Friday, 23 September 2016

Affected by the Yahoo hack? Here’s what you need to do:

If you have a Yahoo account, you should act fast. Just yesterday it was confirmed that hackers stole the personal data of half a billion Yahoo accounts in the most recent cyber-catastrophe. 

Details, including names, email addresses, phone numbers and security questions were stolen from the company’s network in late 2014. It's also now been revealed that passwords were also taken, but in a “hashed” form, with the company reporting they believe the financial information held with it remains safe, unless the hashed passwords are decrypted.

Yahoo believe this was a state-sponsored act – an increasingly common scapegoat following cyber hacks today. Although Yahoo are currently notifying those potentially affected by the hack, as a precaution you can take steps now to protect your data.

Below, we will identify these steps in order to secure your information now and in the future.

This is what you need to do:

Take back your account: If your Yahoo account has been compromised, the first thing you need to do is take it back. Hackers, may have also gone after your linked accounts so check them also. Below are a series of links to the most common social and mail platforms where you can take back your account.
·         Yahoo
·         Apple
·         Facebook
·         Google
·         Microsoft
·         Twitter

Report it to the police: If you believe you have been hacked and are now the victim of identity theft or fraud, file a report with Action Fraud

Change your passwords and security questions: Even if you haven't been hacked, change your password and security questions immediately. This is especially important if your email is connected in any way to your bank or a PayPal account. 

Additionally, you should look to change the passwords in any other account that uses the same or similar security information. This ensures hackers cannot access other accounts through your Yahoo information. It is also sensible to check your password recovery settings and ensure they have not been changed to a third party. 

Tell everyone you know: In this situation it is a common tactic for hackers to target friends and family of compromised accounts to extract financial gains. So spread the news to your friends and family. Not only will this help them inform you if they see unusual activity, but it may also spare them falling victim to a similar hack.

Be wary of emails from Yahoo: Now is the perfect time for cyber criminals to strike through a phishing attack. Avoid downloading or clicking links in any emails coming from Yahoo. Almost all malware is installed unknowingly by the victims themselves. 

Update your security settings and run a security scan: Make sure you run a virus scan and have the most recent security updates on your operating system. If you don't have an anti-virus application, invest in a high quality one like McAfee or Norton Antivirus. This is something you should be doing as best practice regardless of the issue.

Continue to review your activity: Just because you’ve gotten your account back, doesn’t mean you’re safe. Hackers often leave ‘backdoors’ so they or other hackers can regain access at a later date. Make sure you continually review any activity to make sure no emails are being forwarded or security questions have been changed.

De-authorise applications: Although it may be frustrating, de-authorising accounts that are in any way linked to your Yahoo account will be essential. Although many may deem this unnecessary, it certainly is a better idea than leaving an unknown individual in your system – even if it is just precautionary.   

How serious is this? And what does it mean for Yahoo?

The most serious concern for you as a Yahoo users is if the cryptographically hashed passwords were deciphered and used maliciously. Although the hashing scheme used to encrypt the passwords is known to be relatively tough, Yahoo have yet to release any details on it.

For Yahoo, this breach comes at the worst possible time. Earlier this summer, Yahoo had announced it was investigating a breach reported to involve 200m customers. The sudden increase to 500m means “Yahoo may be facing an existential crisis” with their “already besieged business execution issues and an enduring fire sale to Verizon, this may be the straw that breaks the camel’s back” according to Corey Williams from identity management software company Centrify.

Security researcher Kurt Baumgartner from Kaspersky Labs believes that Yahoo’s failings hardly come as a surprise: “It’s unfortunate that when we are talking about this organisation, a massive breach doesn’t come as a big surprise”. Baumgartner has also criticised Yahoo’s delayed response, citing it as characteristic if we look at their “delay in encrypting IM communications, implementing https for its web properties and more”.

