Read The Forum Rules: We have a clear set of rules to keep the forum running smoothly. Click here to review them.

Post Reply 
Cyber-security/Network Specialist
Author Message
emuelle1 Offline
Woodpecker
**
Gold Member

Posts: 350
Joined: May 2013
Reputation: 1
Post: #26
RE: Cyber-security/Network Specialist
Cybersecurity is a big field right now, and demand is high. It's also one of those fields that nobody, including the people working as managers and executives in cybersecurity, understand.

I don't know much about ITT's Cyber program. Something to keep in mind about those private schools is they are designed for people who already work in the field and have some basic knowledge. I went to UoP for an IT degree in my 30's, but I had electronics experience from the Navy and I'd been working in IT and engineering. For me, it was advancing my knowledge in the field and getting that damn piece of paper that credential worshipping managers won't hire you without. But the degree without experience is worthless. I had people in my class who thought they'd get an IT degree because "I can make a lot of money in IT". All of them dropped out. The only people to make it through the program had already been working in the field.

I started going to ITT when I got out of the Navy. I realized that although I'd been working on weapons systems for years, my book knowledge was weak so I figured the electronics degree would help. I got a much better job on the other side of the country, and dropped out to take it. As far as I remember, the training was very good, but my class was mostly made up of people who knew nothing about electronics. I remember spending an entire week on scientific notation, which should be a simple concept for somebody with basic electronics training.

TL;DR version- a Cybersecurity degree will help you if you have some experience it can back up, but if not, you'll just rack up a lot of debt and be stuck looking at entry level jobs.
(This post was last modified: 09-30-2015 05:57 AM by emuelle1.)
09-30-2015 05:56 AM
Visit this user's website Find all posts by this user Like Post Quote this message in a reply
Deepdiver Offline
Hummingbird
*****
Gold Member

Posts: 3,377
Joined: Mar 2013
Reputation: 96
Post: #27
RE: Cyber-security/Network Specialist
How to become a Information Security/Cyber Security Guru and earn $85 an hour on contract or $150K base plus $10 to $20K bonus:

I just received a call for a 6 month Contract to Perm Senior Information Security Analyst position at $85 an hour $55 W2 and $30 Per Diem in Boston... note at $55 an hour W2 you max out Mass Unemployment of $679 a week when the contract ends till you get your next contract or full time position - just saying no one ever challenges your claim when a contract ends.

Read the following ISC(2) books and prepare for the exams - Do Not Take the $600 exams until you have a paying job and use contract funds or Employer reimbursement - most reimburse IF you get a passing grade and are awarded the certification.

ISC(2) Is the most widely recognized Vendor Neutral IS Security Certifications body. Google Them...
https://www.isc2.org/credentials/default.aspx Most marketable CISSP, CSSLP and CCFP You can pay $5K per course/exam or goto Amazon:

CBK means Common Body of Knowledge

http://www.amazon.com/dp/1119042712
CISSP Study Guide - fully updated for the 2015 CISSP Body of Knowledge CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition has been completely updated for the latest 2015 CISSP Body of Knowledge.

http://www.amazon.com/Official-Guide-CIS...00W4YSL0Q/
As a result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC)² conducts this process on a regular basis

http://www.amazon.com/Official-Guide-CSS...00EYRGOMS/ For developers - my last Director had both the CISSP and CSSLP ... Directors earn over $200K

http://www.amazon.com/Official-ISC-Guide...00MMOJ95E/ Forensics - hot field basically anti-hacking

Read ALL the Mandiant FireEye Whitepapers especially this one:
http://intelreport.mandiant.com/Mandiant...Report.pdf

http://intelreport.mandiant.com/ (These are the guys the Fortune 500 and Global 2000 Call after they have been owned by Chinese APT1 etc hackers.) Read up all you can about APTs TPTs and AETs - google them... and defense techniques - most defenses fail but some work.

Study this interactive infograph http://www.informationisbeautiful.net/vi...hes-hacks/ and scare the hell out of your prospective contract clients or employers.

Deepdivers copyrighted closing line (ABC from game always be closing):
"Look there is no such thng as a 100% effective defense so I can not guarantee you will not be hacked but I can make one one hard target!

https://www.fireeye.com/services/training/courses.html
Their current Training courses tell you where the industry demand and action is.

GIAC the SANS institute decided to get into the Vendor Neutral Game with a bunch of techie oriented certs:
http://www.giac.org/certifications/categories
http://www.giac.org/certification/security-expert-gse

Your CISSP/CSSLP/CISM certified Director and HR/Recruiters will value these hands on marketable certs - problem is there are so many GIAC certs most people don't get them till they have the Job and want to move up to the next level...

If you must go Vendor Certified the Cisco CCIE with Security and Routing and Switching certifications earn an average of $150K so do the math...

AND:

The best kept secret in the Industry https://nmap.org/ - the developer of NMAP keeps a directory of live open source tools or common tools that were open source and bought and commercialized - Amazing how many of these tools are foundational and or were reengineered for the most popular proprietary tools that have made quite a few folks rich not to mention the guys who installed these on a VMware instance with the most Recent Linux and Microsoft Desktop and Server versions and installed these tools and became exper consultants - most with a free fully functional or limited use version to get hands on - Knowing these tools will set you apart from the Average Cyber Security BS or MS grad with NO experience - these tools allow you to hit the ground running or easily pick up any proprietary tools you client sites may be using. Go to the left side and read all the security links and download and use the major tools:

http://sectools.org/ and read the Security lists... come back and tell me what tools you like the best and why... I find I learn new things every day!

