Microsoft recently released three insane commercials for its Asian markets. They were removed from their official YouTube page but thanks to the power of the internet have been brought back.
They're quite difficult to describe. But let's give it a try...
Windows 8 Training Camp: Piano
On this video you see two people playing the piano and ping pong at
the same time. The video is meant to describe "work and play".
Windows 8 Training Camp: Watermelon
The second video involves three guys slicing up watermelons with their fingers to show the "power of touch".
Windows 8 Training Camp: Makeup
The third and possibly favourite of the three, is three women competing to see who can put on their make up in just 10 seconds without any mistakes. Symbolising the beauty and speed of Windows 8.
About the Author: Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.
Firebrand
Training has once again won the EC-Council Accredited Training Centre of the
Year award - for a fourth time in a row!
Jay Bavisi,
President of EC-Council congratulated us personally, stating in the video that we
are the largest supplier of Certified Ethical Hackers in Europe and that it
gave him no doubt in knowing that “Firebrand has one of the best residential accelerated
training for the Certified Ethical Hacker program in Europe”.
To embed this video copy the text in the box below:
Jay Bavisi,
President of EC-Council stated: “The annual EC-Council Awards highlight the
commitment and achievements of our global partners and trainers that have
contributed to the information security community… I congratulate all of the
winners for their achievements and dedication to the Information Security
industry in their respective region”
When we went
to Miami to pick up the Training Centre of the Year award from EC-Council at
the Hacker Halted conference, we learned some pretty scary facts from the last
year:
174 million
data records were stolen
96% of hacks
weren't even slightly difficult
85% took two
weeks or more to discover
92% were
discovered by a third party (how embarrassing is that?!)
About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.
CISO stands
for Chief Information Security Officer and is a title given to those
responsible for the IT security and are at the highest level of that field.
EC-Council
released its C|CISA accreditation to develop skills in executing an information
security management strategy in alignment with organisational goals.
“CISO equips
information security leaders with tools to protect against security breaches by
actively improving the current information technology security solutions,
enforcing regulatory requirements and aligning IS with the strategic needs and
goals of their business. This skill set enables the CISO to be the best
guardian of their organization’s digital assets.”
Benefits of becoming a certified CISO
Getting a
CISO certification will make you stand out from others in the competitive ranks
of senior IS Professionals. CISO provides your employers with the assurance that
as a CISO certified executive leader, you possess the proven skills, knowledge
and experience to plan and oversee information security for the whole company.
CISO is regarded as the highest title within the information security profession.
Jay Bavisi,
the President of EC-Council, talks about the CISO credential and why it's becoming a vital certification for organisations to have in order to protect their systems. Watch below.
To embed this video copy the text in the box below:
“CISO is a
unique designation that has been designed in cooperation with industry leaders
to identify a solid blend of functional and executive IT job roles and skill
requirements.” Jay Bavisi, President of EC-Council.
About the Author: Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.
Jay Bavisi, Co-Founder
and President of EC-Council, gave us some information on the highly
anticipated Version 8 of the powerful Certified Ethical Hacker (CEH v8)
credential. Watch below.
To embed this video copy the text in the box below:
If you want to enter the IT security industry (the fastest growing sector in the IT industry), CEH is the one to go for. As an ethical hacker, you’d attempt to penetrate the networks or computers of the organisation you work for. Why would you do this? "White hat" ethical hackers are widely sought after to help find and fix the vulnerabilities that would otherwise be exploited by "black hat" criminal hackers. Demand for CEH professionals continues to grow. Due to the alarming increase in cyber attacks over the past decade, organisations are looking for ways to protect themselves and tighten their security. The CEH course and certification covers all that is needed to identify system vulnerabilities and countermeasures.
Video
Transcript:
My name is Jay Bavisi, and I'm the President
and co-founder of EC-Council, the owners and creators of the Certified Ethical
Hacking credential. I think what's interesting about the Certified Ethical
Hacker Version 8 are a couple of things.
First and foremost, it's the credential of
EC-Council that has obtained the prestigious ANSI17024 ISO/IEC 17024
accreditation status. We are one of the very few organizations in the world
that have obtained this very rigorous accreditation standard, and we're very
proud of that. We're now going to be able to offer the same experience to the
users that are going to be actually attaining this credential through our
training partners across the world.
