Cybersecurity Archives - Ashton Education

Handling Stress as a Cybersecurity Professional

I don’t know about you, but if I were to ask my friends if their jobs are stressful, not a single one would tell me no. There would be varying degrees of stress and certain people would want to tell me full-on stories about a particular situation that got them there.

The point is that everyone feels stress and it’s important to better manage it for two reasons: 1) stress causes more health issues than anything else and 2) stress left unmanaged can lead to high dissatisfaction with work and life.

Cybersecurity professionals get more than their share of stress:

In cybersecurity, the stress levels regularly border on unmanageable even without a security incident. This leads to employee burnout, gaps in tasks and ultimately situations that get missed and cause mayhem for organizations and individuals. Therefore, keeping stress levels down in this kind of job is essential. Unfortunately, it’s not often something you’ll find in a cybersecurity training program.

Why is stress so high in the cybersecurity field? There are a number of reasons including:

the constant attacks from cybercriminals making for no down-time
demands to keep up with constant change (regulations, technologies, etc.)
fear of letting the team or organization down
not enough people on the team, management that just “doesn’t get it”
no acknowledgement when things go “right”, and so much more.

Because stress is universal, there are numerous techniques for stress management BUT in this blog post, we want to provide tools that work particularly well for those in a cybersecurity role.

Three great stress management techniques for cybersecurity professionals:

Create a support team within your team

You were hired to fill a specific need and despite the fact that you may have a similar background and education to other team members, your job titles and descriptions may be different (unless you’re in a larger organization). Because of that similarity in background and education and familiarity with your organization, you’re going to create your own support system. Some organizations call it cross-training. In reality, it’s planning for a future time-out.

Cybersecurity professionals are expected to be able to jump into action 24/7. It makes it hard to take a break even if it’s just to walk around, look at some trees or pet the dog. But, if someone on your team is cross-trained, you’re in the middle of tasks and you need 10 minutes to stop looking at monitors, you have back-up to help. In return you do the same for them when they need that quick moment to themself.

Taking frequent short breaks can be helpful in many ways including increasing mobility, changing mindset and improving restfulness. Another benefit is the comfort that comes from knowing you are working with a teammate to support each another.

Prioritize and leave the work at work

Prioritizing tasks allows you to feel confident in knowing what order things need to be done in and is the basis for ensuring proper time management (even when you are overwhelmed). Make your list before you step away from your desk each day and then transition into “not-work” mode.

This transition has become increasingly harder for those working from home – “I’ll just do that one more thing before bed” and you end up working three more hours. While cell phones and other technology keep people in work mode too often, you can set a ritual that signals the transition from work time to home time. Maybe it’s moving the coffee cup from your desk to the sink or closing the door. Establish a ritual that supports your need for time away from work.

Do things for you, regularly

Everyone knows they should exercise on a regular basis, but what about regularly doing things we really enjoy? If you like gardening, make a plan to do small things a few times a week or gift yourself a few hours on the weekend outside.

Since your job is in front of a screen, similar screen time isn’t a great idea. But, if you love playing video games and find it helps your mood, do it!

Make a list of activities you enjoy that are in varying lengths of time. Then, carve out some time, pick one of those tasks, tell yourself that you’re doing it to bring more pleasure and stress relief into your life and then get at it.

Stress management is a challenge and it seems that there are too many people forgetting to care for the most important thing in the world – themselves. Find ways to reduce your stress to make your work and life more enjoyable.

TechnoEdge Learning offers a wide variety of industry-leading certification training courses ranging from industry-standard CompTIA A+ certification to future-proof Network+ certification and comprehensive Security+ certification course.

The 4 People You Should Know in Cybersecurity

February 24, 2022/in Cybersecurity Ronda Payne /by Ronda Payne

There is so much leadership in the cybersecurity field and no shortage of influential people. That makes it hard to know who to pay serious attention to. In a growing a shifting sector, there are always people making massive differences.

While your Network+ training program instructor is DEFINITELY a person you should stay in touch with, there are others you are less likely to interact with in-person that you’ll want to follow on social media and get to know from a distance.

These are the people making changes in the industry. Not only are they leading the way in security, policy and exploration of cybersecurity, what they do is likely to be included in things like Security+ training and IT best practices.