Wednesday, 14 September 2016

Defend your network with the new Certified Network Defender certification

Today, EC-Council launches their highly anticipated Certified Network Defender qualification. This exciting new certification focusses on developing the critical skills needed to protect, detect and respond to attacks on your network. A much needed skillset in a world plagued by cyber attacks.  
In this post we'll take a closer look at the certification and why it's so crucial for the industry.

Businesses have woken up to the ever present threat of cyber attack 

In today’s growing technological world, organisations are painfully aware threat of cyber breaches and the inadequacies of their preventative measures. In fact, a Government study has found that 51% of UK businesses experienced a security breach in the past 12 months. UK Digital Economy Minister Ed Vaizey emphasised just how “crucial” security is, with “too many firms losing money, data and consumer confidence” as a result of the vast number of cyber attacks.  

While the number of cyber attacks spawn rapidly like infectious bacteria, the demand for individuals certified in cyber security has far out paced supply. Findings suggest that 7 of the 10 cyber breaches on UK companies could have been prevented, pointing at a lack of industry knowledge. Furthermore, 28% of organisations experienced a shortage of network security specialists and by 2019 its expected that the demand for cyber security skills will triple the supply of personnel available.  

What can the CND do?  

Why is it that some businesses lock their doors and put on an alarm, yet they leave their most valuable data completely unprotected? A businesses network is a businesses first line of defence against cyber attacks. Unfortunately, set up incorrectly, it can be an open to door to cyber criminals. Once they're in they can infect your database, install ransomware and compromise your applications.  

The CND, built from a common body of knowledge, focusses on defence.  It is made up of 14 of the most current network security domains, aimed at upskilling network administrators with the knowledge and skills to protect, detect and respond to network security threats. 
As network administrators are familiar with network components, traffic, performance and utilisation, network topology, location of each system and the security policies, they can play an increasingly significant role in becoming the first line of defence for any organisation.   
The course outline was devised by a series of surveys and industry related interviews with lead security managers to address the shortcomings within their existing workforce and organisation. The result is the following 14 modules: 
  1. Computer network and defence fundamentals 
  2. Network security threats, vulnerabilities and attacks 
  3. Network security controls, protocols and devices 
  4. Network security policy design and implementation  
  5. Physical security  
  6.  Host security  
  7. Secure firewall configuration and management 
  8. Secure IDS configuration and management 
  9. Secure VPN configuration and management  
  10. Wireless network defence 
  11. Network traffic monitoring and analysis  
  12. Network risk and vulnerability management 
  13. Data recovery and back-up
  14. Network incident response and management  

So what makes the CND so special? 

More than just a certification catered to the current needs of the market, the CND course boasts other impressive features: 
The course is made up of 50% hands-on labs and practical work. The benefit of this skills-based, lab intensive program is that you gain invaluable real-world experience in the event of a real breach.  

Unlike many other certifications, the CND course has shifted its focus from the technology used in security, to the operations and processes involved in securing a network. EC-Council liken this focus on operations over the transitory technology to learning mathematics without a calculator. Rather than mindlessly using technology, you’ll learn the why and the how. The benefit of this is that you’ll develop a more holistic, in-depth understanding of security that can help you better protect your organisation.  

Additionally, the CND being a vendor-neutral certification speaks again to the wide audience this certification will benefit as it means the skills can be taken away and transferred to the various technologies organisations use.  

Certification and Training Details 

Available now, Firebrand is delighted to launch the accelerated CND certification course alongside EC-Council.  

The course will be 4 days in duration including the exam, 20% faster than traditional training. As an official provider of EC-Council certifications, you will benefit from certified instructors, and official material giving you the best chance to pass.  

Having just been awarded EC-Council Accredited Training Centre of the Year for the eighth successive year, you know you're in safe hands. 

The Certified Network Defender credential has replaced EC-Council’s ENSA v4.0, which is set to be retired on March 13th 2017.  

