As an IT instructor who teaches a CompTIA Security+ course, I am often asked by students how they can keep their computer systems safe from attack for the lowest cost possible. The short answer, unfortunately, is that you can’t. Sounds depressing, doesn’t it? I think so, but there is hope!
Three things to keep in mind before we begin.
It’s not all on you.
The first thing I usually tell people in response to that question is that you aren’t responsible for keeping your system completely safe from attacks. The safest system you can get would be one that you never turn on and, in fact, never leaves the store! Not very useful, right? So please understand that making your computer impervious to all attacks is impossible. Our goal should be lower the attack surface, or the profile, of the target system so that it is as hard to breach as possible.
Be aware of new threats.
The second thing I tell people is that you need to keep up with the latest threats to security and then research ways to mitigate those threats. Due diligence goes a long way toward helping us understand the why and the what. With that being said, please do your own research before implementing any of the suggestions that I make below. These suggestions have worked for me in the past and continue to provide value to me. They may not work for you. Additionally, neither LeaderQuest nor I are responsible for damage that may be done to any system where the suggestions are implemented. You have been warned!
Manage your costs.
The third thing that I mention to my students concerns the cost of implementing the suggested solutions to some of our security problems. I typically emphasize free tools since my students are often in class between jobs. Cost is a major factor in their decisions and I have done a lot of research over the years to find the best free products. Once I find a potential solution, I will download, install, and test it to see what might happen when it is installed (the typical gotchas that crop up from time-to-time). My research is not exhaustive and the cost for free tools can sometimes exceed their value, especially when you have to reinstall Windows because a program messed things up.
Now that we’ve got that out of the way, let’s look at how to secure our systems. Below you will find several practical tips that if followed will let you sleep better at night. Are you ready? Here goes!
1. Keep your system up-to-date.
I know, I know, you’ve heard that one before. Well, so have many others, and yet it still bears repeating. See the Atlanta ransomware attack. You should let your operating system check for updates automatically and apply them when available. For Microsoft operating systems, the second Tuesday of the month is Patch Tuesday. Hint, hint!
2. Keep your software up-to-date, as well.
Everything that you install should be updated. Most software will have a feature that either automatically updates the software, such as Google Chrome or Mozilla Firefox, or alerts you when an update is available, such as Java and Adobe Reader.
3. Install, and keep up-to-date, an anti-malware suite.
I know that Microsoft Windows comes with anti-malware software installed (Windows Defender), but you really should look at it as a built in stop-gap until you can find something else. While I understand that anti-malware software can be expensive, costing as much as $50 per year, it is well worth the investment. If you are looking for a less-expensive option, consider downloading and installing the following:
Malwarebytes has a free scanner that you can use to scan your computer. Please understand that it is not an active defensive program but one you will need to use manually.
Cybereason has an application you can download and use for free that will monitor your computer, and when it detects a program trying to encrypt your hard drive, it will try to stop it. It is free for anyone to use. That might help with the type of attacks that have plagued Atlanta and Colorado.
Keep in mind that anti-malware software is not perfect and won’t pick up one hundred percent of malware infections, especially those that have the software hasn’t encountered before. It is possible that your computer could still become infected, which is why we try to keep it updated.
4. Secure your browser.
The last suggestion that I will offer is going to cover one of the primary ways that malware gets on your computer without you knowing it: your browser!
Use either Google Chrome or Mozilla Firefox. I am partial to Firefox since they seem to have a deeper focus on security. Either way, they both offer the ability to add extensions that can help increase your online security.
InstallHTTPS Everywhere to your browser. This extension automatically searches for an HTTPS server at the address you type into your browsers’ address bar. Why is it important? Well, simply put, when you type in a web address, you don’t typically start it with HTTP or HTTPS, you use just the domain name (such as www.leaderquestonline.com). Since we don’t start it with HTTP or HTTPS, we usually end up at the unsecured site instead of the secured one that might be available. If present, HTTPS Everywhere uses the secured site address. If it isn’t present, then HTTPS Everywhere will let you use the unsecured site instead.
In case you didn’t know, HTTPS is an encrypted web server (using Transport Layer Security or TLS). That way, anyone eavesdropping on you will not be able to read things like your username and password. Pretty cool, huh? The makers of the software, the Electronic Frontier Foundation (EFF), are very concerned about your privacy, so please check their site out.
Next, install EFF’s Privacy Badger.It will help you block spying ads and trackers on the web. If you want to see just how extensive tracking can be on the web, consider installing Firefox Lightbeam by Mozilla. It will show the links and give you great insight into the true connectedness of our online world. It can be quite the eye-opener!
