• Stuck at home during the lockdown? Use this time to ‘Level Up’ with our top 3 online cyber security certifications

    Posted on 07/04/2020 by | 0 comments

    With ‘half of humanity under lockdown‘, it is likely that you are reading this from your home, or wherever it is that you are isolating yourself.

    This is an unprecedented and hugely distressing time for many of us, especially for those of us who have lost any friends or family as a result of COVID-19.

    For others, currently restricted to the four walls of their homes, it is perhaps a time of frustration, or even boredom. To make matters worse, it has been reported that the current lockdown could last for months.

    Stuck at home? Why not 'Level Up' with Online information security courses

    As great pragmatists, it has always been our belief that we should make the best of any situation, or, as the saying goes, “when life gives you lemons, make lemonade”.

    It’s inspiring to see how people have come together to look after the more vulnerable members of society. Many of us are juggling our time between caring for family members and/or vulnerable neighbors.

    If you’re lucky enough to have spare time on your hands, you may be looking for ways to use this time of isolation, and to keep your mind active to stave off ‘cabin fever’. If this is the case, it could be worth considering looking to ‘Level Up’ your skills with one of these online cyber security certifications

    Emerge from isolation with a qualification under your belt, making you more desirable to employers

    The job market is likely to look very different in the coming months, with some sectors possibly taking years to recover. Now more than ever, having a strong resume is likely to give you an advantage in what is likely to be an even more competitive world.

    Perhaps you’ve been considering moving into cyber security for some time, but haven’t had an opportunity to do so? Or perhaps you’re looking for ways to prove your existing knowledge to potential employers?

    Instead of emerging from isolation with a well-used Netflix account, why not do so with new information security skills and qualifications under your belt?

    If this sounds like a logical idea to you, then your next question is probably “OK, but which qualification should I choose?” To answer this, you may wish to read our list of the Top 10 Cyber Security Certifications in 2020.

    Alternatively, for your convenience, here are 3 of our favourites below:

    Top 3 Online Cyber Security Certifications

    CEH - Certified Ethical Hacker
    1. Certified Ethical Hacker (CEH)
      Version 10 of the CEH online training course covers 20 of the most up to date and important security domains you will need to consider as an ethical hacker. Learn more.

    CCISO - Certified Chief Information Security Officer
    1. Certified Chief Information Security Officer (CCISO)
      The industry-leading CISO training program from EC-Council for senior security professionals in leadership positions. Learn more.

    1. Certified Information Systems Security Professional (CISSP)
      Still the most widely recognized and sought-after qualification for information security generalists, although less relevant for specialist positions.

    About Infosec-Careers.com

    The Information Security Careers Network (ISCN) started out in November 2008 as a group on LinkedIn.

    The aim of the group was to provide a resource and networking area where cyber security professionals, hiring managers and recruiters can get in touch with each other and provide useful tips to help people progress and further their careers in IT security, information security, network security, disaster recovery, and more!

    Now with over 80,000 members, we’re the largest group on LinkedIn specifically dedicated to helping people further their careers in InfoSec. This means we’re able to work closely with well known and respected security training providers such as EC-Council and CyberVista to bring you specially negotiated offers, coupon codes and discounts on the most popular online cybersecurity training courses and respected security certifications.

    View all Security Training Courses and Discount Codes here.

    Read more
  • Enough of the politics. Technologically speaking, should Western governments permit Huawei’s involvement in 5G networks?

    Posted on 06/02/2020 by | 0 comments

    For months, the mainstream media has been reporting about the supposed security threat posted by Huawei’s involvement in 5G networks. However, these news reports often gloss over the technical side of things. They talk about ‘backdoors’ and ‘security risks’, but at no point do they actually explain how Huawei would ‘steal’ information, or how, technologically speaking, it could be stopped. This blog post aims to change that by zeroing in on the technology specifics of this whole Huawei 5G saga.

    Are ‘backdoors’ in 5G networks possible?

    In April, 2019, Bloomberg published a story alleging that Vodafone had found evidence of backdoors its fixed line network way back in 2009. However, in an article by TechRepublic, they point out that this allegation is based upon the Telnet interface, which is common in many other products, essentially meaning that there is a long list of other hardware suppliers supposedly guilty of creating backdoors. So, with regards to this particular case, it seems that, yes, backdoors are possible, however intent is hard to prove.

    Switching the focus to 5G networks, it seems these older security flaws might remain. Bruce Schneier, a lecturer at Harvard Kennedy School, writes:

    “…there’s so much backward compatibility built into the 5G network that older vulnerabilities remain.”

    Bruce Schneier, writing in ForeignPolicy.com

    According to him, the new 5G networks will likely be an extension of the 4G networks, leading to a continuation of old technology (and, therefore, security flaws) into the new networks.

    What is more, he claims that the inherent complexity of 5G networks makes them much harder to secure. The blurring of data between the wireless side of the network with the ‘core portion’ leads, in Schneier’s words, to ‘increased points of vulnerable’ attack.

