Welcome to cissp CISSP training Certified Information Systems Security Professional
Search
Nickname Password Security Code Security Code Type Security Code  

Best training in the world

CCCure Quiz Engine

Rated #1 Training

Best hacking and penetration testing magazine in the world

Library of Documents

Forum Postings

CISSP's Blogs

Here is a list of Blogs maintained by CISSP's.

SECURITY JOBS

- Information Security Jobs

ISC2 BLOGS

- Official ISC2 Blog

CISSP's BLOGS

- Allen Baranov
- Andy Willingham
- Anton Aylward
- Benjamin Tomhave
- Bob Johnston
- Chad McDonald
- CSCI Blog
- Daniel Accioly Rosa
- Dave Lewis
- Donald Glass
- Gary Hinson
- Martin McKeay
- Michael Ehart
- Michael Santarcangelo Security Catalyst
- Peter Gregory
- Rebecca Herold
- Shaun Balkum
- Vijay Upadhyaya
- Vincent Arnold 

LEGAL INFO BLOGS

- Bow Tie Law's Blog
- Chilling Effects Clearinghouse
- Cyber Law Update
- Digestible Law
- Law.Com Daily Alerts
- Law.Com Technology News
- Law.Com
- International Legal News
- Lessig Blog
- Michael Overly
- NCSL info site
- The Gray Blog

ISO 27001 & BS 25999

- Dejan Kosutic

You know of a blog that is not listed, please Click Here to send us the link

Recommended Podcasts

MISC Menu

Security Books

Surveys

Where do you find the best price for books?

Amazon.Com
Bookpool.Com
The ISC2 webstore
CISSPS.COM
Cheapbooks.com
Ecampus.com
Other (Please leave a comment with name of site)



Results
Polls

Votes 1758

Top10 Links

Top10 Downloads

Who's Online

There are currently, 65 guest(s) and 5 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
cissp CISSP training Certified Information Systems Security Professional: JOBS

Search on This Topic:   
[ Go to Home | Select a New Topic ]

2012 looks super promising for Information Security Pros
Posted by boss on Sunday, 11 December 2011 @ 11:00:50 EST (569 reads)
Topic JOBS

cdupuis writes "

Good day everyone,

2012 is at our door and it looks more promising than ever.   All of the latest job surveys are showing an increasing demand for Security Professionals  and this will continue throughout 2012.   Salaries are up for security professionals and the demand is driven by new technologies such as Cloud Security, large scale compromise within both Government and Commercial sites that have become public,  and the realization by some of the largest companies in the world that their system may be compromise without them even knowing about it.  The security lanscape is at it's highest level ever and people who are SKILLED are required to face the threat.    See below an article published on the fantastic website of GovInfo Security at http://www.govinfosecurity.com/p_print.php?t=a&id=4131  It talks about the top five security jobs in the market.   In a separate survey the CISSP was also identified as one of the top five certifications to get in 2012 as well to match with those jobs.   See article below:

5 Hottest Security Jobs in 2012
Security Analyst, Architect Head Top Career Opportunities

Upasana Gupta, Contributing Editor, CareersInfoSecurity
December 9, 2011


Information security is one of those rare fields - it has more job openings than people to fill them. Dice.com, the largest IT job site, confirms this job growth and indicates a 79 percent increase in the total number of information security jobs posted on the site from September 2009 to September 2011.

Based on a review of job postings, here are the five hottest jobs for information security pros in 2012:

Security Analyst

Employers have posted 42 percent more security analyst jobs on Dice in September 2011 than in 2010. This is no surprise, especially when employment among information security analysts soared by 16 percent this year during the second quarter, with the Bureau of Labor reporting no unemployment during the first two quarters of 2011. (see Infosec Joblessness Remains Steady, at 0%).

John Reed, executive director at Robert Half Technology, an IT staffing firm, attributes the high growth to organizations becoming more security aware in light of cyber crimes, and needing hands-on IT security folks to uncover new vulnerabilities in order to keep their environment secure.

"These are individuals on the front lines of security, fighting the fight everyday, and as such are critical for organizations to have," he says.

BLS defines information security analysts as those who plan, implement, upgrade or monitor security measures for the protection of computer networks and information. Information security analysts may ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure, as well as respond to computer security breaches and viruses.

     

  • Average Salary: $84,000 for a security analyst position.
  • Who's Hiring: Demand is high with federal government, state agencies, defense contractors and healthcare organizations.

Security Architect

Forty percent more jobs are posted on Dice this year. The move to mobile, wireless and cloud services by organizations has created a huge demand for this position, says Mano Paul, (ISC)2 software assurance adviser. These services are pushing the need for a "new breed of architects and business- savvy leaders who understand business requirements, and can translate them into functional specifications without compromising on the assurance aspects," he says.

Dice.com defines a security architect as a professional who designs systems, databases, infrastructure and networks to be secure. They provide information security solutions to the architecture of an enterprise ensuring the security of business information at every point.

     

  • Average Salary: $120,000 for a security architect position.
  • Who's Hiring: Large financial institutions, healthcare organizations, technology companies and cloud providers.

Application Security

Thirty-three percent more jobs are posted on Dice in application security this year. The increased focus on customer-facing technologies, use of mobile applications, need for secure software and products within organizations and transitions to electronic health records have led to the demand for these jobs.

"High incidences of application attacks, data breaches and applications that are conduits to the data, combined with surge in tech businesses, is pushing growth for qualified professionals," Paul says.

The Open Web Application Security Project, a not-for-profit organization focused on improving the security of application software, defines application security professionals as those that use software and security methods to protect applications from external threats and vulnerabilities. They are largely involved in building security measures into an application's life cycle including design, development, deployment, upgrade or maintenance.

     

  • Average Salary: $93,000 for an application security position.
  • Who's Hiring: Online companies, technology firms, cloud providers and security vendors.

Security Engineer

Employers have posted 27 percent more security engineer jobs on Dice this year. This field is hot because the role is broad and covers areas from penetration testing, vulnerability assessments, programming, designing systems to testing software. "It's not like a painting on the wall that you hang up and it's done. Organizations need constant assessment of their risk and vulnerabilities, and therefore require such breadth of expertise," Reed says.

BLS defines security engineers as those who securely design, develop, test and evaluate computer applications and system software. Although programmers write and support programs in new languages, much of the design, security and development are the responsibility of security engineers. They also focus in developing algorithms, and analyzing and solving programming problems for specific network systems.

     

  • Average Salary: $94,000 for a security engineer position.
  • Who's Hiring: This position is in demand in all sectors, including government, healthcare, finance, in addition to online and technology companies.

Network Security

Twenty-five percent more jobs are posted on Dice within network security this year. Of the 100 jobs that make Money magazine's and Payscale.com's list, network security was ranked number eight last year as one of the most desirable job positions, carrying an annualized 10-year forecast growth of 27 percent.

"Network security continues to be a pain point for companies," says Alice Hill, managing director of Dice.com. She finds that organizations continue to prioritize investing in these professionals to protect critical infrastructure and keep their technology platforms safe from ongoing cyber threats like malware and hacking. Further, she says that the growing use of sophisticated computer networks, including Internet and intranet sites, and the need for faster, more efficient networking products, are increasing the demand for these professionals.

BLS defines network security as those who design and evaluate network systems, such as local area networks, wide area networks and Internet systems. They perform network modeling, analysis, and planning, that deals with the interfacing of computer and communications equipment. Their primary focus is in protecting the computer systems in the network from unwanted intrusions, misuse, access or modifications.

     

  • Average Salary: $93,000 for a network security engineer position.
  • Who's Hiring: An increased demand is coming from government agencies, healthcare organizations, consulting companies and defense contractors.