Install the NoScript Suite extension. This extension can greatly diminish the possibility of what is known as “drive-by malware infections” compromising your system, and it is available for Firefox and Chrome (in a lite version). It does take some getting used to, as it blocks scripts from running in the background which will cause a lot of websites not to work the way you might expect. Since we can’t tell if a website has been compromised by a third-party, having all scripts disabled initially will prevent an embedded malicious script from running in the background. Once you learn how to turn on the videos and other content you want to see using the tool, you will find that your computer is not only safer, but websites will often load faster.
Lastly, use a password manager extension. I use LastPass. Two things to bear in mind when using it: it can auto-populate your username and password, and it can provide you with highly random, unique passwords. Auto-populating the information helps us avoid keystroke logging viruses that can capture the keyboard inputs as we type. The random secure passwords it provides helps us avoid reusing passwords across sites and makes them harder to guess should someone capture them. If you purchase the premium edition of LastPass and have a Yubikey hardware token, you can integrate them. That will significantly increase the security of your passwords.
And that’s it!
While we can’t expect perfect security, the suggestions that I’ve made above can help you quickly and easily reduce your vulnerability to attack. Bear in mind that these are only suggestions and that there are many wonderful alternatives to most of these products, both free and for a fee, so find the ones that work best for you.
If you love playing with computer software or hardware, or if you’re interested in how computer systems and networks can be secured, a career in cyber security might be right for you! LeaderQuest offers IT training, including cyber security, networking and project management. If you’re interested in joining the thriving IT industry, we can help! LeaderQuest offers courses for beginners and IT pros alike. Click below to learn more.
James’ passion is helping people connect with technology in meaningful ways. That passion drives him to learn technology deeply and well so that he can present that information to others. At our Denver campus, James teaches CompTIA courses including A+,Network+ and Security+.
It’s that time of year again when people want to be scared by stories of ghosts, ghouls and monsters! These stories can give us chills, but what about the real horrors that wait for us out there on the internet?
Like ghosts from horror movies, hackers and cyber criminals are out there constantly seeking a way to enter our (digital) world. They want to access your Facebook, your Instagram, your Paypal, your Amazon, your banking websites: everything. They might even use your information to try and hack your friends and family.
Check out these 4 cyber security horror stories, below
Invasion of the Facebook Account Snatchers!
The Horror Story
You wake up on a weekday morning and see an email notification on your phone. It lets you know that your Facebook email has been changed to an old Hotmail address you haven’t used in years. The next email in your inbox informs you that your Facebook password has been changed.
You sit bolt upright in bed. This can’t be right! You try to log into Facebook, but your old password won’t work.
Okay, don’t panic. This can be fixed. You find that one of the notification emails has a link to secure the account if this change was unauthorized. Relieved, you click it, ready to get your account back. But the whole page is in Turkish, incomprehensible. You can’t make heads or tails of it, or find a way back into your account.
Pulling up your account by URL you find somebody else’s face on your profile, and somebody else’s name. Your account has been invaded, and somebody else has taken your place. They have access to all your messages, your friends, your photos and personal information about you stored in your account. Even other websites and apps that you use Facebook to access.
Somebody has stolen your digital life from you!
This really happened to Jeff Bercovici, Inc.’s San Francisco bureau chief.
So how did the hacker get access to his Facebook profile? Through an old Hotmail address that Jeff hadn’t used in years. Hotmail will release old addresses to be re-registered if they haven’t been in use for two or more years.
This old email account was still connected to Jeff’s Facebook profile, and the hacker was able to use it to get in. He then changed the password and the primary email and took total control of the account. If Jeff wasn’t a tech journalist with connections at Facebook, it might have taken him a lot longer to get his account back.
What can you do to prevent this?
You should check your security settings on your Facebook account.
Check for any connected email addresses and remove old ones.
Make sure you have two-factor authentication enabled.
Lock down privacy settings to prevent people from using your Facebook account to gather information about you.
The Silence of the Phones
The Horror Story
You’ve had a great weekend up in the mountains, enjoying the clean air and beautiful weather. You phone hasn’t rung once, and you honestly haven’t missed it.
You pull into the driveway, and suddenly your phone blows up with messages, emails and notifications. It seems your bank card’s PIN has been changed and multiple withdrawals have been taken out of your accounts.
How was this possible? You set up two-factor authentication for all of these services, nobody should be able to access them without a code sent only to your phone.
You immediately call your bank, only to find that you have no cell service. You only got these messages because your home wifi connected. You can’t make or receive calls at all! Somebody has stolen your phone number. And with it, your bank information, your social media accounts, your email.
You see messages pop up from some of your friends, wondering why you’ve been asking for so much money…
This is exactly what happened to Christine, who writes the Her Money Moves blog. She suspected that hackers somehow got to her money through her use of a mobile banking app, despite the fact that she never saved her password in the app.
It’s impossible to know how exactly they got access to her banking information, but they certainly took control of her phone number.
