Tuesday, 16 December 2014

Top 5 MCSA: Windows Server 2012 revision resources you could be missing out on


As well as qualifying you to take on the role of computer systems administrator and network specialist, the MCSA: Windows Server 2012 R2 cert also opens up your progression through to the MCSE certifications.

It’s the cornerstone certification that proves you know what you’re doing when it comes to the Windows server environment. Specifically, it’s your first step towards earning an MCSE: Server Infrastructure or MCSE: Desktop Infrastructure certification, advanced and specialised certs that really set you apart as a high level IT professional . Find out which MCSE certification suits your role here.

To get the MCSA: Windows Server 2012 certification you’ll need to pass three exams:

  • Exam 70-410: Installing and Configuring Windows Server 2012
  • Exam 70-411: Administering Windows Server 2012
  •  Exam 70-412: Configuring Advanced Windows Server 2012 Services

And to give you the best start possible in these tough exams, we’ve compiled some of the best resources to help you get this career boosting qualification.


1. 90 Days to MCSA


Microsoft wants to skyrocket your IT career and their 90 days to MCSA project will do just that.
3 one-hour videos, covering all 3 exams and presented by Microsoft certified trainers form the meat of the content here. But don’t approach these with the idea that they are your only revision tool. They are by no means all-encompassing and you’ll certainly have to read around to get the broader knowledge you need.

However, these resources are great. As they are created by Microsoft, you can expect the information to be accurate and reliable. Plus, the presenters are certified Microsoft trainers, so they know what they’re talking about.



Each video is also equipped with its own mini-forum where students can discuss their revision, examination and technology questions. These are very active forums too. Just a cursory glance shows that this is an active and participatory forum with official moderators and an active user base. If you have any nagging questions, about one of the three exams, this is the place to go.

That’s not all. Each exam is also accompanied by an individual wiki page. On it, you’ll find detailed curriculum relevant to each of the three exams, including links to the exhaustive Microsoft TechNet library, in which you’ll find even more information.

You’ll also find handy whitepapers, detailing individual features and functions in great depth. This will help get you the in-depth knowledge you need to get the MCSA: Windows Server 2012 certification. 

As some of this wiki is contributed by members of the community, Microsoft make it clear that they do not provide any endorsement on third party resources.


2. Microsoft Virtual Academy


Microsoft provides some high quality and varied Microsoft Windows Server 2012 R2 courses on their Virtual Academy.  You’ll find 31 courses including topics like virtualisation features, efficient networking management and new storage capabilities.
















The courses themselves are well produced 20-30 minute videos presented by Microsoft evangelists,
experts well-experienced in their chosen technologies. These videos can also be downloaded in both high and medium quality – we recommend getting all of them onto your tablet or laptop for a quick revision fix whilst on the commute or elsewhere.

Microsoft complements their Virtual Academy with a support forum. If you’re struggling with something, just ask and one of the official forum moderators is sure to answer.


3.  Mastering Windows Server 2012 R2 – ISBN: 978-1118289426


Before you take on training or start revising, make sure you become familiar with the Windows 8 / Server 2012 R2 interface. Without this prior basic knowledge, you will undoubtedly struggle on training courses and it will make your revision hard-going. Luckily, Mastering Windows Server 2012 is one way of getting up-to-speed.

Even in this age of virtual academies and video tutorials, you can never underestimate the power of a good book.  This one comes highly praised with a 4.5 star rating on Amazon (out of 37 total reviews) and glowing recommendations from our very own Firebrand Windows Server 2012 instructors.

This book gets you up to speed on the new Windows Server 2012 R2 features like Hyper-V and Storage spaces and also includes real-world scenarios to put them in perspective. But don’t think it’s only about the new stuff; this book is designed to cover every aspect of Windows Server 2012 R2 technology.

Its’ been created by Mark Minasi, a highly regarded instructor and author, alongside a team of Windows server experts led by the equally prolific Kevin Greene. Minasi is well-known for his straightforward approach to writing and his ability to make even the most complicated technologies easily understandable.

You can find this great book in paperback and kindle on Amazon for £26.99 (at the time of writing).


4. MCSA Exam study guides 70-410 / 70-411 / 70-422 by Keith Mayer


To help you prepare for your three Server 2012 R2 exams, Keith Mayer, Microsoft senior technical evangelist, has released three comprehensive study guides packed full of useful resources.
Each study guide includes hands-on exercises and resources to build your confidence with the updated R2 exam topics. Keith has over 20 years of experience and it shows. Each of these three guides contains everything you need to get up to speed with all the changes made to the Windows Server 2012 in the past year.