    Verdict: Yes, backdoors in 5G networks are possible.

    5G cyber-security
    Modern city with smart 5G wireless communication network concept .

    Will the UK government’s steps to limit Huawei’s involvement make a difference?

    On the 28th of January, 2020, the UK government announced a list of restrictions to Huawei’s involvement in the 5G network which will, according to the UK government, mitigate any risk. Among others, these restrictions included:

    • Excluding ‘high risk vendors’ (such as Huawei) from ‘core parts’ of the 5G networks;
    • Restricting network involvement of high risk vendors to 35% of the network.

    So, will this mitigate the risk? Well, first of all, it remains unclear what exactly constitutes ‘core’ parts of the UK 5G infrastructure. Moreover, there are some who even say within a 5G network it is not even possible to carve out isolated safety zones.

    With regards to the 35% cap, this may decrease the chances of Huawei ‘intercepting’ certain information, by virtue of reducing the volume of data passing though Huawei equipment. However, from a risk management perspective, it would seem the specific data itself, not the quantity of it, that matters here.

    Verdict: It reduces the risk, but certainly does not remove it.

    Technologically speaking, what are the best solutions here?

    So, if Huawei is an issue, why not simply accept a bid from another vendor? It seems that there are not a lot of other options. The solutions offered by Nokia and Erikson are reportedly not one-to-one alternatives. One idea, which could perhaps be the model of future networks, is the notion of making all related-software open-source. By doing so, this would allow for governments and third parties to independently check if any supposed backdoors exist and if any traffic is passing though them. The O-RAN Alliance, supported by Orange among a number of other major mobile operators, seems to be calling for progress in this direction.

    Mobile operators, such as Orange, are supportive of the O-RAN Alliance and calls for making radio networks open-source.

    One of the major issues with Huawei’s technology is the opaqueness, which makes it difficult to see not only if backdoors exist, but if they are being accessed.

    Another solution would be to improve security software protecting and monitoring 5G networks. That, however, becomes increasingly difficult when considering the complex 5G typology mentioned previously.

    Verdict: At present, there are no great solutions, however there seems potential for improving 5G cyber-security via simultaneously removing opaqueness and increasing third party monitoring of networks.

    Conclusion

    We have tried to focus on the technological side of the debate here, BUT, as with the political side, instead of finding black and white answers, there are just shades of grey. Are backdoors in Huawei’s 5G networks possible? Yes, but it is hard to prove if they are deliberate or even being used. Will the UK government’s restrictions on Huawei’s involvement in their 5G network mitigate the risks? Partly, but not entirely. Are there any better solutions? Potentially, but not yet.

    However, one thing is clear. 5G will not only offer a range of cyber-security problems, but will, concurrently, create a huge demand for cyber-security professionals.


    20% Discounts on Online Cyber-Security Courses

    Want to improve your resumé and skills? Get more qualified by completing more cyber security certifications. Infosec-Careers.com has discount codes for the following information security certifications:

    Read more
  • The 5 biggest Cyber Security stories of 2019

    Posted on 09/12/2019 by | 0 comments

    2019, like every other year in recent times, has been rammed full of cyber security attacks. For most people, these are scary times. However, if there is a silver-lining to this cloud, then it’s for cyber security professionals. The one positive from all of these attacks is that cyber security specialists are needed.

    Here’s a quick recap of the 5 biggest cyber security stories of 2019:

    1. US Customs & Border Protection hacked

    It’s perhaps a bit ironic that US Customs & Border Protection, the agency responsible for maintaining border security, could not adequately secure its online data. In May earlier this year, the agency learned that photos and license plate information for up to 100,000 people had been hacked.

    It is reported that the attack may have been via a subcontrator. This falls in line with a string of other recent attacks, which gain access to their main target via the supply line.

    Customs & border protection hacked

    2. Even giants can be taken down: Amazon DDOS attack of October 22, 2019

    On October 22, 2019, Amazon underwent an 8 hour DDOS attack. An old, simple, yet still very effective strategy, DDOS attacks work by flooding a site with traffic.

    Want to understand the basics of DDOS attacks? This video explains:

    Amazon, in an email to users, confirmed that the cause of the outages was indeed a DDOS attack. However, beyond this, the company refused to publicly say more.

    Perhaps the most interesting thing here is that an internet giant, which is trusted with so many people’s information, can still succumb to cyber attacks.

    3. VPN: Is it really private?

    A study by VPNPro in June this year revealed that most VPN providers (101 of them) are owned by just 23 firms. Even more interestingly, 6 of these (including the major mobile VPN companies) are owned by Chinese companies. There have long been suspicions about such companies allowing the Chinese government access to their data.

    So it seems, ironically, that a service with the word “Private” in it, might not keep your data that private after all.

    4. Iran identified as source of DNS hijacking

    Way back in January, Iranian IP addresses were identified as the source of DNS hijacking. Reportedly, the attack affected Internet Service Providers, government, as well as other companies across the world. The attack allowed for sensitive data to be collected, which apparently is of no financial value, but may have value to the Iranian government.