Now write up a 2 page resume with all of these Certs you are "working on" and Tools (you have installed) and have experience with and then post you Resume to Monster (Lots of Contractors from India hiring Americans due to new H1B laws),
CareerBuilder check yes for agencies and LinkedIn if you are new just post as your free lance self.

Get a separate Google Phone or Skype line and GMAIL or Proton Mail account to have all the inquiries in one place.

Entry level contracts right now are in the $45 to $55 range and I just turned down a 100% remote gig at $55 an hour...

I like 6mo contract to perm contracts as it gives you a chance to see if you like the company, its culture and how you are treated - look up the company on Glassdoor - I have made some decent money with Glassdoor comapnies with SUCK ratings - they suck so they have to PAY - nice thing about contracts when they end you get to collect unemployment - Massachusetts quite lucrative on W2 until you find your next contract gig or perm position.

There are two types of CyberSecurity positions 1. operations where you get paged all hours of the night because of false positives generated by hackers to distract your bosses out of date detection systems from the real stealth mode attacks and 2. Compliance where you write and review the cybersecurity practices of your Sub Services Providers (SaaS vendors) SOX mandated SSAE-16 reports - google it - good steady money as a full time employee everyone uses or is a SaaS or IaaS etc and compliance is a must for all financial services or public corporations - can get boring but pays well enough for a personal trainer at a high end gym and to bang hotties working out there with Game 101 (See SUV following).

Now make bank, live frugally and forget the Ferrari or Vette - get a reliable SUV with tinted windows where you can lay all the seats flat roll out a big sleeping bag and get laid in the back when "Camping" in front of your apartment full of Roomies - great investment - so you have a nice big pile of "EFF YOU" money when you have a corp reorg and some Ahole pisses you off - its IT it happens ALL the time - and invest it in a few great Dividend Stock ETFs and take a few flyers with CrowdAbility and when you catch the next snapchat or periscope or Uber - you can then buy me a nice cold IPA ;-)

P.S. Get the above knowledge and skills via Erudition and get a good government Fed or State job and let them pay for your Bachelors or Masters degree in Cyber Security SNHU has a pretty good program online CYBERSECURITY BS and MS...

Or get the degree and become an Air Force Cyber Command officer - retire after 20 years - double dip in the Corporate world - chicks dig Officers uniforms and show off their wares at O Club balls and parties/dances.

Learn from me Nuke Subs are gone 10 months out of the year and have an 80% frivorce rape er ah a um I mean rate - for Fly boy officers.

Yes your loving horny Navy wife will slut it up at the local USAF base O club to trade up while you are on patrol at sea defending your country - slores gonna slore - abscence makes the heart grow fonder for someone stiff closer to home. This is why I never got married while in the service and learned game instead.

USAF Cyber Command experience is also an extremely marketable skillset to the NSA, CIA, FBI, DHS, DEA, ATF etc etc... Top 100 DoD Contractors not to mention most of the Global 2,000 Multinationals... and Fortune 1,000.

Also look up job listings for Information Security and Cyber Security and read them on Monster, Careerbuilder and LinkedIn and read the requirements and find entry level gigs to build experience with those skills....

HTH...
(This post was last modified: 09-30-2015 11:36 AM by Deepdiver.)
09-30-2015 10:49 AM
Find all posts by this user Like Post Quote this message in a reply
[-] The following 4 users Like Deepdiver's post:
Unfadable, Brisey, Don, billbudsocket
Deepdiver Offline
Hummingbird
*****
Gold Member

Posts: 3,377
Joined: Mar 2013
Reputation: 96
Post: #28
RE: Cyber-security/Network Specialist
LOL This email just came in - even Fidelity and Scott Trade got hacked - first i heard of this scheme:

The Big Bull’s-eye on Wall Street’s Back
By JL Yastine, Editorial Director, The Sovereign Society


It took months for investigators to figure out the hackers’ online scam…

Someone was systematically penetrating the Internet trading accounts of customers at Fidelity, Scottrade and other firms. The hackers changed the accounts’ email addresses and phone numbers as they went along.

Next came the payoff.

With total control of the victims’ accounts, the hackers wrote options contracts and shorted stocks in ways that guaranteed a trading loss.

With another set of accounts, the hackers simultaneously took the other side — the winning side — of all those trades … and reaped an estimated $1 million.

But while regulators are finally waking up to the tricks of hackers, that doesn’t mean you’re safe…

Despite numerous accounts over the past several years of hacks and fraud, the investment industry has gaping holes in its security that are leaving you vulnerable, demanding that you take steps to protect yourself.

Federal investigators eventually pieced the online scam together. A Russian national, Petr Murmylyuk, pleaded guilty to securities fraud in 2013.

But the extent of his efforts showed two things:

Wall Street’s broker-dealers and registered investment advisers are now on hackers’ radar screens in a big way.

The SEC wasn’t paying attention; the agency’s focus was elsewhere.

But no more. Earlier this year, the SEC said cybersecurity would become an “examination priority” when it looks at firms’ compliance with the agency’s rules and regulations.

