As readers of this blog already know, formal certifications have become increasingly important to organizations in the public and private sectors. That trend has been clearly evident in the field of project management as that profession has evolved, rapidly, with employers insisting that project managers equip themselves with appropriate professional credentials. In that context, the Project Management Professional (PMP) certification, administered by the Project Management Institute (PMI), is the best known and most widely accepted credential in the PM field. PMP certification, according to PMI research published in the most recent edition of the PMI Project Management Salary Survey, is “globally recognized and demanded”.
Candidates for the PMP certification must meet several requirements. Those with bachelor’s or equivalent degrees must have three years of experience, with 4,500 hours devoted to “leading and directing” a project. Those with high school or equivalent diplomas must have five years of experience that includes 7,500 hours of project leadership. In both cases, candidates must have 35 hours of formal education.
Once those requirements are satisfied, candidates are allowed to sit for a four-hour computer-based test consisting of 200 questions. Content for the examination is drawn from the Project Management Body of Knowledge (PMBOK) Guide published by PMI, covering five discrete areas: project initiation, project planning, project execution, project monitoring and control, and project closing.
The test gives each subject a different weight, with some 79 percent of the 200 questions covering the areas of planning, execution, and monitoring and control. Project initiation and closing account for only 21 percent of the test questions.
The educational component of the PMP qualification process can only be satisfied by coursework offered by approved providers. Designated coursework offered by PMI chapters is approved. Other coursework, offered by employers, training schools, colleges and distance-learning providers (like us) also serve to satisfy the educational requirement.
Online Training for the PMP Certification is Increasingly Convenient
For those considering their educational options, the availability of online education can make the process significantly more manageable. Online training is recognized to the same extent as education offered in a physical classroom, and it offers a number of important benefits.
The vast majority of people considering the PMP certification are working professionals and active project managers. The PMP certification is a major exam that requires a great deal of preparation and most of these candidates have a very maxed out work life in addition to perhaps family at home. The online training option makes preparing for the PMP, that much more accomodating.
Candidates can satisfy the educational requirement without having to travel to distant locations. The online option can provide significant savings of time and money, and it makes it easy for candidates to access the mandatory coursework. Internet-based coursework can also make it easy for students to review complicated material, to brush up on topic areas and to refresh subject matter in anticipation of the PMP examination, all at their own convenience and their own speed.
Even if a local venue is available, some candidates may have scheduling issues that interfere with attendance. For others, the practical benefits of the online option may not be terribly important. Those candidates may select the online PMP training experience as a simple matter of personal preference. Regardless of the reason, the availability of accredited online options is a real benefit to PMP candidates.
Malware prevention giant FireEye is teaming up with TrainACE to offer a Hacker’s Breakfast training event in Greenbelt, MD. Whats more, the event is FREE.
TrainACE has been doing this Hacker’s Breakfast series for a couple of years now. The events usually have different themes and this one is focused on Advanced Persistent Threat, Attack and Defend. Thats the reason they brought in Malware giant, FireEye. In fact, FireEye has been all over hacker news lately with their discovery of the Operation Beebus attacks from China on the US DoD and DoD contractors.
The event is being held at the Hilton Garden Inn in Greenbelt, MD on April 3rd. Again, the event is free and there will be breakfast served and then hacking demos / malware discussion all morning. it wraps up at about 12:30pm.
Details and registration for this free hacking / malware event with FireEye and TrainACE can be found here:
Programming has become essential to cyber security. IT security professional must efficiently write applications and scripts; often on short notice. The Python language provides unmatched ease, flexibility, and functionality for both new and experienced coders. It has emerged as a top choice for cyber security professionals because it lessens development effort and the coder’s learning curve.
Python Is Designed For Users
Python is a high-level, interpreted language based on C and C++ and influenced by several other languages. First released in 1991 by principal developer Guido van Rossum, Python excels at readability and ease of use. It allows even novice programmers to be productive in a short amount of time. Python is designed for rapid application development, a methodology that suits the fast-paced and shifting security environment. Cyber professionals can quickly prototype, test and deploy an application.
Python offers the versatility of running as a script or executable and is cross-platform. It is ideal for mixed code environments as it integrates easily with other languages. Programmers can wrap existing C or C++ code to behave like native Python, and they can create or extend modules in C, C++, Java or .NET. Python’s scripting capability can also be embedded in other applications.
Python Beats Competition at Rapid Application Development
Cyber security experts code for several scenarios and need speed, reusability and functionality. Python’s support of the rapid application development methodology enables testers, hackers, and systems administrators to create and customize tools. Coders can quickly prototype new Web applications and clients. Python’s simplicity and vast libraries let hackers deploy code to capture packets, decrypt passwords, and engineer other attacks. Common tasks such as scanning ports can be easily automated. Python’s modular design and clean syntax make code easier to extend and maintain. In a changeable security environment, this timesaving efficiency is critical.