Editors Note: Salaries cited in the story came from salary tracking websites Indeed.com and Payscale.com

"

(Read More... | Score: 0)


6 Reasons Why You Should NOT Work With Information Security
Posted by boss on Sunday, 11 September 2011 @ 19:23:10 EDT (601 reads)
Topic JOBS

cdupuis writes "

NOTE FROM CLEMENT:

Here is an article that was written by a friend of CCCure,   it is a satire of the world of Information Security that we all work in.  See his article below:

This article does not mean to be demeaning to the career I chose to follow, but rather a humorous rundown of facts about being a security professional that cannot be ignored, and are shared amongst several of us. Do not let the items below discourage you, but rather be aware that they are an intrinsic as part of the journey! :)

6 – Working long hours, forever

Please raise your hands those of you who go home 100% sure that no one will be able to break onto the network/security domain you manage. If you are one of those, either you are just starting in the career and was not around during the good old Sasser’s days, or you just disconnected the computer from the power plug. Things break. Things break even when we don’t touch them. That’s a natural fact of life. Now imagine someone/something  having the whole eternity to saw off the bar cells. One day they will succeed, and that’s pretty much the life of a security professional. You have limited amount of time/budget to fix things, and people out there have all the time (and some times resources too) to break it… it is an unfair competition… And that’s just the beginning.

As a friend of mine says, after some time you get used to sleeping with an eye opened… But it is fun!

 

5 – People only remember of you when things go wrong

I am still trying to recall the last time my boss came to me out of the blue and said: Adriano, congratulations for how secure our network is. I’m giving you a nice bonus for that! Actually, I think it never happened.

Whilst I see the marketing department or Jack from the sales department getting promoted and acclaimed for their feats (free trips to Hawaii all included, etc.), I strive to do an excellent job but very few ever gave me a humble thanks. I believe my Networks friends are on the same boat, right? You have to realise that you are, and will always be a cost center when compared to the bon vivants on sales. Sorry, it’s never going to change (you can learn some vital lessons to survive here).

Now, imagine that after all the work and effort you put to patch and remediate the vulnerabilities of your network, an evil spirited kid in Russia discovers a zero day patch that can disrupt your network (and millions others). Guess what’s going to happen! I remember once (a couple of years ago) when our network got infected with some nasty bug, I had at a time my boss (the manager), the CISO and  the CIO literally breathing on my neck, sitting behind me and watching while I cleaned up our Exchange server. Every 2 minutes one of them asked: -How is it going, how long is it going to take?

It was a nerve wrecking experience, but I survived! Has it happened to you before?

Click HERE to read the full story at: 

http://www.myinfosecjob.com/2011/08/6-reasons-why-you-should-not-work-with-information-security/

"

(Read More... | Score: 0)


Director of Information Security
Posted by boss on Friday, 22 April 2011 @ 11:00:10 EDT (1463 reads)
Topic JOBS

katherineg writes "

The 1199SEIU Benefit & Pension Funds provide comprehensive health, pension, and quality of life benefits to unionized workers represented by 1199SEIU United Healthcare Workers East.  We are among the largest labor-management funds in the nation, covering 400,000 members and their families.

 

If you’re ready for the brightest career future, join us in this excellent opportunity to showcase your talents.  We are currently seeking an experienced Director of Information Security for our Information Security department. 

 

Responsibilities

  • Develop and monitor practices to reduce risk from unauthorized access and inappropriate alteration of physical, environmental and virtual systems at the 1199SEIU Funds
  • Responsible for security management including security audits and event logging, vulnerability and threat management, incident management, risk management, awareness and training
  • Partner with Chief Information Security Officer (CISO) to organize the design and implementation of a comprehensive information security program and strategy for the Funds
  • Coordinate security for all systems, networks, and hardware/software architecture associated with security management; complete an enterprise risk assessment to and develop prioritized remediation plans as necessary 
  • Manage and hire direct reports; oversee the day-to-day activities of the Information Security Department, make staff selections and employment decisions in accordance with established departmental procedures and Human Resources guidelines, establish a collaborative team environment, prepare performance evaluations, identify strengths, areas for development; create improvement plans, coach and counsel as appropriate
  • Conduct research and keep abreast of latest technologies and innovations in information security and monitor industry trends; inform management of worldwide trends, threats, vulnerabilities and their potential impact
  • Respond in a timely manner to a loss or misuse of information assets; participate in investigations of suspected information security misuse or in compliance reviews as requested by auditors
  • Develop, maintain and publish up-to-date security policies, standards and guidelines; oversee training and dissemination of security policies and practices; develop strategies and plans to provide timely business resumption in the event of a serious disruption
  • Perform additional duties and projects as assigned by management 

Qualifications:

  • Bachelor's degree in Information Security or equivalent years of work experience required, Master’s preferred; plus
  • Minimum eight (8) years progressively responsible experience in information security, risk management including implementing a comprehensive disaster recovery program; to include minimum six (6) years of practical experience supervising professional staff required
  • Certified Information Systems Security Professional (CISSP) certification required
  • Knowledge of common information security management frameworks such as: International Standards Organization (ISO) 17799/27001, Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks
  • Proven track record and experience developing Information Security policies, procedures, and successfully executing of programs that meet objectives of excellence in a dynamic environment
  • Strong management and leadership skills required; able to coach, motivate and create improvement plans  
  • Excellent analytical skills, able to manage multiple projects under strict time-lines, work well in a demanding dynamic environment and meet overall objectives
  • Outstanding communication, interpersonal and presentation skills required; able to foster good working relationships with staff, management, union, and other professionals 
  • Must meet performance standards including attendance and punctuality

 

We offer a competitive salary, an excellent fully employer-paid comprehensive benefits package and talented professional colleagues. For consideration and to apply, please visit us at www.1199SEIUBenefits.org click on “About 1199SEIU Funds” and “Jobs”. Please mention you saw this ad in CCCure. We are an Equal Opportunity Employer.

"

(Read More... | Score: 0)


DHS Seeks Cybersecurity Interns New Job Opportunities
Posted by boss on Monday, 28 March 2011 @ 12:16:41 EDT (1403 reads)
Topic JOBS

Anonymous writes "As seen on http://www.govinfosecurity.com/

DHS Seeks Cybersecurity Interns

New Job Opportunities for Undergraduate and Graduate Students

Upasana Gupta, Contributing Editor
March 25, 2011


For cybersecurity students who are attending or have just completed college and graduate school, the Department of Homeland Security has launched its first cybersecurity internship programs, aimed at hiring qualified IT security professionals.

"We are looking to build a cybersecurity workforce from the ground up, rather than hire those already trained," says Nicole Dean, Deputy Director of the National Cyber Security Division at DHS. "We are looking to hire the best and the brightest and provide them the opportunity to grow professionally."

DHS internship programs are defined across three levels:

  • Cybersecurity Internship Program - is designed for current undergraduate students during the summer between their junior and senior years in college. The 10-week summer internship will provide students with the opportunity to work with experts in cybersecurity, focusing on mission areas such as identification and analysis of malicious code, forensics analysis, incident response, intrusion detection and prevention, and software assurance. At the end of the internship, based on their performance, students will have the opportunity to qualify for the Secretary's Honors Program for Cybersecurity Professionals. Salary: Approximately $5,800 for the 10-week, full-time, internship
  • Secretary's Honors Program for Cybersecurity Professionals - is a two-year program for recent college graduates designed to develop technically skilled cyber professionals across the U.S. Department of Homeland Security. These students will be trained in hands-on cybersecurity related issues and incidents in a fast-paced, growing environment. Through rotational assignments, the participants will gain exposure on the interconnectivity and coordination efforts of DHS with other stakeholders both within the private and public sector. Salary: First year, $51,630.; second year: $62,467, depending on satisfactory performance.

    •  

  • Emerging Leaders in Cybersecurity Fellowship - is a two-year program for recent graduates with a master's degree and is designed to develop the next generation of cyber leaders within the U.S. Department of Homeland Security. These students will receive leadership training and work with experts in cybersecurity focusing on mission areas such as identification and analysis of malicious code, forensics analysis, incident handling, intrusion detection and prevention, and software assurance. These students will have the opportunity, through rotational assignments, to see how each component collaborates on cyber-related issues and work first-hand on critical issues and incidents. Salary: First year: $62,467; second year: $74,872, depending on satisfactory performance.
Opportunities, Requirements

Key take-aways for students include the opportunity to grow professionally and get hands-on training during the internship programs, as well as to understand how broad and rapidly growing the cybersecurity field is.

"It is an opportunity to plan for the future, learn the cutting-edge technologies used in government and develop a career in combating cyber terrorism," says Keri Nusbaum, Director of Recruitment and Development at DHS.

In addition, students through rotational assignments will get deeper insight into the functioning and coordination efforts that DHS has, with Department of Defense and the intelligence community, as well as the private sector. "They will get first-hand exposure on how cyber issues are connected and managed at such a large scale," Nusbaum says.