This kind of theft is becoming more and more common. With a few basic pieces of information, like the last four digits of your Social Security Number (perhaps from a website breach), somebody can impersonate you when calling your cell service provider. They might even go so far as to walk into a cell phone store and impersonate you, complete with a fake driver’s license.
Once they have your number attached to their phone, all of your two-factor authentication becomes meaningless.
What can you do to prevent this?
It might seem like there’s nothing you can do here, but there are a few important preventative measures you can take.
Call your cell phone company and set up a “verbal password” or PIN.
Make sure that this password is required for all account changes.
Make sure that web access to your account is highly secured and also uses two-factor authentication.
Once this is completed, try to hack yourself. Call you cell company from a friend’s phone and see if they’ll let you make changes without the pin.
210 Days Later
The Horror Story
You wake up one morning and find yourself locked out of your Instagram. Checking your feed, you can see that somebody has been deleting your photos, uploading other ones.
Somebody has stolen your Instagram account. You don’t want to care, but it’s an important part of your professional life. You had a verified account, surely it can’t be that hard to get it back.
But the company is run by ghosts. Nobody responds to your support requests. You try their website, but the “help center” is useless. Every article leads back to an article you’ve seen before, a form you’ve already tried. You wander this maze of “help” pages endlessly, submitting forms and getting no response.
And through all of this, nobody will talk to you. Not one single human has reached out to you about your issue. Days turn into weeks, and you try everything again. Weeks stretch into months. Still no response. You try every help form again, and again, and again.
Finally you realize that you are alone. Nobody is ever going to help you get your account back. The only replies you can expect are from robots: cold, uncaring, and unable to help you.
Rachel Tsoumbakos detailed the arduous process of trying to get her account back in this blog. She submitted form after form, tried every support address she could locate, and nobody would help her.
Her blog chronicles months on end of trying to get her account back, as well as the process that finally helped her get access. Eventually, in the depths of the “lack of help” center as she calls it, she found this link: https://help.instagram.com/368191326593075 (but you may need to access it from your phone, not a PC).
She was contacted by what seemed to be a person but was probably just a bot, asking for a picture of her holding a hand written sign including a code they’d sent her. It took a few tries, and she found that writing in thick black marker was what did the trick.
After 7 months of waiting, she was finally granted access to her account again.
What can you do to prevent this?
First, do everything you can do lock your account down. The best way to deal with this is to prevent yourself from getting hacked in the first place. See our instructions for Facebook above, which include:
Check for any connected email addresses and remove old ones.
Make sure you have two-factor authentication enabled.
Lock down privacy settings to prevent people from using your Instagram account to gather information about you.
If you’ve already been hacked, here are a few Instagram resources:
After countless hours spent grinding enemies, you have amassed a Runescape collection rivaled by none. Some would say it’s just a game, but for you this is your life. After two years devoted to the game you’ve earned friends, fame and lots of money!
So when you see an ad for an app that will finally let you play Runescape on your phone, you can’t believe how lucky you are! This is just what you’ve been looking for. You click through, and are directed to what you think is the legitimate Runescape website to fill in some information.
They ask for your username and password, so you enter those first. You’re so excited that you don’t even bother to make sure you connection to the site is secure. When the next screen asks for your in-game bank PIN, you find it a little odd, but you can’t wait to get going so you enter it anyway. You authenticate your account, ready to be able to play your favorite game any time.
The next morning, the reality of your mistake becomes clear. You log in to find your bank account and character have been completely cleaned out. All 19 million dust runes, 4.2 million Marrentill herbs, 347,000 cballs, over 7,000 bandos pages, 106,000 potato seeds, 20,000 dwarf seeds… everything is gone. And all because you fell for their scam.
You might think that after such a blow, quitting the game would be the only sensible answer. Instead, this experience helped reddit user zedin27 to enjoy the game all over again. Kudos to zedin27 for being an indefatigable optimist!
So how did it happen? This was a fairly complex phishing attack, using an ad as the entry point instead of an email or Facebook message. If zedin27 had been careful to check the page’s URL and make sure the site was secure, he would have noticed something amiss. As we covered in our blog on 7 Cyber Security Tips for Anyone Who Uses the Internet, pages designed to mimic real websites are easy to spot if you’re on the lookout.
What can you do to prevent this?
Phishing attacks are everywhere. Here are a few ways to protect yourself.
Be suspicious of links and attachments. Make sure the sender or website is who you really think it is.
When filling in forms, check for HTTPS in your browser. Usually you should see a lock icon if the site is secure. This is especially important for any financial sites or transactions.
Check the URL to make sure it’s really the site you think it is.
If something seems “phishy,” don’t follow any links provided. Open a new browser page and go directly to the site in question. This will prevent you from going to a faked version of a site you use often.
