What are the Best IT Security Certifications?

Posted by Kelly Grant, Senior IT Recruiter

Tech companies want employees with the latest knowledge and skills, and IT certifications demonstrate a person’s mastery of an IT technology or practice. Certifications also show a dedication to the profession and a desire to stay up-to-date on the latest innovations.

I read an article by Robert Half about the most valuable IT certifications in today’s tech job market. https://www.roberthalf.com/blog/salaries-and-skills/which-it-certifications-are-most-valuable

Certifications from ISACA, a professional organization devoted to IT security and governance, enhance professional credibility and confirms to employers that a candidate possesses the knowledge and experience to meet the challenges posed by increasing cybersecurity threats.

The article cites the following global certification programs as most valuable:

  • “Certified Information Systems Auditor: According to the ISACA, the CISA is its cornerstone certification. As the name indicates, this exam is aimed at information systems (IS) professionals who monitor, control and assess a company’s IT or business systems. This certificate requires five years of professional experience in the field.”
  • “Certified Information Security Manager: The leading credential for information security managers, the CISM certification is designed for people who design, build and manage information security programs. To qualify, you must have at least five years of IS experience and three years as a security manager.”
  • “Certified in Risk and Information Systems Control: The CRISC (pronounced SEE-risk) accredits professionals and project managers responsible for information security and its overall impact on the enterprise. It covers risk identification, risk assessment, risk response and mitigation, and risk control monitoring and reporting.”
  • “Certified in the Governance of Enterprise IT: The CGEIT demonstrates your understanding of enterprise IT governance principles and practices. It is one of the most sought-after certifications in IT, commanding some of the highest salaries.”
  • “Cybersecurity Nexus: In a time of constantly evolving cybersecurity threats, the CSX certification demonstrates that you are up-to-date on the most current security standards and risks.”

The article also notes the following certifications for security are valuable in today’s market:

  • “Certified Ethical Hacker: EC-Council offers several certification programs, and one of the most popular ones is the CEH. Holders of this specialize in penetration testing, which is why this IT certificate is often a prerequisite for positions like cyber forensics analyst, cybersecurity engineer and applications developer.”
  • “Certified Information Systems Security Professional: This is one of the most sought-after certifications in cybersecurity. Designed for experienced IT professionals, CISSP holders understand vulnerabilities in networked systems and create policies to safeguard systems and minimize risk.”
  • “Global Information Assurance Certifications: All about information security, the GIACs come in several categories: cyber defense; penetration testing; incident response and forensics; cybersecurity management, audit and legal proficiencies; developer; and industrial control systems. The highest level is the GIAC Security Expert (GSE).”

Some companies, including TCC, pay for professional development for employees, which makes earning a certification affordable, and a great way to expand your skill set, pave the way for advancement, and stand out from the crowd when looking for a new position.

To learn more about TCC please visit our website https://www.e-tcc.com/who-we-are.

 

Cloud Computing – Making the Move to AWS

Posted by Mike Boyle, TCC Director of Business Development, 317.625.2547

Everyone today is talking about cloud computing. The worldwide public cloud services market is forecast to grow by almost 27 percent in 2021, compared to 2020. The software-as-a-service market alone was expected to expand past the 150-billion-dollar revenue mark by the end of 2020.

https://www.statista.com/statistics/258718/market-growth-forecast-of-public-it-cloud-services-worldwide/#:~:text=The%20cloud%20system%20infrastructure%20services,single%20digit%20annual%20growth%20rates

Many organizations are asking what is the cloud and why would it be good for me? Simply put, cloud computing is computing based on the internet. In the past, people would run applications or programs from software downloaded on a physical computer or server in their building. Cloud computing allows people to access the same kinds of applications through the internet. When you post a photo on Instagram, you’re using cloud computing. Checking your bank balance on your phone? You’re in the cloud again.

Cloud computing is transforming businesses across industries and creating a paradigm shift by delivering hosted services through the internet with cost benefits and business innovation. The private sector is building on cloud computing’s myriad benefits, but government organizations have also aggressively begun to capitalize on them. Increasing financial constraints have deeply affected how agencies deploy their solutions. Agencies are pressed to seek optimized business models while measuring their performance and service deliveries more closely — hence their inclination towards shared services.

