SlideShare ist ein Scribd-Unternehmen logo

Cyber Threat Forecast 2016: A Call for War Against Cyber Threat and Crime

Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
1 von 14
Downloaden Sie, um offline zu lesen
Cyber Threat Forecast 2016 A CALL FOR WAR AGAINST CYBER THREAT AND CYBER CRIME BANKOLE BOLAJI JAMES Cisco Cyber Security Expert: CCSE Certified Ethical Hacker: CEH MCSA,MCSE,MCP,MCITP,MCTS Cisco Certified Network Associate :CCNA Cyber Forensic and Security Expert Email :Bolajicisco@yahoo.com
MOTIVATION Cyber security has risen to become a national concern as threats concerning it now need to be taken more seriously. • To help people reduce the vulnerability of their Information and Communication Technology (ICT) systems and networks. • To help individuals and institutions develop and nurture a culture of cyber security. • To work collaboratively with public, private and international entities to secure cyberspace. • To help understand the current trends in IT/cybercrime, and develop effective solutions. • Availability. • Integrity, which may include authenticity and non-repudiation. • Confidentiality.
Existence of Cybercrime in Nigeria has made it Imperative to have more Cyber Forensic and Cyber Security Expert as Internet Business Grow In Nigeria. INTRODUCTION Cybercrime is a fast-growing area of crime. More and more criminals are exploiting the speed, convenience and anonymity of the Internet to commit a diverse range of criminal activities that know no borders, either physical or virtual, cause serious harm and pose very real threats to victims worldwide. ABSTRACT Cyber-space referred to as the space in which computer transactions occur, particularly transactions between different computers in a boundless space known as the internet. Cyber-security is a measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack Cyber-crime, or computer crime, refers to any crime that involves a computer and a network. Keywords: Cyber-space Cyber-security Cyber-crime.
CYBER THREAT FORCAST 2016 THREATS Whaling Attack  Users shouldn't reply to suspicious emails and should "obtain the sender's address from the corporate address book and ask them about the message". Perhaps most importantly, companies should use two-factor authentication for initiating wire transfers Ransomware  Ransomware will remain a major and rapidly growing threat in 2016, fueled by anonymizing networks and payment methods,  Inexperienced cybercriminals will leverage ransomwareas-a-service, magnifying the growth in ransomware.  Attackers will increasingly encrypt files before they are backed up, making remediation more difficult. Critical Infrastructure  Critical infrastructure systems not designed with outside access in mind will become vulnerable to low-incident, but high-impact events as they become connected to the Internet.  There is an emerging trend in which cybercriminals are selling direct access to critical infrastructure systems  Direct attacks on critical infrastructure will continue to be almost exclusively nation- state actions.  The objectives of nation-state attackers will include both intelligence gathering and critical service disruption. Vulnerability  Application vulnerabilities are an ongoing problem for software developers and their customers. Adobe Flash is perhaps the most frequently attacked product: Flash vulnerabilities. Payment System  in 2016, payment system cybercriminals will increasingly focus on attacks that lead to the theft and sale of credentials. We think that they will leverage traditional, time-proven mechanisms including phishing attacks and keystroke loggers, but new methods will emerge too. We also predict that the number of payment system thefts will continue its relentless growth. Automobiles  Attacks on automobiles will increase sharply in 2016 due to the rapid increase in connected automobile hardware built without foundational security principles.  In 2016, more automotive system vulnerabilities will be found by security researchers. It is also possible that zero-days vulnerabilities will be found and exploited Wearables Wearables will be a prime target for cybercriminals because they collect personal data and they are relatively insecure back doors into smartphones, We expect to see the control apps for wearables compromised in a way that will provide valuable data for spear-phishing attacks. Cloud Service  cybercriminals, nefarious competitors, vigilant justice seekers, and nation-states will increasingly target hacking into cloud services platforms to exploit companies and steal valuable and confidential data, using it for competitive advantage, or financial or strategic gain Cyber Espionage  Stealthy Cyberespionage can be lunched with Social Engineering, the threat actor used a sophisticated spear-phishing campaign to breach defense, and minimize its footprint by running only JavaScript. The attackers were able to develop profiles for the breached systems and exfiltrate them to control servers Hacktivism  hacktivism in its true sense will continue; but it will likely be limited in scope in comparison with the past. Many of the most dedicated hacktivists promoting their causes have been arrested, prosecuted, and imprisoned. What is likely to increase, however, are attacks that appear to be inspired by hacktivism but actually have very different, hard-to-determine motives Shared Threat Intelligence  Threat intelligence sharing among enterprises and security vendors will grow rapidly. Legislative steps will make it possible to share threat intelligence with government
POINTERS Smart organizations will spend their money not just on technology, but also on more training, awareness, and personnel. Establish an efficient online self-reporting system for cybercrime victims to enable widespread gathering and analysis of cybercrime statistics. Create an international treaty to promote global cooperation on the detection, investigation and prosecution of cybercrime. To tackle cybercrime effectively, establish multidimensional public-private collaborations between law enforcement agencies, the information technology industry, information security organizations Intensify research into cyber attackers’ psychological and developmental profiles, motives and behavior—and develop efficient identification and rehabilitation mechanisms based on the related research Improve public education systems for all potential internet users about the threat of cybercrime, and teach them ways of detecting potential cyber attackers and protecting themselves To foster incentives for the development of products less likely to be attacked, initiate producer liability of software and other internet applications Establish virtual taskforces to promote better international coordination between interregional law enforcement and governmental cybersecurity agencies. Cyber Resilience Traditional cyber security is proving an increasingly inadequate response to the modern cyber threat landscape. It’s no longer sufficient to suppose that you can defend against any potential attack; you must accept that an attack will inevitably succeed. An organization’s resilience to these attacks – identifying and responding to security breaches – will become a critical survival trait in the future WAR AGANST CYBER THREAT & CYBER CRIME I Have the mandate to encourage Interested persons to build career in Cyber Security &Cyber Forensic as this will also help in the war against Cyber Threat and Cyber Crime.