Thursday, 8 September 2016

Discover the big name finalists named for EC-Council Foundation's InfoSecTech & Exec Awards 2016

Earlier this week EC-Council Foundation announced the finalists for their upcoming InfoSec Tech & Exec Awards Gala running at Hacker Halted on September 14th in Atlanta, GA

On 6th September, EC-Council Foundation announced the finalists for the prestigious upcoming InfoSec Tech & Exec awards. The event honours cyber security professionals, recognising those who represent the very best in their field. 

There are seven award categories across which the nominations are spread. These include Certified CISO (CCISO) of the Year, CISO of the Year, Innovative Security Project of the Year, Most Improved Security Program of the Year, Ethical Hacker of the Year, Penetration Tester of the Year, and Forensics Analyst of the year. Let’s take a closer look at the categories and the big names announced:

Certified CISO (CCISO) of the Year

This award recognises high level professionals, all of which carry the EC-Council Certified CISO credential. They were selected for their contributions to the CCISO community, as well as to the information security industry as a whole. Finalists include:

Richard Ryan II Hernandez, Information Security Officer at LafargeHolcim; Paul Horn, CISO at HD Vest Financial Services; Hung-Pin Hsieh, Senior Manager at Acer Inc.; Luis O. Noguerol, President & CEO at Advanced Division of Informatics & Technology, Inc.; and Niran Seriki, Senior Cyber Security Consultant for EU Institutions.

CISO of the Year

This award highlights professionals who have been nominated for their leadership and innovation in working to secure their organisation. This is achieved amongst a constantly changing landscape of threats. Finalists include:

Syed Azher, CISO at Impact Group; Medha Bhalodkar, CISO at Columbia University; Pavankumar Bolisetty, Global Head - Information Security at Wave Crest Holdings Ltd.; Jared Carstensen, Chief Information Security Officer at CRH plc.; Kok Kee Chaiw, Vice President, IT Security & Assurance IT Security & Assurance at MEASAT Broadcast Network Systems Sdn Bhd (ASTRO TV Malaysia); Bobby Dominguez, Chief Strategy & Security Officer at Lynx Technology Partners, Inc.; Youssef Elmalty, Head of Cyber Security at IBM; Aizuddin Mohd Ghazali, Group IT, Head, Risk & Security Management at Sime Darby Holdings Bhd; Amit Ghodekar, Vice President, CISO at Motilal Oswal Financial Services Ltd; Marvin Marin, Cyber Security Program Manager & Technical Advisor at NetCentrics; Michael Molinaro, CISO & VP at BioReference Laboratories, Inc., JR Reagon, former Global CISO at Deloitte; and Eric Svetcov, AVP, Information Security & CSO at MedeAnalytics.

Innovative Security Project of the Year

This award will recognises a cyber security project that showed an advanced difficulty level while innovating with methods or solutions to support the business goals of its organisation. The finalists include:

Chen Heffer, Cyber Security Officer and his team at the Douglas County Government; Dan Nagle, Senior Software Engineer at Harman Professional Solutions; and Niran Seriki, Senior Cyber Security Consultant at EU Institutions.

Most Improved Security Program of the Year

This exciting award recognises the impact strong leadership can create in securing an organisation when the correct frameworks, policies, and governance are put in place. The finalists for this award include:

Chad Cottle, Chief Information Security Officer and his team at City of Lexington, KY; Juan Gomez-Sanchez, Chief Security Officer at Lennar Corporation; Brenda McAnderson, Chief System Sustainment at System Sustainment, National Cybersecurity Protection System (NCPS), Network Security Deployment (NSD), Office of Cybersecurity and Communications (CS&C), U.S. Department of Homeland Security (DHS); Paul Medici, Director at Fidelity; and Preston Werntz, Chief, Technology Services Division at U.S. Department of Homeland Security, Office of Cybersecurity and Communications.

Technical awards

The following awards focus on the technical expertise of cyber security professionals. This is the first time EC-Council Foundation is awarding these categories.

