I was forwarded a very interesting article yesterday from Network World. Here is the link
Number 4 on the list is "Not preparing for data breach". Interesting to note, I would say this is number 1. In my course of work as both a consultant and instructor, I am still amazed at how many companies are lacking in IT security preparedness. What could be more imporant than protecting a companies assets?
I understand the need for a business to get revenue to pay the bills. I also understand that one security breach can also cost a company revenue or even put a company under. Being prepared for a breach and protecting from a breach are important so a company can continue to do business. If there is an interruption in service or access to assets, it does not take long for a company to be out of business.
Security is a hot topic right now in IT, lets hope more companies get on board....
My take on Network IT Security issues and events.
Thursday, July 28, 2011
Interesting Email - I want to get my CISSP
Earlier this week I got an email from a student who asked me how they would go about getting their CISSP. I have had the student in several of my OS and Security classes and knew the student had years of experience in network administration and hardening operating systems.
Here is a list of things you will need before you begin your assault on the top security certification.
1.) At least 5 years in IT experience, either in administration, infrastruture engineering or security. The more experience the better.
2.) A desire to study and learn about things you have never had experience with in the field. No one who ever takes this exam has exerience with all the concepts.
3.) The Shon Harris All-In-One Guide.
The first thing to do is go out to ISC2 website and download the information about the test and information about the 10 Common Bodies of Knowledge.
The next thing I would do is seriously think about taking a cert prep course with an experience CISSP instructor. Yes that is a shameless plug, but students who have taken my course at Centriq and studied 3-6 months have a pass rate of about 80%. I believe an experienced instructor not only will help with prepping the student with the information for the exam but also in taking the exam.
The next scheduled exam for the Kansas City area is in December. So if you can come take my Security Essentials (CISSP prep course) and study for a few months, I am sure you can achieve your CISSP.
If you have any questions please feel free to contact me if you have any questions and good luck
Here is a list of things you will need before you begin your assault on the top security certification.
1.) At least 5 years in IT experience, either in administration, infrastruture engineering or security. The more experience the better.
2.) A desire to study and learn about things you have never had experience with in the field. No one who ever takes this exam has exerience with all the concepts.
3.) The Shon Harris All-In-One Guide.
The first thing to do is go out to ISC2 website and download the information about the test and information about the 10 Common Bodies of Knowledge.
The next thing I would do is seriously think about taking a cert prep course with an experience CISSP instructor. Yes that is a shameless plug, but students who have taken my course at Centriq and studied 3-6 months have a pass rate of about 80%. I believe an experienced instructor not only will help with prepping the student with the information for the exam but also in taking the exam.
The next scheduled exam for the Kansas City area is in December. So if you can come take my Security Essentials (CISSP prep course) and study for a few months, I am sure you can achieve your CISSP.
If you have any questions please feel free to contact me if you have any questions and good luck
Wednesday, July 6, 2011
You Want To Be In Security?
As a consultant and instructor, one of the questions I get all the time is "I would like to move into the field of security, what do I need to do?" My answer is "What area of security?" That usually has the person pause and say "Security in general." I say "Well, we all are in security in general."
My point in making that statement is to help people understand that in IT we all practice security in some form, but there are a lot of different areas of security and those different areas require a different knowledge base. However there is a base knowledge of security that is needed no matter what area of security you go into. Once this base area of security knowledge is obtained then you can pursue a more distinct area of security.
One of the key components of getting into security is experience, which cannot be taught is must be learned. Experience in IT is crucial no matter what area of IT you currently work. Experience gives you a period of time in which you can learn from troubleshooting and implementation techniques that can you use in security. Lets say for example you have been working as an Exchange Server admin for 5 years. Well you probably have been exposed to email malicious code, smtp relay and spam which in turn will help you when you move into the areas of email security. I usually say at least 5 years of good admin experience with a any vendor is a good starting point for most people.
So lets say you have the experience, what type of training can help you get into security? I believe it starts with a good understanding of networking and security. There are three classes I always recommend:
1. Network+ - for a good understanding of all of the areas of networking
2. Security+ - for a good understanding of the basics of security
3. Cisco ICND1 and ICND2 - to understanding how network traffic is moved within different areas of
the network. Cisco is not the only vendor, any vendor for routing and switching will due.