Get to know our top 4 in cybersecurity:

Santha Subramoni, Tata Consultancy Services

It’s nice to lead the list with a woman who is paving the way for more women to get involved in cybersecurity. Santha is the Global Head of the Cybersecurity business unit with Tata which is a consultant-led IT services provider.

She has noted the ongoing pandemic as a critical time for resiliency testing (anticipate, withstand and recover from a cyber attack) as part of a cycle of improvement. Education is part of the answer in her opinion and although some of that may mean things like CySA+ training in the IT team, she’s really referring to everyone in the company practicing safe security habits and behaviours.

That being said, our guess is that she may recommend those new to the industry get as much education as possible, like A+ training for individuals looking to grow.

Charles Henderson, IBM X-Force

The Global Head of IBM’s X-Force, Charles and his team are leading the way in incident response, penetration testing, vulnerability processes and attack testing. He’s an advocate of vulnerability research, something many organizations could benefit from.

In an article about Tenable and IBM X-Force working together, Charles spoke about the need to fix Active Directory weaknesses to prevent attacks. He sees vulnerable and misconfigured Active Directories as the source of nearly every major cybersecurity attack currently.

Jordan Kendall, Starman Cybersecurity

It’s not often that a marketing and sales professional makes a who’s who list in cybersecurity leadership, but Jordan Kendall is a bit of an enigma. President of Starman Cybersecurity, his background is rich in digital solution operations and he understands the cybersecurity space thoroughly.

Now, with more than 30 years of experience, he believes in solving complex business issues through a transformational process. While this isn’t confined to cybersecurity, Starman Cybersecurity is a group of professionals, like Jordan, who have exceptional track records in the space. The firm is based in delivering the cybersecurity talent organizations need to bridge the current gap in the workforce due to the exceptional needs in the market.

John McClurg, Blackberry

John McClurg is almost too hard to accept as being real, he seems like a spy novel character. Formerly counter-intelligence with the FBI and CIA, he’s now the Senior VP and CISO at Blackberry. He talks about cybersecurity globally and introduces the options of machine learning and AI to help identify, address and mitigate the challenges.

He notes that cyber criminals are becoming just as savvy about their business as legitimate operations. They connect and share tools to create cost-savings and more serious threats. As they form partnerships to make them more powerful, John suggests that the security community needs to do the same – come together and share information in the face of the challenges.

Getting to know the leaders in cybersecurity and what they are talking about can be greatly beneficial to understanding the industry and knowing what to watch for. While it won’t always lead to in-person connections, it will lead to greater knowledge.

What is the Metaverse and Why Cybersecurity Experts are Concerned

January 24, 2022/in Cybersecurity Lindsay McKay /by Lindsay McKay

At this point, we have all heard of the so-called metaverse, but for many of us, it is hard to understand what it really entails and what Mark Zuckerberg’s goal is. But even without any of us actually experiencing it, there are many experts who are already throwing their hands up expressing their concerns about not only the privacy of users’ data but also the fact that it is Facebook running the show – a company that has already shown their lack of concern for the privacy of their users and already has everything they could know about us. To help us all, I will give a general explanation of what the metaverse is supposed to be, explicit reasons why experts are concerned, and how to educate yourself on all cybersecurity through online IT training.

The Metaverse

The term ‘metaverse’ was first widely seen in Neal Stephenson’s 1992 novel Snow Crash where it is described as:

An idealized immersive successor of the internet – a virtual space where billions of users will move, interact, and operate across myriad different but interoperable worlds and situations, always retaining their avatar identities, virtual possessions, and digital currencies.

This was all fictional and the idea was used in many other works of fiction such as Ready Player One. The metaverse that Zuckerberg is promoting can be thought of as an internet you’ll be “walking” through via connected headsets of glasses. If you have experienced VR using an Oculus Rift or HTC Vive headset you understand what this could be, to a point and only from a gaming perspective. The metaverse also wants to combine the technologies of virtual reality and augmented reality. A major difference between VR gaming and the metaverse is that you are yourself in the metaverse, you are a digital rendering of you experiencing a mirror world of the physical world as we know it, or you can experience an entirely invented world. Eerie right? Your digital twin and the mirror world will be a skeuomorphic design, which means that the virtual objects will be made to closely resemble real-world ones but not exactly – sounds a little uncanny valley to me. To help things out, you can customize your avatar to resemble a cartoon or appear fantastical as Fortnite skins.