Wall Street Was Not Prepared

The SEC also released the results of a survey of more than a hundred broker-dealers and registered investment advisers.

It sheds a lot of light on why we all need to pay close attention — not just to our own online habits, as The Sovereign Society’s privacy guru Ted Bauman so often reminds us — but the practices of the firms handling our investment funds as well:

74% of the surveyed firms said they were the focus of online fraud attempts.

Over half of the survey’s broker-dealers said they received scam emails seeking to transfer customer funds.

In some cases, the scam emails worked. One-quarter of the broker-dealers reported losses of more than $5,000 per customer. One investment adviser reportedly lost more than $75,000 of a customer’s funds.

Few investment advisers (21%) and only half of the surveyed broker-dealers carry insurance policies against cybersecurity incidents.
Needless to say, most brokers and investment advisers still have a ways to go when it comes to safeguarding our information. In fact, the SEC’s “safeguards rule” requires broker-dealers, advisers and investment companies to adopt written policies and procedures that should, in reasonable circumstances, protect the information of their customers.

Of course, when it comes to any government regulator, what’s considered reasonable protection — and what’s not — depends on whose side you’re on. For instance, many registered investment advisers aren’t big enough in size to have a chief information security officer — the new “hot” executive title for firms that want to demonstrate their seriousness about the matter.

But perhaps to get the message across to everyone that it’s no longer “business as usual” on ignoring safeguarding rules, the SEC last week put a small St. Louis-based investment adviser firm in its crosshairs.

Too Little Too Late

According to the SEC’s press release, the firm’s web server was hacked in July 2013. Before that point, the firm did not maintain a firewall, encrypt customers’ personally identifiable information or have written policies and procedures regarding the safekeeping of customer data. And the server itself was operated by a third party.

Afterward, the firm did the right thing — it notified customers of the data breach, offered free identity-theft monitoring and took all the other steps it should have done from the start to safeguard their data.

But the damage was done.

Last week, the firm agreed to pay a $75,000 fine and “cease and desist from committing or causing any future violations” of the agency’s customer safeguards rule.

Are You Protected?

The SEC has put pressure on the financial industry to clean up its act in terms of security, but that doesn’t mean you should blindly trust your investment adviser or broker with your most critical information. The truth is no one values your data as much as you do and you need to make sure it’s protected.

Contact your brokerage firm or investment adviser and ask what steps have been taken to protect your privacy. Does the company meet SEC safeguard standards? Has your information been encrypted? Is there at least a two-step authentication process for accessing your data? Does the company have insurance against cyber incidents in the event that they are hacked and your information is stolen?

No doubt the judgment will make more such firms reassess their own efforts (or lack of them). But there’s no reason to wait and find out the hard way if you’re vulnerable.

And hopefully we as customers will help them along by asking similar questions on what they’re doing to safeguard our private information.

Kind regards,

JL Yastine
Editorial Director, The Sovereign Society

P.S. Unfortunately, hackers aren’t the only ones who are trying to get their hands on your hard-earned cash. That’s why Bob Bauman has recently updated his bestselling book, Where to Stash Your Cash (Legally). Click here to learn what easy steps you can take to protect yourself.

Deepdivers observation: This is brand new info to me today and I will be hunting for Financial Services Cyber Security Analyst opps - Hedge Funds known to pay as much as $500K a year to CyberSecurity SMEs or subject matter experts to keep their billions safe... but as you can see their brokers still suck.

This is a huge black eye for Fidelity and Scott Trade - the Russian behind still got busted though.
09-30-2015 11:18 AM
Find all posts by this user Like Post Quote this message in a reply
[-] The following 1 user Likes Deepdiver's post:
Unfadable
Deepdiver Offline
Hummingbird
*****
Gold Member

Posts: 3,377
Joined: Mar 2013
Reputation: 96
Post: #29
RE: Cyber-security/Network Specialist
FYI From Military.com for transitioning service members to civilian careers:

Information Security Analyst: In the past few years, cloud computing has become an unstoppable force in the tech industry. With it comes a host of new problems and issues. Enter information security analysts. Companies need to make sure their data is secure, and these experts know just how to do that. The need for these professionals is so great that it's estimated North American companies will need 2.7 million of them by the beginning of 2016. If you can manage to get a bachelor's degree in computer science or programming and specialize in data security, you'll likely not have a difficult time jumping on this career bandwagon.
09-30-2015 11:14 PM
Find all posts by this user Like Post Quote this message in a reply
[-] The following 1 user Likes Deepdiver's post:
Unfadable
Unfadable Offline
Pigeon

Posts: 32
Joined: Oct 2014
Reputation: 1
Post: #30
RE: Cyber-security/Network Specialist
Good posts Deepdiver. I work IT in the military, and the contractors out number us "green-suiters" 3 to 1 where I am at. I do a lot of networking(in the social sense) and try to pick everyone's brain as much as possible, and the general advice is the CISSP is the breakthrough cert. All of the site leads and people making the real money have it. For anyone looking to break into a DOD civilian job or government contracting, use the DODD 8570 compliance chart as a guide for certs. You will need at least a Security+ and a computer environment cert to be able to touch anything, so I would start with that to get your foot in the door. With a Sec+ and MCSA/MCSE or CCNA, you will be very marketable.