There are many structural changes that we
have brought in with Certified Ethical Hacker Version 8 to ensure that the
entire user experience, the entire learning experience is really enhanced and
improved. To mention a few, Certified Ethical Hacker Version 8 will see massive
immersion of the
user to skills based competency from the
previous knowledge based competency, and we have done that by the introduction
of the EC-Council iLab environment, which requires the student to actually do
what they claim they think they can do, both in a classroom environment and eventually when they attain the certification.
So students will actually be sitting in a
classroom, no longer just understanding the theory or the concepts or the tools
that they play with. But they'll actually be experiencing a real life scenario
through the complex iLab environment. We're talking of an entire IT
infrastructure that's collaborative in nature, where you will have different
students actually planting flags. Some of them are playing defense, some of
them are playing attack, and some of them are conducting actual penetration
tests right there in the classroom. That's what the Certified Ethical Hacker
Version 8 brings to the table that we were
never able to do without the iLab's technology.
The second most interesting thing about
Certified Ethical Hacker Version 8 is that we're the first organization in the
world to have actually mapped our course to the newly released Microsoft
Windows 8 and Microsoft Server 2012 platform. So students will not be dealing
with archaic technology and archaic vulnerabilities, but they will actually be
dealing with the real life environment of what they're going to be facing in
their employment in the months to come, from the time they obtain the
certification.
The third and the most interesting thing
about the learning of the Certified Ethical Hacker Version 8 is that we have
understood that a student needs to experience far more learning than beyond the
five days that they experience in a classroom environment. We think that the
only way
you will reduce the gaps of information
security leaks that organizations face is if we can have a learning experience
that goes throughout the year and throughout the lifespan of the information
security professional.
We're doing that by launching a brand new
platform called Aspen. It's code name Aspen, and you can google
aspen.eccouncil.org. You'll be able to see that we're able to provide a
holistic student experience, where a student will get to a classroom, they will
then be able to print the evaluations and be able to take the exams. They'll be
able to get to a bookstore that provides them with courses beyond the five day
CH program. They'll be able to see some of the most cutting edge videos, so
that they can increase their knowledge after they have attained their Certified
Ethical Hacker credential. They will have, through this platform, ability to be
able to interact and connect with other information security experts from
around the world.
So it's a completely aggressive, expansive
platform that will allow the learner to actually learn throughout their
lifespan, and we're very excited to be able to bring that experience to the
user through our respected and highly accredited training partners from all
across the world.
About the Author: Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.
Although hurricane
Sandy hit at the worst possible time, Hacker Halted 2012 was still hugely
successful, with over 600 security enthusiasts still managing to make it.
The Hacker
Halted Conference by the EC-Council was a lot of fun. It also included training
led by well-known industry names such as security expert Jack Daniel and the CHFI class by Robert Reed. At the
end of the training they even got to take the exam.
After the 4
days of training, the main conference kicked off with many top-tier speakers
and short break out session presentations. Some of the break out presentations
included golden techniques and advanced tactics.
Not only did
the conference have everything that a growing IT security professional would
want from an industry standpoint, but it also had the world renowned South
Beach by its side and a party that the EC-Council hosts for the conference
attendees which has always blown them away.
The hackers
conference is now in its 14th year with the objective to “raise international
awareness towards increased education and ethics in IT Security.” The
presentations included the following subjects:
Threats
& Counter Measures
Incident
Response & Computer Forensics
Secure
Programming
Business Continuity
& Disaster Recovery
Social
Engineering
Virtualization
Security
Mobile
Security
Malware and
Botnets
Physical
Security
Governance
Policies
& Standard
After the conference, Firebrand Training caught up with the
organiser of the event and Director of Online Learning - Eric Lopez, who gave us an overview what had
happened. He talks about the successful Hackers vs CISO’s debate and the highly
enjoyable hackathon competition. Watch the full interview below:
To embed this video copy the text in the box below:
About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.
His audiences include executives of the most successful companies in the world
such as Merrill Lynch, Microsoft, Shell, HSBC, Hewlett Packard, IBM, American
Express, Royal Australian Air Force, Government of Zhuhai, China Mobile and
A&T Solutions, among others.