Cyber Security Doesn’t Have to be Spooky!
Are you interested in cyber criminals, what they do, and how they can be stopped?
A career in cyber security could be perfect for you! LeaderQuest offers accelerated training designed to help people with zero experience gain the skills and certifications they need to get hired in IT. Advanced cyber security positions will require more experience and training, but now is the perfect time to start.
If you’re interested in IT, click on the link below. We’ll contact you and walk you through a career assessment to see if IT is right for you!
October is National Cyber Security Awareness Month, which was created to bring awareness to the growing cyber security threats that plague modern society. Since the evolution of the internet, almost every bit of information about us is strewn across the web, from our social curiosities, to our financial situations, all the way to our health records. Whether you like it or not you are being tracked, mapped, and monetized every time you use the internet (unless you are using a VPN which will be discussed below). With every click of your mouse and every stroke of your keyboard a virtual “you” is being stored. So with all of this information about you frolicking around the internet, what keeps you safe? Personal and commercial cyber security.
Cyber security awareness is aimed at strengthening the weakest link in the security chain: humans. No matter commercial or personal, one single human error can jeopardize important data and lead to catastrophic results. Does catastrophic seem too intense of a word to you? Jeopardizing your personal information can ruin almost every aspect of your life, from your financial security to social security. Once on the internet or the “dark web” your information can never be fully withdrawn, remaining forever and simply sold to the highest bidder or leaked to the lowest scumbag who aims to drain your accounts and steal your identity. This problem can be exponentially worse when an employee of a company falls victim to a cyber attack which leaks not just one person’s information but thousands of people’s information at once, such as the Equifax hack last year which exposed the Social Security Numbers, birth dates, addresses, and in some cases drivers’ license numbers of 143 million consumers.
It’s not all doom and gloom though! Fortunately not all who roam the internet are here to steal your information, some are here to protect you from the cyber security threats of the world. We’d like to share not only the 7 best tips to protect you on the web but also the reasons and technicalities behind each tip. We’ll give you an overview of each tip and how to utilize them as threats evolve.
Tip #1: Never Forget You’re a Target
Be aware that you will always will be a target for hackers.
This is extremely important to understand because far too often people don’t see themselves as targets which leads to unsuspecting victims and people letting down their guard. You must always stay vigilant in order to protect yourself and your information.
How serious is this problem? Here are a couple alarming statistics that you may have been unaware of.
Since 2013 there are 3,809,448 records stolen from data breaches every day, which translates to, 158,727 per hour, 2,645 per minute and 44 every second of every day.
In 2017 alone, nearly 158 million social security numbers were exposed from various breaches.
The global cost of cybercrime has now reached as much as $600 billion.
Unfilled cyber security jobs worldwide will reach 3.5 million by 2021.(Interested in becoming part of the solution? Check out our blog about starting a career in IT with certifications here.)
Tip #2: Create Strong Passwords
Your first line of defense is creating strong, memorable passwords. In other words, passwords that are hard for humans and COMPUTERS to guess but also easy for you to remember.
One of my favorite ways to do this is to use a “passphrase,” demonstrated in the comic below from xkcd.
The quote, “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess,” could not be more true.
The simplest way to make a highly secure password is come up with an uncommon phrase that is unique to you and, like the comic shows, add a memorable twist. This twist can be an odd response, capital letter, or unexpected number, whatever you choose, be sure that it is also easy to remember.
For example: Say you really like fig newtons, your phrase can be “fig newtons taste figgy.” As goofy as that sounds it would actually take hundreds of years to crack and scores a 100% on strength.
Once you have created a strong password the next part of your defense is password management.
Password management is being able to manage user passwords from one centralized location (not all on a sticky note). I will lay out three different strategies for password management. Password management is not a one size fits all, so choose the one that makes sense for you. The goal is to make the password management task as simple and secure for you and your specific situation.
Option A: Use a Password Management Site
One option is to use a password management site like LastPass. Sites like this allow you to store all of your passwords in one central location that can be accessed by a single password or as recommended a “passphrase.” This master password is to be stored in only one place: your brain.
LastPass passwords will be stored as keys on each site that you register in your password bank. Once you store your passwords you will then download a browser extension for the management service you chose. This allows the manager to auto populate your password on sites automatically and away from the prying eyes of hackers.
om, strong, and unique passwords for every site you use, store them in the password manager, and only use the “passphrase” password for the manager.
Option B: Use a Secure Spreadsheet
If a password manager isn’t your style, you can create your own password bank on Google Docs on a spreadsheet. This is actually a very secure way to store your passwords because Google can require two-factor authentication when logging in from a new device. This two-factor (2FA) or multi-factor authentication (MFA) adds another layer of security to your login by requiring another verification step on top of a password. For example: you may receive a text with a pass code that you would then enter on the website.