    Iran flag

    5. Ransomware still effective

    The example of Riviera Beach, in Florida, is proof that ransomware (and it’s creators) are alive and well. Earlier this year, city officials from Riviera Beach extraordinarily voted in favor of paying the ransom to have get back usage of their computer systems. And the fee? A whopping $592,000 USD.

    Source: The New York Times.

    Ransomware. Your money or your...IT systems

    About Infosec-Careers.com

    One thing is clear from 2019: The need for information security professionals is only going to increase.

    Want to improve your resumé and skills? Get more qualified by completing more cyber security certifications. Infosec-Careers.com has discount codes for the following information security certifications:

    Read more
  • What are the Best Cyber Security Certifications in 2020? (List of the Top 10)

    Posted on 14/10/2019 by | 0 comments

    Are you looking for a definitive list of the best Cyber Security Certifications in 2020? We surveyed over 200 cybersecurity professionals and created a list of the top 10. See the results below (and make a note of the discounts we’ve negotiated on some of the related training courses).

    What are the Best Cyber Security Certifications in 2020? – Introduction

    Cyber security certifications can be a great way of fast tracking your career. The right course can get you that promotion you want. However, they require an investment of both time and money, and you don’t want to waste either of these on the wrong course.

    This is why it’s worth taking some time to choose carefully. We surveyed over 200 cyber security professionals and used the results to create a list of the best cybersecurity certifications to get in 2020.

    The Top 10 CyberSecurity Certifications in 2020 are…

    CISSP discount code

    1. CISSP – Certified Information Systems Security Professional – from ISC2

    In 1st place by some distance is the CISSP (Certified Information Systems Security Professional). In our survey of over 200 cyber security professionals, this was voted the best cyber security certification to have. A whopping 44.8% of respondents stated that CISSP was the best security course they have completed (see Figure 1.1 below).

    Best Cyber Security Certifications 2019

    Figure 1.1: In response to the question: “What would you rate as the best security certification you have completed?”

    This popularity was even higher in the Americas (55.75%), so it seems to be a “must have” course for any serious IT security professionals in North America and South America. It was also the most popular course among the majority of industries, including Energy, Engineering, Investments, Hospitality, Utilities, Wholesale, Legal and Professional Services.

    Why do security professionals think CISSP is the best course?

    When we asked them this, the majority (a combined total of 31.4% – see Figure 1.2 below) stated that it enabled them to do their job better. This shows that CISSP is relevant in the real world. It does not just teach you theory – it gives you skills which you can actually use in real world scenarios. Other reasons for choosing the course included “It helped me to get my current position” and “It increased my salary”. According to Forbes, the average salary for those holding CISSP certifications in 2019 was $116,900.

    Why was it the best cyber security course?

    Figure 1.2 in response to the question: “Why was it the best course you completed?”

    CISSP was also the course which the highest percentage (14.8%) want to take next, which shows that the popularity of the course is likely to continue into 2020.


    CISM

    2. CISM – Certified Information Security Manager

    The second best cyber security certification (according to the survey results) is the CISM (Certified Information Security Manager) course with 9.5% of the votes. This course is particularly popular in Europe (13%) and APEC (12%), as well as in the education (20%) and consulting (18%) industries. Behind CISSP it is also the second most popular course among cyber security professionals earning between $81,000-$150,000.

    The course is designed for managers and has a strong focus on strategy and policies. However, this one is not for beginners – a minimum of 5 years experience in Information Security is required before you are permitted to take the course. Plus this cannot be 5 years back in high school – the experience must be relevant from within the last 10 years. But if you meet the criteria, then the rewards (especially financial) are very handsome indeed. According to Global Knowledge, information security professionals with this qualification earned an average of $118,412 per year in 2019.


    CEH - Certified Ethical Hacker

    3. CEH – Certified Ethical Hacker – from EC-Council

    In 3rd place is the CEH (Certified Ethical Hacker) Course with 7.6% of the votes. This certification is popular among those working in the military, manufacturing, software, and telecommunications sectors. It is also particular popular in MEA (Middle East and Africa) with over 27% of the votes for this region.

    Certified Ethical Hacker (CEH)

    The CEH online training course covers 18 of the most up to date and important security domains you will need to consider as an ethical hacker when you are looking to test how well your organization is prepared for attacks, and to improve information security policies through identifying potential weaknesses. Taking you through 18 modules, the course comprehensively covers over 270 attack methods and technologies commonly used by cyber criminals and hackers. According  to Forbes, the average salary of those holding the CEH certificate in 2019 was $116,306.

    20% Discount available using our CEH Coupon Code, or read more about the CEH Online Course first.


    CompTIA Security+ Discount Code

    4. CompTIA Security+

    In 4th place is the CompTIA Security+ Course with 7.1% of the votes. Interestingly, it is popular among respondents earning over $175,000 with over 11% of this category stating it was the best cyber security certification they have completed. It was most popular in the Americas (9%) and healthcare sector (8%).