Mr Bavisi
regularly shares his insights with law & policy makers at various
international conferences and seminars such as, Interop Las Vegas, CSI, Techno
Security, Techno Forensics and most recently the world renowned Hacker Halted
which is hosted by EC-Council.
As mentioned
in a previous post, we went to the 2012 Hacker Halted in Miami to pick up the
Training Centre of the Year award from EC-Council. While we were there, we
managed to get an interview with Jay Bavisi himself who spoke to us about
EC-Council, cyber security and their credentials.
To embed this video copy the text in the box below:
Jay
has appeared regularly on several local and international television shows and
print medias, including being interviewed by CNN and Fox Business News
regarding information security and ethical hacking. His views have been sought
by internationally acclaimed publications including Time, Washington Post, The
Herald Tribune, The Wall Street Journal, The Gazette and The Economic Times.
His views were also featured by ABC News, USA Today, The Christian Science
Monitor, Boston and Gulf News. Want to see more of Jay Bavisi's interviews? Check out EC-Councils Hacker videos here: www.eccouncil.org/home/hacking_videos
Video Transcript:
My name is
Jay Bavasi, and I'm the President and Co-Founder of the International Council
of E-commerce Consultants, commonly known as the EC-Council. EC Council was
founded ten years ago with one mission in mind and that is to raise the level
of awareness and capability in the wall of cyber- security. There was a time
when 9/11 had just happened and a lot of out of the box questions in
cyber-security were raised. What would organizations do and what would
governments do to address challenges that they face in a new era of cyber-war? At that
point in time, obviously, cyber war was very much a topic of Hollywood fiction,
and as the world has seen it's no longer the case. The escalation of challenges
that countries and governments are facing is real and the importance of a
certification bodies like EC Council is to address the gaps that exist in these
spaces. So EC
Council has got multiple certifications like the Certified Ethical Hacker,
Certified Hacking Forensics Investigator, the License Penetration Testing
Certifications. All of these credentials are meant to create cyber-security
professionals that are actually out there to defend institutions, to defend
organizations and to defend governments across the world.
About the Author: Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.
The Global Cyberlympics is an international cybersecurity competition where teams from
different countries compete to take the title of the number one cybersecurity team
in the world.
The Global
CyberLympics was thought up by the President of EC-Council - Jay Bavisi. He created
the global competition to make ethical hacking more accepted, practiced and demonstrated without any discrimination around the
world.
In just 2
years, there are over 2,500 participants representing 52 countries. And to the surprise of many, cybersecurity experts were coming from all over the globe, including small countries
like Mongolia.
Holland are the champions for the second time running in the CyberLympics winning the 2011 and 2012 games.
This year’s
competition is set to start in July with 1200 participants per continent. Round
one is based around Forensics. Round 2 is CND-Lite. Round 3 is Pen test. And
the final round which is held in Atlanta, USA is the world championships and is
based around all areas of cybersecurity.
To find out
more about how you can join and represent your country in the CyberLympics, click here.
Jay Bavisi,
President of EC-Council talks about the Global CyberLympics and how it was
started. Watch the full interview below.
To embed this video copy the text in the box below:
About the Author: Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, , IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.
Thinking of getting into IT? Here’s a list of
the top five certifications that we think are the most effectiveway of entering the IT world. Once you
have completed one of these, you can start your IT career, gain experience and gain
higher certifications that will land you that powerful salary:
The A+ certification is
considered a benchmark and stepping stonefor people who want to enter
the IT World. The Comptia A+ certification is the industry standard for
computer support technicians. You’ll gain the skills and knowledge in
installation, preventative maintenance, networking, security and
troubleshooting. It is part of the certification track for corporations such as
Microsoft, Hewlett-Packard, Cisco and Novell, and has become a requirement for
their engineers. There are almost a million IT professionals worldwide
who have certified in A+ since the program’s beginning in 1993.CompTIAalso offers its popular Network+
certification which you can gain with the A+ in just 7 days. You'll gain the skills and knowledge necessary to configure and operate a
variety of networking products. Combined, the A+ and Network+ certifications
are backed by major computer hardware and software vendors, distributors,
resellers and publications. According to itjobswatch.co.uk, the average salary for a A+ professional is £23,500 and for a Network+ professional is £23,250.