Facebook sees us working, socializing, shopping, and living in the metaverse. This is where NFTs are supposedly going to thrive as well. While it may sound fun to experience a fantastical world as your digital twin, or to work remotely but also virtually be in the office with your peers for meetings, there are many concerns that cybersecurity and IT experts have expressed.

Why Experts Are Concerned

Looking at the metaverse we may simply think that the only hardware it uses is headsets or glasses, but just like all IoT devices it is connected to much more than that. The biggest issue experts see is the security of your data and privacy. First, we can look at the legislation issue, each country has different rules about data storage and data tracking, because again everything created on the metaverse will have to be stored someone it is not just stored in your device. If people are browsing and purchasing items where that data is stored and where the transaction goes through is a gray area.

“Although they don’t exist in ‘reality’ and are supposed to be part of a decentralized chain of custody, they remain linked to an individual’s real-world wealth and identity,” says Ian McShane, field chief technology officer at Minnesota-based cybersecurity firm Arctic Wolf. “So naturally I have immediate concerns and questions about security and privacy.”

Meta is building its own hardware and operating system for the metaverse, meaning they do not have to play by the rules of other companies such as Apple or Google. Did you know Facebook ran campaigns against Apple’s decision to allow people to opt-out of some ad tracking on their smartphones? Facebook doesn’t want to make that mistake again says Rolf Illenberger, the CEO of VRdirect a company that makes software for VR. He goes on to say that “Mark Zuckerberg wants to make sure that in the new technology era, there’s no one between him and the customers.”

Another concern is that the technology behind the metaverse could have unprecedented access to our brains and our homes. While currently none of the Oculus devices come with eye-tracking technology, newer models are being developed that do. This could give Meta the ability to give advertisers information on where our eyes are focused to help them better measure our attention, target us with ads and compel us to purchase their products. Also, with the idea of working life being incorporated into the metaverse, this could give employers unlimited access to eye-tracking and facial movements which could lead them to determine really anything they want, from deciding whether we’re “paying enough attention” during virtual presentations at work, or even to try to measure our cognitive load during job interviews.

These concerns, plus all the normal cybersecurity concerns we face on a daily basis, is why so many experts are wary of the development of Zuckerberg’s ‘metaverse’. While the metaverse may look interesting, it is important to take a step back and look at the implications.

Educate Yourself

With technology being so prominent and intertwining with our lives more and more each day, it is important that we are all aware of cybersecurity best practices that can be learned through online courses including CompTIA’s A+ training and CompTIA’s Fundamentals+ training. To get even more knowledge look into beginner to intermediate certifications such as CompTIA network+ certification, CompTIA security+ certification, and Arcitura’s Certified Cybersecurity Specialist. Cybersecurity training is not only beneficial in your everyday life, but it is also helpful when you want to understand what is happening in the technology space and how that can affect you.

Why Risk Management is Key to Cybersecurity

January 5, 2022/in Cybersecurity Ronda Payne /by Ronda Payne

Organizations are exposed to a certain amount of risk simply by being in business. Consider COVID-19 and the various resulting lock-downs and supply-chain issues. While some businesses may have had a plan for short-term shutdowns in their risk management plans, it is unlikely many had a plan for dealing with a pandemic.

Going forward, you can bet that most companies will have something in their risk management planning around pandemic protocols and other government-enforced mandates that impact the flow of goods, employees, sales and more.

Cybersecurity and Risk Management

Equally important to a risk management plan is a section devoted to cybersecurity. If a company uses even the most basic elements of the internet, employees sending email from personal accounts and a security system managed through a cloud-based platform, they have a cybersecurity risk. As interaction and involvement with electronic devices goes up, so too does the company’s risk of cybersecurity attacks.

Having a risk management plan specific to cybersecurity allows a company to prioritize its defense tactics based on the negative impacts they may be exposed to. Risk analysis is often based upon the generic risk formula of:

risk = consequence of attack x probability of attack

While there are no hard and fast rules for quantifying the consequences and probability of various cybersecurity elements to arrive at the level of risk, it is easy enough to consider what is more likely to happen and how big the consequences can be when looking at an overall list of risks and considering damages currently seen in cybersecurity breaches. However, it is often very hard to come up with a complete list of risks without some form of training that guides the process of exploring and creating the assessment framework.