Similar to the recommendation above, use the password generator for all the sites except Google, where you’d use a hard to crack “passphrase” password.
Pro Mini Tip: Store your spreadsheet with
a name other than “Passwords.”
Option C: Use a USB Security Key
If you don’t want to fiddle with password management sites or password generators, a USB key like Google’s
Titan Security Key is for you.It adds another layer of security to whatever site you are logging into, creating a MFA (Multi-factor authentication) which is much more secure. Not only is it much more secure but you actually need to have the key with you for access. Note: Not all websites let you use these keys.
Pro Mini Tip: Get a backup key. Once you lose a key it’s toast, so have a backup.
Tip #4: Beware of Phishing Attacks
Phishing attacks are when the attacker tries to get you to take an action that will jeopardize your information. They may get you to click on a fake website to steal you logins credentials or get you to download malicious software through an email attachment or website.
If you ever click on a link that takes you directly to a login page make sure and check the URL. It’s important to understand what to look for in a URL to make sure you are on the correct site.
You want to make sure the domain name is correct and followed by the top-level domain and then followed by the file path. If there are any additions to the original domain name, you are on the wrong page and should close it immediately. See the examples below.
In the image below you can see that this is the authentic. It has facebook.com, followed by the top-level domain, directly followed by a file path.
In this other image you can see that twitter website has been forged. Even though twitter.com is the real domain name for Twitter, the actual ending domain for this phish is all09.info.
The phishing pages may look legitimate but it is always safer close everything out, open a new window, type in the URL that is confirmed to be legitimate, and then log in.
You can test your skills at spotting a phishing websites here.
Some other warning signs that you might be on a phishing page are: misspelled words, old landing pages and unfamiliar looking pages.
Pro mini tip: When entering private information, make sure that the URL starts with HTTPS. HTTP stands for Hypertext Transfer Protocol and the “s” stands for secure. When the “s” is present that means all communications between your browser and the website are encrypted.
Tip #5: Be Careful on Public Networks
Not all networks are created equal, especially public networks. The information going to and from your device can be easily intercepted by others using the network. Find out more about public networks and their risks in this short video from the FTC.
Sometimes public networks are your only choice, especially while traveling. If you need to log on to a public network be sure to avoid banking websites and other websites that contain extremely sensitive information. Or, if you have to use a public network, secure your information by using a VPN as discussed in the next tip.
Tip #6: Use a VPN (Virtual Private Network)
A VPN is a service that lets you access the web privately and safely. It does this by routing your connection through a VPN server that protects your identity and location, and encrypts transferred data.
The destination website sees that the information is coming from a VPN and shows the VPN’s location, not the user’s IP address and location. VPNs use encryption protocols and secure tunneling techniques to encapsulate all online data transfers. They also involve integrity checks that ensure that no data is lost and that the connection has not been hijacked.
How do you implement a VPN? It’s actually very simple. There are multiple providers and just like any business there are pros and cons for each. Luckily there is a website that has tested the top VPNs and ranked them based on various factors; you can see the list here.
Tip #7: Utilize Antivirus Software
Make sure that you have an antivirus program and that it is up to date.
Antivirus software is a program or set of programs that are designed to prevent, detect, and remove viruses, and malicious software like worms, trojans, adware, and more. These terms can me consolidated under the term “malware.”
Similar to phishing, malware is something that you want to do everything you can to avoid. Malware can steal your information, delete your information, hold your information for ransom, track everything you do on your device, and even hijack your webcam; all of this without you even knowing.
How do you know if your device is infected with malware? Besides having an antivirus program that detects malware, here are some common signs that your device might be infected.
Unfamiliar icons displayed on your desktop
Frequent computer crashes
Internet traffic increases without any user action
Popup ads start showing up everywhere
Your browser keeps redirecting you
System tools are disabled
Unsolicited messages and posts start showing up on your social media/email
Files start disappearing
Your computer storage fills up without you adding any additional files
The reasons for these warning signs range from the malware using your computer to solicit ad money, to hijacking your computer’s resources, to phishing your information, all the way to directly requesting ransom money from you to get your information back.
With over 350,000 new malicious programs (malware) detected every day, it is important to have an up to date antivirus program. Antivirus companies are constantly updating software to combat the growing number of malware threats so you don’t have to.
When it comes down to it, cyber security, both personal and commercial, can be boiled down into preemptive and proactive decisions in order to protect your information as best as possible. These 7 tips were designed to give you a leg up on current threats and hopefully help prepare you for future threats. In any case it is important to remain vigilant while connected to the world wide web and implement as many as these safety techniques as possible. As the web evolves so will the threats that challenge its very integrity. The more individuals that are educated on basic cyber security techniques the better chance we have at protecting this vital tool on which we rely on every day.