Plus, every study guide is brimming with links to videos, downloadable exam objectives and step-by-step tutorials. This is a collection of resources and industry insight that only a seriously experienced Microsoft technologist could compile.

Check the exam guides out here:


5. Firebrand Learn


Firebrand learn gives you access to a range of free digital learning resources like: Firebrand Official Course Material, practice tests and exercises.

As part Learn, we’ve uploaded Firebrand’s entire MCSA: Windows Server 2012 R2 course material online. It’s available for free, for everyone.

This resource was compiled by our Firebrand Instructors, professional consultants who know the material inside out.

Access your Microsoft MCSA: Windows Server 2012 courseware instantly on Firebrand Learn.

Some extra tips

Before you take on the MCSA: Windows Server 2012 R2 exams, we strongly recommend you get hands-on experience with the software itself. It’s not enough to just get ‘book-smart.’ See if you can get Windows 8 Pro or Enterprise on your PC and use Client Hyper-V.

Additionally, if you happen to have an extra computer, download Hyper-V Sever 2012 R2 and use this to build your lab.

Thirdly, you can try out an Azure trial – here’s a guide for that. But if you don’t have the time to build your own lab, you can get unlimited lab access during your Windows Server 2012 R2 course with Firebrand.

And lastly, don’t underestimate the exams. You can never revise too much!

Thursday, 27 November 2014

How the new Sony hack proves security isn’t taken seriously


Sony Pictures was crippled this week when cybercriminals forced the shutdown of their internal systems.

Imagine getting into work on Monday morning, booting-up your PC and being greeted with this:


It feels like something out of a cheesy 90’s spy-thriller but this is the reality that Sony Pictures employees had to deal with on Monday…and are still dealing with 4 days later.

Yes, Sony’s internal network had become the next victim of cybercrime in this recent spate of hacking. It’s a clear message for organisations: invest in your cybersecurity or this could happen to you.

Warning messages threatening to release data ‘secrets’, if undisclosed demands were not met, appeared on all internal computers, preventing login. The message also displayed ‘#GOP’ – pointing to a group named Guardians of Peace.

As of Thursday morning, the network remains down on many Sony offices and according to information reportedly shared by employees, it could be down for weeks.

Hackers also targeted Twitter accounts associated with Sony Pictures, leaving the same message and calling out Sony Pictures CEO:
























You, the criminals including Michael Lynton will surely go to hell. Nobody can help you.

If that wasn’t enough, the digital image also showed Michael Lynton’s head, edited into some form of Night Of The Living Dead landscape. These hackers clearly want to capitalise on the fear they can strike into the world’s biggest businesses.

One reddit user, posted a copy of a message allegedly displayed on the hacked network. The redditor explained, “I used to work for Sony Pictures. My friend still works there and sent me this. It's on every computer all over Sony Pictures nationwide.”

The post explained how the public could gain access to the 217.6mb .ZIP file, allegedly containing lists pulled from the organisations internal network.: “These two files are the lists of secret data we have acquired from SPE,” and that “Anyone who needs the data, send an email titled To the Guardians of Peace to the following email addresses.” A list of e-mail addresses attached to anonymous email services like Yopmail and Disgard.email followed.

Reddit users jumped at the opportunity to scour the allegedly leaked filed. A thread on the breach claims that the .ZIP file contains passwords of Sony employees, copies of passports of actors associated with Sony films and masses of Outlook archival data.

How Sony responded

In the typical damage-mitigating style of big companies experiencing big problems, Sony issued a statement saying the firm is investigating the ‘IT matter.’
Well that’s a relief.

Hack me once, shame on you

Sony is no stranger to being hacked. The infamous PlayStation Network hack of 2011, in which 77 million personal details were stolen, resulted in complete outage of the service for 24 days.
At the time it was one of the largest data breaches in history and remains a black mark on the Japanese company’s reputation.

As recently as August 2014 we watched as another major attack, once again, befell the PlayStation network. The service was forced offline once more, though this time for a single day.

Could your business survive a hacking attack?

Clearly, Sony has failed to invest sufficiently in their cybersecurity and organisations must learn from their costly mistakes.

Organisations need to begin investing in professionals with the skills necessary to prevent intrusions like Sony’s from ever happening.

Qualifications like EC-Council’s Certified Ethical Hacker (CEH) are valuable to keep organisations secure. By employing or training professionals and helping them to achieve certifications like the CEH, businesses can proactively defend and prevent these crippling attacks.