Taking cybersecurity courses and IT training courses is beneficial, but we recommend enrolling in courses specific to risk management that include elements of cybersecurity within them. Consider the Professional Evaluation and Certification Board (PECB) courses with a specific focus on the ISO 31001 Risk Manager course.

What is ISO 31001?

You have likely heard of various ISO programs, each with a different focus such as operational excellence or environmental management. The International Organization for Standardization (ISO) 31000 series is a family of standards designed around risk management practices. The series looks at the organization as a whole and considers both risks that have a negative outcome and uncertainties that can create a positive. It includes standards for risk assessment, implementation of a risk management plan, guidelines around risk management, common risk management goals and more.

As part of the ISO 31000 family, the ISO 31001 Risk Manager course is the basis of creating a risk management audit framework to be applied within an organization. By making use of the ISO 31000 standards, this framework gives individuals the ability to initiate the risk management process from identification through treatment, monitoring and review. Additionally, taking the PECB ISO 31001 Risk Manager course gives a student the knowledge, tools and training needed to succeed on the corresponding exam and earn their certification.

The Benefits PECB ISO 31000 Risk Manager Certification

There are two types of ISO 31000 Risk Manager certifications. The PECB Certified ISO 31000 Provisional Risk Manager certification requires no professional or risk management experience. The PECB Certified ISO 31000 Risk Manager requires two years of professional work experience with a minimum of one year in risk management and a minimum of 200 hours of risk management activities. Having these certifications makes you not only a valuable asset to your organization, it also makes you more employable in other risk manager roles. With certification, you prove you have the knowledge of ISO 31000 and know how to apply it within an organization.

The ability to apply a risk management framework is not limited to any particular industry because you will be looking at the risks that exist for an organization based on what they do and how they do it. Therefore, with this certification, you can make the shift to another employer and immediately make a valuable contribution without any additional training.

Dealing with Uncertainty in the Digital Sphere

December 9, 2021/in Cybersecurity CJ McGillivray /by CJ McGillivray

How can you effectively tolerate change, uncertainty and unknown factors in the world of business? We all know that uncertainty is commonplace, particularly when businesses are undergoing digital transformation and must radically update their cybersecurity defences in response to the growing needs of their clientele. Read on to learn about the nature of uncertainty in cybersecurity, why this phenomenon occurs, and what you can personally do about it.

Understanding Uncertainty

Even when we know that a cyber threat is real, sometimes we are paralyzed by doubt and confusion. In an academic article on cybersecurity and unbearable uncertainty, researchers Karen Renaud and George Weir describe how business uncertainty can often lead to inaction and increased cyber vulnerability. The pair found that many small businesses are concerned about cybersecurity, but “very few implement even a small subset of the available security precautions.” Why do they do this? So many small business owners do not know where to start. They are unsure what they should do to protect themselves and their assets. Renaud and Weir argue that business leaders are troubled by “the uncertainty caused by the wealth of conflicting and confusing online advice.” With a wealth of information at our fingertips, it can be hard to know which online sources to trust or how to build your educational foundation.

Finding a Solution

So… what is the solution to our cybersecurity issue? How can we replace uncertainty with action? While it is impossible to eliminate all uncertainty, qualified cybersecurity professionals can guide small businesses to better protect themselves. Business leaders can also educate themselves about ongoing cybersecurity threats so they are better equipped for the challenge. You can be part of this solution by prioritizing your continuing education and committing to ongoing cybersecurity training.

If you are brand new to the industry, consider signing up for foundational cybersecurity courses such as the CompTIA A+ certification training course. Respected by hiring managers around the world, this introductory course covers baseline security skills, configuring operating systems, information technology infrastructure, and addressing core service and support challenges for businesses. You will also learn about the best practices for data protection and recovery methods for when something goes wrong. By choosing a reputable organization such as CompTIA, you can rest easy knowing that your educational foundation will be solid.

Another excellent option for introductory education is the Arcitura Certified Cybersecurity Specialist training course. Through Arcitura, industry newcomers can learn about digital forensics, cyber intelligence, threat management, incident response and data recovery. The introductory modules also cover a broad range of practical topics including how to address cyber fraud, how to use common cybersecurity tools and mechanisms, and how to analyze the impacts on people, business processes and technology.