Ethical Hacker of the Year

This award resonates strongly with EC-Council Foundation’s mission of global cyber security, r
einforced by the Certified Ethical Hacker certification. The award highlights the critical role that ethical hackers play in identifying, reporting and patching weaknesses in the world’s cyber infrastructure. The finalists include: 

Marc Rogers Information Security & IT Expert at CloudFlare, Ankur Chandrakant, Cyber Security & Forensics Expert at Cyber Radix Academy for Future Technology; Zechariah Akinpelu, Team Lead, Application and Database Security Control at Fidelity Bank PLC; Christopher Chavez, Cyber Security Consultant at Avyara Information Systems; and Ali Tabish, Sr. Information Security Analyst at Moon International Pak Pvt Ltd.

Penetration Tester of the Year

This award recognises the professional pen tester who embodies the very best principles of penetration testing. They do this by contributing to the industry and the positive view of information security professionals. The finalists are:

Bassem Helmy, Senior Security Consultant at Deloitte Middle East; Bastien Treptel, Director at Ctrl IT Pty Ltd; Srinivasan Subramaniam Muthukondapuram of Consulting Private Limited, Jonathan Paz Gamer & Black Box Pen Tester at RootByte; and Shitesh Sachan, Sr. Lead Application Security at hCentive.

Forensics Analyst of the Year

This award recognises the professional showing exemplary work in forensics analysis through innovation and meticulous performance of duties. The finalists include:

Andrew Case, Director of Research at Volexity; Ahmed Fawzy, Information Security Manager at Raya Contact Center; Muhammad Nuh Al-Azhar, Superintendent Police - Chief of Computer Forensic Lab. at Indonesian Police Forensic Laboratory Centre; Manish Aggarwal, Netowrk Security Analyst at Total IT Solutions Education Organization; and Yamikani Gogo Wilfred Hauya, Systems Support Officer at Malawi Revenue Authority.

The InfoSec Tech & Exec Gala will precede Hacker Halted, EC-Council Foundation’s largest annual cybersecurity conference, as well as the Global CISO Forum, the Foundation’s premier executive-level event. Tickets are still available for both events.

Thursday, 1 September 2016

Cisco updated their CCNA Routing & Switching Certification - Here’s everything you need to know:

On the 17th of May Cisco announced some major changes to their flagship CCNA Routing & Switching certification moving from version 2 to 3 – here’s a breakdown of everything you need to know about the new and improved version 3.

What is the CCNA Routing & Switching?

The Routing & Switching certification aims to teach you the knowledge and skills needed to install, operate and troubleshoot a small-to-medium enterprise branch network as well as the basic network security and complex connections. The course is made up of ICND1 (CCENT) and ICND2 (CCNA), which collectively equate to the CCNA.   

Why has the CCNA Routing & Switching Certification been updated?

Although characteristic of Cisco to update their leading courses every four to five years, Pim Leemans, Cisco instructor, suggests there are additional reasons behind the revamp. “The way we learn has been changing a lot in previous years. Unlike before there will be less theory and more learning by just doing”. Cisco reflect these changes in learning through the introduction of Discovery and Challenge Labs, which teach and test students through practical tasks. Cisco state that the developments of the Routing & Switching certification also aims to meet the advancements in technology and better empower IT professionals with “the understanding of software defined networking (SDN) and the integration of virtualised resources utilised in Enterprise network architectures”.

What do the changes look like?  

Interconnecting Cisco Network Devices Part 1 (ICND1)
100-101 ICND1
Interconnecting Cisco Network Devices Part 1 (ICND1)
100-105 ICND1
Interconnecting Cisco Network Devices Part 2 (ICND2)
200-101 ICND2
Interconnecting Cisco Network Devices Part 2 (ICND2)
200-105 ICND2
Composite CCNA
200-120 CCNA
Composite CCNA
200-125 CCNA

Aside from the changes in the exam numbers, the content of the Routing & Switching certification has changed.

Changes from ICND1 v2.0 to ICND1 v3.0:

Pim Leemans describes the largest changes within ICND1 as the treatment of RIP as the only routing protocol and subjects on device management being moved from ICND2 to ICND1.  

Key topics removed or moved to ICND2:

  • OSPF (single area) and other OSPF topics were moved to ICND2 since RIP is used to introduce CCENT candidates to IP routing protocols.
  • Dual Stack was removed as there are multiple IPv4 and IPv6 transition technologies being used.
  • Cisco Express Forwarding (CEF) has been removed.  

Key topics added:

  • High level knowledge of the impact and interactions of infrastructure components, such as:
    • Firewalls
    • Access Points
    • Wireless Controllers
  • An awareness of the Collapsed Core architecture instead of the traditional three-tier architectures. This effectively joins Distribution and Core into a single tier with Access as a second tier.  
  • Required to configure and verify IPv6 Stateless Address Auto Configuration (SLAAC).
  • Added Anycast to the list of IPv6 addressing types.
  • Required to have knowledge of Link Layer Discovery Protocol (LLDP). An L2 discovery protocol used in addition to Cisco Discovery Protocol.
  • RIPv2 for IPv4 serves as a primary focus for routing protocols.
  • Added requirements to understand DNS and DHCP related connectivity issues.
  • Understanding of Syslog message logging for device monitoring.
  • Skills and knowledge for backing up and restoring device configurations.

Changes from ICND2 v2.0 to ICND2 v3.0

Pim Leemans believes the ICND2 “has changed the most” with the emphasis on outdated technologies such as Frame Relay being replaced by Multi-Link PPP and PPPoE. The more challenging subjects of EBGP, RADIUS and Tacacs+ authentication are now also addressed.

Key topics removed:

  • Frame Relay and Serial WAN technology has been omitted
  • Only HSRP remains from First Hop Redundancy Protocols (VRRP and GLBP removed).

Key topics added:

  • Required to have knowledge of dual-homed vs single-homed Intelligent WAN topology options.
  • Need basic knowledge of external BGP (eBGP) used to connect Enterprise branches.
  • VPN topics now include; DMVPN, Site-to-Site VPN and Client VPN in common Enterprise use.
  • Must have an understanding of how Cloud resources are being used in Enterprise network architectures e.g.
    • How Cloud services will affect traffic paths and flows
    • Common virtualised services and how these coexist with legacy infrastructure
    • Basics of virtual network infrastructure (Network Function Virtualisation)
  • Awareness of Programmable Network (SDN) architectures including:
    • Separation of the control data plane
    • How a controller functions and communicates northbound to network applications and southbound to the R&S infrastructure using API’s.
  • Using Path Trace applications for ACLs, which is an essential new network application enabled by the Application Policy Infrastructure Controller – Enterprise Module (APIC-EM).
    • The tool is designed to automate the troubleshooting and resolution of complex ACL deployments.
  • Understanding QoS concepts related to marking, shaping and policing mechanisms for congestion management.
    • Need an understanding of how QoS is used for prioritising voice, video and data traffic. Plus an understanding of the automation provided by programmable networks to implement business critical QoS policies.  

For even more detail on the curriculum changes:

What does this mean for the old exams?

The exams 100-101 ICND1 and 200-120 CCNA can no longer be taken (August 20th deadline). The ICND2 exam, however, can still be taken until the 24th of September this year.

Can I combined exams?

Yes, if you already have the ICND1 (CCENT) certification v2.0 then you can get the ICND2 (CCNA) certification v3.0 and still end up with your CCNA qualification.

Thursday, 25 August 2016

Firebrand win EC-Council Accredited Training Centre of the Year 2016

As part of the EC-Council Global Awards 2016, Firebrand Training has been named Accredited Training Centre of the Year (Europe). This extends a record breaking achievement to an eighth successive year, a reflection of our continued dedication to delivering excellence and quality across our full range of accelerated EC-Council courses. 