The students will be hired from all top U.S. schools that are recognized as accredited universities. They do not have to attend a center of academic excellence designated by the National Security Agency and DHS.

Students however, must meet these requirements:

  • Be a U.S. citizen;
  • Be able to obtain and hold a security clearance;
  • Have been or be enrolled in a bachelor's/ master's degree in a related field like information security, computer science, electrical engineering, network engineering, software development/ engineering, systems applications, information systems, or business with a specific concentration in one of the above; or have 30 semester hours in a combination of mathematics, statistics, and computer science;
  • Demonstrate oral and written communication skills;
  • Demonstrate project leadership ability and creativity;
  • Be open to travel requirements.

This year is the first for the internship programs, and interest has been strong, says Dean. However, DHS is starting small in an effort to refine the program first, and is currently looking to hire only eight graduate students this summer for the Emerging Leaders in Cybersecurity Fellowship program. Also, DHS has jump-started the Cybersecurity Internship program by selecting current students to participate in a 10-week summer internship. These individuals, depending on performance, will be eligible to participate in the Secretary's Honors Program upon graduation.

"We expect to grow the program at all levels five-fold over the next three years," Dean says.

Prospective candidates should visit the DHS website for instructions on how to apply and get more information on application deadlines. DHS will begin recruiting for summer 2012 in September of this year

"

(Read More... | Score: 0)


Top 5 IT Security Certifications for 2011
Posted by boss on Thursday, 30 December 2010 @ 13:12:18 EST (6104 reads)
Topic JOBS

Anonymous writes "

As seen on the GovInfoSecurity.com web site at http://www.govinfosecurity.com/:

GovInfoSecurity.com - Government Information Security News, Regulations, & Education
Top 5 IT Security Certifications for 2011
Employers, Recruiters Identify the Most Valued Infosec Certifications
Upasana Gupta, Contributing Editor
December 30, 2010

Not having an IT security certification doesn't disqualify you from getting that next job or promotion, but it could help.

"A certification today is like a college degree," says Grad Summers, Americas leader for information security program management services at Ernst & Young. "You may not hire a candidate just because they have one, but it is something that you come to expect in this field."

As you mull whether or not to get that certification, we've compiled the top five security certifications for 2011. Here's our list, which we based by scanning job boards and interviewing IT security recruiters and employers:

  • Vendor Certifications
  • CISSP: Certified Information Systems Security Professional
  • CEH: Certified Ethical Hacker
  • CISM: Certified Information Security Manager
  • GIAC: Global Information Assurance Certification
Vendor Certifications

A growing need for hands-on network engineers, along with social computing and Web 2.0 technology, has propelled network security even further. Vendor certifications including Cisco's Certified Network Associate Certification (CCNA), Microsoft's Certified Systems Engineer (MCSE) with focus on security and Check Point's Certified Security Expert (CCSE) top the list as organizations within banking, government and healthcare that look to fill open positions including network, system administrators and architects. "We look for completion of these certificates in potential network security candidates," Summers says. "As having those on their resume says a lot about someone's depth of knowledge."

CISSP

The popularity of the Certified Information Systems Security Professional is high within the IT security community as it provides the basis of security knowledge. "We feel safe hiring candidates carrying this validation," says Ellis Belvins, division director at Robert Half International, a professional staffing consultancy, adding that the certification demonstrates the security professionals' high proficiency, commitment and deeper understanding of security concepts, principles and methodologies.

CISSP is viewed as the baseline standard for information security professions in government and industry. Companies are beginning to require CISSP certification for their technical, mid-management and senior management IT security positions. This certification is offered through (ISC) 2, the not-for-profit consortium that offers IT security certifications and training.

CEH

Certified Ethical Hacker is gaining popularity as organizations focus in securing their IT infrastructure and networks from internal and external attacks. CEH is offered by EC-Council and its goal is to certify security practitioners in the methodology of ethical hacking. This vendor-neutral certification covers the standards and language involved in exploiting system vulnerabilities, weaknesses and countermeasures. CEH basically shows candidates how the attacks are actually done. It also attempts to define the legal role of ethical hacking in enterprise organizations.

Some employers aggressively look to hire candidates with CEH validation for hands on security operations and intelligence activities. "In 2011, we see the need for very specific skill sets which can be obtained through training and certifications such as the CEH," says Vernon Ross, director of learning and organizational capability at Lockheed Martin Information Systems and Global Solutions.

CISM

Certified Information Security Manager is significantly in demand as the profession focuses on the business side of security. CISM offered by ISACA addresses the connection between business needs and IT security by focusing on risk management and security organizational issues. "ISACA's CISM are a few that are on our radar for 2011," Summers says.

CISM is ideal for IT security professionals looking to grow and build their career into mid-level and senior management positions. In fact, the CISM earned a place on the list of highest paying IT security certification by the 2010 IT Skills and Certifications Pay Index from independent research firm Foote Partners.

GIAC

The demand is rising for Global Information Assurance Certification in specific disciplines such as digital forensics, intrusion detection, incident handling, security operations and application software security.

Employers and recruiters increasingly find GIAC credential as a requirement for hands-on technical positions. "GIAC's focus on open source tools and its aggressive in-depth training is very useful," says Daryl Pfeil, CEO of Digital Forensics Solutions, a computer security and digital forensics firm. She finds GIAC certified candidates highly skilled and proficient to handle the dynamic demands of real world job environment.

Other IT security certifications gaining importance include Certified Business Continuity Professional (CBCP), Cloud Security Alliance's new Certificate of Cloud Security Knowledge (CCSK) and CyberSecurity Forensic Analyst (CSFA).

"There is no replacement for real-world experience, Summers says. "However, certifications are important and have become de facto minimum criteria when screening resumes."

"

(Read More... | Score: 5)


Insyte Appoints Top Information Security Instructor Clement Dupuis to CLO
Posted by boss on Tuesday, 28 December 2010 @ 18:33:51 EST (1504 reads)
Topic JOBS

cdupuis writes "

Insyte Appoints Top Information Security Instructor Clement Dupuis to Chief Learning Officer Position

Top Security Evangelist heads up Secure Ninja Security Division to develop innovative security software curriculum and learning products.

Alexandria, VA, December 24, 2010. Insyte, LLC, www.insytetraining.com , a premier information technology training and services company is pleased to announce our newest team member Clement Dupuis to head our Information Security Training and Services unit Secure Ninja.

Mr. Dupuis is an extremely strong security professional who has great leadership ability, outstanding communication skills, which are crucial elements to properly manage and influence people and technology toward achieving a company’s security goals.  From an instructional perspective, there is currently no other instructor and/or security tester who has such an extensive level of knowledge of the 10 domains of the CISSP CBK and the very special ability of interacting one on one with each of the students in his classroom.  

“With 30 years experience delivering complex information security training and top-notch information security training, Dupuis is uniquely qualified to become CLO (Chief Learning Officer),” said Ned Snow, Vice President Sales/Marketing of Insyte. “By combining Dupuis’s expertise with an engineering team that boasts an average experience of over 20 years, Insyte and it’s security division Secure Ninja is well positioned for our next phase of innovation and growth.”  

Industry professionals may be most familiar with Clément’s internationally renowned websites, including www.cccure.org, the leading portal for CISSP and SSCP exam preparation and practice materials and maintains a website for Professional Security testers located at http://www.professionalsecuritytesters.org, as well as a French security portal (http://www.cccure.net).

Over the years Mr. Dupuis has demonstrated his competence in the field of computer security by obtaining leading certifications such as the ISC2 CISSP (Certified Information Systems Security Professional), CompTIA Security+,  SANS GCFW (GIAC Certified Firewall Analyst),  SANS GCIA (GIAC Certified Intrusion Detection Analyst, EC Council Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst (ECSA), EC-Council License Penetration Tester (LPT), EC-Council Certified Trainer/Instructor (ECT), EC-Council Disaster Recovery Specialist (EDRP), EC-Council Network Security Administrator (ENSA), EC-Council E-Business Security (EEBS), Check Point Certified Security Administrator (CCSA), Check Point Certified Security Engineer (CCSE), UNIX Advanced Certified Engineer (ACE), Solaris Certified System Administrator (SCA), Brainbench HIPAA security certified (BHSC), Brainbench Master Information Technology Security Fundamentals (BMITSF), Brainbench Master Internet Security (BMIS), Brainbench Master ITAA Information Security Awareness (BIISA), and Brainbench Master Network Security (BMNS).   Clement has also obtained 4 Master level certifications from Brainbench.  A master level identifies that he scored higher than 98% of all other candidates who took the exams.  He is one of very few specialists in North America who has obtained all of these certifications and scored this high.