HOW TO BUILD YOUR CAREER IN CYBER SECURITY PROFESIONAL I have been privileged to build my career as a Security and a Cyber Forensic Professional, you will have a huge range of career options across a wide variety of industries (e.g. finance, government, retail, etc.). But IT security is a specialist field. You’re unlikely to start your professional life as a penetration tester or a security architect. IF YOU HAVE PASSION TOWARD ANY PROFESSION IN LIFE YOU ARE BOUND TO SUCCEED, YOUR PASSION WILL PUSH YOU TO SEEK FOR CHANGE, WILL MAKE YOU GET INCUSITIVE, WILL MAKE YOU SPEAK TO PEOPLE ABOUT YOUR INTEREST, WILL MAKE YOU SEEK HELP OR ASSISTANCE ON HOW TO GET ON THE RIGHT PATH TO BECOMING THE BES YOUR DREAMS AND YOUR GOALS , SHOW ME A MAN DRIVEN BY PASSION THEN I WILL SHOW YOU A MAN WHO IS DESTINED TO SUCCEED WITH THE POWER OF YOUR IMAGINATION , IF YOU CAN IMAGINE IT AND BELIEVE IN IT ,THEN YOU ARE SURE TO ACHIEVE WHATEVER GOAL YOU SET IN LIFE. Explore A Career in Cybersecurity Are you a student, current cyber worker, or career changer? Are you thinking about a job in cybersecurity? Learning about and understanding the field's unique requirements will help you determine whether a career in cybersecurity is in your future. The work environment for cyber professionals is dynamic and exciting, with competitive salaries and growing opportunities. Cybersecurity professionals often thrive in an informal atmosphere, unconventional working hours, and shifting work responsibilities aimed at keeping knowledge fresh and work exciting. There are many different jobs within the cybersecurity field that require a broad range of knowledge, skills and abilities. Cybersecurity professionals must have the ability to rapidly respond to threats as soon as they are detected. Professionals must also possess a range of technical abilities to perform a variety of activities, and be able to work in different locations and environments. Cybersecurity work also includes the analysis of policy, trends, and intelligence to better understand how an adversary may think or act - using problem solving skills often compared to those of a detective. This level of work complexity requires the cybersecurity workforce to possess both a wide array of technical IT skills as well as advanced analysis capabilities. Below are examples of some jobs found in cybersecurity:  Chief Information Security Officer (CISO)  Computer Crime Investigator
 Computer Security Incident Responder  Cryptanalyst  Cryptographer  Disaster Recovery Analyst  Forensics Expert  Incident Responder  Information Assurance Analyst  Intrusion Detection Specialist  Network Security Engineer  Security Architect  Security Analyst  Security Consultant  Security Engineer  Security Operations Center Analyst  Security Systems Administrator  Security Software Developer  Source Code Auditor  Virus Technician  Vulnerability Assessor  Web Penetration Tester THIS IS A GOOD POINT TO START Start with this resource. It’s intended to help anyone interested in building a career in cyber security from a non-security career. We’ve included advice on choosing a starter IT job, tips on building your résumé and ideas for gaining practical experience. We’ve also listed hard IT skills and non-security certifications that will give you a solid grounding for the future. CAREER PATH OPTIONS There is no one true path to working in cyber security. People come at it from all angles – math, computer science, even history or philosophy. Yet all of them share a deep and abiding interest in how technology works. Security gurus say this is critical. You need to know exactly what you’re protecting and the reason things are insecure. TRAIN IN GENERAL IT Many experts suggest that you begin with a job, internship or apprenticeship in IT. This will verse you in fundamentals such as administering & configuring systems, networks, database management and coding. You’ll also get a sense of IT procedures and real-world business operations. FOCUS YOUR INTERESTS
Because it’s impossible to be an expert in all categories, employers also suggest you focus on an area (e.g. networking security) and do it well. Think ahead 5-10 years to your “ultimate security career” then look for starter IT jobs that will supply you with the right skills. Sample career paths could include: • Exchange administrator → Email security • Network administrator → Network security, forensics, etc. • System administrator → Security administrator, forensics, etc. • Web developer → Web security, security software developer, etc. GAIN PRACTICAL EXPERIENCE I would like to recommend you gain as much practical experience as humanly possible. Even if you’re not in IT, you can accomplish a lot with self-directed learning and guided training. STARTER IT JOBS IT jobs that can lead to cyber security careers include: • Computer Programmer • Computer Software Engineer • Computer Support Specialist • Computer Systems Analyst • Database Administrator • IT Technician • IT Technical Support • IT Customer Service • Network Administrator • Network Engineer • Network Systems & Data Analyst • System Administrator • Web Administrator Trying to narrow your options?
Make sure your entry-level IT position will give you some security-related experience. If this isn’t clear in the job description, you have an excellent question to ask the hiring committee during your interview. BUILDING YOUR CYBER SECURITY RÉSUMÉ The Ideal Cyber Security Candidate The ideal cyber security candidate has a mixture of technical and soft skills. On the technical side, most employers want proof that you are: • Grounded in IT fundamentals: e.g. networking, systems administration, database management, web applications, etc. • Versed in day-to-day operations: e.g. physical security, networks, server equipment, enterprise storage, users, applications, etc. For soft skills, they’re looking for candidates who: • Know how to communicate with non-IT colleagues and work in a team • Understand business procedures & processes • Love to solve complex puzzles and unpick problems WHAT TO LIST ON YOUR RÉSUMÉ 1. College Degree Although it’s not always necessary to have a college degree to land your first cyber security job, it’s bloody useful. College teaches you important skills in communication, writing, business and project management – skills you’ll appreciate in later years. What’s more, a strong academic qualification will ease your way to management positions. Some employers now demand proof of a bachelor’s degree before they will consider candidates. Learn more about your options in Choosing a Cyber Security Degree. 2. Relevant Job Experience List any previous IT positions plus any other work related to IT security. That includes volunteer work, internships and apprenticeships. For government jobs, hiring committees will be interested in any military or law enforcement experience. 3. Hard IT Skills We catalog some of the most useful hard IT skills below. 4. Professional IT Certifications
Don’t have a beginner’s security certification like Security+? Employers will still be interested to see if you have relevant IT certifications. Just be prepared to back up these qualifications with proof of real-world experience. 5. IT Achievements List any IT and cyber security achievements that you think your employers will respect. These could include Capture The Flag (CTF) standings, contest awards, training course certificates and scholarships. HOW TO GAIN PRACTICAL CYBER SECURITY EXPERIENCE Self-Directed Learning • Teach yourself to code. (Experts recommend this again and again.) • Build your own computer and security lab using old PCs, your own wireless router with firewall, network switch, etc. Practice securing the computer and network, then try hacking it. • Create an open source project. • Participate in cyber security contests and training games. e.g. Wargames, Capture the Flag competitions (CTFs), etc. • Look for vulnerabilities on open source projects and sites with bug bounties. Document your work and findings. Guided Training • Pair your cyber security certification exams with side projects that utilize the same skills. • Offer to help your professor or employer with security-related tasks. • Take free online cyber security MOOCs. • Invest in training courses (e.g. SANS). Networking & Volunteering • Join LinkedIn groups, professional networks and security organizations. • Attend local security group meetings and events. • Connect with peers playing CTFs and Wargames. • Collaborate with a team (at work or in school) on a cyber security project. • Volunteer at IT and cyber security conferences. • Volunteer to do IT security work for a non-profit or charity.
