Techlabs: July 2020

Tuesday, July 28, 2020

IS IT help desk a good job?

Those looking to break into the IT industry -- whether they are recent college graduates or entry-level professionals, or are transitioning from another profession -- often have the same initial question: Where do I start?

The concern is legitimate. The first steps you take as you launch your career in the technology field play a role in establishing the professional path you ultimately take. It’s also necessary to build a solid foundation of skills and experience early on so you can prepare yourself for additional responsibilities and advancement opportunities down the road.

> So, what’s a good first job? Quite frequently, rewarding IT careers start on the help desk. The support field is booming as companies continue to expand their operations and invest in technology to fuel this growth. In addition, the release of new systems and products rarely slows -- the new Windows Vista and accompanying Office updates are good examples -- meaning there is a steady need for specialists to help end users troubleshoot the applications and hardware they rely on.

> But more important, a help desk job can put you in a good position for future growth. Here are a few reasons why:

Hard skills development. Help desk technicians work with nearly every system a company uses or sells. That includes operating systems -- applications, networks, the Internet, hardware and peripherals. In a help desk role, you can gain in-depth, real-world knowledge of these technologies, an especially valuable commodity for workers with little or no job experience. This wide-ranging exposure allows you to not only build your hard skills, but also determine which technologies you have the greatest passion for.

Soft skills development. There’s no doubt well-developed technical skills are essential for any IT professional, but that doesn’t mean they’re all you need to build a successful career. Increasingly, managers are looking for employees who also have strong interpersonal skills, such as communication, problem-solving and leadership abilities. These so-called soft skills can be learned on the help desk. Think about it: Performing step-by-step troubleshooting of a proxy server configuration with a person unfamiliar with the workings of the e-mail system allows you to build your communication skills. And keeping your cool when helping a stressed caller resolve his problem can improve your tact and diplomacy.

Advancement potential. Perhaps the best part about a help desk role is that it’s often possible to leverage the skills and experience gained there to secure a higher-level position. Many network, Web and e-mail administrators, for example, got their starts on the help desk. In addition, many advancement opportunities exist within the help desk itself. In large companies, Tier 2 and Tier 3 professionals are needed to supervise, train and assist junior help desk technicians. Another potential career path is to pursue a position as a help desk manager. According to the Robert Half Technology 2007 Salary Guide, the national average starting salary for help desk managers is $62,500 to $88,250 this year.

Comment

Monday, July 27, 2020

How do I know which security type I’m using?

security professional

Wi-Fi security is designed to prevent unauthorized access to devices on a wireless network. Most home routers provide multiple security modes, which vary in levels of protection. The Wi-Fi security types supported by Nanit have been listed below from most to least secure:

While Nanit supports WPA2, WPA, and WEP encryptions, we recommend you secure your network with WPA2 only. WPA2 ensures the most secure experience with Nanit and your personal data.

Note: If you decide to change your network security type, devices that use the WEP encryption will disconnect. If necessary, check the device setting and change the security type to WPA2. Nanit works best with WPA2-AES, (which is normally the default). We do not suggest using WPA2-TKIP.

How do I know which security type I’m using?

Using your mobile device, you may be able to determine the security type from your device’s Wi-Fi settings. To check the encryption type:

Open the Settings app on your mobile device
Access the Wi-Fi connection settings
Find your wireless network on the list of available networks
Tap the network name or info button to pull up the network configuration
Check the network configuration for the security type

If your mobile device’s settings don’t specify the security type, you may be able to identify this via the settings on your wireless router. Each router may be different, so you may want to refer to the documentation that came with the device. Alternatively, if the router was set up by your internet service provider, we suggest you contact them for assistance.

Media coverage of large-scale security breaches has focused board-level attention on protecting corporate information. Business leaders are increasingly concerned with security issues, especially any compromise of customer information and intellectual property. However, they often struggle to understand what sort of people they should be looking for to help protect their organisation and where they might find them.

To be agile, organisations need people they can work with to drive their business strategy. They want this across cyberspace, particularly in cloud computing, big data, mobile devices and social media. That means the modern security professional needs multiple skillsets, from communications to technical competence.

The person responsible for protecting information in larger organisations is often called the chief information security officer (CISO). A CISO’s core expertise is to understand IT security or information security above all else. They are seen as the protector of information and the responder to incidents. To be able to cope with these challenges and the speed of change, your CISO needs to understand your business, the risks it faces, and its appetite for more risk.

What it takes to become a CWSP

Secure new opportunities.

Do you know how to assess the vulnerability of a network and help prevent attacks before they happen? Do you know how to perform WLAN security audits and implement compliance monitoring solutions? Do you have experience setting up Wireless Intrusion Prevention Systems (WIPS)?

Today’s wireless network security professionals need to have a deep understanding of the latest software, tools, trends and technologies available. Security professionals are often counted on to advise on security policies (i.e. password and acceptable use). Plus, these experts are responsible for configuring an entire network’s Security Design and Architecture.

Measure your skills and knowledge with this professional-level certification and get on track toward ultimately earning your Certified Wireless Network Expert (CWNE) certification. Those that pass the CWSP exam earn credit towards a CWNE certification.

What it takes to become a CWSP:

The CWSP certification is a professional level wireless LAN certification for the CWNP Program. To earn a CWSP certification, you must hold a current and valid CWNA credential. You must take the CWSP exam at a Pearson Vue Testing Center and pass with a 70% or higher. Instructors must pass with a 80% or higher. However you choose to prepare for the CWSP exam, you should start with the exam objectives, which cover the full list of skills tested on the exam. The CWSP certification is valid for three (3) years. To recertify, you must have a current CWNA credential and pass the current CWSP exam. By passing the CWSP exam, your CWNA certificate will be renewed for another three years.

Main areas covered by CWSP

WLAN Discovery Techniques
Intrusion and Attack Techniques
802.11 Protocol Analysis
Wireless Intrusion Prevention Systems (WIPS) Implementation
Layer 2 and 3 VPNs used over 802.11 networks
Enterprise/SMB/SOHO/Public-Network Security design models
Managed Endpoint Security Systems802.11 Authentication and Key
205 Exam Objectives
CWSP-206 Exam Objectives 2019 (CWSP-206 Exam will replace CWSP-205 in September of 2019)

Management Protocols

Enterprise/SMB/SOHO/Public-Network Security Solution Implementation
Building Robust Security Networks from the ground up
Fast BSS Transition (aka. Fast/Secure Roaming) Techniques
Thorough coverage of all 802.1X/EAP types used in WLANs
Wireless LAN Management Systems (WNMS)
Authentication Infrastructure Design Models
Using Secure Applications
802.11 Design Architectures
Implementing a Thorough Wireless Security Policy

CWSP Exam Summary:

Exam Number: CWSP-206
Cost: $275.00 (USD) - Exam Voucher
Availability: Pearson Vue Testing Centers
Duration: 90 Minutes
Questions: 60 multiple choice
Language: English

Tuesday, July 21, 2020

Certified Wireless Security Professional (CWSP) Online Training Series

Training Series Overview

This series covers the functions and features of Certified Wireless Security Professional. Students will learn the basics of WLAN security, Legacy security, encryption ciphers and methods, 802.11 authentication methods. They will then learn about dynamic encryption key generation, SOHO 802.11 security, fast secure roaming, wireless security risks, and wireless LAN security auditing. They will also learn how to implement wireless security monitoring, VPNs, remote access and guest access services, the WLAN security infrastructure, and WLAN security infrastructure.

Certification Details

The CWSP certification is a professional level wireless LAN certification for the CWNP Program. The CWSP certification will advance your career by ensuring you have the skills to successfully secure enterprise Wi-Fi networks from hackers, no matter which brand of Wi-Fi gear your organization deploys. To earn a CWSP certification, you must hold a current and valid CWNA credential.

Certification Exam Details:
CWSP-205 Certification: Learn More about this exam.

Available CEUs for Course Series Completion: 15
Students can earn up to 15 CEUs for fully completing this course series. This information will be displayed on the certificate of completion. Learn More

Certification Details

Certification Exam Details:
CWSP-205 Certification: Learn More about this exam.

WHAT DOES A SECURITY AUDITOR DO?

security auditing certifications

Security auditors create and execute audits based on organizational policies and governmental regulations. To inspect and assess security controls and practices, security auditors work closely with IT professionals, managers, and executives. Security auditors develop tests of IT systems to identify risks and inadequacies. Security auditors evaluate firewalls, encryption protocols, and related security measures, which requires expertise in computer security techniques and methods.

Through interviews and cooperation with executives, managers, and IT professionals, systems auditors develop plans to improve security compliance, reduce risk, and manage potential security threats.

As external auditors, security auditors offer an objective perspective on an organization's security practices. Companies and businesses bring in security auditors at regular intervals to check their own effectiveness and ensure their systems adhere to industry standards.

Security auditors also introduce new practices and technologies to companies and organizations. By advising companies or organizations to make changes based on their current practices and emerging trends and issues in the field, security auditors facilitate proactiveness. They bear significant responsibility and enjoy opportunities to develop creative security solutions. These professionals travel extensively, offering their services as needed.