Mr. Dupuis’s expertise applied will be paramount in Secure Ninja’s delivery of rare and unique Information Security classes for niche clientele.   To learn more about Clement Dupuis visit http://secureninja.com/page/28/Clment-Dupuis-Chief-Learning-Officer-and-Senior-Courseware-Designer/

About Insyte and Secure Ninja

Insyte’s business unit Secure Ninja is a leader in Information Security and IT training and certification such as CISSP, Security+, CEH, CISM, Computer Forensics and has been providing businesses with programs that answer regulatory needs and skills gaps for over 8 years. Our training programs educate and certify your employees in the areas that are critical to your operations. With certified professionals on staff, your company demonstrates that it is seriously engaged in producing ROI on technology investments and handling compliance requirements competently. Our programs create solutions for the DOD and integrator community by answering the certification needs of the 8570.1 mandate. Our services/consulting division specializes in governance, risk and compliance programs for government agencies including information assurance, IV&V security assessments, and cyber-security solutions. For more information visit www.secureninja.com

Press Contact:

Ned Snow
ned@insyte.us
703.535.8600
www.insytetraining.com
www.secureninja.com

"

(Read More... | Score: 0)


IT Certifications Around the World — Differences in Numbers and Popularity
Posted by boss on Friday, 17 December 2010 @ 10:55:06 EST (1329 reads)
Topic JOBS

cdupuis writes "

Good day to all,

Today I was reading a very interesting article on IT Business Edge talking about certifications around the world.  It contains interesting content as far as numbers, what is hot in different countries, and the trends.  You can see the original post as a slide show at: http://www.itbusinessedge.com/slideshows/show.aspx?c=85840

CISSP

As of August 2010, there were 69,488 CISSPs globally, with the U.S. leading all other countries with 43,695 CISSPs or 63 percent. The next three countries are Canada with 3,642, the UK with 3,478, and South Korea with 2,487. Note that those “next three countries” total less than 25 percent of what the U.S. has. CISSP popularity is strongly U.S. biased.

CISA

The Certified Information Security Auditor (CISA) certification is a competitor to the CISSP with some differences in intended focus and level of technical detail. That said, for job eligibility, the CISA replaces the need for a CISSP throughout Europe.

In Europe, the CISA cert is much more popular than the CISSP. This has to do mainly with reputation (CISSP is viewed as heavily U.S.-centric) and the fact that training availability is quite limited outside the U.S.

According to the ISACA website, there are more than 75,000 CISA certified individuals.

CISM

The CISM was introduced relatively recently, in 2003. By comparison, the CISA was introduced 25 years earlier, in 1978. According to the vendor website, there are 13,000 CISM certified individuals.

CISCO

How about a premier certification? How about one of the most difficult certifications to obtain, CISCO’s CCIE (Cisco Certified Internetworking Expert)? As of earlier this year, there are about 21,000 CCIEs across the world.

Only one quarter of them are in the U.S. (about 5,600 CCIEs). China is next in place with 3,700. The next two countries with the most CCIEs are Japan, with approximately 1,200, and the UK with 1,100.

The relatively low number isn’t surprising, as a candidate must demonstrate true expertise by passing multiple hands-on, lab examinations.

Compare Cisco’s CCIE population to the much larger number holding the vendor’s junior certification, the CCNA (Cisco Certified Networking Associate). When Cisco last reported CCNA certification holders, the number exceeded 700,000. Sure, that includes expired cert holders, but the ratio is well past 30:1 in comparison to the CCIE.

MICROSOFT

Unless you’re living under a rock, you’re aware that Microsoft completely overhauled its certification scheme in recent years. Gone are the days of simply having your MCP and MCSE. But just in case, let’s recap what’s happened since Windows Server 2008.

Principle certifications are now the Microsoft Certified Technology Specialist (MCTS) and the Microsoft Certified IT Professional (MCITP). Differences? The MCTS is the entry-level, “how to” certification, focusing on technical details and for task-oriented individuals. By contrast, the MCITP is the “decision maker” certification, focusing on design and strategy. For the certification audience, this distinction likely correlates well with job function. Big progress from the MCSE certification of yesteryear, which didn’t differentiate job levels, apart from some exams being more technical than others.

There are also two other Microsoft certifications worth mentioning, the Microsoft Certified Professional Developer (MCPD) and the Microsoft Certified Master. The MCPD is akin to the old MCSD (Solution Developer), geared toward coders. The Microsoft Certified Master is interesting as it adds a level more senior to the already challenging MCITP. No accurate numbers for how many Masters exist were found.

If you want to know numbers for MCTS and MCITP holders, you’re not alone. Unfortunately, in late November 2009, Microsoft removed all pages and references of the MCTS and MCITP population. No one knows for sure how many there are. But we can be sure it includes hundreds of thousands of legacy MCSE holders.

CompTIA Certififications

Arguably the most introductory certification on the market is CompTIA’s A+. To date, there are about 800,000 A+ certified individuals. As a stand-alone certification for job eligibility, the A+ is hardly useful. However, the A+ is a required step toward a few advanced Microsoft and Novell certifications.

Other CompTIA certs include the Network+ and Security+. There are presently approximately 190,000 Network+ certified individuals and 35,000 Security+ certified individuals.

PROJECT MANAGEMENT CERTFICATIONS

Here’s a classic example of U.S. versus the rest of the world. In the United States, the predominant cert is the Project Management Professional (PMP). The PMP is widely recognized and well respected. Meanwhile, the UK’s Office of Government Commerce oversees the Prince2 certification. Holding a Prince2 certification will carry a lot of weight when vying for a project management job throughout Europe. In Asia, both certifications are familiar, but in general one does not stand out as a “must have.”

ITIL

The ITIL is a certification widely in demand in Europe, Canada and to a lesser extent, Asia. But for some reason, this cert gets little attention in the United States. For those unfamiliar with the ITIL certification, it’s named after the IT service process methodology. ITIL helps delivery of IT services in the most efficient manner. Similar to Prince2, the ITIL cert is developed by the UK’s Office of Government Commerce.

The IT Business Edge is a great website, do visit at:  http://www.itbusinessedge.com/

"

(Read More... | Score: 5)


Where the Jobs Are in 2011 -- 10 Information Security Growth Areas for the New Y
Posted by boss on Friday, 03 December 2010 @ 20:10:58 EST (1449 reads)
Topic JOBS

cdupuis writes "

NOTE FROM CLEMENT: 

Another great article about hot employment in 2011 as seen on the GovInfoSecurity web site at:

http://www.cuinfosecurity.com/p_print.php?t=a&id=3145

Upasana Gupta, Contributing Editor
December 3, 2010


Jobs may remain scarce elsewhere, but heading into 2011, information security is still a growth industry.

Academic institutions such as Carnegie Mellon, Purdue and Norwich University have reached 100% job placements for recent graduates, and there is still a growing demand for cybersecurity professionals not just in government, but in all industry sectors, including healthcare and financial services.

As organizations increasingly focus on protecting critical infrastructure and meeting regulatory requirements, they create a heightened need for qualified information security professionals.

"There is not a single job position within security that is not in demand today," says Tom Sliver, senior vice-president, North America for Dice.com.

Based on his job board's analysis, Sliver has seen a 69% increase in information security jobs compared to last year. High growth areas include network security, application security, forensics and security engineer positions.

Sliver sees an overwhelming demand for application and security architects, as well as software developer jobs, which are 80% higher than last year. "High growth is seen in the identity management, secure products and access control areas as a means to manage new threats and risks," he says.

Also, on the radar for hot jobs are risk management, business continuity and business understanding of security that continue to speak to the evolving needs of the profession, says Mark Lobel, senior partner with PricewaterhouseCoopers and a member of ISACA's security management committee.

"These areas will be critical for security, as it attempts to create value and support the bottom line revenue in organizations."