Are you interested in joining the workforce and industry that actually combats online threats? From professional hackers, to infrastructure management, to entry level support positions, LeaderQuest can help you break into this industry in as swiftly as three months. This includes training, certifications, and employment services, all with goal of getting you a job as quickly as possible with the proper knowledge and skills to propel your future career for years to come.
The best part is that you can do this all around your schedule with a world class team at your back.
With an estimated shortage of 3.5 million cyber security positions by 2021, this industry offers unparalleled growth opportunity in combination with exceptional salaries. If you are thinking about a career change or are looking to start a career check out our Computer User Support Specialist program. It is designed specifically with entry level candidates in mind and helps you develop the skills that employers are looking for. Computer User Support specialists on average are making $52,810 according to the Bureau of Labor Statistics.
Want to talk to someone and see if a career in IT and Cyber Security is right for you? Click the button below and be contacted by a Career Advisor to discuss your future!
When you’re stuck in an unrewarding, underpaying job, getting something better can’t come fast enough. No matter what you want, it can be difficult to break into a new field on the timeline you need. That’s where IT certifications come in.
IT certifications can help you to jump into a new career fast while building a foundation for further specialization. Still not convinced? Here are just a few of the reasons IT certifications are a great way to start a career in IT.
1. They’re a Fast/Low-Cost Way to Level-Up Your Resume
For those who have the time and resources to dig deep into a topic, the traditional degree model has a lot to offer. However, when you want to bump up your skills fast, certifications are a great investment. The average tuition for a master’s degree program is $60,000 to $80,000 while living expenses, books, and more can easily cost over $100,000. Certifications are vastly less expensive, especially if you can find a third party that will cover the cost for you.
Another benefit is that you get into the meat and potatoes fast. Certifications are hyper-focused on the skills you need, so there’s no Gen Eds to knock out.
2. Certifications Validate the Skills You Need to Succeed
From an employer standpoint, every hire is a gamble. It takes time and money to get them registered in the system, trained, and enmeshed with a new team. Of course, there will always be situations where things don’t work out for one way or another, but it still important to get every assurance possible an employee will be a good fit.
That’s where certifications come in. They provide a universal measure of a certain skill set. This can be easily understood by employers and technical professionals alike. Whether you’re validating a skill that you already have or taking on a wholly new one, it shows an employer that you definitely know what you’re talking about.
In fact, sometimes getting certifications isn’t a matter of “if” but “when” because…
Whether you’re working for the DoD, or just working with a company that regularly contracts with the DoD like Raytheon, Booz Allen Hamilton, Northrop Grumman, etc., you will need certain certifications to operate at different levels. The table below shows what certifications could be required for such work.
Conversely, this provides a huge opportunity because companies who work with the DoD are always in need of certified professionals to work on their contracts. Thinking about going into DoD work, but not sure which certification is right for you? Luckily, we wrote an entire article about that.
4. Certifications Are Good For the Whole Company
When it comes to an overall company’s well-being, certifications are the gift that keeps on giving. Studies from CompTIA, Microsoft, IDC, and Novell have done studies confirming the wide-ranging benefits for a company on the whole.
Organizations that invest in certifications for their employees are rewarded with happier and more productive workers who want to stay longer. Not only do they bring a brand new skill set to the table, they’re grateful, excited, and engaged because their company showed faith in them.
Getting employees certified also boosts confidence and peace of mind. On the one hand, workers feel assured in their knowledge. Meanwhile, customers themselves know that they’re getting more bang for their buck.
5. Certifications Help You Stand Out in Interviews
Before you even set foot inside a potential employer’s office, recruiters and resume scanning software will look for those key certifications. That means that certifications can make or break even getting a seat in the room. Once you’re in, certifications can help you stand up against candidates who might have as much or more experience than you.
6. Great Certs Equal Greater Earning/Salary Potential
7. Certifications Could Get You a Head Start at College
Many individuals get an entry-level certification like ITIL or CompTIA A+ so that they can get a start into a ground floor IT job. Then, they can go back, finish their degree, earn a few more certifications, and put themselves in the best position possible for work in an intermediate or advanced field like networking or even cyber security.
This means that IT is a field that is desperately needed, important, and can have a great impact on the world around you. Taking on these new skills means having an opportunity to enter into a career that will help you develop personally as well as professionally.
There is a Japanese concept known as ikigai which reflects on that which is needed and loved in the world. In the novel, “The Japanese Secret to a Long and Happy Life,” co-author Hector Garcia has this to say about finding happiness and fulfillment in life.
“Your ikigai is at the intersection of what you are good at and what you love doing,” he says.
You never know where your purpose will come from. However, when it comes to a field as exciting and fast-growing as IT, you just might find yours.
