Good day everyone,

My good friend Balwant Rathore has jobs opening in both Kuwait and Dubai.

See the profiles he is looking for below.  Please only answer if you have the full 5 years+ of practical experience and you're willing to work in Kuwait or Dubai.

See job offers below and contact information.

Best regards

Clement

SEE MESSAGE FROM BALWANT BELOW:

I am looking for Freelancer/Consultant for followings projects:

1.      ITIL Implementation

2.      Business Continuity Management (BCM) Implementation

3.      Information Security Management System Implementation

For all three categories some amount of training skills are also required.

Experience required = 5+ years.

Project Location = Dubai and Kuwait

Start Date = As soon as possible, even today.

Payment – Best in Industry, as per experience.

If you know anybody who may be fit for above, please ask them to contact me at balwant_rathore@oissg.org

Kind regards,

Balwant

I was always impressed by Hal's fatherly approach.  I remember him telling me that I should wear my jacket as it was cold outside and I was chatting with some of the students out in the cold.  He was worried I could get sick.  That's the type of person he was.

That was the initial days of the CISSP certification.   At the time there was no study resources that existed and one had to read a whole lot of books because Google did not exist in the way it exists today.

After the class I created the initial study guides along with my friend Chris Hare and this is how CCCure was born.   Hal and Sandy Sheriden who were both of my instructors were happily distributing the link to the guides to all of their students.  Quickly it did like a snowball and today we have helped more than 150,000 students in their studies.

Hal was one of the first person to contribute to our portal by giving us a copy of the Handbook of Information System Management in HTML format.  He gave it freely to us to be posted for anyone to use.  He did not ask for anything in return, he was happy to help the community and our project.  Later he gave us his own slide show on the ten domains that he was using for his one day class.

I have traded numerous emails with Hal over the years.  He always responded to my many queries and sometimes complaints.   What amazed me the most is how down to earth he has always been.  For me he was an icon,  he was the person who wrote the CBK, he was the person preaching security of systems way before security was even in the limelights.  I was looking up at him and telling myself:  when I grow up I wish I can be like Hal.   I am still wishing the same today,  when I will be in my eighties I hope that I will be doing work just like he did until his final days with us.    

Hal is a friend that  I will dearly missed.

Rest in peace my friend

Clement

SEE BELOW A TESTIMONY FROM ROSS LEO ONE OF OUR INSTRUCTORS, A FRIEND, AND CO-WORKER AT SECURE NINJA:

I too had the opportunity to get to know Hal.  

I was luckier than most:  he was my boss at Rockwell international, he was my mentor in our fledgling profession, and he was my co-instructor that brought me into ISC2 for mentoring and instructing CISSP candidates from 1998 until 2004.  

He set me up and endorsed me as Chairman of curriculum development during that time.  He was my mentor and my inspiration.  It was Hal and his commitment to InfoSec that made me make my commitment to it, almost 30 years ago. Even after I left ISC2, he kept me connected to the process of maturing and developing my professional standing.  

I may have coined the term CIA, but it was he that helped it to become the standard that it has for our profession and our profession descendents.

We would not be where we are today as the professionals and protectors of those systems that run our industries, government, and critical infrastructure without leaders like Harold Tipton.  He will be much missed, but his memory will live on in each of us that remember him as we do this vital work that he helped give birth to.  

I wish him fair winds, following seas, and safe journies.  Thanks for all you have done, my friend and mentor.

Ross

Accordint to the ISC²® press release this transition provides numerous benefits to candidates, members and the information security community, including:

• Fair and precise evaluation of a candidate’s competency
• Rapid turnaround of exam results
• More choices as to when and where to take the exam
• Easier registration
• Fortified exam security

All (ISC)² credential exams will be offered globally at approved Pearson VUE testing centers.

Currently, all (ISC)² exams offered via CBT are available in English, with the CISSP and SSCP exams also available in Brazilian Portuguese at any of the approved  Pearson VUE testing centers in Latin America.  The CISSP exam is also available in Spanish throughout Latin America.   

Candidates can register directly through PearsonVUE

This is really good news for all

Best regards

Clement

Clement Dupuis, CD
Owner and Founder of CCCure
CLO at Secure Ninja

With 80% of its target market overseas Secure Ninja expands globally to meet the growing demand for Information Security training and service solutions.

Secure Ninja is pleased to announce the appointment of Leonard Chin as Vice President to lead its international marketing and business development.   In response to the global opportunity for its leading edge security services, Secure Ninja also announces its expansion into Europe, the Middle East and Africa (EMEA), along with select markets in Asia Pacific and South America.

With a decade of experience in developing new business and driving international sales, Leonard will be a key asset to Secure Ninja as the company grows its customer and value-added reseller (VAR) base in the coming year.