Friday, July 17, 2020

Is the CompTIA A+ hard?

comptia salary

The three primary entry-level CompTIA certifications are the A+, Network+ and Security+, and because so many people start their careers focusing on one or more of these certifications, the question often comes up about which certification to take first and which of these you really need for your career.

Should you take the CompTIA A+ before Network+? You don’t need to, and probably shouldn’t take the CompTIA A+ before the Network+ certification exam, because if you’re entering into field of cyber security, your focus should be on obtaining the Network+ and Security+ instead.

I’m sure this response brings up quite a few questions in everyone’s mind, so let’s discuss why skipping the A+ is practical and why you should go for the Network+ and Security+ instead.

Wednesday, July 15, 2020

certified wireless security professional salary

certified wireless security professional

Introduction to Certified Wireless Security Professional

The Certified Wireless Security Professional (CWSP) is a professional wireless LAN certification that will help its candidates to evaluate a network’s susceptibility and foil attacks in advance. The individual conducts security audits for WLAN and deploys compliance monitoring solutions, acquires experience to establish Wireless Intrusion Prevention Systems (WISPS), and learns how to design the security architecture of a network.

Only holders of Certified Wireless Network Administrator (CWNA) certificates can apply for a CWSP certification course. They must take an exam of CWSP at a Pearson Vue Testing Center. CWSP credential is valid for three years. It trains candidates on how to identify attacks, policy, wireless analysis, monitor, and resolve issues.

How Appropriate is CWSP Certification for Telecom Professionals?

In the CWSP course, networking professionals learn the latest WLAN security and inspection techniques. Covered also in the course are the latest DoS tools and techniques and WLAN intrusion. It allows candidates to grasp the purpose of the modification of 802.11i to the 802.11 standards. The students also learn the internal functioning of each authentication process used with WLANs and every category and variety of available WLAN security solutions. CWSP covers the wireless network management systems and WISPS extensively After completing the CWSP, the candidates will learn the required skills for deploying and managing wireless security in an organization by conceptualizing layer 2 and layer 3 software and solutions with tools from the leading players of the telecom industry. This course is specifically designed for professionals who work with wireless networks and are seeking to improve their knowledge.

Learnings of a Certified Wireless Security Professional

Those who complete the CSWP course will be able to comprehend the WLAN security technology and solutions in detail. Professionals will be able to deploy security policies and auditing practices of WLAN. In addition, they will know how WLAN mobile endpoints are secured, be able to delve into layer vulnerabilities, will be knowledgeable about authentication techniques, including WPA/WPA2 Personal and Enterprise, will be able to handle and operate WLAN, will be able to implement WISPS, and acquire knowledge about the IEEE 802.11 Authentication and Key Management (AKM).

Tuesday, July 14, 2020

What are the types of wireless network?

wireless professional

One of the most transformative technology trends of the past decade is the availability and growing expectation of ubiquitous connectivity. Whether it is for checking email, carrying a voice conversation, web browsing, or myriad other use cases, we now expect to be able to access these online services regardless of location, time, or circumstance: on the run, while standing in line, at the office, on a subway, while in flight, and everywhere in between. Today, we are still often forced to be proactive about finding connectivity (e.g., looking for a nearby WiFi hotspot) but without a doubt, the future is about ubiquitous connectivity where access to the Internet is omnipresent.

Wireless networks are at the epicenter of this trend. At its broadest, a wireless network refers to any network not connected by cables, which is what enables the desired convenience and mobility for the user. Not surprisingly, given the myriad different use cases and applications, we should also expect to see dozens of different wireless technologies to meet the needs, each with its own performance characteristics and each optimized for a specific task and context. Today, we already have over a dozen widespread wireless technologies in use: WiFi, Bluetooth, ZigBee, NFC, WiMAX, LTE, HSPA, EV-DO, earlier 3G standards, satellite services, and more.

As such, given the diversity, it is not wise to make sweeping generalizations about performance of wireless networks. However, the good news is that most wireless technologies operate on common principles, have common trade-offs, and are subject to common performance criteria and constraints. Once we uncover and understand these fundamental principles of wireless performance, most of the other pieces will begin to automatically fall into place.

Further, while the mechanics of data delivery via radio communication are fundamentally different from the tethered world, the outcome as experienced by the user is, or should be, all the same—same performance, same results. In the long run all applications are and will be delivered over wireless networks; it just may be the case that some will be accessed more frequently over wireless than others. There is no such thing as a wired application, and there is zero demand for such a distinction.