Further Steps • Read IT and security magazines/news sites and blogs. • Bookmark useful cyber security websites. • Keep tabs on cyber security message boards like Information Security Stack Exchange. • Run a background check on yourself to see if there are any existing red flags, then determine what you can do to address them. Security is a sensitive field and employers are looking for ethical candidates. USEFUL IT SKILLS & CERTIFICATIONS Hard IT Skills To Cultivate While you’re building your cyber security résumé (see above), work on developing hard IT skills like the ones listed below. These are often in high demand by employers. Since technology is always subject to change, we also recommend you consult your colleagues, mentors and/or professors for the most up-to-date advice. Operating Systems & Database Management • Windows, UNIX and Linux operating systems • MySQL/SQLlite environments Programming & Coding • C, C++, C# and Java • Python, Ruby, PHP, Perl and/or shell • Assembly language & disassemblers • Regular Expression (regex) skills • Linux/MAC Bash shell scripting Networks • System/network configuration • TCP/IP, computer networking, routing and switching • Network protocols and packet analysis tools • Firewall and intrusion detection/prevention protocols • Packet Shaper, Load Balancer and Proxy Server knowledge • VPNs
SPECIALIZATIONS Thanks to the nature of their job and industry, security experts usually end up specializing in a specific area of interest. For example: • Cisco networks • Cloud computing • Microsoft technologies • Wireless • Database modeling • Open source applications • Cryptography And so on. To gain extra experience in these areas, you can volunteer for tasks at work, collaborate with a mentor and/or invest in self-directed learning and guided training. Helpful Non-Security IT Certifications Before you get too deep into security-focused certifications, check out the following IT credentials. You’ll often spot these acronyms on the LinkedIn profiles of security professionals. However, we’d be the first to state there are plenty of others out there. Ask around or visit security message boards to decide which ones are worth the investment. CISCO CERTIFIED NETWORK ASSOCIATE (CCNA) Routing And Switching A “go-to” certification for entry-level network engineers and specialists working with Cisco routers and network systems. CCNA certificate holders have proven their ability to install, configure, operate and troubleshoot medium-size routed and switched networks. This qualification is on par with CCNA Security, which emphasizes core security technologies, confidentiality, the availability of data/devices and competency in the technologies that Cisco uses in its security structure. Experienced Cisco engineers can aim for the higher level Professional and Expert levels. COMPTIA A+ CompTIA A+ is one of the most common baseline certifications for IT professionals, especially IT support specialists and technicians. The exams cover the maintenance of PCs, mobile devices, laptops, operating systems and printers.
A+ is required for Dell, Lenovo and Intel service technicians and recognized by the U.S. Department of Defense. Many folks follow it up with Network+ and Security+. COMPTIA NETWORK+ The second in CompTIA’s trinity of qualifications (which includes A+ and Security+). Network+ is an ISO-17024 compliant certification that tests a professional’s knowledge of data networks. This includes building, installing, operating, maintaining and protecting networking systems. Network+ fulfills U.S. DoD Directive 8570.01-M and is held by nearly half a million people worldwide. It’s often recommended for network administrators, technicians and installers. INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY (ITIL) FOUNDATION ITIL certifications focus on ITIL best practices. Foundation is the basic level and the ITIL credential most frequently seen on job requirements. The exam tests candidates in key elements, concepts and terminology used in the ITIL service lifecycle, including the links between lifecycle stages, the processes used and their contribution to service management practices. If your company is using ITIL processes to handle their services to internal/external customers, then Foundation is worth considering. MICROSOFT CERTIFIED SOLUTIONS EXPERT (MCSE) Anyone working with Microsoft technologies should take a close look at the Microsoft Certificate Solutions Associate (MCSA)and the expert MCSE. You must complete the MCSA before tackling the MCSE. Widely respected in the industry, MCSE demonstrates a professional’s ability to build, deploy, operate, maintain and optimize Microsoft-based systems. For the MCSE, you can choose one of nine certification paths, including Server Infrastructure, Private Cloud, SharePoint and more. PROJECT MANAGEMENT PROFESSIONAL (PMP) PMP is aimed at mid-level project managers. Candidates without a bachelor’s degree must have at least five years of project management experience (7,500 hours leading and directing projects); bachelor’s degree holders must have at least three years (4,500 hours leading and directing projects). Successful PMP holders have demonstrated they have the experience, education and competency to handle project teams. It’s not a “must-have” by any means, but it can
certainly help you zip through the résumé screening process and proceed into discussions about salary. RED HAT CERTIFIED ARCHITECT (RHCA) Interested in becoming a Linux expert? Take a look at RHCA, probably the most challenging qualification in the Red Hat certification program. To attain RHCA status, Red Hat Certified Engineers (RHCEs) must pass at least 5 exams and demonstrate their skills in performance-based tasks. Beginners should consider the RHCAS and the CompTIA Linux+ certification. VMWARE CERTIFIED PROFESSIONAL 5 – DATA CENTER VIRTUALIZATION (VCP5- DCV) VCP5-DCV is expensive, but probably worth it if you’re interested in virtualization. To obtain this foundation-level certification, candidates must demonstrate hands-on experience with VMware technologies, complete a VMware-authorized training course and pass an exam. This proves a certificate holder’s ability to install, deploy, monitor, scale and manage VMware vSphere environments. Once you have the VCP5-DCV, you might wish to consider more advanced levels of VMWare DCV certification. In addition to data centers, VMWare also offers credentials in the cloud, end user computing and network virtualization. This document is developed for educational purposes, Inother to help bring to mind current threats, proffer ways to mitigate attacks ,Inspire someone to develop proactive approach to combat cyber crime with proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world and give everyone the confidence to live and work safely and securely in the digital world