Another thing to consider is that the military is making a pretty big push to go wireless to cut down on infrastructure costs. Looking down the road a bit, wireless security would be a solid choice to specialize in.

If anyone has questions about IT in the military feel free to message me.
10-01-2015 12:08 AM
Find all posts by this user Like Post Quote this message in a reply
[-] The following 3 users Like Unfadable's post:
TonySandos, BigTony, SupaDorkLooza
emuelle1 Offline
Woodpecker
**
Gold Member

Posts: 350
Joined: May 2013
Reputation: 1
Post: #31
RE: Cyber-security/Network Specialist
Whenever I go to Target to buy something, and they ask me if I want to save 10% by applying for a Target card, I've started responding "No thanks. I'm not interested in having my data stolen."
10-02-2015 06:04 AM
Visit this user's website Find all posts by this user Like Post Quote this message in a reply
The Black Knight Offline
Pelican
****

Posts: 1,387
Joined: Aug 2015
Reputation: 87
Post: #32
RE: Cyber-security/Network Specialist
I wouldn’t recommend the cyber security profession for most people for a variety of reasons:

1. Its security work. It’s a never ending rolling ball that you will never catch. There is no sense of closure or completion except when resolving the origin of a breach; which shouldn’t have happened in the first place.

2. As others have mentioned, you constantly have to stay on top of new developments/technologies. That might be fine if you are young but as you get older, it will become a pain in the ass unless you have a burning desire for learning new material related to the field.. Someone else in this thread mentioned how it has adversely affected their social life. He isn’t an isolated case.

3. Your background will be heavily scrutinized in certain positions unlike many IT fields. Fuck up with the law? Bullshit charge? Bye bye job and career (exception: you are so fuckin good at what you do you end up working for the feds or some powerful corporation in-lieu of prison. Applies to those with rock star talent and lucky timing only). Most corporations don't want a "criminal" responsible for their cyber security. It's bad PR.

4. Your travel opportunities could also be impeded as well. Forget traveling to certain hacker hot zones like Russia and China. If you work for the gov’t, certain Latin American countries (not known for hacking) could be an issue. Colombia comes to mind due to its drug trade business where the feds get really uppity about traveling to if you have a security clearance. Marrying or even dating a foreign chick could be problematic as well.

5. It’s not a very portable profession when compared to other IT fields. The nature of the work often demands that you be physically present and in a secured facility. Overseas/remotes ops are fairly limited.

6. In my opinion, cyber security isn’t a field that really needs a lot of people. There are a lot bullshit jobs related to cyber security; many of which are just mostly make-work non-sense (a lot compliance jobs are like this). A few rock stars (the top tier white hat programmer/hacker types) and some sophisticated security software/hardware and basic education for non-tech employees (ex: don’t stick your fuckin USB drive stick from home into a work connected network dumbass) is about all one needs to prevent and resolve most issues.

Someone else mentioned to look into trades. I would do that unless you have a burning passion for this stuff and see yourself hitting the level of rock star status skill wise. The thing is, if you are by default passionate about the subject matter, you will likely end up as a rock star anyway. Don’t get me wrong, there is some serious coin to be made in the short-run since it’s a hot/trendy field right now but I think the long-term prospects are weak for most people.
10-05-2015 12:33 AM
Find all posts by this user Like Post Quote this message in a reply
[-] The following 2 users Like The Black Knight's post:
billbudsocket, FretDancer
Deepdiver Offline
Hummingbird
*****
Gold Member

Posts: 3,377
Joined: Mar 2013
Reputation: 96
Post: #33
RE: Cyber-security/Network Specialist
Just wanted to share this Cyber Security job alert that just came in for our Northwest Coast members - why do I choose to share this one - basically I am not going to migrate to the west coast as I am an East Coast and occasionally Nevada guy and more importantly this is the first contract requisition I have been sent recently that openly indicates a $110 to $115 hourly W2 rate. The 2008-09 recession in Cyber Security is over and the demand for 2.7 Million Information Security Analysts etc, I indicated in the post above is starting to manifest in real market demand and competition. Plus this req is a good example of the prereqs and details required for a contract SOC or Security Operations Center Director role... only thing that I would want to know more about is the specific potential for contract to perm in this position which I would assume is high due to the Job Title.

I believe they contacted me off of either CareerBuilder or Monster.com

NOTE: At this level you would want to take the time to write a targeted two paragraph cover letter why you are a good match for the position and then rewrite your resume to "Target" the job description meaning to be sure to highlight the relevant experience and skills mentioned in the job description in your resume mentioning where you acquired those skills and abilities during your career.

Deepdiver

11/13/15 2:55 PM

Thank you for taking time out of your busy day to consider this opportunity with inSync Staffing!
My name is Rebecca. I found your resume in our database and wanted to present this Security Operation Center Professional opportunity to you. (inSync is a NO FEE Staffing Agency).
Here at inSync Staffing we are trying to make a difference in the staffing industry by disclosing as many of the details regarding our open positions. Our end clients hire hundreds of contractors and temporaries every year and I believe you could be a great fit for the following position:

Type of position: hourly/contract

Length of assignment: 6 months
End Client: Outerwall (you will be an employee of inSync Staffing working on a contract/temporary assignment)
Location: Bellevue, WA
Target Pay rate: $110-115 (W2 Inclusive) (depending on fit to required and desired skills in your experience and on your resume)
Client Job Order#: 5604

Other Qualifications: Upon offer you must be able to successfully pass a criminal and drug screen.