More than 95% of companies around the world use Microsoft
products and technologies. Now's your chance to be a part of it. The MTA certification is the first stepping stone
for all Microsoft certifications. The MTA is part of Microsoft’s new range of
certifications which are very popular. Gaining this cert offers a stepping stone onto the more
powerful and respected MCSA and MCSE certifications.
This year will see many companies now looking for the updated Microsoft certs,
which is why many MCITP
aspirants are being directed to MCSA and MCSE. Learn more about the new
Microsoft certs and the paths to take here: How
to become a Microsoft Certified Professional.
In a Linux
Jobs report, eight in ten recruiters said that hiring a Linux
talent was a priority in 2012. The popularity for Linux has not stopped growing, and will continue to grow throughout 2013. This CompTIA course
provides you with the basic hardware, software, and networking skills necessary
to function in an entry-level Linux role. It also offers a stepping stone to
the more powerful Linux certs such as the LPI level 2
and level
3. According to itjobswatch.co.uk, the average salary for a LPI professional is £25,000.
CCNA is a great way to enter the IT industry. But requires dedicated training and some may find it hard if they are completely new to IT. You can first take the CCENT to get more familiar with the material. Cisco certifications are world renowned and respected. Having a CCNA shows that you have the ability to setup, troubleshoot, monitor, upgrade and maintain networking hardware based on Cisco equipment. Once you gain your certification, and some experience, you can move on to more advanced certifications like CCNP. According to itjobswatch.co.uk, the average salary for a CCNA professional is £38,500.
The Security+ is one of the highest paying security certifications and again offered by the vendor neutral CompTIA. It's considered an important stepping stone for a career in IT security. It demonstrates that you have a strong knowledge of security concepts, cryptography, access control, and the tools and procedures to respond to security incidents. You’ll also learn about disaster recovery methods, risk management, and compliance and operational security. Once gained, You’ll then be able to anticipate and prevent cyber attacks, and effectively deal with security events. The Security+ cert is greatly recognised in the industry, many companies have it as a requirement including the U.S Department of Defense’s IT department. It's important to note that although this is considered an entry level cert for security, you must first have at least an A+ certification. to understand the core concepts. According to itjobswatch.co.uk, the average salary for a Security+ professional is £60,000. If you want to find out more about the top IT security certifications, see our recent blog post here.
As you can see, CompTIA dominates the list as the best entry level certification provider. You can find out more about who CompTIA is in our recent blog post. Firebrand caught up with Terry Erdle, the Executive
Vice President for CompTIA at the EMEA conference. He spoke to us about leveraging CompTIA programmes
to educate and certify the IT workforce. Watch the full interview below where
he talks about some of the new content and certifications coming out.
To embed this video copy the text in the box below:
Are
there other IT certifications to consider?
If you think we missed one, let us know in the comment section below. It
all depends on what sector of the industry you would like to enter. The further
you go with your certifications, the more specific your skills will become. Good luck
in starting your IT career in 2013.
About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.
CompTIA
provides vendor-neutral certifications around the world and is widely
recognized in the IT industry. They offer 16 certification exams in PC support,
networking, servers, training, Linux, security, IT sales, green IT and more.
CompTIA
stands for The Computing Technology Industry Association and has been
delivering top class certification exams for over 15 years.
Its
certifications have become one of the most recognised in the industry. Thousands
of companies now depend on CompTIA standards to provide a reliable predictor of
employee success.
Companies
with their own certification programs also rely on CompTIA exams to provide an
industry standard for foundation-level skills sets as prerequisites or
electives in their certification programs.
CompTIA
supports the IT industry through education, advocacy and philanthropy
initiatives.
Here are
some of their top certifications:
CompTIA A+
certification is for entry-level IT technician’s and covers
preventative maintenance, basic networking, installation, troubleshooting,
communication and professionalism.
CompTIA
A+N+ certification is a dual course which is entry-level through
to networking professional, covers managing, maintaining, troubleshooting,
operating and configuring basic network infrastructure.
CompTIA
Security+ certification is for experienced security professionals, and
it covers system security, network infrastructure, cryptography,
assessments and audits.