Top 10 Growth Areas for 2011

Editor's Note: Salary ranges for the following positions are derived from sources that include Robert Half Technology's salary guide for 2011, as well as job sites Indeed.com and Simplyhired.com.

 

  1. Business Continuity: Based on the 2011 Global State of Information Security Survey conducted by PricewaterhouseCoopers, business continuity is one of the major factors driving information security spending. The study says that close to 63% of respondents have a business continuity plan in place, but only a marginal percentage of these plans are deemed effective. "What we will see is increased adoption and deployment of a business continuity management program in 2011, as organizations focus on making these effective," Lobel says.

    The emergence of increased threats such as pandemic outbreak, recession, power outages, terrorism and cyber fraud have pushed the need for qualified business continuity professionals in today's marketplace.

    Jobs for business continuity professionals within banking and government will focus on candidates with extensive risk assessment and analysis skills, who can identify potential impacts that threaten an organization and implement an effective enterprise framework.

    Within healthcare, jobs will focus on those professionals who can address the backup and recovery of electronically protected health information (EPHI) and critical business processes, as well as engage in an organizational wide business continuity planning.

    These individuals will need to be proficient in risk monitoring, measuring and mitigating skills. "The check list approach will completely wear out, as tackling of new risks will emerge as a necessity," Lobel says.

    Salary range for a business continuity analyst is $74,500-$106,000.

  2. Business Opportunities: A recent IBM Tech Trends study, which surveyed 2,000 IT professionals including IT security architects, network administrators and application developers across 87 countries, confirms the need for IT security professionals to better understand how business works. A key finding of the study is that nine out of 10 IT professionals believe industry-specific business knowledge is critical even in their technical roles, yet only 63 percent indicate they possess the business knowledge they needed to remain competitive.

    "Security is all about business understanding and value," says David Foote, chief executive officer at Foote Partners, a Florida-based consultancy that tracks IT skills and competencies. It is crucial for security practitioners to understand basic business concepts such as shareholder value, profit margins, cash flow and supplier diversity, says Foote. "This goes a long way in getting a seat at the executive table."

    Companies therefore, are increasingly focusing on soft skills, including presentation abilities, strategic thinking and project management know-how, and they are bringing on board individuals who can make the connections among security, IT risk and business, says John Reed, executive director of Robert Half Technology.

    "Understanding business requirements has become mandatory for integrated security initiatives to succeed at any organization," Reed says.

    Also, there are new and emerging corporate and business-line security jobs in areas of business analysis, intelligence, risk management, governance and integration activities. "The future will demand practitioners to understand their business, how it's governed and its impact within their industry," Foote says.

    Average salary for a business security manager is $82,000.

  3. Risk Management: According to the ISC2 2010 Career Impact Survey, which polled almost 3,000 respondents from 80 countries, there is a high demand for professionals with risk management expertise. About 47% of hiring managers from various sectors worldwide say they are seeking recruits who are well-versed in information risk management. "All of a sudden people are realizing that managing IT security is all about risk," says Hord Tipton, executive director at ISC2. "Organizations are now looking for individuals who can successfully implement security to take risks out of the business."

    A key trend seen by industry experts is a move toward enterprise risk management by organizations specifically within banking and government, as they prepare for unmanaged risk. The ERM programs generally provide for a consolidated view of emerging risks and a framework that focuses on the organization's overall business goals and objectives, the amount of risk the organization can tolerate and what fits within its culture.

    In the coming year, organizations will focus on building more coordinated and robust risk models, requiring professionals to be proficient in integrated risk analysis and assessment to determine where to concentrate resources -- where can they afford to take risks and generate the most value and selectively de-prioritize those areas that do not contribute?

    The jobs for risk professionals within healthcare will focus on understanding IT risk related to patient's right, says Tipton. More organizations will adopt effective risk identification/prevention techniques and methodologies in reducing adverse outcomes and incidents related to medical-malpractice and disclosure of patient's sensitive information. Also, these professionals will be actively involved as organizations transition to electronic health records. It will therefore, be critical for risk professionals to understand compliance requirements such as The Health Insurance Portability and Accountability Act and privacy breach laws.

    Average salary for an IT risk manager is $90,000.

  4. Cloud Computing: Based on the 2010 CIO survey by Gartner Executive Programs, which included responses from 1,586 chief information officers representing 41 countries and 27 industries, a key finding is a transition to collaborative and innovative solutions such as virtualization, cloud computing and Web 2.0 social computing.

    "2011 will see a shift in business expectations from just focusing on cost-based efficiencies to achieving greater results based on enterprise and IT productivity," says Reed. This shift will create the need for new roles within information security that will increasingly specialize in managing, negotiating agreements and deliverables with cloud providers.

    The cloud movement will further enhance focus on industry-specific, business-related processes and lead to more business, privacy, application, risk and security-savvy management professionals. Who can understand how to protect and classify data in the cloud? What encryption methodologies must be deployed? How does one handle privacy requirements and their impact on the company?

    Cloud computing initiatives are high on the government's agenda, as agencies quickly transition to the secure cloud in an effort to increase cost efficiencies. "New jobs with specialized skills including Web 2.0 deployments, virtualization, server consolidation and configuration management will hit the market in 2011," says Tipton.

    However, the current adoption of cloud computing at banks and healthcare organizations is lower, mainly because of security and privacy issues related to data protection in a cloud environment. But as cloud computing initiatives get refined and gain prominence, the years ahead will see a higher adoption rate.

    Also, professionals with experience in service-oriented architecture, storage technologies, web services standards and open source technologies will find themselves very marketable in all sectors.

    Average salary for cloud computing job positions is $102,000.

  5. Application Security:This has been a hot growth area in all industries because of increased focus on customer-facing technologies, use of mobile applications, transition to electronic health records and need for secure software and products.

    In fact, even graduates in information security are finding themselves increasingly hired by online and tech firms such as Google, Apple and Yahoo for IT and security application roles. There has been a sudden spike in application security positions in the last two years, says Jennifer Burkett, director of Career Services & External Relations at Carnegie Mellon University. "We now see a significant percentage of our students filling these roles, requiring innovative thinking and knowledge of Android and mobile applications."

    The ISC2 2010 Career Impact Survey indicates that about 42% of hiring managers will seek expertise in application and system developmental security.

    As organizations realize that a high percentage of attacks and fraud are focused on the application layer, they are increasingly focused on implementing secure software development lifecycle, says Tipton.

    Within the government, specific skills in application security such as Web 2.0 and SOA for Web services, enterprise resource planning, database skills including-SQL Server and IBM Db2, will be in demand. Specifically in banking, the focus areas include identity management, secure products and access control.

    Within healthcare, application jobs will be more focused on understanding "how security attacks manifest themselves in the application and emphasize in analyzing the typical patterns and tracks to prevent breaches," says Tipton.

    Overall, 2011 will see a growing demand for qualified security programmers, web application developers, software engineers and security architects.

    Salary range for an application developer is $85,000-$117,500.

  6. Forensics: Digital forensics is growing in importance as companies work to comply with federal and state regulations affecting many industries, including banking and healthcare, that require organizations to be able to quantify how much customer information was exposed during the course of a breach. These investigations frequently require the application of digital forensics, such as to analyze the impact of malware.

    Also, as cyber attacks increase and become more sophisticated, no organization is immune to targeted, persistent attacks, and therefore they need to prepare and invest in professionals to perform incident response and digital forensics activities to understand what happened, what was the damage and analyze the extent of the attack, says Rob Lee, director and IT forensics expert at Mandiant, a Washington-based information security software and services firm.

    2011 will see an increase in jobs requiring forensics expertise for positions including information security crime investigator, forensics analyst, incident responder and litigation support specialists in all three sectors. "The on-demand skills will need professionals to specialize in firewalls, hacking or mobile devices," Lee says.

    Average salary for a forensics professional is $81,000.

  7. Network Security: Of the 100 jobs that make Money magazine's and Payscale.com's list, network security is ranked number eight as one of the most desirable job positions, carrying a 10-year forecast growth of 27%.

    "The ongoing cyber attacks and online crime are driving a huge need for experts who can proactively protect critical infrastructure," says Sliver. " We are seeing an increase in job postings for professionals who are offensively attacking malware for instance even before they hit the networks."