NO SUBCONTRACTORS PLEASE

Please review the following job description. If you would like to be submitted to this opportunity, forward me an updated MS Word copy of your resume immediately. Be sure that you have included the required and desired skills in your work experience if you have viable experience. Upon receipt of your resume we will contact you to confirm your availability and overall fit for this position.

Job Description:
Description of Role:
The SOC Director will be open minded, bring fresh ideas to the outsourced (MSSP) SOC team and be ready to protect, defend and respond to information security related events. Also, the SOC Director , will lead key MSSP program elements including the following areas Predictive monitoring, Threat and Vulnerability Management, Threat Hunting and Cyber Security Risk Assessments. The SOC Director will be responsible for security awareness and enforcement. This will be accomplished by pulling together information from a variety of systems; and normalizing and correlating the information. The SOC provides real-time (or near real-time) detection and reaction services for information security incidents within the company. Decision making is one of the most important traits.

Responsibilities:
Essential Job Functions and Accountabilities:
Perform in-depth network security analysis and work with the SOC analyst team conducting incident response, event analysis and threat intelligence for the corporate enterprise
Provide both strategic analysis and near real-time auditing, analyzing, investigating, reporting, remediation, coordinating and tracking of security-related activities for the corporate enterprise
Analyze data and prepare reports that document vulnerabilities from network based attacks and recommends actions to prevent, repair or mitigate
Provide technical mentoring to other team members
Establish and create standard operating procedures for a variety of computer network defense (CND) related tasks/positions within the team
Provide technical expertise on post event network security logs and trend analysis
Review security events that are detrimental to the overall security posture; analyze and detect sophisticated and nuanced attacks and discern false positives and provide results to management
Perform correlation of events from a variety of network, enterprise and host collection sensors
Coordinate and liaise with other departments within the company and external auditors with information regarding intrusion events, security incidents, and other threat indications and warnings information
Demonstrate both technical acumen and critical thinking abilities
Experience with trouble ticketing and change management tools
Coordination and escalation of issues to the Incident Response team
Provide detection and response to security events and incidents within the Network
Web application vulnerability scanning
Security log management and monitoring
Intrusion detections and prevention systems operations
Maintaining information security metrics

Required Skills:
Must possess planning, organizational, and motivational skills, able to write clearly and succinctly in technical and non-technical formats.
Ability to speak both extemporaneously and in formal settings.
Experience in root cause analysis, industry benchmarking, survey evaluation and data interpretation is required.
Have the ability to apply logic and reason to solve complex problems.
Able to infuse innovation and creativity to strategic plans.
Possess knowledge in the area of emergency/disaster management, physical security, critical incident stress management, risk management and business resiliency
Familiar with emergency procedure protocols and regulatory interfaces.
Experience in leading a team.
Strong analytical, critical thinking and problem solving skills.
Ability to establish and maintain cross-functional and positive working relationships.
Proven ability to influence key business partners.
Ability to build strategic vision and drive organizational change.
Strong organization and planning skill with the ability to work in and define ambiguity/gray areas.
Advanced computer skills and proficiency.
Strong inter-personal and networking skills with a strong ability to work in a team environment.
Ability to work under stressful and tight deadlines as well as the ability to manage in a fast paced environment.
Above average computer hardware and software knowledge.
Excellent verbal and communication skills.
Ability to multi-ask, discerns patterns in details.
Think through problems for logical solutions, and remain calm and professional under stress.
Strong decision making ability during both crisis and non-crisis situations.
Able to work with highly confidential information.
Must be able to speak clearly, give direction, and provide guidance to employees and security staff during emergencies.
Able to work and communicate effectively with all levels of leadership.

Education/Experience:
Bachelor's degree in computer science + or a related discipline
Five to ten years of experience in the security field highly desirable.
CISSP, CISM, GIAC certifications highly desirable

If you are ultimately looking for permanent/full time employment, you should consider contracting/temping. 1 out of 5 employees who started in a temp/contract position became full-time direct employees at our clients.

inSync Staffing is a US operation, employing all services and support staff in the USA!

Sincerely,
Rebecca Puffen
[email protected]
(603) 370-3182 Ext.656
25 Sundial Ave Suite 405W
Manchester, NH 03103
WEB SITE: http://www.inSyncstaffing.com
(This post was last modified: 11-14-2015 02:21 PM by Deepdiver.)
11-14-2015 02:19 PM
Find all posts by this user Like Post Quote this message in a reply
The Wire Offline
Kingfisher
***
Gold Member

Posts: 560
Joined: Feb 2014
Reputation: 12
Post: #34
RE: Cyber-security/Network Specialist
(10-05-2015 12:33 AM)The Black Knight Wrote:  5. It’s not a very portable profession when compared to other IT fields. The nature of the work often demands that you be physically present and in a secured facility. Overseas/remotes ops are fairly limited.


The one plus side to this is that it's more immune to outsourcing. Outsourcing is a big problem today with developers and as the world becomes more connected through technology it's going to get worse. Right now the biggest trend is the use of Indians offshore doing work on the cheap

Quote:6. In my opinion, cyber security isn’t a field that really needs a lot of people.

Agreed. Security teams/departments are going to be tiny in size compared to other counterparts in IT most of the time. Just like a town of 20000 doesnt have a 1000 cops running around protecting people. Security jobs are in demand but they are looking for people who are seriously experienced many times.
11-14-2015 08:02 PM
Find all posts by this user Like Post Quote this message in a reply
BigTony Offline
Robin
*

Posts: 222
Joined: Sep 2015
Reputation: 5
Post: #35
RE: Cyber-security/Network Specialist
The Cyber Security profession is big right now. Once you have the security certifications, you will find many positions available especially in the Government sector. A security clearance plus certs means you will always find work. Finding a company willing to sponsor you can be a challenge. Once you have a clearance, getting the salary that you want will be easy.

I currently live and work abroad working in the IT field. I am also enrolled in the VMware Certified Professional online course. Once I finish my VCP, I will get my CASP, CISSP and anything else I can get my hands on.

If anyone is looking to leave the States and make decent money, then working abroad is a good move. Companies like General Dynamics IT(GDIT), SAIC and CACI are hiring. The last time I checked, they had tons of openings in Germany and other parts of Europe.
(This post was last modified: 11-15-2015 12:10 AM by BigTony.)
11-15-2015 12:08 AM
Find all posts by this user Like Post Quote this message in a reply
colblionel Offline
Sparrow

Posts: 102
Joined: Jun 2014
Reputation: 0
Post: #36
RE: Cyber-security/Network Specialist
Bumping this thread

currently work in sales for a cybersecurity company cold calling people trying to sell them our product/services.

I don't know much about cybersecurity, and I'm looking more for an introduction to it.

Can someone recommend a good website for me?
12-25-2015 01:56 PM
Find all posts by this user Like Post Quote this message in a reply
Deepdiver Offline
Hummingbird
*****
Gold Member

Posts: 3,377
Joined: Mar 2013
Reputation: 96
Post: #37
RE: Cyber-security/Network Specialist
Bumped for Cyber Security Alert that affects us all who ever use a cell phone and any Banking Apps:

(This was broadcast in the USA on CBS version of 60 Minutes tonight but with a USA Congressman).

Hackers can access EVERY call and message you send: TV show demonstrates how easy eavesdropping is using 'biggest privacy threat in history'

Read more: http://www.dailymail.co.uk/sciencetech/a...z468fj3Kaj

'Experts say it's increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world's billions of cellular customers,' said The Washington Post when it first uncovered flaws in the system earlier this year.
The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower.
However, hackers worked out a way to repurpose the features for surveillance because of the lax security on the network.

Hackers can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption.
The Berlin-based Security Research Lab, which discovered the problem last August, said a skilled person could exploit the flaws to eavesdrop on the phone calls, text messages and data traffic of billions of people.
'Everything about our lives is contained in the palm of our hand,' 60 minutes reporter Ross Coulthart said.
'Your sensitive, private data is opened for anyone to see. You could be bugged, tracked and hacked from anywhere in the world. It's long been the dirty little secret of international espionage.

More:

http://securityaffairs.co/wordpress/3940...lance.html
By Exploiting a flaw in the SS7 protocol hackers can access every conversation and text message mobile users send from everywhere in the world.
Hackers can spy on every mobile phone user wherever it is.

Channel Nine’s 60 Minutes has revealed the existence of a security hole in modern telecommunication systems that could be exploited by cyber criminals to listen in on phone conversations and read text messages.

The program explained that German hackers, who are based in Berlin, were able to intercept data and geo-track every mobile user by exploiting a flaw in the SS7 signalling system.

SS7 is a set of protocols used in telecommunications ever since the late 1970s, enabling smooth transportation of data without any breaches.

The security issue in the SS7 signalling system could be exploited by criminals, terrorists and intelligence agencies to spy on communications. The SS7 protocol allows cell phone carriers to collect location data related to the user’s device from cell phone towers and share it with other carriers, this means that exploiting the SS7 a carrier is able to discover the position of its customer everywhere he is.

“The flaws, to be reported at a hacker conference in Hamburg this month, are the latest evidence of widespread insecurity on SS7, the global network that allows the world’s cellular carriers to route calls, texts and other services to each other. Experts say it’s increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world’s billions of cellular customers.

The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network.” reports The Washington Post.

In the hacking community is known the existence of several techniques that hackers and snoopers can make use of, in order to eavesdrop and intercept phone calls or written text messages. In December 2014, German researchers have placed the matter to the public for consideration at the Chaos Communication Hacker Congress, since there can be a great many problems emerging.

Carriers of mobile telephony spend large amounts of money towards expanding their network and securing the conditions of communication with 3G and high-end encryption. To quote Tobias Engel, one of the German researchers mentioned above,

“It’s like you secure the front door of the house, but the back door is wide open”.
One of the major incidents registered by NKRZI (which is the National Commission for the State Regulation of Communications and Informatization in Ukraine) involved Russian addresses back in April 2014.

The expert noticed that many Ukrainian holders of mobile phones have been affected by notorious SS7 packets that possibly derived from Russia. As a result, the mobile phone holders were intercepted of their address details and everything that was stored inside each phone. MTS Ukraine obviously participated in the interception, in relation to MTS Russia.

As a direct consequence of security breaches related to SS7 protocols of telecommunication, the eminent threat is none other than the surveillance taking place between different countries.