I would also take them in that order. The reason why is because they build upon each other. Each class provides the basis of information for the next class. It is not required, but recommended.
After that, I always encourage certification in these areas as well, but it is not required. Certification in these classes shows you took the time ensure you understand the basics of the areas, however it does not prove proficiency.
Next, then you can explore the different areas of security in which you want to specialize in such as:
1. Firewall
2. IDS/IPS
3. Penetration Testing
4. Vulnerability Testing
5. Auditing
I would also advise taking vendor specific training for these different areas such as VMWare, Cisco, Eccouncil and Microsoft. Finally after a you spend some time in security, you can go after the much coveted and difficult CISSP. The most heralded and sought after security certification.
I hope this outline of security areas and training helps you decide what area of security you would like to pursue. By the way, if you concerned about the time and cost of getting this type of training, be sure to call Centriq Training about the exciting money saving specials on getting the training you need.
If you have any questions or comments please feel free to email me.
My point in making that statement is to help people understand that in IT we all practice security in some form, but there are a lot of different areas of security and those different areas require a different knowledge base. However there is a base knowledge of security that is needed no matter what area of security you go into. Once this base area of security knowledge is obtained then you can pursue a more distinct area of security.
One of the key components of getting into security is experience, which cannot be taught is must be learned. Experience in IT is crucial no matter what area of IT you currently work. Experience gives you a period of time in which you can learn from troubleshooting and implementation techniques that can you use in security. Lets say for example you have been working as an Exchange Server admin for 5 years. Well you probably have been exposed to email malicious code, smtp relay and spam which in turn will help you when you move into the areas of email security. I usually say at least 5 years of good admin experience with a any vendor is a good starting point for most people.
So lets say you have the experience, what type of training can help you get into security? I believe it starts with a good understanding of networking and security. There are three classes I always recommend:
1. Network+ - for a good understanding of all of the areas of networking
2. Security+ - for a good understanding of the basics of security
3. Cisco ICND1 and ICND2 - to understanding how network traffic is moved within different areas of
the network. Cisco is not the only vendor, any vendor for routing and switching will due.
I would also take them in that order. The reason why is because they build upon each other. Each class provides the basis of information for the next class. It is not required, but recommended.
After that, I always encourage certification in these areas as well, but it is not required. Certification in these classes shows you took the time ensure you understand the basics of the areas, however it does not prove proficiency.
Next, then you can explore the different areas of security in which you want to specialize in such as:
1. Firewall
2. IDS/IPS
3. Penetration Testing
4. Vulnerability Testing
5. Auditing
I would also advise taking vendor specific training for these different areas such as VMWare, Cisco, Eccouncil and Microsoft. Finally after a you spend some time in security, you can go after the much coveted and difficult CISSP. The most heralded and sought after security certification.
I hope this outline of security areas and training helps you decide what area of security you would like to pursue. By the way, if you concerned about the time and cost of getting this type of training, be sure to call Centriq Training about the exciting money saving specials on getting the training you need.
If you have any questions or comments please feel free to email me.
Tom Pruett
Consultant/Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+
Consultant/Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+
Friday, July 1, 2011
Security+ SYO-301 - New Exam Goes Live. Not Your Same Old Security+ Exam
As promised by Comptia in 2010, the new Security+ exam (SYO-301) is now live. It has been 3 years since the Security+ exam has been updated and Comptia is keeping with a policy of renewing exams every 3 years. The new exam has a look and feel of more real world objectives along with some content from the ISC2 CISSP exam. Listed below is the differences between the 201 objectives and the new 301 objectives.
You can still take the 201 exam through the end of 2010. If you are thinking of taking the new exam, almost 90% of the information from the 201exam is still applicable.
As of July 1, the Security+ class that I teach at Centriq Training will be using new curriculum to reflect the 2011 objectives.
If you have any questions please feel free to contact me.
You can still take the 201 exam through the end of 2010. If you are thinking of taking the new exam, almost 90% of the information from the 201exam is still applicable.
As of July 1, the Security+ class that I teach at Centriq Training will be using new curriculum to reflect the 2011 objectives.
If you have any questions please feel free to contact me.
Subscribe to:
Posts (Atom)