Top Certifications for a Career in Information Security

Here is a compiled list of Information Security certifications that will help you stand out against your competition as you work towards advancing your career in Information Security. Not only that, but these certifications will make your knowledge and skills crucial to the company you work for. Different levels of experience are required for each certification as well as perquisites that can be met by completing Cybersecurity training courses. Read more to find out which certification is the best fit for your career.

Security+

The CompTIA Security+ certification is a great place to jump start your career in Information Security. This certification will prove that you have the knowledge and skills to implement and monitor security on networks and operating systems, as well as respond to security breaches that may arise.

The Security+ certification training is ideal for:

  • Network Administrators
  • Security Administrators
  • Information Assurance Professionals

CEH (Certified Ethical Hacker)

The EC-Council Certified Ethical Hacker certification is the most advanced hacking course on the market! The CEH certification will exhibit your ability to think like a hacker (a trusted one, of course). This certification will show that you are qualified to scan, test, hack and secure a network.

The CEH certification training is ideal for:

  • Security Officers
  • Auditors
  • Security Professionals
  • Site administrators

CISSP (Certified Information Security Professional)

The (ISC) ² CISSP certification is intended for experienced security professionals. It proves that an individual has in-depth technical and managerial skills and credibility to develop, engineer, implement, and manage information security policies and procedures to prevent attacks.

The CISSP certification is ideal for (to name a few):

  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Chief Information Security Officer
  • Network Architect

Check out this free CASP vs. CISSP White Paper from TrainACE.

CISM (Certified Information Security Manager)

The ISACA CISM certification is one of the highest paying and in demand IT certifications. The CISM certification validates professionals’ information security management expertise. This certification is highly desired by government agencies and private business. CISM’s manage, design, oversee, and asses an enterprise’s information security.

The CISM certification is ideal for:

  • Information Security professionals with at least 5 years of experience in IS management.

Online Safety Checklist

Is your personal information secured online and are you taking all the possible measures to ensure that it is safe? There are some simple steps that you can follow to strength your online security!

  1. Password Protection- When it comes to password security, it is better to be safe than sorry. Refrain from sharing your password online. Create passwords that are unique and difficult for a hacker to figure out… don’t make it easy for them! Don’t use your pet’s name, or your birth date- this is information that can be easily discovered. Another problem with passwords is the vast accumulation of them over time. Do not keep your passwords in your phone, or saved on a document on your computer. These files can end up in the hands of hackers, leaving your personal information at risk. Consider using a protected password manager to store your passwords.
  2. Do not open attachments from untrustworthy sources! –Simple as that.
  3. Safe Online Shopping-  shopping online is quick and convenient, but can also put your personal information at risk of being stolen. When you use your credit card online it is susceptible of being hacked. A piece of advice: Only use your credit card on websites with the prefix “https”. The “s” confirms that the site is using a secure protocol to encrypt any communication between you and the website you are shopping on. So when in doubt, play it safe and don’t shop on that site, but if you must…look for the “s”.
  4. Mobile Device Safety- Now-a-days almost all of our personal accounts can be accessed in the palm of our hands. This includes banking accounts, shopping accounts, email, etc. The scary thing is, it is so easy for your mobile device to be misplaced and stolen. So, it is just as important to ensure that your are following the above safety tips with your mobile devices.
    • Set lock codes on your phone
    • Enable Find My iPhone, iPad, and Mac.
    • Set up Do Not Track in your web browser
    • Look for the “https” URL
    • Avoid connecting to public Wi-Fi
    • Manage your privacy settings for your apps

These are just a few simple tips to get you headed on the right path to securing your personal information. It is easy to overlook practices that make us vulnerable to cyber attacks. But, it is important to make ourselves aware. Consider taking TrainACE’s Security+ Training Course to strengthen your knowledge on general security concepts.

Free MCP Exam Retake for a Limited Time!

Have you heard the latest on Microsoft’s Second Shot offer?

If you were considering becoming a Microsoft Certified Professional (MCP), there is no better time than now! For a limited time, when you take any MCP exam, Microsoft will provide you with a free retake of the same exam if you do not pass on your first attempt.  This deal can be combined with other offers or discounts that you may have acquired.

Second Shot Exams Include: 

  • Microsoft Certified Solutions Expert (MCSE)
  • Microsoft Certified Solutions Developer (MCSD)
  • Microsoft Certified Solutions Associate (MCSA)
  • Microsoft Specialist certification exams
  • Microsoft Dynamics exams

This free Second Shot is only valid between July 12, 2015 and January 12, 2016. However, if you have taken and failed an exam prior to July 12, 2015 but would like to schedule a retake after July 12, 2015, you may do so. Take advantage of this great opportunity while it lasts! The only catch is you must retake the exam within 30 days of the failed exam… not too much of an inconvenience considering it’s free, right?

Rescheduling your exam is super simple as well! For steps on how to do so visit Microsoft’s website.

If you haven’t gotten as far along in the process of becoming a MCP to schedule an exam, consider taking a training course prior to the end of the Second Shot offer! Perhaps start with TrainACE’s MCSA course which is scheduled to run this month!

Secure Your End Users to Drive Significant Improvement in Data Security

End user security is beginning to become mainstream, and for good reason. According to a study conducted in 2014, 80% of IT and security admins believe that end user carelessness is a bigger threat than actual cyber attacks and malware.

As cyber security professionals, we put the majority of our time into securing and hardening our applications and networks. Obviously, this isn’t a complete waste of time, because we have logs that tell us that these things are constantly under attack. However, almost as frequently under attack are the end users, and whats worse, targeting end users is more effective for hackers.

So why have we been so slow to invest in end user security training? It seems to be a widely ignored topic, one that is only now becoming mainstream. In fact, we have actually had conversations with security leadership from large organizations who have admitted that they have yet to invest in training their end users.

The truth is, its time to invest in end user security training. So many attacks occur because people do things either negligently or even somewhat maliciously. Creating a culture that values secure practice regarding the IT applications they use to do their jobs, is the only way we can ensure we are truly, defending the data within our organizations.

A Free IT and Cyber Security Training MOOC is on its Way

In recent years we have seen a trend emerging in education. Free learning has been making huge waves, and the term MOOC is what is bringing about that change. MOOC’s (Massive Open Online Courses) that have launched in recent years include companies like; Khan Academy, which has brought math and science classes to the world for free; Codecademy, which offers free coding learning; and Coursera, which provides online classes from some of the world’s top universities. We have caught word of a MOOC that will launch in January called Cybrary, which provides free IT and Cyber Security training classes to the world.

So far, from what we can tell on the website, Cybrary’s training offering includes classes that prepare people for some of the more popular IT and security industry recognized certifications, such as the CompTIA A+, Security+, ECC’s Certified Ethical Hacker and the CISSP from ISC2. The site also includes advanced skill sets, which are not intended for certification, such as their Post Exploitation Hacking and Advanced Penetration Testing class.

MOOC’s Emerge as Online Education Sentiment Grows
The explosive growth of MOOC’s is showing us that the sentiment towards online education is growing more favorable. As younger generations, such as the Millennials, come of age and become a major subset of the world’s workforce, online education grows faster. These younger generations seem to be well prepared and extremely accustomed to learning online and at their own pace. Online education has been in a tremendous growth phase since 2002. Now with the success of companies like Codecademy, people are starting to realize that learning can, and maybe should be, free for everyone. This shift in the approach to learning is giving more people the opportunity to build skill sets and achieve an education that may have previously not been affordable to them. Emerging economies and even tenured professionals from the world’s largest economies all are benefiting from these winds of change in education.

As our readers know, the IT and Cyber Security industries are in many ways built around a proof of skill sets which is led by certifications. Many companies hiring practices are built around finding employees who possess these certifications because the certs validate their skill set, at least to a certain extent.

Addressing the Cyber Security Skills Gap
The skills gap in Cyber Security is perhaps the most glaring need that is addressed by this new trend of free online education. SC Magazine wrote an article discussing this challenge as not only being a current one, but one that is actually going to become far worse in coming years. Another study showed that the skills gap would grow to about 47% in 2017.

This skills gap is likely due to the lack of affordable training. Cyber Security changes so quickly, and yet training for both basic skills as well as advanced skills has traditionally been extremely expensive. Codecademy and now Cybrary seem to be directly tackling the issue of putting hard Cyber Security job skills into the hands of anyone that may want them.

The Effect of MOOC’s on Emerging Economies
It was only a matter of time until the IT and Cyber Security training industry, as well as education as a whole, took a major shift towards more social equality. Companies like Coursera, Codecademy and now Cybrary are leading the charge. Free education options are expanding, and as they grow and have success, it seems that education and technical job skill sets will no longer be reserved for those who can afford it, but rather it will be for those who are willing to work hard to achieve it.

Even with the presence of MOOC’s, there may very well still be numerous limitations to the growth of technology and innovation in the world’s emerging economies, but free online education is definitely a step in the right direction. As opposed to having to build out an internet infrastructure as well as invest heavily in an educational infrastructure, perhaps now the more important aspect to educational advancement, is simply stable access to the internet.

Time will tell how much impact these free MOOC’s will have on global problems such as the Cyber Security skills gap and the technological growth in emerging economies. It is safe to say though, free online education and training is well worth giving a try.

RATs: What are they and why should they be taken seriously?

In the world of computing, RATs aren’t the flea infested rodents that caused the plague, but they can be just as nasty. Also known as Remote Administration Tools, RATs allow an operator to access another computer remotely, gaining control of the machine typically for malicious purposes. While there are a number of legitimate and helpful reasons for remote administration and desktop sharing, RATs usually refer to software that is being installed without the knowledge of the intended victim. Moreover, RAT software is typically designed to be installed as part of a Trojan horse, actively avoiding detection by the victim or the victim’s security software and in some cases even disabling firewalls and other security measures.

What Are Remote Administration Tools?
Remote Administration Tools allow the operator to gain control of another machine remotely with the intention of using it maliciously, often without the knowledge or intervention of the targeted computer’s user. Among other capabilities, RAT operators may use the program to:

  • Control the webcam, microphone, speakers, and screen capture function
  • Control key computer functions: power on/off; log on/off
  • Download, execute, and upload files
  • Run shell commands
  • Modify the registry
  • Overclocking, which can destroy hardware

RAT Trojan Horses
Remote Administration Tools are typically installed via a Trojan horse attack, with the malicious software often being disguised as a legitimate program or bound to an otherwise innocuous program. The victim may download the legitimate looking program online or via email or some other person to person file sharing option. In some cases, a false error message may appear, giving the impression the file did not download properly and possibly leading to a false sense of security for the victim of the Trojan attack. Other RAT programs immediately disable security software, like firewalls and antivirus programs, in order to operate undetected.

Once installed, the RAT Trojan horse will allow the remote operator to:

  • Alter the desktop background wallpaper, and move, alter, and delete icons and files on the desktop;
  • Control the mouse and/or keyboard, as well as peripheries like the CD-ROM drive, which can be opened remotely via a RAT Trojan;
  • Display fake error messages and reformat drives;
  • Install software, viruses, and other malicious software;
  • Modify, delete, and transfer files;
  • Phish for passwords, credit card numbers, and other sensitive information through keystroke logging or by installing keystroke capture software;
  • Record video and sound by controlling the webcam or microphone;
  • Take on the task manager by viewing, canceling, and starting tasks; and
  • View the screen, print text, and play sounds.

Examples of RATs
If all of that isn’t enough to convince you of the seriousness of RATs, consider some famous RAT software:

  • Back Orifice: First released in 1998, BO was specifically designed for Windows computers. The program can be installed without user interaction, allowing remote access to the infected computer.
  • Beast Trojan: Discontinued in 2004, Beast Trojan was one of the first to use a reverse connection, which allowed the remote operator complete control of the infected machine.
  • Blackshades: In 2014, nearly 100 people were arrested as part of a sting operation to put an end to this malicious software that has taken over more than 500,000 computers in over 100 countries.
  • Bifrost: Active since 2004, Bifrost attacks Windows 95 to Windows 7 operating systems, providing remote access to manage processes, files, and windows; control of screen and webcam capture functions; and password extraction, among other capabilities.
  • NetBus: Released months ahead of the Back Orifice program in 1998, NetBus was used to remotely download child pornography to the computer of a Lund University Fulbright law scholar, who consequently lost his research funding.
  • ProRat: It is nearly impossible to remove ProRat without the latest antivirus software. This RAT is typically installed along with another file it is “bound” to, so when the user opens an image file, for example, the malicious software is surreptitiously installed in the background.
  • Optix Pro: More lethal than previous releases because it was able to get past most available firewalls and antivirus programs, Optix Pro terrorized computer users worldwide before being terminated by its creator in mid-2005.
  • SubSeven: Still active today, the SubSeven RAT permits undetected installation and remote keystroke logging. Some argue the program is the predecessor of botnets.

Considering how lethal RATs can be and how difficult it can be to fully remove them once installed, the best defense is to be a well-informed computer user. For the most comprehensive information on Remote Administration Tools, consult our most recent RAT white paper for the latest tips on how to combat RATs.

Did You Know Big Data can Help you Hunt Hackers?

Everyone knows that big data is being used by businesses for many things, mainly along the lines of business intelligence and marketing. However, few people know how much big data is coming into play when it comes to cyber security. There are a variety of applications for big data and cyber security, the collection of intel, social media trends and more.

There is a free webinar coming up about the use of big data for hunting hackers. You can join the webinar here:

https://www4.gotomeeting.com/register/268910071

The webinar is going to be held on February 26th, from 1-2pm.

 

Follow

Get every new post delivered to your Inbox.

Join 31 other followers