015 could be the year for you. The hacking of Sony Pictures is the latest in a string of high profile attacks, which continues to put recruitment of skilled cyber security professionals top of the agenda.
placeholder

Cyber security vacancies in the UK have doubled in the last year, with demand outstripping supply, according to a recent study by Technojobs. Combine this with of a 10% growth in the average salary for UK cyber security professionals, now £57,000, and increased Government support and it’s easy to see why the current climate is perfect for employment in the field of cyber security.


Follow these tips to fast track your career into cyber security in 2015…



1. Find the right job for you


First things first, work out which job is right for you. Whether you want to become a Computer Forensics Investigator, Information Security Analyst or Penetration Tester, it’s important to know what the job entails.
SANS have compiled a list of the top 20 Information Security and Cyber security jobs which you can use to track down job descriptions on the major job boards.


2. Get certified


Sometimes the quickest way into the cyber security sector is to get certified. In fact the majority of commercial cyber security and defense-related IT Security jobs require security certifications as a prerequisite. So the lack of certification may be the only thing standing between you and your cyber security career. Find out.


If you are looking at entry-level positions then the CompTIA Security+ and Microsoft MTA Security Fundamentals are a great place to start.

Those considering a more advanced position would be well placed to consider EC-Council’s Certified Ethical Hacker (CEH) certification or ISACA’s Certified Information Security Manager (CISM) certification.
Then there is the industry gold standard Certified Information Systems Security Professional (CISSP) from (ISC)2, for those eyeing up a position in Senior Management.
This is merely scratching the surface, there are a range of security certifications available from other renowned vendors including Cisco, Symantec and GIAC.


3. Make sure you have the right experience


This echoes back to the first point, when you’re looking at job descriptions, scope out the level of experience required for the job in question. You may realise that you don’t have the right experience at this stage, but at least you know what you’ll need to be working towards.
For those looking at starting a career, this may mean taking a non cyber security-related job as a stepping-stone. As pointed out in a fantastic post from Ira Wrinkler in Computerworld:

“You cannot be expected to protect computers if you don’t know how to administer a computer system, you can’t secure a system that you can’t properly configure on your own, you can’t secure a database if you aren’t fluent in the database management system, and you certainly can’t write secure code if you can’t code at all.”

A great way to bridge the experience gap at the entry level is through voluntary work experience or internships. Keep your eyes peeled, they are everywhere.


4. Get your CV in shape



This can be applied to any industry, but always make sure your CV is up to scratch. This will be the first impression you make to a potential employer, get it wrong and it will be the last.
Having past experience in the recruitment sector here’s my top advice:

  • Ensure your CV is tailored to each individual position. This includes a covering letter outlining why you want the job and why they should consider you.
  • You need to make an impact in the first few lines, so highlight relevant experience and achievements from the outset.
  • Don’t waffle, if your CV is more than 2 pages then it’s too long.
  • No spelling mistakes, with modern day spell check it’s unforgivable.


5. Consider signing up with a recruitment agency



This advice is perhaps more for the seasoned professional, but signing up with a specialist recruitment agency can significantly improve your chances of landing that coveted role. Yes you’ll have to go through an interview, but once on the books there are numerous benefits.

A good recruitment consultant will:

  • Have in depth understanding of the industry and some powerful connections
  • Advise you on how to improve your CV and interviewing skills
  • Sell you into employers, even if that employer isn’t currently looking
  • Get the first shot at a high profile position that may never make a job site
So there we have it, five tips to set you on your way to a new cyber security career in 2015. I wish you every success.



Author Profile

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Working in the Industry for almost 3 years, Edward has a wide variety of experience with Microsoft Technologies including SharePoint, Windows Server and Exchange Server. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor.

Friday, 31 October 2014

(ISC)2 CISSP – Official vs. Unofficial


By 


Unofficial training can often seem like a more viable alternative to its official counterpart. It may often be cheaper, but it’s a false economy – you might not be aware of all the benefits of official training.

How much better really is it to get your CISSP with an official (ISC)2 provider?

Instructors


With an authorised (ISC)2 training provider, you’ll be learning from official CISSP instructors, vetted and trained by (ISC)2 themselves.