    $175,000 Best Security Certifications 2019

    Figure 1.3 showing the most popular security certification among the those earning over $175,000.

    For people interested in making their first steps toward a career in cyber security, the CompaTIA Security+ Certification is a great start. It is widely seen as one of the best introductory qualifications and a great way into the cybersecurity sector. By gaining the Security+ certification, you will be qualified to deal with a wide range of considerations that need to be taken into account to implement successful security strategies.


    OSCP Certification5. OSCP – Offensive Security Certified Professional – by Offensive Security

    In 5th place is the OSCP (Offensive Security Certified Professional) Course with 4.8% of the votes. It is very popular among those in the wage bracket $60-80,000 (16%), in the APAC region (16%), and in the mining (20%) and pharma (16%) sectors.

    The OSCP course has been described as a difficult certification to obtain, but one which will give you the necessary skills to understand the penetration testing process and life-cycle. Offered by Offensive Security as an ethical hacking certification, they ask candidates to sit a 24 hour certification based on real world situations, which they argue offers real world benefits. These benefits include the ability to identify vulnerabilities in security systems, write simple Bash/Python scrips, compromise vulnerable PHD scrips, and carry out controlled attacks.

    A prerequisite for this course is the Penetration Testing with Kali Linux training course, also offered by Offensive Security.


    CCSP6. CCSP – Certified Cloud Security Professional

    In 6th place was the CCSP (Certified Cloud Security Professional) certification program with 1.9% of the votes. It also seems to be a sought after course for 2020 with 13.8% of respondents planning to take it as their next certification.

    CCSP from ISC2 is becoming more popular with the spread of cloud computing systems. It is specifically designed for information security professionals with a minimum of 5 years work experience, including a minimum of 1 year of cloud security experience and 3 years of information security experience.

    This certification program is suitable for mid to advanced-level professionals involved with information security, IT architecture, governance, web and cloud security engineering, risk and compliance, as well as IT auditing. CCSP credential holders are competent in the 6 CCSP domains mentioned below:

    ● Architectural Concepts and Design Requirements
    ● Cloud Data Security
    ● Cloud Platform and Infrastructure Security
    ● Cloud Application Security
    ● Operations
    ● Legal and Compliance

    The average annual salary for CCSP certificate holders is currently $81, 374.


    ISO27001 Certified ISMS Lead Implementer7. ISO27001 Lead Implementer

    In 7th place is the ISO27001 Lead Implementor course with 1.4% of the votes. It was most popular in Europe (4%) and APAC (4%) and 4.3% of all respondents state that it is the security certification they would like to take next.

    This course equips you with the knowledge necessary to implement and maintain an Information Security Management System (ISMS) which is compliant with ISO27001. This course is relevant and useful for anyone involved in a company’s (or organization’s) ISMS, including managers, consultants, those responsible for maintaining ISO27001 compliance, and ISMS team members. There are several different providers of this course, some offering it as an in-person course, others offering it online, so be sure to explore which version is the best fit for your specific needs and circumstances.


    CAST611 Course - APT Coupon Code8. APT – Advanced Penetration Testing – by EC-Council

    In 8th place is the APT (Advanced Penetration Testing) Course with 1% of the votes. It was most popular in Europe (2%), in particular in the computer hardware (14%) and consulting (3%) sectors and among those earning between $81,000-$100,000.

    Similar to OSCP and OSCE, the APT course prepares ethical hackers for real world scenarios. Students have to overcome defenses as well as discover targets, similar to situations you may encounter in ‘the real world’. Not only does the course teach you how to perform a professional security test, but it also shows you how to then present your findings in reports. For IT professionals who are serious about a career in information security, this course is a valuable addition to your skills and qualifications.

    The course includes invaluable training about real world penetration issues, including:

    • Exploitation
    • Post Exploitation
    • Advanced Techniques
    • Data Analysis
    • Reporting

    20% Discount available using our APT Coupon Code, or read more about the APT Online Course first.


    OSCE Certification9. OSCE – Offensive Security Certified Expert – by Offensive Security

    In 9th place is the OSCE (Offensive Security Certified Expert) with 1% of the votes. It also looks like a popular course for the future with 3.8% of respondents stating that they intend to take it as their next cyber security certification.

    The OSCE course is another ethical hacking certification offered by Offensive Security. As with OSCP, the OSCE course is designed for professional penetration testers. The exam itself involves a vulnerable network which has been designed to be penetrated within a 48 hour (yes, this exam is 48 hours long!) period. Their are a variety of hosts and points are awarded for each one compromised. Passing this exam demonstrates the candidate’s ability to think laterally and penetrate information security systems in real world scenarios.

    A prerequisite is the Cracking the Perimeter (CTP) exam.


    10. GSEC – GIAC Security Essential – by SANS (and other providers)

    In 10th place is the GSEC-GIAC Security Essential course, also with 1% of the votes.It was most popular in the Americas, in particular in the banking sector (5%).