This includes the globally recognised Certified Ethical Hacker (CEH) and exciting new Certified Chief Information Security Officer (CCISO) certifications. 


Firebrand Lead Instructor for EC-Council courses, Richard Millet, was also recognised in the EC-Council Circle of Excellence. This is the fourth time Richard has been honoured for his achievements by EC-Council - being named previously as Instructor of the Year in 2014 and entering the instructor Circle of Excellence in 2011 and 2015.


Speaking about the awards, Firebrand Training Co-Founder, Robert Chapman said:

"We are immensely proud to be named EC-Council Accredited Training Centre of the Year for the eighth year in succession. Here at Firebrand, we pride ourselves on providing accelerated learning of the highest calibre. Our aim is to quickly develop the vital skills and knowledge our customers need to defend their business from the growing cyber threat. 

To be recognised by EC-Council is an honour and shows we continue to deliver on our promise."

Jay Bavisi, President of EC-Council, gave his opinion on the awards:

"We have some of the best training organisations representing EC-Council across the globe and they have again demonstrated the commitment to high quality training, winning them awards again this year."

How the awards were won

Chosen from over 700 training centres, 107 countries and a wide range of EC-Council certified instructors, Firebrand proved its distinction in picking up the Accredited Training Centre of the Year award (Europe) and Instructor Circle of Excellence (Europe) award. Firebrand and Richard Millet met the extensive and rigorous criterion EC-Council have in place to be awarded as the best in Europe in both of these categories.

The Accredited Training Centre of the Year award seeks to acknowledge training centres that provide the greatest level of information security training. Some of these courses include EC-Council’s flagship Certified Ethical Hacker, the Computer Hacking Forensics Investigator, the Network Security Administrator and the ECSA.

The Instructor Circle of Excellence (Europe) award acknowledge instructors that epitomise the industry's best practices, while raising standards and contributing to a growing body of knowledge surrounding information security. 

Offering the latest EC-Council courses

As an official EC-Council training partner, Firebrand offers the very latest accelerated certification courses. This includes the recent addition of the CCISO certification, for which Firebrand were selected as the launch partner for England.

This CCISO course is aimed at developing the next generation of senior-level information security executives. The credential focuses on developing the technical skills needed of a Chief Information Security Officer, while also teaching the application of information security management principles from an executive management viewpoint. 

Thursday, 11 August 2016

Why CISSP is a must have certification, now more than ever

ISC2's CISSP course is essential if your pursuing a senior role in Information Security. CISSP provides an extensive overview of the Common Body of Knowledge (CBK): a compendium of information security practices and standards compiled and continually updated by (ISC)2.

CISSP is integral in developing an extensive understanding of information security and has gained importance as a key component in the selection process for management-level information security positions. But, for those that are unfamiliar, here are the top reasons why CISSP is the certification to choose, now more than ever.

1. Worldwide recognition:

A certification is only as good as the recognition attached to it. Unlike many standard certs, CISSP boasts industry wide recognition, acknowledged in 2015 by SC Magazine (for the fifth time) as the ‘Best Professional Certification Program’.

This Gold Standard credential is not only recognised by the world’s leading multinationals - such as Google, IBM and P&G - it’s also deemed a requirement in 56% of cyber jobs in the contracting industry. If you’re looking to take on the complicated world of IT security, a CISSP certification is a must have.

2. Job competence:

In the 2015 (ISC)2 Global Workforce Study, the report found that the attributes that best characterise ‘successful’ information security professionals came down to a broad understanding of the security field, communication skills and awareness of the latest security threats. 