Leonard possesses extensive field experience specializing in sales and marketing functions across numerous industries including finance, conference, seminars, franchise, technical training and education. Leonard has established countless strategic partnerships with numerous Fortune 500 companies and government organizations. Leonard is well known as a conference specialist, having successfully managed a string of highly successful EC-Council conferences during his tenure. He was instrumental in conceptualizing and organizing the first Hacker Halted USA in 2008 and thereafter making it a mainstay in Miami. Leonard was responsible for launching, designing and directing the highly technical TakeDownCon series, which was recently hosted in Dallas and Las Vegas in 2011.

“We are delighted to have Leonard Chin on our team. He is an extremely knowledgeable and well-connected infosec business professional who possesses great leadership ability and outstanding communication skills, which are crucial elements to effectively manage and influence people towards meeting our company’s international business objectives,” said Ned Snow, President, Secure Ninja. “By combining Leonard’s expertise to manage a strong team of subject matter experts and sales engineers in key regions, Secure Ninja will be well positioned for our next phase of innovation and growth.”

Prior to this appointment, Leonard was a key executive at EC-Council, creator of the world renowned Certified Ethical Hacker (CEH) programs as well as numerous other recognized certifications such as the CHFI, ECSA and Licensed Penetration Tester (LPT). He held various roles within the organization including Director of Marketing, and Director of Conferences & Events, as well as concurrently being the Conference Director for both the TakeDownCon and Hacker Halted conference series. And in 2011, he was appointed as the Vice Chair of the world’s first international team ethical hacking games - the Global CyberLympics.

"It is an honor and I’m excited to be part of Secure Ninja’s immensely qualified team, which is on the leading edge of information security services and training methodology development," said Leonard. "I'm looking forward to expanding Secure Ninja’s suite of security services and training offerings internationally, ensuring its growth and market captivity, as well as attaining global branding.”

About Secure Ninja

Secure Ninja is a leader in Information Security, IT training and certification such as CISSP, Security+, CEH, CAP, CISM, ISSEP, ISSMP, ISSAP, Cloud Security, Wireless Security and Computer Forensics to name a few. Secure Ninja has been providing businesses with programs that answer regulatory needs and skills gaps for over 8 years. Our training programs educate and certify employees in the areas that are critical to business operations. With certified professionals on staff, the company demonstrates that it is seriously engaged in producing ROI on technology investments and handling compliance requirements competently. Our programs also create solutions for the DOD and the system integrator community by answering the certification needs of the 8570.01-M mandate. Secure Ninja’s assessment, consulting and security services division specializes in governance, risk and compliance programs for both corporate & government agencies including information assurance, IV&V security audits and cyber-security solutions.  For more information visit http://www.secureninja.com

I am still receiving numerous inquiries about the changes that were introducted in the new CISSP® CBK® that was released as of January 2012.

As I have mentioned in my full review of the old CBK® compared with the new CBK® there is almost no changes that were introduced.  The changes are mostly semantics, lots of the changes are rewording within the Candidate Information Bulletin (CIB).   So there is no worries,  the material you have will still match perfectly well with the current exam offered by ISC2® and you don't need new books or new resources.

This is not just hearsay or rumors, the ISC2® website has a series of documents that talks about the process and this topic.   They give you details on what to expect.  The documents available on the ISC2® website all say very clearly:

1. The candidates should not expect big changes in any examination (or test question)
2. No domains were deleted or added to the CISSP® certification, only one domain was renamed
3. The content changes mostly involved relocating and renaming of some of the topics
4. There will be no new questions in the forms that will require major changes to any education programs
5. All changes can be easily covered by instructors using the current education material

So it is business as usual.  Do not let rumour throw you off you study plan.   What you put in is what you will get out of it.

Remember to look at my tips and tricks before you start your studies.  You will find them at:

http://www.cccure.org/article1477.html

Take care

Clement

References:

ISC2® Paper about their education process and Job Task Analysis

Slide show on changes withing the ISC2® CBK®

The CISSP Candidate Information Bulletin (CIB)

Proposed topic and abstract – 01 March 2012

Speaker selection notifications – 30 March 2012

Final presentation material due – 1 June 2012

Submission POC: callforpapers2012@northalabama.issa.org

In Egypt : 30 % discount Coupon for EC council Courses inside the Printed Copy.

Printed Copy Request
Coming Soon : Arabic Version

Open Source Web Application Security Testing Tools by Vinodh Velusamy

Author shows the significance of Open Source Web Application Security Testing Tools. As he claims „When you choose and use good tools, you’ll know it. Amazingly, you’ll minimize your time and effort installing them, running your tests, reporting your results – everything from start to finish.

Most importantly, with a good web vulnerability scanner you’ll be able to maximize the number of legitimate vulnerabilities discovered to help reduce the risks associated with your information systems.
At the end of the day and over the long haul, this will add up to considerable business value you can’t afford to overlook”.