Moving Forward

Working professionals and business owners can eliminate some of the uncertainty around cybersecurity by ensuring they are informed and equipped with the necessary foundational knowledge to protect their assets. Keep in mind that getting the right cybersecurity certifications and being adaptable to change can make or break your success in the digital sphere. No matter your focus, the roadmap to your future in cybersecurity should absolutely include ongoing education.

What You Should Know About Cybersecurity and the Cloud

November 2, 2021/in Cybersecurity Marla Ovenden-Cooper /by Marla Ovenden-Cooper

As of 2020, the cloud computing market reached 371.4 billion dollars worldwide, with 94% of enterprises using the cloud in at least some aspects of their business. More and more medium and small-sized businesses have migrated to the cloud with the Covid 19 pandemic accelerating the adoption of the cloud. As time moves on, some of these businesses that initially felt the need to quickly adjust are now asking themselves, “Did I make the right choice? Or do I want to continue to use the cloud?” We thought we would help out these decision-makers by sharing some of the risks, benefits and tips to securing the cloud.

Risks of Doing Business on the Cloud

One of the greatest concerns when evaluating the use of various cloud services is confidentiality. Specifically, unauthorized access of company data and client information. Since third-party providers have access to your data, the risk of insider threats is a consideration. Unauthorized access also includes external cyberthreats. These cyberthreats take advantage of any vulnerabilities and security defects in the cloud. Finally, when considering transitioning to the cloud, disaster recovery should be considered. Migration to the cloud results in loss of control over disaster recovery. The speed and ability to respond to a disaster are limited by your cloud service provider.

Why Use the Cloud?

Since using the cloud may increase risks, why would a business want to use it? Businesses need to use the cloud in many cases to compete and operate efficiently. The increase in work from home and project sharing makes the remote accessibility of the cloud appealing. The ability to quickly scale up or down allows for the flexibility many businesses require. Many cloud providers include automatic updates to the most up to date software and servers, which means one less item for the IT team to manage. Believe it or not, security may also be one benefit to consider when migrating to the cloud. Depending on your business, size and your security model, you may find your cloud service has greater security than what you currently have in place. For example, some cloud providers backup your data at different data centres, ensuring that if your original data is lost or corrupted then you have access to the backup data. Of course one of the greatest influencers when considering business decisions is managing costs. Some small and medium-sized businesses will find renting added server space may be more economical as they can adjust to peak times and lower revenue making times in their business.

Tips to Securing the Cloud

Use multi-factor authentication for all usernames and passwords. Stolen credentials is one of the main ways that hackers are able to gain access to your company data.
Ensure your cloud system uses encryption.
Minimize user access. Users generally do not need access to every part of your cloud infrastructure. Only providing access to the relevant content for each user ensures that there are less chances of user credential theft affecting cloud security.
Backup your cloud system. Backups may be done directly on the cloud, but you may also do it manually on your own server, a secondary cloud server or a portable device like a portable hard drive.
Ensure your team is trained on cloud security. Cybersecurity training for cloud computing such as the Arcitura Cloud Certified Technology Professional and CompTIA Cloud+ include training that focus on understanding and comparing cloud platforms and cloud security from a vendor-neutral perspective.
Test your system using a cloud penetration tester. Penetration testing, or pentesting, will help to identify risks, gaps and vulnerabilities in your cloud infrastructure.
Consider using an MSP provider to help manage your cloud services if your resources are limited. Ensure that your MSP provider has staff that are trained and regularly take cybersecurity courses to keep up to date on the current threat landscape.
Ensure your onboarding and off-boarding processes address cloud security. New employees should be granted only the access that is required. Off-boarding processes should include restricting access immediately to protect against disgruntled past employees.
Read all privacy policies when signing up for cloud services. You should also immediately set up your privacy settings to reflect your company needs.
Use strong passwords. Password management is something that cybersecurity professionals have been raising awareness about for years. Passwords need to be unique, have numbers and letters and are longer than 15 characters. To do this effectively, many use a passphrase or password manager to help them remember.

If you are a decision-maker and want to learn more about the cloud, but don’t feel you have the IT skills for some of the more advanced courses, you could take the CompTIA Cloud Essentials+ course. This course will help you to understand the basics of the cloud and provide insight into questions and considerations when considering your cloud or multi-cloud strategy.