    The GSEC course is a good option for entry level information security professionals. It is considered to be a good “all-rounder” demonstrating not just theoretical knowledge about information security, but also hands on practical skills. These include the ability to prevent common wireless attacks, password management, DNS, and cryptography fundamentals among others.

    The exam itself takes 5 hours and has 180 questions.


    Honorable Mentions

    The courses below did not make the top 10 in our survey, but we have picked them out as honorable mentions:

    CCISO Coupon CodeCCISO – Certified Chief Information Security Officer – from EC-Council

    The CCISO Certification from EC-Council is an industry-leading CISO training program that recognizes the variety and depth of real-world experience that is required to succeed at Executive level in information security. Itwas listed above the CISSP as one of the certifications held by top earners in Certification Magazine’s ‘Salary Survey 2015: An All-New Salary Survey 75’. or

    20% Discount available using our CCISO Coupon Code, or read more about the CCISO Online Course first.

    EC-Council CES Course - CES Coupon CodeECES – Certified Encryption Specialist – by EC-Council

    Encryption is becoming an increasingly important part of cyber-security. This course will teach you the foundations of modern symmetric and key cryptography, including the details of algorithms such as Feistel Networks, DES, and AES. In terms of practical application, you will learn how to set up a VPN, encrypt a drive, knowledge of steganography and cryptographic algorithms.

    EC-Council’s ECES Course is for anyone involved in the selection and implementation of VPN’s or digital certificates should attend this course. Without understanding the cryptography at some depth, people are limited to following marketing hype.

    20% Discount available using our CES Coupon Code, or read more about the CES Online Course first.

     

    CHFI

    CHFI – Computer Hacking Forensic Investigator – by EC-Council

    The CHFI from EC-Council is a computer forensics course that will give you a range of skills to help you identify an intruder’s footprints and teach you how to gather the necessary evidence to prosecute.

    You will be taught about many of the top tools used in computer forensics, including hardware, software, and specialized techniques.

    It is no longer a matter of “will your organization be comprised (hacked)?” but, rather, “when?”

    Make sure you’re ready by completing this online training course and getting certified as a Computer Hacking Forensic Investigator.

    20% Discount available using our CHFI Coupon Code, or read more about the CHFI Online Course first.

     

    CND Coupon Code

    CND – Certified Network Defender – by EC-Council

    The CND course from EC-Council is the most advanced Certified Network Defense course with 14 of the most current network security domains any individuals will ever want to know when they are planning to protect, detect, and respond to the network attacks. Using the CND coupon code (“INFOSEC20”) allows you to obtain this qualification with a 20% discount.

    20% Discount available using our CND Coupon Code, or read more about the CND Online Course first.


    Save on the best Cyber Security Certifications through ISCN

    Many of these training courses are available through our partners at discounted rates for the ISCN community (which you are already a part of if you’re using this site). You can view the full list of our current training discounts on our homepage.

    Start today to find out more and start your journey, get certified, and get that promotion!

    Get started

    Read more
  • Quantum computing and the threat to to information security

    Posted on 19/07/2019 by | 0 comments

    Introduction – what is quantum computing?

    This has been defined as technology that:

    “makes direct use of distinctively quantum mechanical phenomena, such as superposition and entanglement, to perform operations on data.”

    (Source: https://www.sciencedaily.com/terms/quantum_computer.htm)

    How does quantum computing work?

    In order to understand quantum computers, it helps to first understand ‘traditional’ computers. The computer or phone you’re using now to read this stores information in ‘bits’. This is a electronic and is a binary option of 0 or 1. Contrast this with quantum computers, which store information with ‘qubits’. These work in accordance with quantum physics, hence the name ‘quantum computing’. Quantum physics can be a bit counter-intuitive, with interesting ideas like ‘particles can simultaneously be everywhere at once’, or in the case of qubits, they can be 0, 1 or both at the same time! The bottom line here is that the potential processing power a quantum computer using qubits could far outstrip a traditional computer using bits.

    Quantum computing and information security

    Why is quantum computing a threat to information security?

    The simplest way to crack an encryption is to try all possible combinations until you get the right one. The current information security encryption technologies essentially rely on the fact that our current computers do not have the processing power to do this. For example, even with a 64 alpha-numeric encryption it took 300 computers over 4 years to crack. Increase this to 128 alpa-numeric symbols and we’re talking millions or even trillions of years. However, with qubits and quantum computing being much faster, they will be able to try all possible combinations at a much faster speed.

    When will quantum computing be able to crack the current encryption technologies?

    Quantum computers already exist, however the current processing power is not sufficient to crack any of the contemporary encryption technologies currently being used. It has been reported that the technology required is now only few years away.

    What can information security professionals do to combat the threat of quantum computing?

    Companies such as DigCertLabs are investing heavily in staying ahead of this threat. They have developed (and are developing) new technologies which provide additional obstacles for quantum computers. So, for now, information security professionals can breathe a small sigh of relief. However, the real question here is this: Will quantum computers develop at a faster rate than encryption technologies? Or will information security professionals always be able to stay one step ahead? Perhaps only time will tell.