More Articles:

- Modeling Security Penetration Tests with Stringent Time Constraints by Alan Cao
- The puzzlepices by Daniel Clemens
- WebAppSecurity for Newbies part 2 Herman Stevens
- Web Application Common Vulnerabilities – Part I by Bryan Soliman
- CYBER STYLETTO by Mike Brennan and Richard Siennon


SUBSCRIBE NOW AND GET 2 AMAZING E-BOOKS !

1. CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits details the methodologies, framework, and unwritten conventions penetration tests should cover to provide the most value to your organization and your customers.

2. In his new book "Save the Database, Save the World!" John Ottman captures the essence of the threats we face to the information that drives business. Organized crime, underhanded competitors and even foreign governments are looking to gain any financial, competitive or operational advantage and these enemies are going directly after the databases and the applications that access data.

After subscribing contact katarzyna.zwierowicz@software.com.pl with "WAPT" in the tittle of the message.

You can visit us at: http://www.pentestmag.com

Defenses of any sort, virtual or physical, are a means of forcing your attacker to attack you on your terms, not theirs. As we build more elaborate defenses within information security, we force our attacker’s hand. For instance, in many cases, implementing multi-factor authentication systems just forces the attacker to go after that system directly to achieve their goals. Take the breach at RSA, for example. It has been attributed to attackers who needed the SecurID information to go after their real targets in the defense industry.

Recently, our lab has been talking about Sykipot:

• Are the Sykipotʼs authors obsessed with next generation US drones?
• Another Sykipot sample likely targeting US federal agencies

As we discussed, this malware has been used to launch targeted attacks via “spear phishing” campaigns against targets mainly in the US, since around 2007. According to our research, these attacks originate from servers in China with what appears to be the purpose of obtaining information from the defense sector: the same sector that makes extensive use of PC/SC x509 Smartcards for authentication.

Smartcards have a long history of usage in the Defense Sector, for both physical and information access management, and historically have merely forced attackers to route around the smartcard authentication system through other, more vulnerable attack vectors.

It should come as no surprise, then, that we recently discovered a variant of Sykipot with some new, interesting features that allow it to effectively hijack DOD and Windows smart cards. This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year.

Like we have shown with previous Sykipot attacks, the attackers use a spear phishing campaign to get their targets to open a PDF attachment which then deposits the Sykipot malware onto their machine (the attackers here took advantage of a zero-day exploit in Adobe). Then, unlike previous strains, the malware uses a keylogger to steal PINs for the cards. When a card is inserted into the reader, the malware then acts as the authenticated user and can access sensitive information. The malware is controlled by the attackers from the command & control center.

Click Here to get a whole lot more details on the attack

Greetings Site5 Customers!

The U.S. Congress is currently considering two bills -- one in the House of Representatives called SOPA (Stop Online Piracy Act) and another in the Senate called PIPA (Protect IP Act). These bills both attempt to use similar methods to further criminalize and police intellectual property infringement. Although protecting intellectual property is important, these bills would use heavy-handed tactics that would censor and splinter the Internet.

SOPA and PIPA would grant the U.S. government the ability to block almost any website on the Internet if the site is perceived to be an "infringing site." Search engines would be required to remove the site from their search listings, payment processors and advertisement networks would be forbidden from doing business with the site, and ISPs could be forced to block access to the site for Americans. The bill provides little detail about what would constitute an infringing site, which makes the potential for abuse far greater. We have already seen how these kind of systems can be abused. In 2010, ICE (Immigration and Customs Enforcement) mistakenly seized a domain name belonging to a music blog and labeled it as a "rogue site" — the domain name was not returned until a year later (source: http://nyti.ms/uF73mZ). If you would like to see a video explanation of how the bill works and its dangers, please go here: http://vimeo.com/31100268

Site5 has publicly declared our opposition to both bills, and we encourage you to do the same. Contact your representatives in Congress to let your opposition to these bills be known! To locate the contact information for your representatives, visit one of the following websites:

http://www.contactingthecongress.org
http://www.grassroutes.us/sopa

If you're located outside the United States, you can let your voice be heard as well by sending your thoughts via this website:

http://americancensorship.org

Another way to get involved in the fight against SOPA and PIPA is to join in on the blackouts. Many well-known websites such as Wikipedia, Google, and Reddit are demonstrating their opposition, and you can too. Site5 has sponsored a WordPress plugin for participating in blackouts, and it features an easy setup and configuration options within the WordPress admin area:

http://wordpress.org/extend/plugins/sopa-blackout-plugin/

We feel very strongly that the future of the Internet is at stake, and we urge everyone to get involved!

Thanks,

The Site5 Management Team