Conversely, unauthorised instructors are not taught or trained to deliver official (ISC)2 material.  There’s no vetting process for unauthorised instructors, so you’ll be relying on your training providers opinion and this might not align with (ISC)2’s strict guidelines.


Course material


When going official you’ll get the latest (ISC)2 training materials.  When considering that the CISSP exam questions are entirely rewritten roughly every two months, possessing this up-to-date material is crucial.

(ISC)2 make sure their exams continually evolve and stay current with information security trends and practices.  Every CISSP exam even features a set of secret ‘dummy questions’ (questions which won’t count towards your final score but are used by (ISC)2 to gauge the suitability of new exam questions).

(ISC)2 are clearly committed to staying up-to-date. To beat the CISSP exam, you’ll have to as well. This means getting access to official (ISC)2 course material.

Use unofficial course material and you run the risk of studying a dated curriculum and obsolete materials. This is because unofficial courses simply don’t have access to the official material.


Practice exam papers


We’ve all taken advantage of practice exam papers as a brilliant method of revision. Nothing can beat the realism that a practice paper provides; knowing exactly what you’re up against can often mean the difference between a pass and a fail.

Going into an exam without having seen a past paper can be a gruelling experience. Luckily, authorised (ISC)2 training providers have access to official past papers.

Unfortunately, unauthorised training providers just don’t have access to these infinitely useful revision tools. Worst case scenario you’ll be working on questions which just aren’t aligned to the exam your about to take.


Taking the exam


Official (ISC)2 training providers are able to provide your exams onsite. That means you won’t have to spend £498 on the exam voucher and get yourself down to an exam centre.

Instead, you’ll just be sitting your exam in the same facility that you’re already studying in. As you might imagine, unofficial providers can’t offer the exam – you’ll have to make your own arrangements.


Bonus: Get CISSP certified with the only official (ISC)2 provider in the UK

Firebrand are immensely proud to be the only official (ISC)2 training provider in the UK. This CISSP course just doesn't compare. Here’s just how different it is:


You’ll get certified in only 7 days and still get more hours of learning than anywhere else

Firebrand’s official (ISC)CISSP Boot Camp is just 7 days. This includes taking and passing your CISSP exam as well as receiving your instant exam results at the training facility on the last day of the course.

You’re learning day will last from 9:00am to 9:00pm – that’s 12 hours of actual training each day. With the best similar training providers you’ll only be learning from 9:00am – 5:00pm.

On day 6 of our 7 day course, you’ll get an entire 12 hour exam preparation day. During this day your (ISC)authorised instructor will explain the methods and techniques you need to know to pass your exam.

No distractions

You’ll be better prepared to achieve first-time success when you can focus entirely on achieving your CISSP for seven entire days. And once your exam is completed on your last day, your objective is complete, in no time at all.

You’ll essentially be putting a ‘Do Not Disturb’ sign up on the door to your life. So far Firebrand has trained over 55,000 students in this total-immersion and distraction free environment.

And…

That’s not to mention that other training courses don’t provide accommodation, an exam voucher or even exam delivery.

Find out more about Firebrand’s unique CISSP course on the Firebrand website.

Related articles:

-          How to become a CISSP
About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Friday, 24 October 2014

How to become a CISSP


By 


CISSP is a global standard, widely recognized as the information and cybersecurity benchmark certification.

It’s an advanced cert that demonstrates a wealth of IT security knowledge and experience. If you want to ascend the ranks of information security, a CISSP can be an incredibly valuable asset.

The CISSP is a demonstration of your information security acumen and fundamental step for the senior role of Chief Information Security Officer (CISO). With the CISSP, you’ll have a common baseline and standardisation of knowledge, a proven record of ethics and a solid reputation of professional conduct (crucial for a business leader and any striving for senior level positions).

How to become a CISSP

The journey to becoming a CISSP takes hard work and dedication. If it didn’t, this certification wouldn’t be so valuable.

There are five steps to becoming (and maintaining a) CISSP:
  1. Meet the experience requirements
  2. Pass the exam 
  3. Obtain an Endorsement
  4. Prepare for an Audit
  5. Recertification

Don't let the bad guys in.
morguefile / larryfarr

1. Meet the experience requirements 

In order to even register for your CISSP exam, you’ll need to prove you possess five (or more) years of professional experience in information security. 

Plus, you’re history of professional experience must have involved at least two of the following 10 domains present in the CISSP Common Body of Knowledge (CBK):

  1. Access Control
  2. Telecommunications and Network Security
  3. Information Security Governance and Risk Management
  4. Software Development Security
  5. Cryptography
  6. Security Architecture and Design
  7. Operations Security
  8. Business continuity and Disaster Recovery Planning
  9. Legal, Regulations, Investigations and Compliance
  10. Physical (Environmental) Security 

(ISC)2 provide one-year reductions in professional experience if you possess on of the following:

  • A four-year college degree
  • You hold a credential from (ISC)2’s approved list. Examples include: MCSE, MCSA, MCITP CompTIA Security+, the CISA / CISM and the CCNP (to name just a few)
  • An advanced degree in information security from the U.S. National Centre of Academic Excellence in Information Assurance Education (CAE/IAE)

It’s worth noting that you cannot combine these qualifications, regardless of how many you possess, you can only receive a maximum reduction of one year.


2. Pass the exam

So you’ve accumulated 5 years of information security experience (or 4 years with the 1 year waiver) and your work embraces two of the 10 CISSP CBK domains.

But before you can even sit the exam you’ll also have to complete the Candidate agreement, confirming your aforementioned experience, and legally committing to the Code of Ethics. You’ll then be required to successfully answer four questions regarding your criminal history and related background.

Now you just need to pass the exam, right? Well, as you can imagine, passing the CISSP exam is going to take some serious preparation.

In fact, in the words of (ISC)2 – ‘The vast breadth of knowledge and experience required to pass the CISSP is what sets it apart.’

The CISSP exam will test your knowledge of the 10 CISSP domains. Achieving the standard of knowledge you need to pass the exam takes time and dedication.

Many CISSP holders recommend taking up to 15 days off work, just to round off your 4 month revision journey. If you can’t afford to take this much time off work, there are always more efficient ways to achieve your CISSP, like training courses or varying speeds.

Now, book the exam – do it early and you’ll save money. But, please note: some training providers do include the exam cost in their training package.

Either way, it’s time for your exam. Be ready for a test of endurance – you’ll have 6 hours to answer as many of the 250 multiple choice questions as you can. 
 

3. Obtain an Endorsement 

Congratulations, you passed your exam! But you’re not done yet. You’ll now have to proposition an active (ISC)2 credential holder to attest to your industry experience.
They’ll have to fill out an endorsement form for you. Once (ISC)2 receives and approves the endorsement, you can finally take up the mantle of a fully-qualified CISSP.


4. Prepare for an audit

(ISC)2 randomly submits some of its CISSP professionals to audits. It’s never a good idea to skew the facts on your application, especially so if you’re singled out for an audit.

If you are found to have incorrect or falsified data on your application, you’re going to lose your CISSP. Honesty really is the best policy.


5. Maintaining your certification 

To remain a member of the (ISC)2, and to keep your CISSP certification, you must:

  • Abide by the (ISC)2 Code of Ethics
  • Obtain and submit the required Continuing Professional Education credits (CPEs)
  • Submit Annual Maintenance Fees (AMFs) upon receipt of annual invoices

The information security landscape is constantly in flux, perhaps no more so than information security. As a result, your CISSP must be maintained with CPEs – a minimum of 20 CPEs every year for the first two years of the three-year cycle.

Even if you satisfy the CPE requirements of your first or second year, your tally must still equal 120 by the end of the third year.

CPE’s can be gained through live educational events and online seminars (available to (ISC)2 members only).

If your certification is terminated, you’ll need to retake the examination before you can return to being CISSP certified. You’ll also be charged a $35 reinstatement fee upon recertification (though this pales in comparison to working through the 6 hour exam once more).



Got what it takes?

If you’ve got the experience, determination and drive to crush the CISSP but don’t want to take several weeks off work – try an accelerated course. You could be certified in only 5 working days.

Related articles:


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.