CompTIA
Server+ certification is for experienced IT professionals and covers
areas such as RAID, SCSI, managing multiple CPUs and disaster recovery.
CompTIA
RFID+ certification is for RFID professionals and covers
installation, maintenance, repair and troubleshooting of RFID products.
CompTIA
Project+ certification is for project managers and the covers the
entire process of project management, including initiation, planning,
execution, acceptance, support and closure.
CompTIA
Strata certification is an ideal stepping stone to an entry level
IT career. Many Strata certificate holders continue their careers further by
earning higher-level IT certifications.
You can view the complete roadmap here to plan your
career.
Firebrand caught up with Vice President for CompTIA - John McGlinchey, who spoke to us about the company, its history and its programmes
to educate and certify the IT workforce. Watch the full interview below:
To embed this video copy the text in the box below:
About the Author: Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, , IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.
By Sarah Morgan Nope, I’m not talking about the infamous whiskey maker being a hacker.
But as you’ll soon find out, the Jack Daniel we are talking about is a bit of
legend himself.
As mentioned
in a previous
post, Firebrand Training went to Miami for the annual Hacker Halted event
hosted by EC-Council. The event aimed to raise awareness towards increased
education and ethics in information security.
Hacker
Halted featured many world-renowned experts and high-level speakers such as
Jack Daniel himself, as well as some of the best technology companies
showcasing their products and services.
Jack Daniel - pictured on the right - supports
several information security and technology organisations and is also a technology
activist. Mr Daniels co-founded the Security
B-Sides events, where security enthusiasts gather, share and learn in an
open environment (which has expanded to London - more on that below).
Hacker
Halted provides the most sought after technical training and certification
classes offered through Hacker Halted Academy by top training companies and led
by well-respected instructors.
Firebrand caught up with 'the guy with the beard' at Hacker Halted, and he told us about the world of hacking and its social responsibility. Watch the interview below where you quickly
find out that hackers are not just coming out from teenage bedrooms, but
developing from the most surprising backgrounds.
To embed this video copy the code in the text box below.
About Security B-Sides
Security
B-Sides is a community-driven event built for and by information security community
members. It is where conversations for the next-big-thing are happening and the
Security B-Sides London team is bringing this back to London.
The
volunteers for Security B-Sides London were inspired by the framework of the
original Security B-Sides event in the USA which was co-founded by Jack Daniel
himself. Security B-Sides events are free, community events organised by local
individuals, with the express goal of enabling a platform for information
dissemination.
Their next
event in London is happening on April 24th 2013Kensington
and Chelsea Town Hall. For more information, visit: http://www.securitybsides.org.uk/
Jack Daniel Interview Video Transcript:
My name is
Jack Daniel. I'm the Technical Products Manager at Tenable Network Security.
We're the folks that created Nessus and our line of enterprise vulnerability
management and SIM tools. I'm here at Hacker Halted and I gave a talk yesterday
on social responsibility in hacking.
I have a
background of small business Network and Security Administrator, Systems Admin
for many years. I got more and more involved in security as various things were
broken into or compromised. Somehow I ended up, after starting my career as an
auto mechanic many decades ago, I ended up as a security specialist, and have
been in vendor space for the past five years or so at Astaro, which is now part
of Sophos, and then I joined Tenable about a year and a half ago. I've been
working in vulnerability management and SIM log analysis for the past year or
so.
I'm here at
Hacker Halted. The talk I gave yesterday was responsibility and reality. It's
about the more human side of hacking, the more social responsibility side. It's
interesting, and I think it's part of the culture, of those of us that consider
ourselves hackers. Within the hacker culture definition, not the mainstream
media definition of criminal, or cybercriminal, but within those of us who see
ourselves as challenging things.
The
progression that I use to define that is that I think there are some characteristics,
even at an event like this, even at Defcon, people will get into an argument
over the details and the semantics of it, but there are some things that are
common. One of them, I think, is truly, curiosity. A child-like curiosity and
sense of wonder and wanting to know how things work, and you like to push
things to the limits. The realization that I had as I got into the hacker
culture was that it was a lot like my background as a petrol head or gear head.