Empfohlen

ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central BanksCommunity Protection Forum
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 

Empfohlen

ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Outlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityOutlook Briefing 2016: Cyber Security
Outlook Briefing 2016: Cyber SecurityMastel Indonesia
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
M-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapM-Trends® 2013: Attack the Security Gap
M-Trends® 2013: Attack the Security GapFireEye, Inc.
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central BanksCommunity Protection Forum
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questionsBill McCabe
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security LandscapeArrow ECS UK
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
2019 Cyber Security Trends
2019 Cyber Security Trends2019 Cyber Security Trends
2019 Cyber Security TrendsInternetwork Engineering (IE)
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016DWP Information Architects Inc.
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Supply Chain Coalition
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questionsBill McCabe
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexKanishka Ramyar
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security LandscapeArrow ECS UK
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityGopiRajan4
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Knowledge Group
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 

Was ist angesagt? (20)

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Data security 2016 trends and questions
Data security 2016 trends and questionsData security 2016 trends and questions
Data security 2016 trends and questions
 
The IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence IndexThe IBM X-Force 2016 Cyber Security Intelligence Index
The IBM X-Force 2016 Cyber Security Intelligence Index
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security Landscape
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
2019 Cyber Security Trends
2019 Cyber Security Trends2019 Cyber Security Trends
2019 Cyber Security Trends
 
Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016Must Know Cyber Security Stats of 2016
Must Know Cyber Security Stats of 2016
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
 
Whitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber securityWhitepaper Avira about Artificial Intelligence to cyber security
Whitepaper Avira about Artificial Intelligence to cyber security
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
 
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
Cyber Security Landscape and Systems Resiliency – Challenges & Priorities - T...
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 

Ähnlich wie Cyber Threat Forecast 2016: A Call for War Against Cyber Threat and Crime

Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINETopCyberNewsMAGAZINE
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importancemanoharparakh
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptabilityitnewsafrica
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityAlistair Blake
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...Symantec
 
Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber securityVishal Singh
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shiftsmalvvv
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 

Ähnlich wie Cyber Threat Forecast 2016: A Call for War Against Cyber Threat and Crime (20)

Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
 
Cybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & ImportanceCybersecurity in BFSI - Top Threats & Importance
Cybersecurity in BFSI - Top Threats & Importance
 
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and AdaptabilityPat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
Pat Pather- Cyber Security Unchartered: Vigilance, Innovation and Adaptability
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
CC_Futureinc_Cyber Security
CC_Futureinc_Cyber SecurityCC_Futureinc_Cyber Security
CC_Futureinc_Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
 
Should i study cyber security
Should i study cyber securityShould i study cyber security
Should i study cyber security
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
Rpt paradigm shifts
Rpt paradigm shiftsRpt paradigm shifts
Rpt paradigm shifts
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 