All applications should perform well regardless of underlying connectivity. As a user, you should not care about the underlying technology in use, but as developers we must think ahead and architect our applications to anticipate the differences between the different types of networks. And the good news is every optimization that we apply for wireless networks will translate to a better experience in all other contexts. Let’s dive in.

§Types of Wireless Networks

A network is a group of devices connected to one another. In the case of wireless networks, radio communication is usually the medium of choice. However, even within the radio-powered subset, there are dozens of different technologies designed for use at different scales, topologies, and for dramatically different use cases. One way to illustrate this difference is to partition the use cases based on their "geographic range":

Type	Range	Applications	Standards
Personal area network (PAN)	Within reach of a person	Cable replacement for peripherals	Bluetooth, ZigBee, NFC
Local area network (LAN)	Within a building or campus	Wireless extension of wired network	IEEE 802.11 (WiFi)
Metropolitan area network (MAN)	Within a city	Wireless inter-network connectivity	IEEE 802.15 (WiMAX)
Wide area network (WAN)	Worldwide	Wireless network access	Cellular (UMTS, LTE, etc.)

Monday, July 13, 2020

What is a security professional?

network security professional

In this changing world, the new CISO needs to understand how information security can empower an organisation to meet its strategic goals. Equally, they must understand how it can make or break the organisation. They may also need to help the organisation move from compliance and crisis-driven strategies towards a more mature risk-based approach, where they spend more time reducing future risk and less on mitigating current threats and regulatory issues.https://www.fieldengineer.com/skills/certified-wireless-security-professional

A strategic mindset is required in order to be able to look at the changing threat landscape, understand the implications of developments in technology and working practices, and be able to interpret how this will affect the organisation.

CISOs must be allowed to assume a business-leadership position, dispelling the idea that security is a technology and support function. Strong communication skills are paramount, with the ability to influence at board level to ensure appropriate programmes are realised to maximise and prioritise best use of available resources. Where they should be positioned within the organisation will depend on the existing structures, but to work effectively there should be a dotted line to the chief information, risk and finance officers.

In addition, they must ensure that information security permeates the organisation. This ranges from understanding the information risks posed by new and existing ventures, developing secure systems and infrastructures, maintaining appropriate controls, implementing governance structures, and evangelising a strong security culture across the organisation at all levels.

It is a task that some, including the UK Government in its 2011 Cyber Security Strategy, are now calling information assurance. It represents maturation from IT security through information security to information assurance.

All this requires analytical, organisational, technical and communication skills. It is unlikely that one person will be able to cover everything to the level required, so the CISO must be supported by an effective team of security professionals.

These professionals will, of course, have varying skillsets – specialisation increases as the environment becomes more complex – so it is important to understand what you are looking for. A highly technical developer or penetration tester may not be the best person to evangelise a security culture, say, while a risk analyst may not be the best person to configure a complex firewall.

Larger organisations can generally support larger teams with a wider range of expertise. However, even here it may be more appropriate to buy in specific expertise that is expensive to maintain and only occasionally needed, such as forensic analysis and penetration testing.

Similarly, smaller organisations may need consultancy to help define strategy and good process. Whether employing individuals directly or using third parties, it is important to ensure that the recruiter or contractor is supported by someone that understands the skills being offered – and to seek assurance through accreditations, recommendations and references.

So how do you identify a good practitioner? The Institute of Information Security Professionals (IISP) has been providing accreditations for a number of years. The model it uses works on the basis that a security professional has deep and demonstrable knowledge; it therefore expects accredited members to demonstrate that they have invested in themselves through training courses and qualifications, such as a Master’s degree in information security.

They also need to demonstrate that they have effectively applied this knowledge within the working environment and evidence their depth of knowledge. Finally, they need to show that they can work as a professional within an organisation using skills such as team working, leadership and corporate behaviour.

The accreditation is rigorous carried out through peer review by existing member, and includes an in-depth interview for the higher full membership level. Criteria are measured against the IISP skills framework which was developed through public and private sector collaboration by world-renowned academics and security experts. So when employing security professionals you need to ensure that you measure against these criteria and “know what good looks like”.

Friday, July 10, 2020

CISSP – The World's Premier Cybersecurity Certification

certified security professional

Become a CISSP – Certified Information Systems Security Professional

Accelerate your cybersecurity career with the CISSP certification.

Earning the CISSP proves you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program. With a CISSP, you validate your expertise and become an (ISC)² member, unlocking a broad array of exclusive resources, educational tools, and peer-to-peer networking opportunities.

Prove your skills, advance your career, and gain the support of a community of cybersecurity leaders here to support you throughout your career

Who Earns the CISSP?