The system is being used by major Australian providers, this means that Aussies data could be exposed to hackers. Names, addresses, bank account details and medical data stolen due to a security vulnerability that could give hackers the access to their mobile devices.

Take Away:

If you are using your cell phone to manage your side plates and don't want you primary to know or worse could be subject to discovery in a divorce proceeding etc. - delete ALL of your APPS especially banking apps or apps that remember your USER IDs and Passwords for Payments (Priceline comes to mind along with Uber for logistics management). I run BitDefender Total Security 2016 mobile and desktop on all of my PCs and Notebooks and mobile phones...

If you look at the RVF forum link above you will see a https:// signifying that your connection to RVF is encrypted via TLS or at least SSL so your anonymity is safe on a PC/Notebook browser with SSL/TLS encryption signified by the green https://

The Mobile service providers that use SS7 nearly all are vulnerable so end point security in your phone with non TLS/SSL comms are basically clear text over the air and useless and hackable with credit card and bank account and ID/Passwords for all of your convenient cell phone accounts.

I am going to dig into this via Cyber Security circles and see if there is any such thing as a secure Cell phone or secure Mobile Services Provider and if the US majors Verizon, Sprint, T-Mobile have bothered to upgrade to a routing protocol that might actually be secure. Being the cheap phooks they are I am not getting my hopes up.

May take a while...

In the meantime if you can use your PC with https:// connections to your bank, uber, Priceline etc accounts do so - UBER is optimized for cell phones so may be problematic - so record your login credentials and save them in a word or PDF password protected encrypted file on your PC as written credentials are easily read by snoopy girlfriends, primary and secondary plates etc.

Get a second cheap smartphone for plate and bangler logistics and dump it every 6 months or sooner keep your biz phone strictly for biz and your banglers phone strictly for plates and logistics. Never mix the two.

Remove the SIM and any SD Ram cards, delete all optional or custom apps, take out the battery and literally burn that sucker outside in a metal can or if in the city, smash the crap out of that sucker with a heavy hammer and toss the various pieces in trash around the city so all the pieces can not be reassembled - get another burner that you can use the battery you saved as a spare. Do not burn the batteries as they will explode in a fire.

Until we can verify truly secure phones and Mobile Services vendors then these precautions are the better part of valor.

Suffice to say never text or speak anything that would be in the gray area of any laws even if you live in a so-called legal stoners state. Just saying.
(This post was last modified: 04-17-2016 09:43 PM by Deepdiver.)
04-17-2016 09:37 PM
Find all posts by this user Like Post Quote this message in a reply
Deepdiver Offline
Hummingbird
*****
Gold Member

Posts: 3,377
Joined: Mar 2013
Reputation: 96
Post: #38
RE: Cyber-security/Network Specialist
More info re ^^

http://www.cbsnews.com/news/60-minutes-o...ur-pocket/

See CryptoPhone by German Company GSMK "only" $3500.00 but tells you when someones trying to hack you...

Downside both users must be using it on both ends for an encrypted convo...

Or you can use LOOKOUT https://www.lookout.com/download for free or premium at $3 mo so would take 1200 months to justify CryptoPhone...

https://www.lookout.com/download

If there is anything you do on your cell phone that you would not want your main woman or plates in rotation to know, your boss to know, your grandmother to know, or the law or IRS to know then LOOKOUT premium with their Enterprise service with Mobile Threats detection, Threat Intelligence Center and App vetting defenses and alerts may be worth the much smaller annual investment than the CryptoPhone which is still of limited use outside of the hack attempts warnings if calling a standard unsecure iPhone or Android.

I am currently using AVG mobile on one Android and am impressed with its lost phone finder and Phone Ram and call history scrubbers and weekly alerts to clean info in RAM than can easily be hacked and downloaded. However independent labs only rates AVG about 75% Detect and Clean. Has a nice duplicate photo ram cleaner function as well.

I use BitDefender 2016 mobile on another Android phone with malicious app detection, malware detection and cloud web browsing and email security alerter. Rated 100% detect and 100% clean by a major German independent test lab AV labs however mobile carriers still vulnerable to the SS7 mobile protocol vulnerability.

Would stop using mobile phone banking apps or credit card stored apps i.e. Amazon, Ebay, PayPal Priceline, UBER on WiFi mode and only 4G in a private home or office and not in a crowded mall or transit center and scan accounts on secure https:// notebook connections for unauthorized access with an id protection service like lifelock...

https://bestidtheftcompanys.com/companies/

P.S. Never believe Apple or Android when they say their phones are never or impossible to be hacked when the Phone services providers are wide open and using key protocols that have known security flaws or are set up so open that someone walking by you can push a Bluetooth credential and basically have a full voice and text logger to monitor where you are and what you are doing...
(This post was last modified: 04-18-2016 02:09 PM by Deepdiver.)
04-18-2016 01:38 PM
Find all posts by this user Like Post Quote this message in a reply
Deepdiver Offline
Hummingbird
*****
Gold Member

Posts: 3,377
Joined: Mar 2013
Reputation: 96
Post: #39
RE: Cyber-security/Network Specialist
Interesting Careerbuilder interactive demand for medium and high demand metros for Information Assurance Engineers "IAEs:

http://coach.careerbuilder.com/technolog...eer/demand

Keep in mind that CB does not have any more granular categories like Senior Information Security Architects or Analysts only IAEs - the interesting takeaways were the concentration of IAE demand in IT centers like Metro DC and LA/NorCal as very high demand and NYC, Boston, Chicago and Denver only listed as medium demand.