Ethical hackers can conduct staged penetration tests against your business – will your defences hold up against a real hacker? Either way, you’ll get real insight into how you can improve your security and protect your organisations valuable data. After all, the techniques that Ethical hackers use are identical to those employed by cybercriminals.

The need for certified ethical hackers is real and with every data breach this point is hammered home.
20% of small and medium sized businesses have been targeted by cybercriminals in the past year, costing the global economy $500 billion annually. And it’s getting worse: reports already predict an increase in cybercrime next year.

In fact, with more advanced hacking tools, we can expect more targeted attacks on businesses small and large.

Sony’s latest breach is a strong message to businesses: invest in cybersecurity or face the consequences.

Tuesday, 18 November 2014

Big Data: A big security challenge



By Debra Littlejohn Shinder

Big Data – the collection of large and complex sets of data that include both structure and unstructured information – is widely touted as one of the most important current trends in computing, along with Bring Your Own Device/mobility and of course, the cloud. In fact, the convergence of these technologies is seen by many as the top IT challenges of this decade. 

Much has been said and written about the security implications of BYOD, mobile devices and cloud services, but the security aspects of big data don’t seem to get quite as much attention. This is true even though companies are accumulating and analyzing huge amounts of information – not just terabytes, but petabytes – and some of it could cause big problems if it fell into the wrong hands. 

Image courtesy of Renjith Krishnan at FreeDigitalPhotos.net
After all, the real point of collecting such massive amounts of data is not just to be a data hoarder; the objective is to subject it to analytics that can provide the company’s decision-makers with insights into aspects of their business that can have an impact on the organization’s efficiency, reputation and bottom line. But we all know that information that can be used for good can also be used for nefarious purposes, and if those business insights became public and/or were revealed to competitors, the impact on the company could be very negative indeed.

The security challenge of big data is complicated by another of those hot trends we mentioned above; many companies don’t have the storage capacity on premises to handle the amounts of data involved, so they store all that data in the cloud. Some do so in the mistaken believe that turning their data over to a cloud storage provider means they also get to hand off all of the responsibility for securing that data. 

For some companies, this might even be a reason for the decision to store the data in the cloud in the first place. You could argue that large cloud providers have far more resources to put into securing the data than your organization does. Cloud data centers are heavily guarded fortresses that employ high dollar physical and technological security mechanisms. 

Image courtesy of Stuart Miles at FreeDigitalPhotos.net
This line of reasoning makes sense – but the cloud shouldn’t be an excuse to abdicate your ultimate responsibility for the protection of your sensitive information. If there is a breach, your customers will blame you, not the cloud provider, because you are the one to whom they entrusted their information. This does double if you’re doing business in a regulated industry – financial, healthcare, a publicly traded corporation, a retail business that processes payment cards, etc. You won’t be able to pass the buck if you’re found to be out of compliance or in violation of standards. 

As with information security in general, the key to securing big data is to take a multi-layered approach. One important element in protecting the huge quantity of data that often contains bits and pieces of personal information about many individuals is de-identification – the separation of identifying information from the rest of the information pertaining to a person. Unfortunately, the counterpart to de-identification is re-identification, the art and science of putting all those pieces back together to discern identities from the de-identified data. 

In a report last summer, Gartner concluded that over 80 percent of organizations don’t have a consolidated data security policy across silos, and that in order to prevent breaches, they need to take a more data-centric approach to security. 

Of course, many of the security concerns and solutions that apply to big data are the same ones that apply to protecting any sensitive data. However, one thing that makes big data especially challenging is that it often passes through many more different systems and applications in the process of turning all that unstructured mess into useful information. 

Companies may use applications and storage methods for which security was not a design priority, so that they have to tack on security solutions after the fact. Since much of big data is unstructured, it’s often stored in non-relational databases such as NoSQL, which were not built with security in mind. Traditional firewalls and other security solutions weren’t designed to handle distributed computing that is at the heart of big data. Automated moving of data between tiers in a multi-tiered storage system can make it difficult to keep track of where the data is physically located, which poses a security issue.

Close attention to “middleware” security mechanisms, extensive and accurate logging of data tracking, and real-time monitoring are essential components of a security strategy that encompasses the challenges of big data.

You can find more information about securing data in the cloud here.  

Author Profile

Debra Littlejohn Shinder, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security.