Cyber Threat Forecast 2016: A Call for War Against Cyber Threat and Crime

  • 1. Cyber Threat Forecast 2016 A CALL FOR WAR AGAINST CYBER THREAT AND CYBER CRIME BANKOLE BOLAJI JAMES Cisco Cyber Security Expert: CCSE Certified Ethical Hacker: CEH MCSA,MCSE,MCP,MCITP,MCTS Cisco Certified Network Associate :CCNA Cyber Forensic and Security Expert Email :Bolajicisco@yahoo.com
  • 2. MOTIVATION Cyber security has risen to become a national concern as threats concerning it now need to be taken more seriously. • To help people reduce the vulnerability of their Information and Communication Technology (ICT) systems and networks. • To help individuals and institutions develop and nurture a culture of cyber security. • To work collaboratively with public, private and international entities to secure cyberspace. • To help understand the current trends in IT/cybercrime, and develop effective solutions. • Availability. • Integrity, which may include authenticity and non-repudiation. • Confidentiality.
  • 3. Existence of Cybercrime in Nigeria has made it Imperative to have more Cyber Forensic and Cyber Security Expert as Internet Business Grow In Nigeria. INTRODUCTION Cybercrime is a fast-growing area of crime. More and more criminals are exploiting the speed, convenience and anonymity of the Internet to commit a diverse range of criminal activities that know no borders, either physical or virtual, cause serious harm and pose very real threats to victims worldwide. ABSTRACT Cyber-space referred to as the space in which computer transactions occur, particularly transactions between different computers in a boundless space known as the internet. Cyber-security is a measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack Cyber-crime, or computer crime, refers to any crime that involves a computer and a network. Keywords: Cyber-space Cyber-security Cyber-crime.
  • 4. CYBER THREAT FORCAST 2016 THREATS Whaling Attack  Users shouldn't reply to suspicious emails and should "obtain the sender's address from the corporate address book and ask them about the message". Perhaps most importantly, companies should use two-factor authentication for initiating wire transfers Ransomware  Ransomware will remain a major and rapidly growing threat in 2016, fueled by anonymizing networks and payment methods,  Inexperienced cybercriminals will leverage ransomwareas-a-service, magnifying the growth in ransomware.  Attackers will increasingly encrypt files before they are backed up, making remediation more difficult. Critical Infrastructure  Critical infrastructure systems not designed with outside access in mind will become vulnerable to low-incident, but high-impact events as they become connected to the Internet.  There is an emerging trend in which cybercriminals are selling direct access to critical infrastructure systems  Direct attacks on critical infrastructure will continue to be almost exclusively nation- state actions.  The objectives of nation-state attackers will include both intelligence gathering and critical service disruption. Vulnerability  Application vulnerabilities are an ongoing problem for software developers and their customers. Adobe Flash is perhaps the most frequently attacked product: Flash vulnerabilities. Payment System  in 2016, payment system cybercriminals will increasingly focus on attacks that lead to the theft and sale of credentials. We think that they will leverage traditional, time-proven mechanisms including phishing attacks and keystroke loggers, but new methods will emerge too. We also predict that the number of payment system thefts will continue its relentless growth. Automobiles  Attacks on automobiles will increase sharply in 2016 due to the rapid increase in connected automobile hardware built without foundational security principles.  In 2016, more automotive system vulnerabilities will be found by security researchers. It is also possible that zero-days vulnerabilities will be found and exploited Wearables Wearables will be a prime target for cybercriminals because they collect personal data and they are relatively insecure back doors into smartphones, We expect to see the control apps for wearables compromised in a way that will provide valuable data for spear-phishing attacks. Cloud Service  cybercriminals, nefarious competitors, vigilant justice seekers, and nation-states will increasingly target hacking into cloud services platforms to exploit companies and steal valuable and confidential data, using it for competitive advantage, or financial or strategic gain Cyber Espionage  Stealthy Cyberespionage can be lunched with Social Engineering, the threat actor used a sophisticated spear-phishing campaign to breach defense, and minimize its footprint by running only JavaScript. The attackers were able to develop profiles for the breached systems and exfiltrate them to control servers Hacktivism  hacktivism in its true sense will continue; but it will likely be limited in scope in comparison with the past. Many of the most dedicated hacktivists promoting their causes have been arrested, prosecuted, and imprisoned. What is likely to increase, however, are attacks that appear to be inspired by hacktivism but actually have very different, hard-to-determine motives Shared Threat Intelligence  Threat intelligence sharing among enterprises and security vendors will grow rapidly. Legislative steps will make it possible to share threat intelligence with government
  • 5. POINTERS Smart organizations will spend their money not just on technology, but also on more training, awareness, and personnel. Establish an efficient online self-reporting system for cybercrime victims to enable widespread gathering and analysis of cybercrime statistics. Create an international treaty to promote global cooperation on the detection, investigation and prosecution of cybercrime. To tackle cybercrime effectively, establish multidimensional public-private collaborations between law enforcement agencies, the information technology industry, information security organizations Intensify research into cyber attackers’ psychological and developmental profiles, motives and behavior—and develop efficient identification and rehabilitation mechanisms based on the related research Improve public education systems for all potential internet users about the threat of cybercrime, and teach them ways of detecting potential cyber attackers and protecting themselves To foster incentives for the development of products less likely to be attacked, initiate producer liability of software and other internet applications Establish virtual taskforces to promote better international coordination between interregional law enforcement and governmental cybersecurity agencies. Cyber Resilience Traditional cyber security is proving an increasingly inadequate response to the modern cyber threat landscape. It’s no longer sufficient to suppose that you can defend against any potential attack; you must accept that an attack will inevitably succeed. An organization’s resilience to these attacks – identifying and responding to security breaches – will become a critical survival trait in the future WAR AGANST CYBER THREAT & CYBER CRIME I Have the mandate to encourage Interested persons to build career in Cyber Security &Cyber Forensic as this will also help in the war against Cyber Threat and Cyber Crime.