    An increased demand for these professionals is coming from government agencies such as the National Security Agency, Central Intelligence Agency, Department of Homeland Security and the Defense Department, which are all seeking entry-to-mid level, qualified professionals to design, implement, maintain and troubleshoot their network/security infrastructure, servers and workstations. In addition, Burkett also sees an increase in scholarship funding by defense contractors like Boeing and Lockheed Martin, who are directly recruiting IT security graduates for these positions.

    Within the healthcare sector, demand for network security practitioners is gradually increasing as organizations get aggressive in implementing IT security measures to secure their networks and maintain compliance with critical regulations such as HIPAA.

    Average salary for a network security engineer is $75,000.

  8. Regulatory Compliance: Reed finds a big emphasis on compliance and regulatory requirements from employers while hiring IT security professionals specifically in the banking and healthcare sectors, which are so heavily regulated. He says that he often finds understanding of industry regulations including the Payment Card Industry Data Security Standard, The Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, as mandatory for positions dealing with data privacy, vendor management, as well as governance, risk and compliance activities.

    "Compliance is driving the need for security and protection in these industries," he says, as new compliance emerges within mobile applications and technologies such as virtualization and cloud computing. Going forward, there will be a need for a new breed of security professionals "who can draw a balance between the reality of compliance requirements and the appropriate risk decisions they will participate in."

    Average salary for a compliance officer is $77,000.

  9. Wireless Security: Managed wireless security services, including mobile wireless, is a hot area for 2011, says Foote. "We are seeing compound annual growth rate projections through 2014 as high as 27% for wireless segments within managed securities services." Looking at the wireless security market, Foote says, "It's a (US) $9 billion market in Europe, a $5.7 billion market in Asia-Pacific and between $4 and $5 billion in North America."

    Within this area, Foote sees demand for professionals with specific skills including VOIP security, vulnerability scanning, threat assessment, incident management, data leak prevention, secure code development, intrusion detection and prevention and IP based services.

    Salary range for a wireless network engineer is $74,750-$102,500.

  10. Security Leadership: is increasingly a business focus and demands leadership skills in 2011 that are centered toward achieving the strategic needs of an organization. "Leaders within security are moving from just battling incidents and regulations to becoming revenue orientated, with 'can do' attitudes," says Lobel. Their role is becoming more intertwined with high-level organizational risks, and in the more regulated and mature industries, the security leader is getting engaged in managing business processes residing on IT systems such as SAP or other ERP, and in addition is looking at IT risk beyond the conventional thinking around the Confidentiality, Integrity & Availability triad.

    In 2011, leaders will need to drive change in their organizations and not simply respond to it," Lobel says. They will need to identify new technologies (cloud, mobile applications and social media) and how those technologies can increase or protect market share or revenues. For instance, if an organization is looking to migrate into the cloud rather than trying to stop the business from using new technology, leaders will need to have their plans in place before the business decides they need this migration.

    Salary range for a chief security officer is $110,750-$165,750

"

(Read More... | Score: 0)


Security Pros: Expect a Raise in 2011
Posted by boss on Friday, 03 December 2010 @ 20:04:42 EST (1068 reads)
Topic JOBS

Anonymous writes "

NOTE FROM CLEMENT: 

As seen on the great GovInfoSecurity web site at: http://www.cuinfosecurity.com web site

The future looks good for security pro in 2011,  see report below.  Unless you work for the Federal Government where a pay freeze was announced.  See article below from the Gov Info Security website:

Firm Predicts 4% Hike for Key Jobs

Upasana Gupta, Contributing Editor
November 18, 2010


Salaries for IT security professionals will increase by an average of 4.0% in 2011, according to a new report.

Robert Half Technology has released its salary guide for 2011, listing more than 70 positions in the IT field. The guide is based on analysis drawn from thousands of job placements managed by the company across North America, as well as regular insights from chief information officers and other senior executives.

"The percentage increase in salaries for security positions is fairly nominal and higher than the average 3.4 % projected growth for IT positions," says John Reed, executive director at Robert Half Technology. "We are seeing a modest increase in salaries for security positions in 2011 as companies hire to secure and maintain confidentiality in proprietary information."

The high growth areas within security include network security and administration, application development and data security architect positions.

These jobs are increasing in demand within companies largely because of the rise of social media with a focus on customer-facing technologies, plus the client/regulatory push for secure data, Reed says.

He also foresees a steady market for professionals who are directly involved with protecting critical infrastructure, large networks and migration to technologies such as virtualization and cloud computing.

"The shortage of skilled security professionals, with demand clearly outpacing supply, is another factor leading to growth in this field," says Reed.

Salary Trends

In comparing the salary trends in recent years, the growth within information security has remained consistent with an increase of between 3-4% for most positions.

The only exception for 2011 is an extra demand for IT security skills coming from specific industries such as healthcare, where organizations are increasingly looking to hire security analysts, privacy officers and risk managers to assist with the conversion to electronic medical records.

The other in-demand job segments include positions with database skills such as SQL Server and IBM Db2, enterprise resource planning, data modeling and business intelligence, as well as SharePoint skills, where the projected growth is above 5% for 2011.

Top Jobs

Following are five top security positions that offer promising growth in 2011:

 

  1. Data architects are expected to see a handsome boost in base pay in 2011, with their average starting salary rising 4.9 percent to the range of $91,750-$126,500.
  2. Lead application developer salaries at large (more than $250 million in sales) and midsize companies are predicted to climb 4.7 percent, reflecting a compensation range of 85,000-$117,500
  3. Data security analysts are anticipated to receive starting salary offers within the range of $84,000-$114,500, a 4.5 percent increase over last year.
  4. Information system security managers are expected to climb 4.4 percent in the year ahead to $99,500-$137,750.
  5. Network administrators can anticipate a 4.3 percent gain in base pay, to a range of $81,000-$111,250

"

(Read More... | Score: 4)


Information Security Analyst II (Risk Management)
Posted by boss on Saturday, 13 November 2010 @ 23:29:59 EST (2103 reads)
Topic JOBS

KatherineG writes "

e 1199SEIU Benefit & Pension Funds provide comprehensive health, pension, and quality of life benefits to unionized workers represented by 1199SEIU United Healthcare Workers East.  We are among the largest labor-management funds in the nation, covering 430,000 members and their families.

 

If you’re ready for the brightest career future, join us in this excellent opportunity to showcase your talents.  We are currently seeking an experienced Information Security Analyst II (Risk Management) for our Information Security department.

Responsibilities 

  • Implement all risk-related activities of the Funds Information Security Department (IS), including accessing, planning, testing, reporting and recommending appropriate remediation measures
  • Ensure the confidentiality, integrity, and availability of the Funds and members data and system
  • Benchmark risk management practices; maintain up-to-date understanding of industry best practices, monitor legal and regulatory environment for developments that could require changes to established IS policies and practices
  • Partner with the Information Technology (IT) department and business units to facilitate IS risk analysis and risk management processes, identify acceptable levels of residual risk, establish roles and responsibilities related to information classification and protection
  • Assist with monthly vulnerability review of 200+ servers including validation of vulnerabilities with business owners; prepare reports and provide findings for IT department and executives, document and track corrective actions or remediation strategy
  • Oversee and monitor risk mitigation strategies; coordinate with the Compliance Director, Information Security Officer (ISO) and the Chief Information Security Officer (CISO), to ensure business units are taking effective remediation steps
  • Create, disseminate and (as required) update documentation of the Funds matrix of identified IS risks and controls; ensure defined processes and standards are maintained
  • Perform additional duties and projects as assigned by management
  • Bachelor’s degree in Information Security or equivalent years of experience required; plus
  • Minimum three (3) years Risk Management experience required in an Information Technology environment or related discipline (Information Security, Business Continuity Management or Compliance)
  • Certified Information Systems Security Professional (CISSP) certification required; SANS and other InfoSec related certification a plus
  • Demonstrated experience with Risk Management and Security Architecture Reviews required
  • Knowledge and experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks
  • Excellent troubleshooting and analytical thinking skills
  • Superb communication, interpersonal skills and collaborative skills a must
  • Self-directed, self-starter, and motivated with the ability to work with minimal supervision
  • Must meet performance standards including attendance and punctuality

We offer a competitive salary, an excellent fully employer-paid comprehensive benefits package and talented professional colleagues.

 

For consideration, please visit us at http://www.1199SEIUBenefits.org and click on the “Jobs” link.