She is also a tech editor, developmental editor and contributor to over 20 additional books. Her articles are regularly published on TechRepublic's TechProGuild Web site and WindowSecurity.com, and has appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine.

Monday, 17 November 2014

PRINCE2 vs. PMP - which certification should you choose?


PRINCE2 and PMP are both well-known and respected project management certifications. But it’s not always easy to know which one to achieve. And whilst they’ll both give your project management skills a boost, what’s the use if you can’t apply your new knowledge in the workplace?

Let’s pit these two certifications against each other and take a look at what they can do to boost your career.

Introducing PRINCE2 & PMP

PRINCE2 - Projects in Controlled Environments

Originally developed by the UK’s Office of Government Commerce, it is now regarded as the de-facto standard for project management in the country. It also exerts a visible influence across Europe and Australia.

With over a million total PRINCE2 exams taken, it’s also the most popular project management methodology in the world.

According to arras People’s 2013 UK Project Management Benchmark, the PRINCE2 is held by 63% of all project management professionals.


PMP Project Management Professional

PMP is built around PMI’s Project Management Body of Knowledge (PMBoK). Administered and created in the USA, the PMP has become the primary project management certification for North America.

Despite being less known in Europe than PRINCE2, it’s certainly not unknown and is increasingly gaining in popularity.

According to arras People’s 2013 UK Project Management Benchmark, the PMP is held by 9% of all project management professionals.


What do these certs cover?

PRINCE2

There are two levels of certification within the PRINCE2: Foundation and Practitioner. You’ll have to pass both to become a registered PRINCE2 practitioner.

PRINCE2 is a project management methodology that covers the management, control and organisation of a project. You’ll learn a flexible and adaptable framework that suits a wide variety of different projects.

This certification follows a sophisticated and clearly defined methodology that outlines detailed steps and processes that your project needs to achieve success in a controlled environment.

The well-laid out and standard approach that PRINCE2 uses is designed to be as generic as possible. As a result, the PRINCE2 processes are recommended for just about any kind of project.

PRINCE2 also helps to eliminate ambiguity by laying out clear roles and responsibilities of the team including: project executive, project manager, senior supplier, financier and senior user.

You don’t need previous project management experience to achieve this qualification and even experienced professionals can benefit from the PRINCE2.

PMP

Unlike the PRINCE2, the PMP is structured around the PMBoK and is a project management standard. You’ll become familiar with PMBoK processes and accepted project management techniques to enable you to evaluate your own projects.

It is therefore more of a theoretical and referential guide to assist you in the management of projects.
This certification evaluates your advanced knowledge of project management. As such you are expected to have existing project management experience.

To even apply for the PMP you’ll need at least 5 years of project management experience with 7,500 hours leading and directing projects. You’ll also need 35 hours of project management education (which can actually be gained by completing a PRINCE2 course).


How long will your certification last?

PRINCE2

As a Registered PRINCE2 Practitioner you must be be re-registered within 3-5 calendar years of your original certification. Failure to pass the Re-Registration examination after five calendar years as a Registered Practitioner will result in withdrawal of your registered status.

PMP

After achieving your PMP qualification you must participate in PMI’s Continuiing Certification Requirements (CCR) program to maintain your active certification status.

During the three-year cycle, you must attain 60 professional development units (PDUs). Once your three-year cycle is up, it starts all over again.

You’ll be obtaining PDUs by engaging in project management activities related to your PMP certification. PDUs are split into two categories: Education PDU and Giving Back to the Profession PDU. For more information on how you obtain PDUs, take a look at PMI’s official PMP handbook.


Industry needs and cultural differences

We recommend you thoroughly research your project management certification choices depending on the industry you work, or want to work in. Every industry will treat these certifications differently - you don’t want to achieve a cert which might prove to be less valuable than its counterpart.

When job-hunting in the UK and the EU as a whole, we recommend first taking the PRINCE2. As we mentioned earlier the PRINCE2 is immensely popular - especially in the UK where it is favoured by government.


Benefits – the bottom line

PRINCE2

1. Possibly the best introduction to project management

With its lack of prerequisites, PRINCE2 provides the ideal entry-level qualification for a career in project management. With a clear methodology, the PRINCE2 can take beginners and quickly transform them into educated project managers.

2. Improved career and employment prospects (in the UK and EU)

The PRINCE2 can improve your career prospects across the UK and EU. Due to its popularity in Europe and strong government ties, it is viewed favourably by employers.

 3. A standardised and complete methodology

The PRINCE2 provides a clear methodology that you can continually apply to almost any project. Plus, by using the same approach across every project, you’ll eliminate confusion through the use of common procedures, documents and processes.