The CISSP is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:

Chief Information Security Officer
Chief Information Officer
Director of Security
IT Director/Manager
Security Systems Engineer
Security Analyst

Security Manager
Security Auditor
Security Architect
Security Consultant
Network Architect

Work in government? See how the CISSP meets the U.S. Department of Defense (DoD) Directive 8570.1.

…But It’s Not for Everyone

The CISSP isn’t the best option for every cybersecurity professional. Before you start down your certification path, make sure you aren’t missing an opportunity to pursue a certification more aligned with your immediate career goals.

Thursday, July 9, 2020

4 Cybersecurity Career Paths (And the Training to Get You There)

information security profession

Cybersecurity professionals work in every size company and industry to protect organizations from data breaches and attacks. And the demand for cybersecurity professionals is growing at a breakneck speed. Job postings for cybersecurity positions have grown three times faster than openings for IT jobs overall.

Before you jump headfirst into this specialized field, you should know what a typical cybersecurity career path entails. In this blog, we’ll cover four popular security careers and the recommended training you need to be successful:

Security Architect
Security Consultant
Penetration Tester/Ethical Hacker
Chief Information Security Officer (CISO)

How to Start Your Cybersecurity Career Path

There is no one linear path to a successful career in cybersecurity. Some people enter the security field straight out of college, while others transition from another IT role.

No matter where you start, all cybersecurity careers begin with general IT experience. You need to understand how technology works before you can learn how to secure and protect it.

Entry-level IT jobs that pave the way for a cybersecurity career include:

You’ll also need to supplement what you learn on the job with outside training and education. In fact, 35 percent of cybersecurity jobs require an industry certification, compared to 23 percent of IT jobs overall.

Most management-level cybersecurity jobs are highly specialized. The more you can focus your expertise by seeking out specific industries and certifications, the more attractive you’ll appear to companies looking for those particular skill sets.

Security Architect Career Path

If you’re passionate about problem-solving and creating big-picture strategies, the security architect career path is for you.

A security architect is tasked with designing, building and implementing network and computer security for an organization. Security architects are responsible for creating complex security structures and ensuring that they function properly. They design security systems to combat malware, hacker intrusions and DDoS attacks.

In the United States, the average salary for this position is $118,681. Security architects are expected to have 5-10 years of relevant experience, with 3-5 of those years dedicated to security.

To become a security architect, you might follow a career path similar to this:

Earn a bachelor’s degree in computer science, information technology, cybersecurity or a related field. Or, gain equivalent experience with relevant industry certifications.
Enter the IT field as a security administrator, systems administrator or network administrator.
Get promoted to a mid-level role as a security engineer or analyst.
Enter a security architect role.

As a security architect, you’ll be required to:

Plan, research and design durable security architectures for various IT projects.
Develop requirements for networks, firewalls, routers and related network devices.
Perform vulnerability testing, security assessments and risk analysis.
Research and implement the latest security standards, systems and best practices.

Recommended Training for Security Architects

Because the security architect role is a senior-level position, employers will look for accredited security certifications on your résumé.

Professional cybersecurity training and certifications will help you accelerate your career path and stand out to potential employers. These certifications reinforce the essential skills required for the security architect role, such as network security and architecture, vulnerability testing and risk management.

Beginner:

CompTIA Security+

Intermediate:

Certified Ethical Hacker (CEH)

Advanced:

EC-Council Certified Security Analyst (ECSA)

Expert:

Certified Information Systems Security Professional (CISSP)

Security Consultant

A security consultant is a catch-all cybersecurity expert. They assess cybersecurity risks, problems and solutions for different organizations and guide them in protecting and securing their physical capital and data. The position might also be referred to as an information security consultant, computer security consultant, database security consultant or network security consultant.

Security consultants need to be flexible and savvy – they deal with a wide range of variables when assessing security systems across diverse companies and industries.

The salary range for IT security consultants is broad depending on experience, but a senior security consultant earns an average of $106,190 in the U.S. Security consultants are expected to have 3-5 years of professional experience.

To become a security consultant, you might follow a career path similar to this:

Earn a bachelor’s degree in computer science, information technology, cybersecurity or a related field. Or, gain equivalent experience with relevant industry certifications.
Pursue an entry-level position in general IT or security.
Earn a mid-level role as a security administrator, analyst, engineer or auditor.
Sharpen your cybersecurity skills with advanced training and certifications.
Enter a security consultant role.

As a security consultant, your daily tasks may include:

Determining the best way to protect computers, networks, data and information systems from potential attacks
Performing vulnerability tests and security assessments
Interviewing staff and department heads to uncover security issues
Testing security solutions using industry standard analysis methods
Providing technical supervision and guidance to a security team