  • 6. HOW TO BUILD YOUR CAREER IN CYBER SECURITY PROFESIONAL I have been privileged to build my career as a Security and a Cyber Forensic Professional, you will have a huge range of career options across a wide variety of industries (e.g. finance, government, retail, etc.). But IT security is a specialist field. You’re unlikely to start your professional life as a penetration tester or a security architect. IF YOU HAVE PASSION TOWARD ANY PROFESSION IN LIFE YOU ARE BOUND TO SUCCEED, YOUR PASSION WILL PUSH YOU TO SEEK FOR CHANGE, WILL MAKE YOU GET INCUSITIVE, WILL MAKE YOU SPEAK TO PEOPLE ABOUT YOUR INTEREST, WILL MAKE YOU SEEK HELP OR ASSISTANCE ON HOW TO GET ON THE RIGHT PATH TO BECOMING THE BES YOUR DREAMS AND YOUR GOALS , SHOW ME A MAN DRIVEN BY PASSION THEN I WILL SHOW YOU A MAN WHO IS DESTINED TO SUCCEED WITH THE POWER OF YOUR IMAGINATION , IF YOU CAN IMAGINE IT AND BELIEVE IN IT ,THEN YOU ARE SURE TO ACHIEVE WHATEVER GOAL YOU SET IN LIFE. Explore A Career in Cybersecurity Are you a student, current cyber worker, or career changer? Are you thinking about a job in cybersecurity? Learning about and understanding the field's unique requirements will help you determine whether a career in cybersecurity is in your future. The work environment for cyber professionals is dynamic and exciting, with competitive salaries and growing opportunities. Cybersecurity professionals often thrive in an informal atmosphere, unconventional working hours, and shifting work responsibilities aimed at keeping knowledge fresh and work exciting. There are many different jobs within the cybersecurity field that require a broad range of knowledge, skills and abilities. Cybersecurity professionals must have the ability to rapidly respond to threats as soon as they are detected. Professionals must also possess a range of technical abilities to perform a variety of activities, and be able to work in different locations and environments. Cybersecurity work also includes the analysis of policy, trends, and intelligence to better understand how an adversary may think or act - using problem solving skills often compared to those of a detective. This level of work complexity requires the cybersecurity workforce to possess both a wide array of technical IT skills as well as advanced analysis capabilities. Below are examples of some jobs found in cybersecurity:  Chief Information Security Officer (CISO)  Computer Crime Investigator
  • 7.  Computer Security Incident Responder  Cryptanalyst  Cryptographer  Disaster Recovery Analyst  Forensics Expert  Incident Responder  Information Assurance Analyst  Intrusion Detection Specialist  Network Security Engineer  Security Architect  Security Analyst  Security Consultant  Security Engineer  Security Operations Center Analyst  Security Systems Administrator  Security Software Developer  Source Code Auditor  Virus Technician  Vulnerability Assessor  Web Penetration Tester THIS IS A GOOD POINT TO START Start with this resource. It’s intended to help anyone interested in building a career in cyber security from a non-security career. We’ve included advice on choosing a starter IT job, tips on building your résumé and ideas for gaining practical experience. We’ve also listed hard IT skills and non-security certifications that will give you a solid grounding for the future. CAREER PATH OPTIONS There is no one true path to working in cyber security. People come at it from all angles – math, computer science, even history or philosophy. Yet all of them share a deep and abiding interest in how technology works. Security gurus say this is critical. You need to know exactly what you’re protecting and the reason things are insecure. TRAIN IN GENERAL IT Many experts suggest that you begin with a job, internship or apprenticeship in IT. This will verse you in fundamentals such as administering & configuring systems, networks, database management and coding. You’ll also get a sense of IT procedures and real-world business operations. FOCUS YOUR INTERESTS
  • 8. Because it’s impossible to be an expert in all categories, employers also suggest you focus on an area (e.g. networking security) and do it well. Think ahead 5-10 years to your “ultimate security career” then look for starter IT jobs that will supply you with the right skills. Sample career paths could include: • Exchange administrator → Email security • Network administrator → Network security, forensics, etc. • System administrator → Security administrator, forensics, etc. • Web developer → Web security, security software developer, etc. GAIN PRACTICAL EXPERIENCE I would like to recommend you gain as much practical experience as humanly possible. Even if you’re not in IT, you can accomplish a lot with self-directed learning and guided training. STARTER IT JOBS IT jobs that can lead to cyber security careers include: • Computer Programmer • Computer Software Engineer • Computer Support Specialist • Computer Systems Analyst • Database Administrator • IT Technician • IT Technical Support • IT Customer Service • Network Administrator • Network Engineer • Network Systems & Data Analyst • System Administrator • Web Administrator Trying to narrow your options?
  • 9. Make sure your entry-level IT position will give you some security-related experience. If this isn’t clear in the job description, you have an excellent question to ask the hiring committee during your interview. BUILDING YOUR CYBER SECURITY RÉSUMÉ The Ideal Cyber Security Candidate The ideal cyber security candidate has a mixture of technical and soft skills. On the technical side, most employers want proof that you are: • Grounded in IT fundamentals: e.g. networking, systems administration, database management, web applications, etc. • Versed in day-to-day operations: e.g. physical security, networks, server equipment, enterprise storage, users, applications, etc. For soft skills, they’re looking for candidates who: • Know how to communicate with non-IT colleagues and work in a team • Understand business procedures & processes • Love to solve complex puzzles and unpick problems WHAT TO LIST ON YOUR RÉSUMÉ 1. College Degree Although it’s not always necessary to have a college degree to land your first cyber security job, it’s bloody useful. College teaches you important skills in communication, writing, business and project management – skills you’ll appreciate in later years. What’s more, a strong academic qualification will ease your way to management positions. Some employers now demand proof of a bachelor’s degree before they will consider candidates. Learn more about your options in Choosing a Cyber Security Degree. 2. Relevant Job Experience List any previous IT positions plus any other work related to IT security. That includes volunteer work, internships and apprenticeships. For government jobs, hiring committees will be interested in any military or law enforcement experience. 3. Hard IT Skills We catalog some of the most useful hard IT skills below. 4. Professional IT Certifications
  • 10. Don’t have a beginner’s security certification like Security+? Employers will still be interested to see if you have relevant IT certifications. Just be prepared to back up these qualifications with proof of real-world experience. 5. IT Achievements List any IT and cyber security achievements that you think your employers will respect. These could include Capture The Flag (CTF) standings, contest awards, training course certificates and scholarships. HOW TO GAIN PRACTICAL CYBER SECURITY EXPERIENCE Self-Directed Learning • Teach yourself to code. (Experts recommend this again and again.) • Build your own computer and security lab using old PCs, your own wireless router with firewall, network switch, etc. Practice securing the computer and network, then try hacking it. • Create an open source project. • Participate in cyber security contests and training games. e.g. Wargames, Capture the Flag competitions (CTFs), etc. • Look for vulnerabilities on open source projects and sites with bug bounties. Document your work and findings. Guided Training • Pair your cyber security certification exams with side projects that utilize the same skills. • Offer to help your professor or employer with security-related tasks. • Take free online cyber security MOOCs. • Invest in training courses (e.g. SANS). Networking & Volunteering • Join LinkedIn groups, professional networks and security organizations. • Attend local security group meetings and events. • Connect with peers playing CTFs and Wargames. • Collaborate with a team (at work or in school) on a cyber security project. • Volunteer at IT and cyber security conferences. • Volunteer to do IT security work for a non-profit or charity.