    About Infosec-Careers.com

    infosec-careers.com is a provider online courses and discounts for information security professionals. Read about the best cyber security courses in 2019 or view our online cyber security course discounts.

    Read more
  • The Top 5 Cyber Security News Stories this Month (March, 2019)

    Posted on 21/03/2019 by | 0 comments

    This post aims to give you a quick update about the top 5 cyber security news stories which have happened in March, 2019.

    Online security training courses1. The Facebook DNS attack

    Anyone who still uses Facebook will know that the service (for many users, but not all) was temporarily down for several hours earlier this month. This was caused by a vulnerability of Facebook servers, leaving them open to DNS attacks. Although simple, these attacks were extremely effective, with the attacks also affecting Facebook’s other properties, Whatsapp and Instagram. The vulnerability has since been fixed, but it is a reminder of how quickly and easily even multinational tech conglomerates like Facebook can be brought to their knees.

    Read more about this story.

    2. Ransomware hackers target the industrial sector

    After successful ransomware attacks on the healthcare sector last year, ransomware hackers this month turned their attention to the industrial sector. One of the world’s largest aluminium producers, Hydro, admitted that its systems had been hacked. Nowadays, manufacturers like Hydro rely more and more on computerized systems, which can help productivity and efficiency, however it leaves them more vulnerable to such attacks. This attack is of particular significance because of the size of Hydro, which employs thousands of people worldwide in over 40 countries.

    3. SMS: The new platform for scammers?

    We are all familiar with emails from someone claiming to be a long lost aunt, the Prince of Arabia, or a Spanish lottery fund, all of whom claim to have great news for us in terms of offering us money. As information security professionals, we can spot such scams a mile away. And, fortunately, the average consumer is also (finally!) getting wise to such scams. HOWEVER, the scammers have responded by taking things up a level. They are now using SMS as a new way of reaching and interacting with their potential victims.

    Read more about this story.

    best cyber security courses4. Security spending now over $100 billion

    According to the IDC, information security spending reached $103 billion in 2018. For anyone in the cyber security sector, this is good news. It means our industry is growing, hence more employment opportunities. It shows a real (and growing) need for information security. This is, of course, an expected trend. With more and more processes being computerized and moved online, it’s logical that these processes (and the companies and organizations which run them) need to be protected.

    Read more about this story.

    5. Phishing attacks increased by 100% in 2018

    Not only is security spending increasing, but the number of attacks is also increasing! 2018 saw the number of phishing attacks DOUBLE. These attacks were comprised of traditional methods, as well as more innovative methods. The usual tactic of phishing on the back of mainstream events, such as the GDPR requirements, or other news stories, were commonplace. It stands to reason that phishing is working, else they would not continue. The next question then is how to defend against such attacks, or how to better educated staff and the general public to differentiate between authentic communication and phishing.

    Read more about this story.

    About ISCN

    ISCN is a provider of discounts for cyber security courses. You can browse discounts by company/organization, new courses, popular courses and more. You may also be interested in reading the results of our survey about the best cyber security certifications in 2019.

    Read more
  • 6 Cyber Security Predictions for 2019

    Posted on 28/12/2018 by | 0 comments

    It has been an eventful past 12 months in the world of cyber security. 2018 saw the boom and bust of crypto currency mining and markets, huge data loss issues (even the loss of government held user data), as well as ongoing malware attacks.

    What is less clear is what the future holds. However, here at Infosec-Careers.com we’re going to stick our necks out and make the following 6 predictions:

    1. The growing importance of AI

    AI is increasing in all areas of our lives and with it will come new opportunities for hackers. Tasks previously done by humans will become automated, opening the door to cyber security threats. What is interesting is that not only are AI systems being targeted, but AI systems are also being used by hackers as tools in the process.

    And guess what – AI will also be used to defend against such threats. In other words, we’ll have the bizarre situation where AI systems are being defended by other AI systems against (yes, you guessed it) AI systems.

    2. The expanse of 5G networks

    2018 already saw the growth of 5G, but 2019 will see this move to the next level. In case you’re wondering what this has to do with cyber security, well, the answer is a lot. The increased speed and volume of data which 5G networks can handle will result in a corresponding increase in companies and programs which utilize it. With more processes being conducted online, the hacking opportunities (and subsequent need for cyber security) will increase.

    3. Continued increase of data protection measures

    Anyone who has worked with clients in the EU will know how significantly government regulation can affect data protection. GDPR was unrolled in 2018 which ramped up the responsibility of companies to protect customer data, plus to inform those customers about what they intend to do with the data and how they will keep it safe. With the huge data hack scandals of 2018 (e.g. when Facebook lost the data of 2.2 BILLION users), it’s likely that this demand for security is being fueled not just by governments, but by a general public who is angry at such corporations. As such, this is a trend which is likely to continue well into 2019 and beyond.