2015 (ISC)2 Global Information Security Workforce Study

CISSP’s core content, seen in the domains listed below, actively seeks to develop this wide range of information and security management. The CISSP CBK consists of the following eight domains:
  • Security and Risk Management: Addresses a broad spectrum of general information security and risk management topics.
  • Asset Security: Addresses the collection, handling and protection of information throughout its life cycle. 
  • Security Engineering: Is the practice of building information systems and related architecture that continue to deliver the required functionality in the face of threats that may be caused by malicious acts. 
  • Communication and Network Security: Encompasses the network architecture, transmission methods, transport protocols, control devices and the security measures used to maintain the confidentiality, integrity and availability of information transmitted over both private and public communication networks. 
  • Identity and Access Management: Involves provisioning and managing the identities and access used in the interaction of humans and information systems, of disparate information systems and even between individual components of information systems. 
  • Security Assessment and Testing: Involves the evaluation of information assets and associated infrastructure using various tools and techniques for the purposes of identifying and mitigating risk. 
  • Security Operations: Involves the application of information security concepts and best practices to the operation of enterprise computing systems.
  • Software Development Security: Involves the application of security concepts and best practices to production and development software environments. 
The Global Workforce study also compares the job roles of (ISC)2 members versus non-members. 

The findings show those with an (ISC)2 certification such as CISSP, although in possession of a wide range of information, are more likely to take on specialised job roles. Examples of such specialist positions include Security Consultant, Security Architect, Information Assurance Manager or Security Advisor. Nannette Ripmeester, founder of Expertise in Labour Mobility, believes these “specific skills are valued more [by employers] because they are more difficult to teach”. Non-members, however, are more likely to have generalist IT roles such as Network Administrator, Security Systems Administrator or Technical Consultant. 

3. (ISC)2 Membership:

Once you have completed an (ISC)2 certification and subject to annual maintenance fees, you become an (ISC)2 member. This membership offers plenty of resources and benefits that can help further your knowledge and network. Some of these include:

  • Access to a vast network: With over 110,000 members across 160 countries, you will gain access to other CISSP certified individuals and the shareable knowledge of this community. 

  • The opportunity to earn CPEs - critical for maintaining your certification in good standing

  • Discounts on industry conferences and access to free online events. 

  • Access to industry-leading research: Includes the ISC Journal and the Global Information Security Workforce Study. 
  • Security central: An exclusive resource that researches and tracks vulnerabilities using proprietary, state-of-the-art algorithms to aggregate, categorise and prioritise vulnerabilities affecting tens of thousands of products.
  • Industry recognition: An event acknowledging distinguished information security professionals. 
  • Digital badges: Allows you to share your credentials online through the use of a badge.

4. Earning potential:

The CISSP certification proves you have the advanced skills, knowledge and commitment required, to command higher wages.

The challenging standards require students to have at least 5 years of experience in two of the eight (ISC)2 domains listed above. Additionally, the student must complete a 250 question multiple choice exam in order to be officially certified.

Although a difficult process, requiring students to fully understand the CBK and framework of information security practices and standards, the return on investment makes it one of the most highly sought after courses available. 

Those with a CISSP certification command an average an salary of £76,700, compared with £62,500 for similar job titles without a CISSP certification.

5. Growing demand for Security Professionals/Higher spending on IT security:

CISSP has and is likely to always remain a well-performing certification, but what makes it so special today?

As businesses become increasingly dependent on information technology, the importance of cyber security has never been so important. Cybersecurity Ventures projects $1 trillion will be spent globally on cyber security from 2017 to 2021. Editor-In-Chief, Steve Morgan, stated that “IT analyst forecasts are unable to keep pace with the dramatic rise in cyber-crime”. Forbes echoed this in a recent article, stating that the booming cyber security market is expected to grow from $75 billion in 2015 to $170 billion by 2020.

Despite the industry experiencing rapid growth, (ISC)2 found that by 2019 there will be a shortage of 1.5 million information security professionals. So, not only is CISSP a qualification that can propel your IT career, its current high demand in a growing industry make 2016 the best time to start.