I want to push things to the limit until they break. And then I want to fix it,
but fix it better, so I can push it to the limit even farther.
So there's
this cycle that I think that sums up a lot of hacking, which also sums up a lot
of motor sports, which is break it, fix it, but improve as you fix, and then
repeat that. Push it to the limit. Find what fails, solve that problem, and
keep doing so. And the great thing is that in hacking, in this sense, as
opposed to being a motor head, you don't get to the point that what breaks is
you, because your brakes fail at 180 miles an hour.
That's sort
of that mentality, and it gives us a lot of challenges, but some of the things
that a lot of people believe that we owe each other a responsibility, and I
happen to believe that. I think there are a lot of things, but one of the
things I wanted to stress though is that a lot of people have challenges that
keep them from being able to volunteer, donate, contribute back to the community,
and that's okay.
I don't
want to cause a guilt trip for anybody, but we do, especially for those of us
who are fortunate enough to make a career out of information security, so even
though it's not pure hacking, the information security aspects of hacking is
what we do for a living. We tend to be well paid. We tend to work long hours.
But we tend to be well paid and well-connected and get to travel and other
things.
So I really
believe that we have an obligation to contribute to that. And that's what I
talked about. There are things that you can do, and one of the things, it's not
all altruism. If you are part of the community, you gain visibility. One of the
things that that get you is better career opportunities. People appreciate you.
And no matter where you are, if anybody is interested enough to show up at an
event like this, they know something that somebody else doesn't, and it may be
at a Linux user group, or somewhere else, but there's somebody that can take
advantage of that expertise or that skill set, and gain from it.
About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.
Firebrand Training recently went to Miami to pick up the Training Centre of the Year award from EC-Council - at their Hacker Halted conference. We learned some pretty scary facts from the last year:
174 million data records were stolen
96% of hacks weren't even slightly difficult
85% took two weeks or more to discover
92% were discovered by a third party (how embarrassing is that?!)
We also got a chance to interview Founder of Optima Consulting and C|CISO (Certified Chief Information Security Officer) - Juan Gomez-Sanchez – who spoke to us about the biggest security challenges we will face in 2013. Watch the interview below:
To embed this video copy the code in the text box below.
Video Transcript:
My name is Juan Gomez-Sanchez. I am the Founder and Principal for Optima
Consulting. I have about 18 years of experience, specifically leading security
organizations as a practitioner. I was invited to the CISO summit by the EC
Council to talk about the security challenges in 2013 and beyond. I do welcome
this opportunity. It is actually challenging times. There are game changers
that are actually changing the way we actually react to all of these security
situations and concerns as a whole. I would position those issues in four
different buckets, so to speak.
The first one is one of the biggest issues that we have in the industry
today is that security is actually tagged against compliance all the time.
Unfortunately those are completely different things. So the question is
compliance versus security. What we have seen overtime is that compliance has
actually overtaken security, just because organizations need to be able to show
compliance to any given regulation and falsely understanding or thinking that
that is actually going to make them more secure. Organizations are dealing with
this situation on a daily basis, whether it's here in the U.S. or anywhere in
the world, where regulations are taking a foothold on how security organizations are actually being effective or
not.
So, what we have here is a myopic perspective on security trying to fit
security when compliance is actually driving it. That absolutely is not a good
thing. So, the right approach to this is to actually have a security program
that, as a byproduct, shows you the compliance that you actually need. By the
way, as a byproduct of a good security program, you also get other things. You
get a good risk management process, and maybe even, if you want to think about
this as a market differentiator, your competitors are actually going to be
looking at you and you need to differentiate yourself. Security is actually
more often being used as that differentiator. So you want it. Your customers
want it. Your citizens want it. So why not use it as a business enabler rather
than actually something that you have to comply with such as with regulations?
So that's the first one is compliance versus security.
I would say that the second big issue that we're dealing with from an
industry perspective is the fact that security is still being perceived as a
technical problem. It truly is not. The technical component of this is minute.
It's small compared to the big risk about dealing with security in a holistic
perspective. Security is about organizations. It's about procedures. It's
about, of course, technology. But that, again, is actually a small component of
that. Case in point, risk management, all security programs should follow risk
management process, which is, by definition, not an IT process. The perfect
example is things such as background checks, which I understand it's not
universal. There are countries and places where you cannot do this. But the
fact that you have to impose under certain regulations or security programs
background checks is not a technology issue. However, it's a very important
control.