 

Please mention you saw this ad in CCCure. We are an Equal Opportunity Employer.

 

 

 

"

(Read More... | Score: 0)


IA Position in DC Area
Posted by boss on Thursday, 30 September 2010 @ 20:08:22 EDT (1096 reads)
Topic JOBS

cdupuis writes "

From: Chris Neaves <chrisneaves1@yahoo.com

Date: Wed, Sep 29, 2010 at 18:01

My company has several IA positions located in the Washington DC area / NCR supporting multiple Federal agencies.

If you have a CISSP or CISA/CISM, DoD clearance, and are familiar with testing tools used for FISMA certification and penetration testing, we have some very exciting positions available right now!

Please send your resume to me at the address below and I will get it to our HR department with a recommendation that you have affiliation with Larry's training ( a big plus).

My address is: cneaves@k2share.com

Thank you.

Chris Neaves, Director of IT Operations
K2Share LLC
http://www.k2share.com

"

(Read More... | Score: 0)


Job Offer - Sr. Consultant Business Continuity Management and ISO27001 Implement
Posted by boss on Tuesday, 14 September 2010 @ 22:47:46 EDT (1133 reads)
Topic JOBS

cdupuis writes "

Job Title:             Sr. Consultant Business Continuity Management and ISO27001 Implementation & Certification

Location:             Doha, Qatar

Contact:              Balwant Rathore at balwant_rathore@oissg.org

Profile:

The consultant should provide a structured programme to assist clients in Business Continuity Management consultancy services and ISO 27001 implementation for accreditation.

Required competencies:

  • 5 yrs of experience in implementation of Business Continuity Management and ISO 27001 in medium / large size organizations.
  • In depth knowledge of Business Continuity Management (BS2599) and ISO 27001 standards requirements and end-to-end (from beginning to the end) involved in at least one cycle of ISO 27001 certification process.
  • Good knowledge in policy and procedure development
  • Trained ISO 27001 Internal Auditor and extensive experience in conducting audits

Preferred competencies:

  • Certified Business Continuity Planner (CBCP) or Associate Disaster Recovery Planner accreditation.
  • CISSP Training Experience
  • Certified ISO 27001 Lead Auditor
  • CBCP and ISO 27001 Training Experience
  • Knowledge / Experience in standards like ISO 20000

Others:

  • Excellent oral and written communication skills is must
  • Candidate from big 4 consulting firms are preferred

Interview Process:

  • Short listing of profiles
  • Telephonic Interview
  • Schedule a personal interview

First interview date in Mumbai is on 19th September, 2010

"

(Read More... | Score: 0)


Security Professionals’ Salaries Up 6 Percent in 2010
Posted by boss on Thursday, 19 August 2010 @ 22:35:48 EDT (2185 reads)
Topic JOBS

cdupuis writes "
As seen on the Security Product website at:  http://secprodonline.com/

Security Professionals’ Salaries Up 6 Percent in 2010
  • Aug 10, 2010

The median compensation for security professionals in the United States increased 6 percent from 2009 to $93,000, according to the 2010 ASIS International “U.S. Security Salary Survey.” In addition, respondents who had a Certified Protection Professional (CPP) certification earned a median salary of $118,000.

Average compensation (sum of dollars divided by the number of respondents) was $108,000, a 5.5 percent increase over last year. 2010 marks a continuation of a 5-year trend in which average compensation for salaried security professionals has risen 19 percent from $88,000 in 2006 to the current $108,000.

Other findings from the 2010 survey include:

  • Salaries of those at the bottom-rung of earners -- those in the 10th percentile --rose from $46,000 in 2009 to $52,000 in 2010, and those at the top of the scale -- the 90th percentile -- saw their compensation increase from $163,000 to $180,000.
  • The Mid-Atlantic region continues to offer the security jobs with the highest compensation ($105,000 median), up 5 percent from 2009. Conversely, the Mountain and East South Central regions offer the lowest rates of compensation, and unlike every other region in which compensation rose, these regions show stagnant or dropping wages.
  • Information and Natural Resources and Mining tied for the highest average compensation. However, the Information sector saw the greatest increase with an average salary of $142,000, up 30 percent from 2009. Natural Resources and Mining, with an average salary of $142,000, suffered a 10 percent drop from 2009 average compensation levels of $151,000.
  • Federal government and law enforcement employees report an average salary of $114,000, and the highest median of any sector at $101,000.
  • Thirty-nine percent of this year’s respondents are top-level security professionals at their organization; this group earns an average salary of $123,000 and a median of $100,000.
  • Holding a core industry certification correlates to compensation substantially higher than the salaries of peers with no certification. Those holding the Certified Protection Professional (CPP) certification, administered by ASIS, for example, report an average compensation of $118,000, 18 percent higher than 2009, and a median salary of $100,000. Those with no certification reported an average compensation of $100,000 and a median salary of $85,000.
  • Education also correlates with compensation. Thirty-one percent of respondents hold a master’s degree and report a median compensation of $122,000.

More than half (58 percent) of the survey respondents work for privately held companies, a sector reporting an average compensation of $104,000 and a median salary of $90,000. Those working for publicly held (stockholder-owned) companies (27 percent of respondents) report the highest average compensation at $124,000, with a median of $100,000.

The survey examines trends in both average and median salaries, because the two measurements can offer different perspectives; the average is a total of all items in the sector divided by the count in the sample, while the median is the precise midpoint of the range of all items reported. All ASIS members employed in the United States were eligible to participate. The results are based on 784 participants who completed the survey. The survey collected data from the current and preceding years and breaks out responses in 11 industries and 9 geographic regions. Each section drills down into 18 specific factors that affect compensation.

The “U.S. Security Salary Survey” will be available in October for $135 to ASIS members and $195 for nonmembers. For more information, visit www.asisonline.org/.

"

(Read More... | Score: 0)


Today's Most In-Demand Certifications
Posted by boss on Monday, 26 July 2010 @ 13:00:40 EDT (2085 reads)
Topic JOBS

cdupuis writes "

Original article on the great Certification Magazine website at: http://www.certmag.com/read.php?in=3950

An industry-recognized certification can provide you with a competitive edge whether you’re looking for a new position or trying to advance within your current firm. However, the biggest challenge when it comes to earning a professional designation is often determining which one to pursue.

Here are the four most in-demand certifications, according to Robert Half Technology’s staffing and recruiting professionals across the United States:

Certified Information Systems Security Professional (CISSP): Offered by the International Information Systems Security Certification Consortium (ISC)&sup2;, this vendor-neutral information security accreditation covers 10 domains, including access control, cryptography, operations security, and security architecture and design. To earn a CISSP, you must meet certain experience requirements and achieve a scaled score of 700 or greater on the CISSP exam. The credential also must be renewed every three years. According to CIOs polled for the latest “Robert Half Technology IT Hiring Index and Skills Report,” the second most challenging functional area to fill is security, increasing the appeal of job candidates with a CISSP designation.

Microsoft Certified Systems Engineer (MCSE): This certification focuses on the design and implementation of these particular infrastructures. It’s recommended that you have one to two years of experience working with network systems before pursuing the accreditation. Earning the MCSE certification demonstrates a commitment to professional development because you must have a wide range of knowledge and pass seven exams to obtain it.

Although the MCSE designation is in particularly high demand, job candidates who have earned any Microsoft certification have an edge in the job market. Because of the ubiquity of Microsoft applications, accreditations that demonstrate your knowledge of these technologies will continue to be sought by employers.

Project Management Professional (PMP): If you want to validate your project management abilities, this credential, offered by the Project Management Institute (PMI), may be for you. You must have between three and five years of project management experience to take the exam, and the certification must be maintained by earning 60 Professional Development Units over a three-year period. The increasing complexity of IT projects, and the need to involve individuals from all over the organization in these engagements, has led to the demand for verifiable project management skills.

Cisco Certified Network Associate (CCNA): This vendor-specific accreditation authenticates the bearer’s ability to administer medium-size route and switched Cisco networks. To earn the certification, you can either pass the 640-802 CCNA exam or both the 640-822 Interconnecting Cisco Networking Devices Part 1 (ICND1) and 640-816 ICND2 exams. The CCNA designation is valid for three years, after which you must pass one of various possible exams to renew it.