    4. Increase in government sponsored activity

    In addition to governments attempting to protect their own citizens, we are likely to see an increase in governments also using cyber attacks as a means of offense. In a world where everything is digitalized, it can be far quicker, cheaper, and easier to weaken your enemies will well-targeted hacks instead of expensive and unpopular traditional means of warfare. What is more, such attacks can often be carried out with almost complete anonymity (if done well!) These may come in the form of straight out attacks with the intent of disabling or weakening systems, espionage, or may even election meddling, as reportedly seen with Russia’s involvement in the US and UK elections.

    5. Increasing role of multi-factor authentication

    With online fraud increasing, it seems logical to assume that companies will take measures to tackle this. And one of those methods is to require multi-factor authentication. Most of us have seen it already with online banking, however this may be extended further to many other companies (and organizations) not currently making use of it.

    6. Increasing importance of certifications

    With a booming cyber security industry, the number of employees in the field has correspondingly increased. With more competition for positions, how can employers filter out the ‘good’ employees from the ‘bad’? One way is by comparing education and qualifications on applicants’ resumes. As such, the importance of cyber security certifications is predicted to increase. For those interested in  developing their careers by obtaining such qualifications, it may be worth reading our previous blog post about “The Top 10 Cyber Security Certifications in 2019.”

    Read more
  • The Top 5 Sites to Stay Informed about Cyber Security Threats

    Posted on 25/09/2018 by | 0 comments

    As an information security professional, we know that you’re usually the one that your colleagues, managers, or shareholders rely on to have an up-to-date understanding of the current threats out there, and advice for how to avoid them.

    This blog post aims to list the top 5 sites which help you do this.

    What are the top 5 sites to stay informed about cyber security threats?

    1. https://www.us-cert.gov/ncas/alertsThe United States

    US Cert

    Figure 1: Screenshot from US-CERT

    The United States Computer Emergency Readiness Team publishes a list of current cyber attacks and potential threats.

    Positives:

    The alerts are available in RSS format, meaning you can be kept up-to-date with these threats via your RSS Feed Reader on your phone.

    Negatives:

    The downside is that these update are few and far between. The most recent alert is from June 20, 2018 (correct at time of writing), which is already months ago!

    2. https://www.ncsc.gov.uk/threats

    The National Cyber Security Center (a part of the UK’s GCHQ) is essentially the UK’s version of US CERT. It issues alert notices regarding cyber attacks detected in the UK. Despite being a UK site, many of these attacks will also have global relevance.

    Positives:

    The alerts are available via Twitter.

    Negatives:

    As with US-CERT, the frequency of updates is poor. The most recent update was the 25th of July 2018 (correct at time of writing), several months ago.

    3. http://www.digitalattackmap.com/

    The Digital Attack Map provides a real time map of DDoS attacks showing where the attacks are taking place and the country of origin of those attacks.

    Positives:

    If you are a visual person, this map is for you. It provides a great visual representation of DDoS attacks, combined with the ability to change the view according to attack type, country, duration, as well as other variables. It is also in real time.

    Negatives:

    Despite providing a great visual, it’s hard to see the direct benefit to Information Security professionals. The information is on such a macro level (the country being the smallest unit of analysis), the the information is not really usable.

    4. http://map.norsecorp.com/#/

    Norse Threat Detector

    Figure 3: Norse Real Time Cyber Attack Map

    This is another map showing real time cyber security attacks. Norse boasts the world’s largest dedicated threat intelligence network with over 8 million servers.

    One of the great advantages of this map over the Digital Attach Map, is its specificity when it comes to the source of the attack. With more specific data, cyber security professionals are able to better pinpoint the source of the attached and, therefore, how to stop it.

    Positives:

    Real time cyber security information with more detail than the Digital Attack Map.

    Negatives:

    The map is a tool to persuade you to sign up to Norse’s paid-for services.

    5. https://www.bbc.com/news/topics/cp3mvpdp1r2t/cyber-attack

    For those of you looking for a more mainstream, article style newsfeed, the BBC is not a bad option. Based on the last few weeks, it has been publishing 3 to 4 articles a week about cyber security attacks. Of course, these articles will often lack the technical detail many cyber security professionals are accustomed to, however, for a general overview and update of mainstream threats, it is a nice option.

    Positives:

    Regular updates in article form. Accessible language which can be forwarded to clients or non-technical colleagues.

    Negatives:

    Lack of technical details and always retrospective, not in real time.

    Further Information

    Are you a cyber security professional looking to advance your career? Take a look at our list of the Top 10 Cyber Security Certifications in 2019.

    Read more
  • 1st Quarter of 2018: 3 Cyber Security News Stories which shocked the World

    Posted on 07/04/2018 by | 0 comments

    We’re already a quarter of the way through 2018. And it seems the cyber security trends of 2017 are continuing into 2018. Just 3 short months have passed, but we have already seen 3 big stories break the news.

    1st Quarter of 2018: 3 Cyber Security Stories which shocked the World

    1. Facebook compromises data of 2.2 billion users

    Yes, that’s right – 2.2. billion. So the odds are that if you have a Facebook account and you’re reading this, then you are likely to have one of the compromised accounts. However, unlike other data breaches which involve hacking, this data was willingly handed over. It has caused a media frenzy and raised questions about the ethnics of data sharing. It raises the question of where should the line be drawn and the responsibility of data protection for individual users vs. companies. Read more about this story.

    2. Indian Government Identity Card Database Leaks Data of 1 Billion

    Now this story was perhaps even more shocking. Unlike Facebook, residents of India do not have a choice of whether or not to provide their data. Aadhar is the Indian Government’s identify card database and apparently their data is being sold off (illegally) for a mere 500 RS. What is unnerving about this story is that it is government held data. After all, if national governments cannot keep people’s data safe, then it raises the question of who can. One thing is for sure – the cyber security skills necessary in 2018 and beyond are evidently lacking. Subsequently, it is no wonder that courses such as EC-Council’s Certified Ethical Hacker Course have become so popular. Interested in this course? Get a discount on this course with our CEH Coupon Code. Or read our recommendations of the Top Cyber Security Certifications in 2018.

    3. The Growth in Crypto Currency Mining

    Despite the recent decrease in the value of Bitcoin, data currency mining has continued to boom. But how does this relate to cyber security? The answer is that crypto currency mining requires a large about of processing power. This has led many mining projects to ‘steal’ the processing power of third party computers. In other words, they are hacking other computers to use them to help mine. Subsequently, from a cyber security perspective, it is important for users to be diligent about protecting their computers from such malware.


    About ISCN

    ISCN provides online security discount codes for some of the major online security certifications. We now have discount codes for many online security training courses. Here are some of our most popular offers. Click on the links below to view the discounts available:

    Or view all Security Training Courses here.

    Read more
  • CSCU Coupon Code – EC Council’s CSCU Course – Reduced Rate with this Code

    Authorized EC-Council CyberSecurity Online Course ResellerCSCU Coupon Code – SAVE ON THE CERTIFIED SECURE COMPUTER USER ONLINE TRAINING FROM EC-COUNCIL

    **USE CSCU COUPON CODE INFOSEC15 FOR A SPECIAL REDUCED RATE**

    Get started

    Why take the CSCU Course?

    For those who are relatively new to the world of cyber security and want to get their first qualification, this one is a great starter option. As an introduction to cyber security, the course is designed for people with limited knowledge experience in the field. It aims to equip participants with a fundamental understanding of computer and network security threats such as:

    • identity theft
    • credit card fraud
    • online banking phishing scams
    • virus and backdoors
    • emails hoaxes
    • sex offenders lurking online
    • loss of confidential information
    • hacking attacks and social engineering

    Plus, as a result of completing the course, you are likely to learn ways to protect YOURSELF and your own data online.

    About the CSCU Online Training Course

    Soar to new Heights with this introduction to cyber security! The purpose of the CSCU training program is to provide students with the necessary knowledge and skills to protect their information assets. This class will immerse students into an interactive environment where they will acquire fundamental understanding of various computer and network security threats such as identity theft, credit card fraud, online banking phishing scams, virus and backdoors, emails hoaxes, sex offenders lurking online, loss of confidential information, hacking attacks and social engineering. More importantly, the skills learned from the class helps students take the necessary steps to mitigate their security exposure.

    CSCU Course Outline

    • Module 1 (Introduction to Data Security)
    • Module 2 (Secure Operating Systems)
    • Module 3 (Malware & Antiviruses)
    • Module 4 (Internet Security)
    • Module 5 (Security on Social Networking Sites)
    • Module 6 (Securing Email Communications)
    • Module 7 (Securing Mobile Devices)
    • Module 8 (Securing the Cloud)
    • Module 9 (Securing Network Connections)
    • Module 10 (Data Backup and Disaster Recovery)

    Recent news about the CSCU Course


    Get started

    **USE COUPON CODE INFOSEC15 FOR A REDUCED RATE**

    CSCU Online Course FREQUENTLY ASKED QUESTIONS

    Not sure if EC Council’s CSCU Online Course is right for you? Read our FAQs below to help clear up any uncertainty.

    Who is the CSCU Course designed for?

    This course is specifically designed for those just starting out in the field of cyber security, plus computer users in general. As the internet is quickly moving into a necessity, so is the need to learn how to safely browse, watch videos, send email, and even work online.

    What does the CSCU Course include?

    • Instructor-led, streaming video training modules – 1 year access
    • Official EC-Council e-courseware – 1 year access
    • iLabs, virtual lab platform – 1 year access
    • Certification Exam Voucher
    • Certificate of Attendance

    Can I see a Demo of the CSCU Course?

    Yes – you can – here you go! Click on the video below to view.

    How do I use ISCN’s CSCU Coupon Code to receive a Reduced Rate?

    To receive the Reduced Rate you need to enter ISCN’s CSCU Coupon Code “INFOSEC15” when purchasing the course. View the video below for a demonstration.

    **SAVE ON CSCU ONLINE TRAINING FROM EC-COUNCIL – USE COUPON CODE INFOSEC15**

    Get started

    REDUCED RATE

    VALID
    Reveal offer