So what you have right now is security organizations being basically put
into the technology field, which I believe is actually a contradiction to what
we're actually trying to do here. Because technology is there to actually
enable organizations to do things more efficiently, and so should actually be
security. But the problem is that it actually goes beyond the technology
component. That's actually a problem.
I would say the third problem that we're having to deal with is that
security is still not viewed as a business enabler. As I said before, customers
and citizens today demand security. The only good way to actually deal with
this situation is to actually convince your CEOs, your CFOs that without the
level of security for your organization and protecting the data
associated with your organizations, you're not going to get and achieve
those business goals that the organization has set forth today. So security has
to sit side-by-side with all the stakeholders from a business perspective to be
able to actually go and make those decisions. That unfortunately is not
happening.
Now, the fourth issue that we're dealing with is the fact that insecurity
is becoming the norm. If you take a look across the world, the number of
breaches and things like that, it's mind-boggling. The numbers are rising. 2011
was actually a bad year, and 2012 is actually becoming worse. What you are
having to do is to react. The security industry is a reactive industry, and
unfortunately every so often, every few years, the security industry gets
slapped in the face saying, "Hey, you need to catch up."
About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.
A shortage of IT security experts is leaving Britain vulnerable to the threat of internet attacks and cyber war research shows.
Cyber crime costs the country hundreds of millions of pounds every year and the skills shortage is not helping. The country’s critical infrastructure that supports government, emergency services, utilities and transport is at risk of online attacks, the National Audit Office warned.
The report stated “these services are essential to daily life… and their protection from cyber attacks is crucial”.
Figures in the government, academia and business claimed that the shortage crisis could last for two decades. The current pipeline of graduates and practitioners would not meet demand.
The NAO report added that “this shortage of ICT skills hampers the UK’s ability to protect itself in cyber-space and promote the use of the internet both now and in the future”.
How much?
The report comes after a large amount of warnings about cyber crime, which is currently estimated to cost up to £27billion a year in Britain alone. Foreign secretary William Hague has stated that computer systems which supported the London Olympics were attacked every day during the event.
Closing the Gap
Britain’s brightest computer brains came together on Saturday at the offices of the internet security company - Sophos for a cyber war game designed to find the most talented individuals.
Cyber security firms confirmed that it has become increasingly difficult to find the best computer minds because the teaching in schools and universities is not up to standard.
TheCyber Security Challenge UKwas set up as a competition in 2010 to encourage the UK to get rid of the digital skills gap.
During the challenge, candidates encounter creations of both cyber criminal gangs and nation states in a virtual environment. They take on the role of forensics and defence specialists working for the UK Government. All attacks are based on real-life scenarios. Candidates then presented their findings to a panel of judges and made recommendations on actions to be taken.
The most successful participants are likely to be offered jobs or bursaries that will help them start a career in the industry.
250,000 new viruses are released on the internet every day, and 30,000 websites fall victim to malicious software every 24 hours.
Governments around the world are investing heavily on improving cyber capabilities in order to protect everything from banks to nuclear reactors, water purification plants to the national grid.
Firebrand Training caught up with James Lyne, Sophos Director of Technology Strategy at CompTIA's EMEA conference. He spoke to spoke to us about the importance of cyber security education. Watch the interview below.
To embed this video copy the code in the box below.
Video Transcript:
Hi. My name is James Lyne and I'm the Director of Technology Strategy at
Sophos. Today at the CompTIA conference we've been running a panel about how to
encourage the next generation of cyber security talent, and how to more
effectively get the message across to existing employees within businesses
today.
It's been one of the huge challenges of the past 20 years of security.
Really the outcome of the panel was that, while we're making a lot of progress,
there's a lot of attention on this issue in everything from public sector and
government, through to small businesses. We've still got a long way to go, in
particular in the area of new devices like mobile phones.
About the Author: Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.
Microsoft recently released three insane commercials for its Asian markets. They were removed from their official YouTube page but thanks to the power of the internet have been brought back.
.png "Global CyberLympics - Cyber Olympics")