  • 11. Further Steps • Read IT and security magazines/news sites and blogs. • Bookmark useful cyber security websites. • Keep tabs on cyber security message boards like Information Security Stack Exchange. • Run a background check on yourself to see if there are any existing red flags, then determine what you can do to address them. Security is a sensitive field and employers are looking for ethical candidates. USEFUL IT SKILLS & CERTIFICATIONS Hard IT Skills To Cultivate While you’re building your cyber security résumé (see above), work on developing hard IT skills like the ones listed below. These are often in high demand by employers. Since technology is always subject to change, we also recommend you consult your colleagues, mentors and/or professors for the most up-to-date advice. Operating Systems & Database Management • Windows, UNIX and Linux operating systems • MySQL/SQLlite environments Programming & Coding • C, C++, C# and Java • Python, Ruby, PHP, Perl and/or shell • Assembly language & disassemblers • Regular Expression (regex) skills • Linux/MAC Bash shell scripting Networks • System/network configuration • TCP/IP, computer networking, routing and switching • Network protocols and packet analysis tools • Firewall and intrusion detection/prevention protocols • Packet Shaper, Load Balancer and Proxy Server knowledge • VPNs
  • 12. SPECIALIZATIONS Thanks to the nature of their job and industry, security experts usually end up specializing in a specific area of interest. For example: • Cisco networks • Cloud computing • Microsoft technologies • Wireless • Database modeling • Open source applications • Cryptography And so on. To gain extra experience in these areas, you can volunteer for tasks at work, collaborate with a mentor and/or invest in self-directed learning and guided training. Helpful Non-Security IT Certifications Before you get too deep into security-focused certifications, check out the following IT credentials. You’ll often spot these acronyms on the LinkedIn profiles of security professionals. However, we’d be the first to state there are plenty of others out there. Ask around or visit security message boards to decide which ones are worth the investment. CISCO CERTIFIED NETWORK ASSOCIATE (CCNA) Routing And Switching A “go-to” certification for entry-level network engineers and specialists working with Cisco routers and network systems. CCNA certificate holders have proven their ability to install, configure, operate and troubleshoot medium-size routed and switched networks. This qualification is on par with CCNA Security, which emphasizes core security technologies, confidentiality, the availability of data/devices and competency in the technologies that Cisco uses in its security structure. Experienced Cisco engineers can aim for the higher level Professional and Expert levels. COMPTIA A+ CompTIA A+ is one of the most common baseline certifications for IT professionals, especially IT support specialists and technicians. The exams cover the maintenance of PCs, mobile devices, laptops, operating systems and printers.
  • 13. A+ is required for Dell, Lenovo and Intel service technicians and recognized by the U.S. Department of Defense. Many folks follow it up with Network+ and Security+. COMPTIA NETWORK+ The second in CompTIA’s trinity of qualifications (which includes A+ and Security+). Network+ is an ISO-17024 compliant certification that tests a professional’s knowledge of data networks. This includes building, installing, operating, maintaining and protecting networking systems. Network+ fulfills U.S. DoD Directive 8570.01-M and is held by nearly half a million people worldwide. It’s often recommended for network administrators, technicians and installers. INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY (ITIL) FOUNDATION ITIL certifications focus on ITIL best practices. Foundation is the basic level and the ITIL credential most frequently seen on job requirements. The exam tests candidates in key elements, concepts and terminology used in the ITIL service lifecycle, including the links between lifecycle stages, the processes used and their contribution to service management practices. If your company is using ITIL processes to handle their services to internal/external customers, then Foundation is worth considering. MICROSOFT CERTIFIED SOLUTIONS EXPERT (MCSE) Anyone working with Microsoft technologies should take a close look at the Microsoft Certificate Solutions Associate (MCSA)and the expert MCSE. You must complete the MCSA before tackling the MCSE. Widely respected in the industry, MCSE demonstrates a professional’s ability to build, deploy, operate, maintain and optimize Microsoft-based systems. For the MCSE, you can choose one of nine certification paths, including Server Infrastructure, Private Cloud, SharePoint and more. PROJECT MANAGEMENT PROFESSIONAL (PMP) PMP is aimed at mid-level project managers. Candidates without a bachelor’s degree must have at least five years of project management experience (7,500 hours leading and directing projects); bachelor’s degree holders must have at least three years (4,500 hours leading and directing projects). Successful PMP holders have demonstrated they have the experience, education and competency to handle project teams. It’s not a “must-have” by any means, but it can
  • 14. certainly help you zip through the résumé screening process and proceed into discussions about salary. RED HAT CERTIFIED ARCHITECT (RHCA) Interested in becoming a Linux expert? Take a look at RHCA, probably the most challenging qualification in the Red Hat certification program. To attain RHCA status, Red Hat Certified Engineers (RHCEs) must pass at least 5 exams and demonstrate their skills in performance-based tasks. Beginners should consider the RHCAS and the CompTIA Linux+ certification. VMWARE CERTIFIED PROFESSIONAL 5 – DATA CENTER VIRTUALIZATION (VCP5- DCV) VCP5-DCV is expensive, but probably worth it if you’re interested in virtualization. To obtain this foundation-level certification, candidates must demonstrate hands-on experience with VMware technologies, complete a VMware-authorized training course and pass an exam. This proves a certificate holder’s ability to install, deploy, monitor, scale and manage VMware vSphere environments. Once you have the VCP5-DCV, you might wish to consider more advanced levels of VMWare DCV certification. In addition to data centers, VMWare also offers credentials in the cloud, end user computing and network virtualization. This document is developed for educational purposes, Inother to help bring to mind current threats, proffer ways to mitigate attacks ,Inspire someone to develop proactive approach to combat cyber crime with proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world and give everyone the confidence to live and work safely and securely in the digital world