In spite of its powerful capabilities, Python is easy to learn and is often referred to as a beginner’s language. Its terse code and strict syntax make it highly readable. Security experts from other language backgrounds or with minimal programming experience can learn it more quickly than verbose languages such as Ruby and C++. Unlike tackling C++, novice coders can use Python without a detailed understanding of object orientation.
Cyber security professionals with diverse coding backgrounds need to produce the same testing and threat neutralization results. As a high-level language, Python allows users to focus on the coding goal rather than low-level procedures. It uses dynamic typing to aid rapid development. Languages that employ static typing, such as Java, require more programming effort to declare and manipulate types. Coders also save time with Python’s automatic memory management and exception handling.
Python Is Versatile
Python’s versatility is another advantage in the cyber security world. Unlike Perl, Python is designed to be a major programming language. Perl offers powerful scripting capabilities and works well as a glue language using small programs. However, Python is suited for both scripting and for creating complex, compiled applications. Its scalability makes it a solid default choice for diverse coding needs within an organization.
Security specialists often need to build on existing code, such as canned test programs, written in other languages. Python integrates with C, C++, Java, and .NET as a module or embedded script. Coders can use the ctypes module, the Python C API, or a wrapper generator such as SWIG. The ability to extend existing software saves developer time and preserves existing functionality already serving a vital security role.
Python Has Powerful Libraries
Hackers, penetration testers, and other security experts need a language library that provides the entire spectrum of features to create powerful and often novel programs. Python comes with modules to support Web activities such as parsing HTTP and XML and building clients. Django and other open-source Web frameworks are available from developers favoring the rapid application development methodology. Third-party modules offer robust features, such as optimized calculation handling, that make Python an increasingly solid language for data applications.
Python’s simple and clean structure, modular design, and extensive library make it ideal for security applications. Cyber experts rely on the capability to rapidly code programs and the feature set to implement new strategies and techniques. No other language offers as powerful a combination, and Python stands as the must-know language for the serious security professional.
For more information on Python for Security Professional’s training, visit: http://www.trainace.com/courses/python
The CompTIA Advanced Security Practitioner certification, or CASP, signifies advanced competency in information security. As the culmination of several security certifications, the CASP focuses on the management of IT security at the enterprise level. Candidates are expected to have at least 10 years of IT experience and five years in direct technical security roles. They are usually security leads with the ability to help shape information assurance policy.
Advanced Security Practitioner Skills
The CompTIA CASP certification is designed for IT security leads who have extensive experience synthesizing various IT and business disciplines into effective security strategies. Unlike most intermediate positions, the advanced security practitioner has moved beyond a purely technical focus to a more strategic role. This role requires an understanding of the organization’s big picture from a business as well as a technical perspective. The security lead is able to drive all phases of security strategy from concept and technical design through implementation and monitoring. This person often manages IT group members who perform specific systems administration and other technical functions involved with safeguarding information.
CASP Certification for IT Security Engineers
IT security engineers with comprehensive skills are good candidates for CASP certification. Job titles vary and include network security engineer and information systems security engineer. In smaller organizations, security experts often wear several hats that span technical and managerial duties. They may have primary responsibility for system and database administration or network engineering. These roles usually report to an IT manager but take the lead in effectively managing day-to-day security. Job titles are often systems administrator or network engineer, and security is considered a critical aspect rather than a separate job function.
Security engineers are expected to be competent in network security and identity management. They understand cryptography and know how to assess and safeguard against threats. They design, implement and maintain technical security solutions and often work closely with other IT staff to ensure system integrity. Equally as important, they can apply technical knowledge to enterprise security policies. Management relies on security engineers to provide information and recommendations within the compliance and operational frameworks that the organization follows.
CASP Certification for IT Security Managers
Larger organizations usually have several levels of IT staff from first-level support to CIO. As CASP certification covers managerial skills such as security policy governance, it is an excellent choice for IT security managers. Security management job titles include information systems security officer, security architect, security manager, and information assurance manager. These positions oversee security operations and interface with enterprise senior leadership. Rather than executing hands-on daily technical tasks, they focus on risk management. These managers review and recommend security policies and procedures within the context of the entire enterprise. As such, they integrate technology, business and communication needs into a comprehensive security strategy. IT security managers also lead in the analysis of threats and preventive measures and stay current with research.
In the constantly evolving world of information security, CompTIA CASP certification provides a benchmark of advanced knowledge and experience. The most suitable candidates hold enterprise-level roles applying technical and business expertise to create sound security strategy. Both IT leads and employers benefit from an objective measure of such critical competency.