Cloud is fast becoming the new normal in both the private and public sector and organizations are moving to a cloud computing platform such as Amazon Web Services (AWS) because cloud computing increases efficiency, lowers the burden on the agency’s IT department, increases flexibility, and reduces overhead costs. But there are more benefits that you may not have considered. Here are several reasons that government agencies should move to the cloud:

  • Greater Flexibility

Cloud-based services such as AWS are ideal for organizations with growing or fluctuating bandwidth demands. If your needs increase it is easy to scale up your cloud capacity, drawing on the service’s remote servers, or if you need to scale down again, the flexibility is baked into the service. It is not surprising that CIOs and IT Directors rank “operational agility” as one of the main drivers for cloud adoption.

  • Improved Disaster Recovery

Organizations of all sizes should be investing in robust disaster recovery, but this is often more an ideal than the reality. Hosting systems and storing documents on the cloud provides a smart safeguard in case of an emergency. Man-made and natural disasters can damage equipment, shut off power, and impair critical IT functions. Supporting disaster recovery efforts is one of the important advantages of cloud computing for most organizations.

  • Automatic Software Updates

In cloud computing the servers are off-premise, and suppliers such as AWS take care of them for you and roll out regular software updates – including security updates – so you don’t have to worry about wasting time maintaining the system yourself. This leaves you free to focus on the things that matter, like taking care of your core business.

  • Boosts Cost Efficiency

Cloud computing reduces or eliminates the need for organizations to purchase equipment and build out and operate data centers. This presents a significant savings on hardware, facilities, utilities and other expenses required from traditional computing. Reducing the need for on-site servers, software and staff can also reduce the IT budget.

  • Increased Collaboration

Cloud-based workflow and file-sharing applications give dispersed teams of people the ability to work together easily and efficiently and improve document control. Staff can make real-time updates, see what other team members are doing and communicate effectively. This level of collaboration can speed up projects and improve customer service.

  • Improved Security

Lost laptops are an expensive business problem. Potentially greater than the loss of an expensive piece of equipment is the loss of the sensitive data it contains. Cloud computing gives you greater security when this occurs. Your data is stored in the cloud so you can access it no matter what happens to your machine. You can even remotely wipe data from a lost laptop, so it does not fall into the wrong hands.

  • Measurable Business Outcomes

According to the AWS website (https://aws.amazon.com/cloud-migration/) there are measurable business benefits from migrating to the cloud, illustrated below.

AWS

Making the Move

Moving to the cloud sounds like the right thing to do for your organization, but it also sounds pretty daunting. To satisfy the mandates for innovation and achieving a lower total cost of ownership, it is important that government agencies choose a cloud provider that fits their needs. Government, education, and nonprofit organizations face unique challenges to accomplish complex missions with limited resources. Public sector leaders engaged in true cloud computing projects overwhelmingly turn to the power and speed of Amazon Web Services (AWS) when they want to serve citizens more effectively, achieve scientific breakthroughs, reach broader constituents, and put more of their time and resources into their core missions.

Over 5,000 government agencies use AWS, because AWS understands the requirements U.S. government agencies have to balance economy and agility with security, compliance, and reliability. AWS has been among the first to solve government compliance challenges facing cloud computing and has consistently helped customers navigate procurement and policy issues related to adoption of cloud computing. AWS provides commercial cloud capability across all classification levels: Unclassified, Sensitive, Secret, and Top Secret making it possible to execute missions with a common set of tools, a constant flow of the latest technology, and the flexibility to rapidly scale with the mission.

 Ready to Take the Next Step?

Please contact Mike Boyle via email at  Mike.Boyle@e-tcc.com or by phone at 317.625.2547.

Staying Safe Online – Five Tips for Good Cybersecurity Hygiene

Stephen Palamara, TCC Director of Business Development

I recently read an article published on the National Cybersecurity Alliance Website that gave some good, practical advice for staying safe online, amid a surge in cyber-attacks and scams. https://staysafeonline.org/blog/scams-and-misinformation-challenges/

The article pointed out that cybercriminals are taking advantage of the COVID-19 pandemic to leverage this hot topic to spread misinformation and lure audiences into their schemes. Often these scams target vulnerable populations such as children or senior citizens.