Level-Up Your Career with LeaderQuest
If you want a career you’ll love, IT is a quickly growing field with a number of benefits both personal and professional. IT certifications can help you land that first job or advance to a higher, better-paying position. That’s why LeaderQuest offers some of the most essential IT certifications in the business.
We offer 5 and 10-day classes online, on campus, during the day, and at night with the goal of getting you trained, certified, and hired in the IT world. Once you’ve finished classes, you’ll have the opportunity to work with your own personal Employment Development Manager (EDM) who will help revamp your resume, nail your cover letter, and work with you to practice for behavioral interviews.
If you’re stuck in a job you don’t like, why delay? Contact us today and start a career you’ll love with a salary you’ll appreciate!
When you’re looking for a way to climb the ranks in the cyber security world, it can be difficult. As a newer industry, there’s no cookie-cutter path to cyber security and qualified experts come from a variety of backgrounds.
However, one surefire way to prove yourself is through certifications which validate your skills in the eyes of an employer and let you get a foot in the door for that dream job. The EC-Council’s Certified Network Defender (CND) is one such certification, great for people who want to work on making sure an organization’s network is secure and maintained.
In this article, we’ll cover the CND certification, what it covers, how it works, and whether or not it’s the perfect move for your career.
Cyber Security Skills Gap and Certification
Before we move on to the CND, it’s important to understand why it’s relevant in this world. The answer? The cyber security skills gap. With more and more high profile hacks from Equifax to Uber, qualified professionals are in short supply.
That’s where IT cyber security certifications come in. For professionals who already know their way around a computer and are ready to help fight the bad guys, certifications give them a chance to prove those skills quickly and get to work.
But not all certifications are created equal. So where does the Certified Network Defender come in?
To get more specific, the CND is great for anyone who wants to focus on the operations and processes involved in network defense, rather than the tech. Their focus is on maintaining infrastructure in a system. A day in the life of a CND certified pro could include testing a network for weaknesses, installing security programs, evaluating/monitoring networks, and more.
For info on when the CND could be the right choice for you, check out the infographic below from the EC-Council.
As for the process of getting certified itself, well, it’s not easy. The exam is over four hours and costs hundreds of dollars. Here’s a breakdown of what you can expect . . .
What’s in it for you once you do get the CND? We’re glad you asked! The CND uniquely prepares you to work with networks or seek network administrator positions.
Some of the most common job roles include. . .
Network Security Administrators
Network Security Engineer
Network Defense Technicians
As for salary, the average Certified Network Defender salary is around $65,721* but could easily be much higher depending on your specialization. For a Defense Network Technician, salaries range between $70,000 and $76,000.
Meanwhile, a Network Security Engineer could make anywhere between $97,000 and $163,000 according to the Robert Half 2018 Technology & IT Salary Guide. Not bad. Not bad at all.
Get Certified and Hired with the CND!
If you want to start an exciting, in-demand, well-compensated career in network defense, Certified Network Defender can get you there. That’s why we’re here to help you get a cyber security certification that launches your career!
We offer high-impact IT certification training designed to help you learn the material, get certified, and be prepared to start a new job role with confidence. Getting you a great new job as quickly as possible is our ultimate goal. That’s why we offer 5-10 day classes, during the day or at night, online or on campus, which you can resit as many times as needed to make sure you absorb your new skills fast.
Train with an expert instructor at LeaderQuest and start your new career with the help of our Employment Development Manager (EDM), your personal career coach who comes equipped with a host of employer connections to help you get hired fast.
Don’t wait to start a great future in cyber security. Reach out today!
We’ve all seen it. The rapidly flashing screens. The confusing jumble of nonsensical numbers and symbols. Or, the lame PS1-esque graphics that Hollywood seems to think makes a mega hacker. Movie hacking is corny, goofy, and a convenient plot device when you want something to seem futuristic.
Before we establish what hacking is, it’s important to establish what it isn’t. The answer is, well, basically anything you’ve ever seen on TV. It’s not Newman telling Samuel L. Jackson he didn’t say the magic word and infecting all the computers as in Jurassic Park.
It’s not a man in a black light gyroscope twirling around while his green body dissolves into a swirling nightmare vortex as he says, “I’m in,” as in Lawnmower Man.
And, perhaps most importantly of all, it’s not trying to stop a real-time hacker with the most effective method of all. JUMPING ON THE SAME KEYBOARD TO DOUBLE YOUR ANTI-HACKING SPEED. (As seen in 2 idiots, one keyboard from NCIS fame.)
This all bring us to another question which is, why do we see hacking portrayed again and again in these increasingly silly ways? Well . . .
Why Does Hacking Look So Stupid in Movies?
It can be easy to think that Hollywood writers and executives are doofuses who don’t know the first thing about a keyboard, let alone hacking, but that’s not always true and things are changing as the public understands tech more.
For example, the tech-savvy show Mr. Robot actually employs a team to ensure that all of the tech stuff rings true. As for other shows, well, take a look at this video of someone doing a live hacker challenge and see if you can spot where this might not translate into film.
Turns out real hacking looks a lot like staring at a text editor for a long time, testing vulnerabilities, finding a way into the system, and then building yourself a backdoor so you can get back in. Text editors are notoriously nonsexy and nonexciting. You see the problem.
However, one of the biggest reasons that tech looks so silly is, well, everyone is trolling you as shown in this article from Gizmodo.
If you see something too dumb to believe, it’s probably a joke. Or at least a setup; the punchline of which is when you lean over to your date and exasperatedly explain that there’s no way that could happen since no CTO worth his salt would ever let that kind of information be remotely accessible instead of just relegating it to an isolated intranet, and besides that’s not actually what VPNs do.
With all this in mind, let’s dive into the truth behind the Hollywood glitz.
What is Hacking Really?
The word hacking has kind of become a catch-all for cyber attacks and cyber terror in general. Technopedia defines hacking as, “an unauthorized intrusion into a computer or a network.” Hackers may use the system or security features to accomplish a goal that differs from the system’s original purpose.
It specifically includes the following techniques under the umbrella of hacking:
Vulnerability scanning (checking computers on networks for known weaknesses)
Packet sniffing (apps that capture data packets in order to view data and passwords in transit over networks)
Spoofing attack (websites which falsify data by mimicking legitimate sites, and they are therefore treated as trusted sites)
Rootkit (programs which work to subvert control of an OS from legitimate operators)
Keyloggers (tools designed to record every keystroke on the affected machine for later retrieval)
However, there are a number of different ways that people who identify as hackers try to exploit networks and systems for their own gain. A Distributed Denial of Service (DDoS) attacks makes an online service unavailable by overwhelming with traffic with the sole purpose of shutting down a website.
Little known fact, one-handed standing laptop hacking is the most effective method.
And not all hackers are created equal. While the word may conjure up images of a ski-masked man in a hoodie in a darkened room hunched over his laptop, ethical or “white hat,” hackers make up an important part of keeping networks safe.
Black Hat, Gray Hat, & White Hat/Ethical Hacking
Hackers are divided into three groups: White Hat, Grey Hat, and Black Hat. Named for the different colors of hats worn by characters in Westerns, Black, Gray, and White basically boils down to bad, questionable, and good, but the truth is a little more nuanced than that.
White Hack hackers are hired by companies to help identify security bugs in their systems. To catch a hacker you have to think like a hacker. They play an important part in security.
One of the strongest weapons in the fight against cyber criminals has been hackers themselves. Professionals with a deep understanding of how to penetrate the security of an online infrastructure are commonly deployed to find vulnerabilities that those on the other side of the moral hacking spectrum would seek to exploit.
Black Hat Hackers have a clear malicious intent. Whether it’s to extort money, crash a system, or just cause general chaos in a person’s life, they do what they do for personal gain in a way that harms others.
Many career paths that lead to white hat hacking are unconventional. Again, there is controversy in the industry about hiring black hat hackers turned white hat, but, even for those who start firmly on the ethical hacking path, it can be twisted.
In the case of Ben Miller, he got a degree in computer systems and networking . . . right before the dotcom bubble burst. Ouch. After a few rough years, he was hired as a networking administrator for a hospital and focused on strengthening systems while making sure they were HIPPA compliant.
His company offered a Certified Ethical Hacking course. He took it, loved it, and was hired one year later in ethical hacking by his instructor. Now Miller works trying to think like a hacker while stopping them dead in their tracks.
His recommendations for up and coming ethical hackers? Always be listening and reading, communicate with your client, getting certifications can help prove your abilities, and always document what you’re doing.
Want a Career as an Ethical Hacker?
If you’re interested in helping companies protect their data and stopping hackers dead in their tracks, certified ethical hacking might be for you! At LeaderQuest, we offer a 5-day Certified Ethical Hacker (CEH) course to help you get trained, certified, and hired. Through our career services team, and personal job coaching with your very own Employment Development Manager (EDM), you’ll also get help with your resume, interview tips, and access to employers in the industry.
With room for growth and a zero percent unemployment rate in cyber security, it’s clear that a certification like this will make you highly employable for a long time to come. To make training easy for you we offer classes during the day, at night, online, or on campus to fit any learning style or schedule. When it comes time to take the test, we not only cover the cost of one certification attempt per course but also have approved testing facilities on campus.
If you want to join a career fighting for the good guys, don’t wait. Though sadly, this job will not involve two people typing on one keyboard. (Sorry NCIS.) Become an ethical hacker today!