Get information on CompTIA CASP Training: TrainACE’s CASP Training
TrainACE, Sourcefire and Joe McCray of Strategic Security teamed up on a webinar a couple of weeks ago. The webinar was title Attacking and Defending Windows. The video demonstrated a few different hacks on the new Microsoft Windows 8 Operating System. TrainACE runs a bunch of free webinars offering a variety of different skill sets. This video is very well done and we recommend checking it out. Download the video here: Free Download
According to a source recently published by Verizon, cyber threats are very different depending on the industry that they attack. Differences in attacks on the financial industry, health care, retail and intellectual property theft were examined. The data in the article came from Verizon’s annual Data Breach Investigations Report. Differences between different size organizations were also noted. Different tactics are used in different industries.
Attacks on large financial institutions tend to be aimed at stealing money from bank accounts. Security breaches in health care are more likely aimed at smaller doctor’s offices. These attacks are primarily motivated by insurance fraud. Cyber-attacks in the retail industry tend to target smaller stores.
Attacks on smaller stores and doctor’s offices tend to be precipitated by inadequately secured systems. Most of these industries tend to outsource their security so don’t have an understanding of their security systems in-house. Attacks can come from mistakes made by their security vendor. Often employees can inadvertently help attackers by poor online habits. Steps to educate employees about security threats can help avoid these types of attacks. Health care providers also need to be concerned about protecting medical devices and electronic medical records.
Half of all the cases analyzed by Verizon came from hotels and restaurants. Retail accounted for twenty percent and finance and insurance industries made up ten percent.
Intellectual property theft is a very unique type of attack. These attacks often take advantage of opportunity. These attacks often unfold over time and involve attackers gathering information about their targets over time. Often inside sources are used to help intellectual property theft. Recruiting insiders greatly minimizes the risk and effort for the attacker.
To protect themselves from cyber-attacks, it is suggested that firms are vigilant about using better passwords. It is suggested that firms continually study and reevaluate their risks of attack. Proper dedication to IT security training (Advanced Security) and understanding what your attackers are after can help you better protect yourself.
An interconnected society makes everyone a target –- and a suspect. Some perpetrators like the hacker group “Anonymous” are highly visible, while most go unnoticed until companies or governments discover their networks have been compromised. Computer Forensics involves identifying and recovering evidence found in computers and digital media for use in criminal and civil investigations. Demand for these jobs has exploded in recent years, and if you have an interest and background in information technology or criminal investigations, this may be a fulfilling career. Job sites contain hundreds of listings for these positions, with titles including variations of the words “Information Systems” and “Network” combined with “Analyst”, “Consultant”, “Specialist”, or “Engineer”. Here are some examples to give you more information about the career:
Information Systems Analyst – Average salary: $76,000
This role deals with computer forensics and electronic discovery. It requires basic knowledge of network architecture, experience with troubleshooting for viruses and malicious code, the ability to identify and recover deleted files, and exposure to forensic tools such as EnCase Forensic Software. Also listed as Forensic Computer Analysts, Computer Forensics Examiners, and eDiscovery Specialists, these positions may require CISSP (Certified Information Security Systems Professional) certifications, and professionals may be called to testify in court.
Network Security Engineer – Average salary: $91,000
This role focuses on network maintenance, including safeguarding networks and identifying potential vulnerabilities. These professionals design firewalls and test solutions to improve security. They may also assist in investigations to the extent a company’s network was involved in a crime, providing some exposure to electronic discovery. Also listed as Information Security Engineers and IT Systems Security Administrators, these professionals have extensive experience with network infrastructure and some exposure to security incident handling and forensics.
Computer Forensics Consultant – Average salary: $107,000
Also called Computer Forensics Engineers and Forensics Managing Specialists, these positions combine a strong networking background with incident management experience. They understand network infrastructure and the impact of network security and data protection on forensic investigations. They may conduct vulnerability analyses of compromised systems and track trend reports to determine security gaps and deficiencies in network architecture design. They may also research online forums to learn the latest hacker techniques and exploits. They have extensive experience with forensics software such as EnCase, FTK, and Paraben for collecting and recovering lost data. They conduct forensic analysis, prepare reports for legal cases, and document how evidence was handled, and they are frequently called upon to provide expert testimony in trials.
This dynamic career includes a range of specialties, salaries and certifications. Consider degrees in Computer Information Systems that specialize in Computer Forensics, IT Networking, or Information Systems Security. Professionals can improve their salaries and skills by earning certifications such as CISSP, EnCE (EnCase Certified Examiner), CFCE (Certified Forensic Computer Examiner), or CCE (Certified Computer Examiner). Salaries generally range between $80,000 and $120,000, but location makes a difference, with jobs on either coast paying 10-15 percent higher than the same roles in the middle of the country. Government contractors also tend to pay more for the same work than federal or state government agencies. Some forensics roles require top secret security clearance, andprofessionals with clearance can demand a higher salary.
Get information on the forensics training at Hacker Halted in Miami – http://www.trainace.com/blog/the-chfi-class-at-hacker-halted-in-miami-2012/
Sources for this article: