Keeping Tabs on the CompTIA Security+ Certification
Subnetting is a topic that no one really likes to discuss because as every Networking Professional will attest to, subnetting stinks.However, it is an essential topic to have mastered if you are to build your career a networking professional. Cisco certifications demand that someone knows what they are doing when it comes to subnetting.
We cam across two videos, and intro to subnetting and an advanced subnetting video. Both of which are free.
We have a lot of people writing in asking about the role VMWare plays in the future of information assurance. It will be significant one day, but for now the place to start with this type of training is in the VCP Certification. So, what is the VCP cert you ask? Let’s begin…
The VCP Certification from VMWare is a highly marketable certification that IT professionals can benefit from. VCP stands for Virtual Certified Professional and is a part of the virtualized line of technology associated with VMWare. Virtualization has a host of benefits not limited to:
1. Green technology
2. Efficient use of software
3. Becoming a leader in the field of cloud computing
Virtual technology allows businesses to secure knowledge management and data in the similar fashion that consumers use products to view and simulate an operating system on the could or retrieve documents from home.
VCP’s intended audience
Professionals who work with virtualization and cloud computing will benefit from a VCP certification. If you are working with rapidly evolving computing platforrms “on the cloud” as well as a full understanding of the VMWare Virtual Infrastructure product line. Professionals should already possess an understanding of basic VMWare knowledge. System administrators, engineers, and operators will benefit from this certificate.
The path to VCP Certification
VCP certificatation is comprised of a series of paths that must be followed sequentially:
1. The VMWare vSphere course allows students to install, configure, and manage vSphere server, which lasts five days in length and can be completed online or in person.
2. The additional course, VMWare vSphere: Fast Track builds upon the first course and focuses on the design, installation, and configuration of virtual environments.
The examination, which concludes the coursework, is the VCP510 examination. This 90 minute test is comprised of 85 questions as well as a survey to be taken prior to the exam.
Additionally, the VCP-Cloud certification can help differentiate your abilities by administering configuration for virtual cloud environments using vCloud Director. This demonstrates an heightened understanding of content from vSphere skills on managing other vendor applications. The new certification process places candidates into distinct categories of expertise:
VCP-certification is the culmination of both datacenter and cloud certification. VCP5-DV, or VCP-Datacenter, is the standard VCP certification for the majority of professionals. For those who currently have a VCP4 certification, the VMWAre vSphere: What’s New refresher can obtain VCP5 certification. The same course can be completed if there is no VCP certification but one of the VCP4 qualifying courses was taken as well.
The Value of the VCP
Finally, by passing the examination for VCP and VCP-Cloud, the IT Professional has the unintended bonus of being eligible for more advanced certifications as well as cross-platform benefits for other IT certifications. Virtualization is a technology that is not going away anytime soon and reflects this in current salary estimates.
References
VMWare’s VCP Page – VMWare
Salary Information – IT Knowledge Exchange
VMWare Training – TrainACE
Not many people really relate the words “computer forensics” and “fun”. BUT, there is a situation we know of that includes the both of these.
Obviously, baseline computer forensics are necessary for pretty much the majority of folks in information assurance and security. Well, coming up next month (end of October) in Miami, Florida is the Hacker Halted conference. Now Hacker Halted has been on our radar for probably about 4 years now.
First, the conference developed a reputation for delivering excellent breakout sessions. They do, seriously good, technical and useful side sessions throughout.
Second, they developed the reputation for having a kick-ass party! Nough said.
Third, they developed a reputation for having excellent key note speakers and other feature speakers. They definitely bring some of the top names in the field.
Fourth, they added some excellent training that if purchased, you get all the rest, and an iPad, for free!
Well, this year’s the highlighted training event is definitely the CHFI class by forensics icon Robert Reed. The class is four days and the exam is given on the final day. Its well worth a look, check it here:
http://www.hackerhalted.com/2012/Training/ComputerHackingForensicInvestigator%28CHFI%29.aspx
Computer forensics play an important role in modern information technology (IT) security. As the number of computer systems across the world has increased, the number of businesses and government organizations that rely on these systems has increased significantly. The following guide explores the importance of computer forensics in IT security.
It’s important to understand how information and data can be stolen by adversaries. In many cases, information and data is stolen for financial gain by a hacking group or government entity. For example, many personal and business computers are infected every year with malware that sends out automated spam messages. These spam messages provide free affiliate revenue for the developers of the malware. In addition, malware can be used to steal personal banking information and can facilitate identity theft.
Some hackers will also use computer security issues to steal valuable company information and blueprints. For example, companies in the United States experience thousands of intrusions every day from countries like China. Since China has been a capitalist nation for a limited amount of time, it doesn’t have the same amount of information that the United States does. Without this information, it can be difficult to build electronics, cars, pharmaceutical drugs and other types of equipment. Because of this, China employes professional hackers to break into American companies.
Some criminals will also use forensic techniques to hide information from law enforcement officials and other government regulatory bodies. For example, tools like Tor and Truecrypt can make it impossible to determine what an individual is doing on his or her computer. If an individual is working with a drug cartel, he or she might use encryption technology to hide instances of money laundering and other types of drug-related crime.
Computer forensics can be a great way to combat many of these types of activities. While computer forensics is an investigative procedure, it can teach researchers more about how systems are being misused. In addition, computer forensics can help law enforcement officials recover information that can be used as evidence in a criminal or civil case.
It’s important to remember that computer forensics is a passive activity. It doesn’t actively work as a defensive or offensive force. Instead, it’s used to recover information that can help IT officials or law enforcement officers.
Traditional IT security combines both passive and active protection systems. For example, active systems can include firewalls, anti-malware programs, antivirus programs, intrusion detection technology and more. Active systems can also include attempts to disable an offensive through a digital attack or network flood.
There are a number of ways a company can recover information after a hacker intrusion. For example, many hacker intrusions will leave certain digital signatures that can reveal the origin of the hacker. Based on this information, it may be possible for a company or government entity to launch a retaliatory campaign.
Computer forensics can also recover digital footprints left by encrypted files and other information on a computer. While many people think deleting a file will remove it from a computer, it’s often possible to recover it using specialized techniques. In many cases, a computer operating system like Windows will simply mark the sectors of a hard drive as empty. If a user adds more data to his or her computer, the old information will be overwritten. However, it’s still possible to recover data until that time.
Computer forensics plays an important role in modern IT security. With computer forensics, it’s possible to investigate hackers, financial criminals, drug dealers, company informants and much more.
Get the CHFI, Forensics Training Class at the Hacker Halted Conference
IT security is one of the most in demand areas of information technology and network management in the industry today. IT security offers numerous opportunities for growth and development and bestows a wide range of employment opportunities for IT professionals with the appropriate and up to date credentials.
As a result, it is no surprise that many systems and network professionals are interested in applying their background and experience toward a career switch to IT security. However, it is not enough to simply have worked in systems administration; it is necessary to have the right training to be competitive in the job market.
This article will provide suggestions regarding a training path for IT professionals who are interested in making the switch from general systems or network administration and support into IT security. Perhaps the most optimal training path involves a two step process beginning with Security+ certification and continuing with Certified Ethical Hacker certification. The article will also include some reasons why these certifications are recommended for this suggested training path for transitioning from systems and network management into IT security.
The first component of the suggested training path for transitioning from general systems and network support to IT security is the completion of the Security+ certification (ie. http://www.securityplusclasses.com/). The Security+ certification is an excellent first step because it focuses entirely on approaches to network and data security in a variety of network environments. The certification is not partial to any vendors, making it highly flexible and adaptable to a range of enterprise settings. Furthermore, it is a completely international certification that is valid and accepted around the globe.
Technicians who obtain Security+ certification will have evidence that they are well versed in network administration and security, protocols related to access control, system security at the individual level, and enterprise-level security that spans entire organizations with a broad, top-level approach. The Security+ certification is best suited for technicians with more seniority and experience who are ready to work in IT security environments. Upon completion of this certification, technicians will be well prepared to work in network support environments for the federal government as well as high end corporate environments.
The second component of the suggested training path for transitioning from general systems and network support to IT security is the completion of the Certified Ethical Hacker certification (http://www.trainace.com/courses/ceh/). The Certified Ethical Hacker certification prepares technicians and administrators to tackle a range of network intrusion attempts through some of the most sophisticated and up to date countermeasures available in the industry.
Administrators who hold the Certified Ethical Hacker certification will be well prepared to work in any IT security environment. Their certification is upheld and backed by the EC Council, or the International Council of Electronic Commerce Consultants. According to the EC Council’s guarantee, the administrators who have completed the Certified Ethical Hacker certification will have a firm foundation in defending networks, penetration testing through a variety of advanced methods, and how to use and defend networks against methods of intrusion that are commonly used by hackers and crackers.
Holders of this certification will demonstrate their IT security comprehension and aptitude through their ability to execute demonstration attacks against the security configurations of networks of any size. Through these demonstration attacks, they will be able to search for points of entry and point out any possible areas of weakness before the same penetrations are attempted by people with nefarious intentions.
Because the material taught to candidates for the Certified Ethical Hacker certification is sensitive and highly specialized, candidates must have a minimum of two years of work experience dealing with advanced network security before they can begin the certification program and complete the certification exam. The restrictions are put in place in order to keep people intending to use the information taught in Certified Ethical Hacker programs for nefarious purposes from gaining easy access to the information.
In conclusion, given the rich opportunities for growth that come with a background in IT security, it is no surprise that a number of IT professionals with a general background in systems administration and network support have begun to pursue the training and certification necessary to function effectively in IT security positions.
While there are a number of training paths IT professionals may take to prepare themselves for a career in IT security, the most thorough and effective training path is likely to be one that begins with the Security+ certification and proceeds into the completion of the Certified Ethical Hacker certification. Upon completion of these certification programs, technicians and administrators will be well prepared to enter the dynamic and challenging field of IT security.
Protecting U.S. military communication and data access systems is critical to ensuring national security. Defending the nation from modern threats, whether from terrorists, nations or hackers, increasingly involves in-depth knowledge of networked computer architecture. Accordingly, the U.S. Department of Defense (DoD) has mandated that military and civilian personnel who access these systems must demonstrate the solid technical proficiency and operational awareness to effectively maintain the integrity of its classified computer networks.
U.S. (Department of Defense) DoD Directive 8570.1, issued in 2004, requires IT professionals who work in certain defense-related technical and management capacities to obtain standardized credentials to validate their knowledge of proper use of classified systems. The 8570.1 Directive specifies that Information Assurance Technical (IAT) and Information Assurance Management (IAM) personnel, at IAT Level II or IAM Level I, respectively, must either currently hold or obtain a vendor-neutral security-related certification shortly after being hired. This mandate applies to military personnel and civilian contractors who handle privileged information through DoD networks. Although staff are not specifically required to hold the Security+ certification to work in IAT Level II or IAM Level I positions, it is one of several that Defense Department employees and contractors can earn to satisfy the 8570 requirements. For example, an IAT Level II Computer Network Defense Analyst must earn at least one of the following certifications:
* CompTIA Security+
* SCNP (Security Certified Network Professional)
* GSEC (GIAC Security Essentials Certification)
* SSCP (Systems Security Certified Practitioner)
The IAT-ranked engineer can hold one, several, or all of the above certifications. Similarly, a network manager classified as IAM Level I would be required to hold at least one of these certifications:
* CompTIA Security+
* GISF (GIAC Information Security Fundamentals)
* GSLC (GIAC Security Leadership Certification)
CompTIA’s Security+ certification is popular because it builds on the fundamental knowledge demonstrated through obtaining the A+ and Network+ certifications, both of which are common requirements for entry-level IT jobs. In fact, CompTIA lists either a Network+ certification or equivalent knowledge obtained from work experience as unofficial prerequisites for those who intend to take the Security+ exam. Most accredited training programs that teach Security+ concepts will also strongly suggest that students possess comprehensive knowledge of network architecture before enrolling in preparation courses.
The 90 minute Security+ exam consists of 100 multiple-choice questions that measure knowledge of general computer network security, cryptographic principles, intrusion defense, access management and other concepts and practices essential to securing classified military IT systems. Those who seek the Security+ credential should know that an updated version of the exam was released in May 2011. Any preparatory courses or study materials purchased should specifically refer to test SY0-301. Books or courses based on the old SY0-201 test, which was retired on December 31, 2011, may not provide adequate coverage of topics included in the most recent certification exam.
Because the knowledge required to effectively secure classified IT systems constantly changes, the Defense Department will soon require Information Assurance Program staff who qualify with Security+ certifications to regularly renew their credentials. Effective January 1, 2013, the only CompTIA certifications to be recognized as DoD 8570-compliant are those with a “CE” designation. These new certifications will be marked as “CE” to distinguish them as part of the continuing education track, where credentials must be renewed every three years to remain valid. Renewal can be achieved by taking the latest version of the certification exam or completing 50 continuing education units. These units can be earned through coursework, teaching, publishing or attending relevant IT conferences.
Get Security+ Training Information: http://www.trainace.com/courses/securityplus/
Welcome to the first post on SecurityPlus.Org At this site we plan to discuss the topics and trends happening in the arena that surrounds the CompTIA Security+ certification (information assurance) and of course discuss topics specifically about the Security+. Some of the the things we will cover include job and salary information and changes, content and exam changes and notifications, new content addition analysis, exam preparation tips and tricks and more.
For those of you who have not been paying attention to the Information Assurance (IA) industry, up until now anyways, the CompTIA Security+ (Security Plus) certification is the absolute most popular certification in the industry. If you work or plan to work in IA then achieving the Security+ is a must for you. More people in IA hold this cert than any other cert and for good reason.
The main reason is that Security+ covers a relatively wide but fundamental scope of information in the IA field. Best practices for any employee and manager are included and are typically implemented in to any secure environment in today’s workforce. Preventative topics like social engineering are covered as well, which help prevent most people from making small mistakes that can lead to data breaches.
The DoD8570 Directive also has much to do with the widespread popularity of the Security Plus cert. This Department of Defense directive makes it mandatory for most people working in an environment where they may come across or handle DoD classified information to hold the certification.
So as the popularity of the Security Plus certification grows, we will keep you posted on what you need to know. Changes are consistently being released and we will be there to keep you informed.
Blog at WordPress.com. Theme: Nishita by Brajeshwar.