Fifty-eight percent of CIOs polled for the “Hiring Index” ranked network administration as the technical skill set in greatest demand within their IT departments, further demonstrating the marketability of professionals with the CCNA credential.

Although earning one of the above certifications could be advantageous for your career, that doesn’t mean doing so is the necessarily the best move for you to make. Before pursuing any professional designation, you must ask yourself the following questions:

•    Which certification is right for me? Take into account your experience, current position and future professional goals. For instance, if you have a project management background and want to further your career in that area, a PMP certification could be extremely valuable. However, if you have no networking experience, it’s unlikely that a CCNA accreditation will boost your marketability. It’s important to understand that a certification can’t take the place of experience. Rather, it is best used to support relevant experience you already possess.

•    How much time and money are involved? Between books, study aids, training courses and exams, there will be costs involved. But there may be ways to reduce these expenses. If you’re currently employed, your company may offer financial assistance with your education. If you’re unemployed, you might consider registering with an IT staffing firm, some of which offer free training courses, test preparation and sample exams.

The time commitment can vary dramatically depending on the designation you are pursuing. The MCSE certification requires you to take seven exams, for instance, while the CCNA designation will perhaps only require one. Also keep in mind that some credentials require ongoing study to remain valid.

•    How much of an impact will a certification have on my career? This question is hard to answer. According to the “Robert Half Technology 2010 Salary Guide ,” a credential can increase starting salary by up to 10 percent. But not all certifications are created equal. Those less in demand may not boost your compensation at all or increase your appeal to potential employers by any noticeable amount. You may want to consult members of your professional network, especially those who have earned a certification you hope to obtain, or an IT recruiter for additional insight.

Dave Willmer is executive director of Robert Half Technology, a provider of IT professionals for initiatives ranging from e-business development and multiplatform systems integration to network security and technical support. He can be reached at editor@certmag.com

Original article on the great Certification Magazine website at: http://www.certmag.com/read.php?in=3950

"

(Read More... | Score: 0)


Job: Trainer with full scope polygraph needed, Herndon, VA, USA
Posted by boss on Friday, 14 May 2010 @ 06:12:46 EDT (1187 reads)
Topic JOBS

cdupuis writes "

We are looking for a trainer with full scope polygraph for one of our project in Herndon, Virginia, USA. 

The job description is below:

Are you a talented Trainer that has experience with training and verification tools?  

Would you be interested in joining a dynamic and innovative team that will allow you to grow, learn and make up your own schedule?

We would like to get to know you. We offer the opportunity to work on projects of national importance and the chance to be on the front line providing input and suggestions in all aspects of the applications development life cycle to the other members of the technology group.

As a trusted partner of the Department of Defense, U.S. Government civilian and international agencies, as well as businesses throughout the world, FGM is an agile provider of technical solutions that enable mission-critical operations and decision-making.

As a company, we believe that FGM’s work force diversity creates a dynamic and interesting workplace. From your interview to your first day on the job and beyond, you’ll find that we do things differently. We foster a collaborative work environment whose success is dependent on creative thinking combined with superior problem-solving and analytical skills. Our customers depend on us for our expertise and knowledge and FGM depends on you to meet their demands.

FGM has been recognized as:

• Three-time award winner of The Washingtonian Magazine’s “Great Places to Work”

• Herndon Dulles Chamber of Commerce’s “Outstanding Large Business of the Year”

• ITRecruitmag.com’s “Top 50 Tech Places to Work”

We are currently seeking a motivated and cleared Knowledge manager/Tester candidate to join our National Security Solutions Team.

This position requires a skilled software engineer, who has the ability to work interface with technologists, analysts and the customer.    The position requires adaptability, the drive to work in a high pace environment and someone who enjoys a challenge.

Prefer experience using the following Training & Verification tools: Captivate, Adobe CS4 (Design Premium), MS Office Suite, Rally, Selenium IDE, Selenium Remote Control and Firefox (Firebug), SharePoint and potentially HP/QC, HP/QTP

General Requirements:

Trainer:

Conducts analyses, using Instructional Systems Design process, to evaluate customer technical training needs to determine appropriate training content, objectives, design. Conducts activities to develop, deliver and evaluate the technical training.

Training delivery will range from the most basic application overview to upper management to detailed Instructor Lead Training to analysts. 

Establishes processes for identifying training content and evaluating training effectiveness.

Uses specialized software technology to research, configure, maintain, update and develop new and existing media and materials.

Materials will range from Quick Reference Guides to Computer-Based Training.

Ensures accuracy and quality of training products.

Coaches and develops others.

Works under minimal direction.

V&V:

Position will also support verification and validation (V&V) testing for developed and legacy applications through the following activities:

Create verification plans; Generate, review, and coordinate test cases with V&V team peers and developers;

Conduct testing to include functional testing;

Coordinate report of test case results with developers;

Attend team meetings, and provide V&V activity status and burn-down information.

Support integration and end-of-sprint activities by identifying the test cases that were run and open discrepancy reports for the developed software.

Send your resume to:   Wenzel, Emanuela

"

(Read More... | Score: 0)

Recommended Training

Best training in the world

Login here

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Recommended

CCCure Partners

BRAZIL

Logical IT

Best Security Training in Brazil

São Paulo
Rio de Janeiro
Belo Horizonte
Fortaleza
Brasilia

USA

SecureNinja.Com

SecureNinja Dojo

CANADA

360 Security Experts

CISSP Montreal
CISSP Ottawa
CISSP Toronto
CISSP Quebec City
CISSP Vancouver
CISSP Winnipeg

MIDDLE EAST

CISSP Dubai
CISSP Abu Dhabi
CISSP Qatar
CISSP Kuwait
CISSP Oman

THE OISSG GROUP
The OISSG serving the Middle East security needs

EUROPEAN UNION

CISSP Dublin, Ireland
CISSP London, UK
ESPION

Best security training you can get in Ireland

AFRICA

Lagos, Nigeria
CISSP and Security Training
Digital Encode

The best security training in Lagos and Nigeria

----------------------------
Cameroon
Security Training
CISSP, CEH, Security+
GETSEC

Best Security Training in Cameroon

Most Active Members

· 1: side_winder
Total points: 15336
· 2: webplu9
Total points: 15228
· 3: Lopezco
Total points: 8514
· 4: cissp_newbie
Total points: 7593
· 5: cdupuis
Total points: 7381
· 6: mikeyoung_fla
Total points: 5526
· 7: Vladimir
Total points: 4611
· 8: damoose
Total points: 3374
· 9: MMM
Total points: 2969
· 10: educk
Total points: 2553

Today's Big Story

There isn't a Biggest Story for Today, yet.

Random Headlines

Past Articles

Monday, April 26
· How young upstarts can get their big security break in 6 steps
Sunday, April 11
· IT Security Engineer, Full Time position
Tuesday, March 16
· Security Professionals: Build a career plan and make more money
Tuesday, February 09
· Job Opportunity in Dubai for a Senior Incident Response Investigator
Friday, January 15
· 10 valuable advices to land a job in 2010
· 2010: A Good Time to Start an Information Security Career
Thursday, January 14
· Job Offer Consultant - ISO27001 Implementation & Certification
Wednesday, January 13
· Job Opening Penetration Tester "Hacker"
Wednesday, December 02
· Certification Magazine’s 2009 Salary Survey By Certification Magazine Editorial
Friday, September 18
· Security Job Offer
Monday, August 31
· Security Incident Response Team (SIRT) job opening in Dubai
Sunday, July 12
· Highly Paid top 6 certifications in year 2008
Thursday, May 14
· FBI -- Senior Level Technical Forensic Advisor
Tuesday, May 05
· Security Certification Rules Could Shake Up IT Management
· IA career development: Need for IA professionals will grow
Monday, May 04
· Penetration Tester opening in Doha, Qatar
Friday, October 03
· Booz Allen Hamilton has 52 open positions for CISSPs
Tuesday, September 09
· New Job Site: https://www.security-jobs.info/
Tuesday, July 29
· C&A Position Available at Siemens
Thursday, April 10
· Job Opening: Director of Security - (US-Virginia - Vienna)

Older Articles

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.


  • Career
  • Magazines
  • Conferences
  • Study Books
  • Certifications
  • Training
  • Tutorials
  • Quizzes
  • Forums

    • Page Generation: 0.78 Seconds