The article states “Cyber scammers are spreading misinformation to initiate cyber scams through email, social media, and messaging applications. Tactics have become more nefarious and misleading than ever before.”

The reliance on digital connectivity increased over the past year due to more people working from home or being on lockdown.  To be able to work and enjoy the internet safely, the article provides the following five tips for better cybersecurity:

  1. “Use strong passphrases and a password manager”
  2. “Enable multi-factor authentication (also known as two-factor authentication) on all accounts that support it (email, banking, online shopping, etc.)”
  3. “Back-up and protect your sensitive data and personal identifiable information (PII). Follow the 3-2-1 rule: have 3 copies of your data, on two different media, with one copy stored off-site.”
  4. “Pay close attention to possible phishing emails, texts and phone calls (think before you click).”
  5. “Pay attention to security settings at both the user level and device level. For example, free public WiFi can be spoofed easily. Try to avoid connecting to public WiFi and use a hotspot or VPN instead.”

Installing reputable cybersecurity protections and taking care of cybersecurity hygiene will allow you to use the internet safely.

To learn more about TCC’s Security Services please visit our website https://www.e-tcc.com/security-services.

Government Agencies Can Protect Against Phishing Attacks

Mike Boyle, TCC Director of Business Development

According to a recent article on the State Tech Magazine website, last year government agencies accounted for 12.5% of all data breaches, making it the third most frequently targeted business sector. https://statetechmagazine.com/article/2021/05/employee-vulnerability-social-engineering-remains-key-threat-government

The article states that social engineering, especially phishing, is the most popular type of attack.  Social engineering attacks target individuals and try to get them to provide personal information to establish fake credentials, or to just give out the targeted information. This is usually in the form of sending generic messages to a large volume of people, hoping that some will disclose information or click on a malicious link.

With access to personal information about a government employee, the cybercriminal can easily spoof what appears to be a legitimate request to send sensitive information via email, as data moves between agencies or departments.  Or they can gain access to critical information because if the request looks valid, it is usually processed.

The article notes that some of the factors that make government systems vulnerable to this type of attack include the use of outdated legacy systems, high data volume, overly bureaucratic public processes, and inadequate government employee cybersecurity training.

The article points out that to proactively defend against phishing, a combination of policies, controls, and procedures must be in place.

Employee cybersecurity training is critical to preventing phishing attacks.  The article states “Inadequate government employee cybersecurity training makes the above more likely to happen. A 2020 IBM Security study found that only 38 percent of local and state employees in IT, security, education and emergency services departments have been given any training in ransomware prevention, including on the threat of social engineering and on basic security hygiene in the workplace.”

Because phishing attacks rely upon human error to be successful, ongoing cybersecurity training that alerts employees to the most current form of attack, and teaches them how to avoid becoming a victim, and disclosing critical information is critical to preventing attacks.

The article notes that strengthening agency internal audit systems can help expose vulnerabilities, and “data analytics, machine learning and artificial intelligence tools can help flag any irregularities that might signal an attack in progress.”

However, the article points out that if cybercriminals do not have access to government employee personal information, any phishing attack is less likely to be successful. “Although minimizing the digital footprint left by employees in the past isn’t easy, a good place to start is to ask staff to self-audit themselves on the internet. After searching for their names online, public servants may realize that their social media accounts are too revealing or that their personal information is listed on countless data broker sites.

While removing data from data broker sites is a tedious and at times complicated process, government agencies can take advantage of data broker removal services that automatically opt public servants out of such sites — and make sure they stay off them for good.”

These areas of vulnerability must be addressed to thwart the ever increasing risk of a cybersecurity attack. The article states “By cutting off ammunition for threat actors through employee personal information removal and deploying effective tools and training strategies, government departments can take back control of their cybersecurity.”

To find out more about TCC and our work with various government agencies please visit our website https://www.e-tcc.com/