Of course Information Assurance is a heavily weighted DoD and Government Job Description whereas Information Security Analyst or Cyber Security Architect are much more commerce related Job Descriptions.

Estimates for over 2.6 million Information Security Analysts jobs demand in 2016 to 2020.
04-27-2016 10:35 AM
Find all posts by this user Like Post Quote this message in a reply
SlickyBoy Offline
Ostrich
****

Posts: 2,315
Joined: Nov 2014
Reputation: 22
Post: #40
RE: Cyber-security/Network Specialist
(01-19-2014 10:04 PM)Parlay44 Wrote:  It's not like being a lawyer where you go to law school and walk into a 100k job. How often does the law change? How often do you have to renew your knowledge and get recertified? Not often if ever.

Lawyers in the US have to maintain a certain amount of continuing education credits in most jurisdictions to keep their license. That, and there's annual dues and an expected amount of pro bono work, even if it's not formally required. As for the law changing, ask a tax guy - there are bulletins on IRS decisions every couple of weeks, not to mention court decisions. Ditto for the IP world and corporate law arenas. It's your obligation to clients to stay on top of changes - you can be sanctioned if by the court if your knowledge is that far out of date.

And I almost fell off my chair at the idea of "going to law school and walking into a $100k job" - not quite a given, and definitely not nowadays. Most law grads cannot find work, let alone walk in and command $100k.

(01-23-2014 11:36 AM)roid Wrote:  A BS detection Heuristic.
You can tell if a discipline is BS if the degree depends severely on the prestige of the school granting it. I remember when I applied to MBA programs being told that anything outside the top 10 or 20 would be a waste of time. On the other hand a degree in mathematics is much less dependent on the shool (conditional on being above a certain level, so the heuristic would apply to the difference between top 10 and top 2000 schools).

Totally wrong, with respect to MBAs. Sure, it's true you can get the same textbook knowledge from a no name school, but you will not have access to nearly the same network of achievers, which is what matters down the line. This is why admissions committees look to see who's going to go get an MBA as part of their overall, actionable plan for success versus the dweeb who just decided to get off the couch one day to get some letters after his name.

A group of Havard MBAs is going to have a lot more business clout and political pull than a group from a no-name school. Anything outside the top may not be a total waste of time for an established guy with a career if he just wanted to learn, but coming into that at the beginning of your career is indeed a waste of time and money better spent elsewhere.

Twitter: @_slickyboy
Occasional contributor at Return of Kings (while it lasted)
12-06-2016 02:14 AM
Find all posts by this user Like Post Quote this message in a reply
roid Offline
Woodpecker
**

Posts: 266
Joined: Aug 2013
Reputation: 1
Post: #41
RE: Cyber-security/Network Specialist
Bump.

I am switching my career from devops presales into IT security. I am going to take CISSP and HP's Arcsight certifications by end of this year. I figure that IT security is an evergreen field that is always everchanging but it pays the best in IT domain. I have no qualms about learning new things everyday when I get paid substantially. For those that are in this line, do you have any advice?
01-16-2017 01:58 AM
Find all posts by this user Like Post Quote this message in a reply
SlickyBoy Offline
Ostrich
****

Posts: 2,315
Joined: Nov 2014
Reputation: 22
Post: #42
RE: Cyber-security/Network Specialist
(01-16-2017 01:58 AM)roid Wrote:  Bump.

I am switching my career from devops presales into IT security. I am going to take CISSP and HP's Arcsight certifications by end of this year. I figure that IT security is an evergreen field that is always everchanging but it pays the best in IT domain. I have no qualms about learning new things everyday when I get paid substantially. For those that are in this line, do you have any advice?

Not sure about Arcsight, but CISSP is good to have. But be prepared to compete against legions of H1-Bs who will do your job for less. Cybersecurity is a hot area, but I wouldn't call it evergreen. Since it's an overhead expense for enterprises and the economy overall is lame, margins are thin so they are really nickel and diming everybody nowadays. H1B and overseas Indians are two ways to shave costs - unless of course, it's government work where an H1-B cannot legally be considered, especially if it requires a security clearance for the job site.

Keep in mind that government spending has been stagnant since about 2013, though it remains to be seen what Trump will do. Could be about the same level but with lots of turnover and shuffling of the deck.

Twitter: @_slickyboy
Occasional contributor at Return of Kings (while it lasted)
01-16-2017 02:19 PM
Find all posts by this user Like Post Quote this message in a reply
General Stalin Offline
Crow
*****
Gold Member

Posts: 5,037
Joined: Nov 2013
Reputation: 124
Post: #43
RE: Cyber-security/Network Specialist
Funny, since the OP ITT has filed chapter 7 and folded up shop for being a shit school that lied about it's job placement rates.

There are virtually no IT professions that will pay you more than like $50k straight out of college. With some experience and some great certs you can get into some cushy contracting gigs though.
01-19-2017 01:30 PM
Find all posts by this user Like Post Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | RooshV.com | Return to Top | Return to Content | Mobile Version | RSS Syndication