PMP

1. Improved salary prospects

The PMP demands tougher prerequisites. It’s harder to achieve and as a result it commands higher salaries.

PMI Project Management Professional jobs display an average advertised salary of £60,000 according to data from ITJobsWatch.co.uk

2. You’ll have up-to-date skills

Unlike PRINCE2, PMP demands commitment to your project management career. As a result of the Continuing Certification Requirements, you’ll need to stay active within the project management community. This means, whether you want to or not, you’ll be continually sharpening your skills. Make no mistake; employers will be aware of this factor.

3. PMI Membership

When you obtain your PMP certification, you can gain PMI Membership. As a PMI member you’ll get exclusive access to publications, networking opportunities and professional development opportunities. You’ll be able to easily connect with peers, grow your career using an expansive collection of knowledge resources and get access to a premium job board for project management.


So who won?

The smoke has cleared and incredibly, both project management certifications are still standing.

This guy just loves project management
morguefile / Ambro
Our project management instructor argues that, in a perfect world, you would have both certifications.  PRINCE2 provides a tried-and-true methodology whilst PMP provides the skills and knowledge required by the Project Manager to carry a project through to completion.

Achieve both and you’ll possess an encompassing and rounded approach to project management.

We recommend you thoroughly research both certifications, depending on what your long-term goals are, which side of the world you’ll be working from and in what industry.

Find out more about PMP and PRINCE2 here.

Related Articles:

Friday, 14 November 2014

How Microsoft is changing the face of IT education




Microsoft CEO, Satya Nadella, spoke at Future Decoded this week about the success and worldwide adoption of the Youthspark apprenticeship program.

Amongst talk of Microsoft’s cloud-first, mobile-first ethos, Satya also described Microsoft’s vision for the future of education.

Satya Nadella spoke about the importance of computer science being within STEM (Science, Technology, English and Maths) education.

Microsoft’s aim is to make computer science and IT education available to all. ‘The role of technology is to empower people,’ Satya states – he views IT education as something not to be restricted to the ‘elite.’

A commitment to IT education

So far Microsoft’s global apprenticeship program, YouthSpark has enabled over 6000 IT-passionate young people across the UK to find jobs as apprentices.

Through 30+ programs, Microsoft YouthSpark has created new opportunities for more than 227 million young people in over 100 countries around the world.

‘To me that’s the kind of empowerment, at large, that will transform societies and economies.’ – Satya Nadella

Announced in 2012, this company-wide initiative aims to create opportunities for 300 million youth by 2015. And with more than 75 million unemployed young people around the world, it’s definitely a worthwhile cause.  

The UK needs more digital skills

Microsoft isn’t the only company aware of this need for IT education amongst young people. There’s an undeniable lack of digitally skilled workers in the UK. In fact the UK will need another 750,000 digital-savvy workers by 2017, according to research from O2.

That’s a massive deficit but consider this:  Telef√≥nica’s UK CEO Ronan Dunne, speaking at Future Decoded, explained how NEETS (Not in Education, Employment or Training) are actually more digitally literate than the UK’s existing workforce.

The IT-savvy professionals we need are out there, they just need programs like YouthSpark to prove that a career in IT is one worth pursuing.

Know a young person passionate about IT?

Firebrand is partnered with Microsoft as part of Get On, the UK division of the Global YouthSpark initiative.

Firebrand Apprentice, Kimberley Bolton, was the first woman to receive a Microsoft Apprentice of the Year award. Now she’s a Microsoft Apprentice ambassador and was sat on the Microsoft Apprenticeship panel at Future Decoded.

Kimberley explained how at first she was somewhat uneasy going into her IT apprenticeship but with encouragement from staff and a strong female role model, she prospered.  Kimberley previously saw her role as a ‘man’s job’ but now she’s doing it, and with incredible success.


Bring in new talent and secure the future of your business with a young apprentice or graduate from Firebrand. Boost your business and help solve the worldwide need for IT education.

Tuesday, 11 November 2014

Satya Nadella outlines Microsoft's vision of a mobile-first, cloud-first world

By Edward Jones 

Speaking in the UK for the first time as CEO of Microsoft, Satya Nadella headlined a star studded list of globally recognised thought leaders including; Sir Bob Geldof, Jeremy Paxman and Dame Stella Rimington, as part of Microsoft's Future Decoded event.

The event, designed to discover, provoke and provide insight into an uncertain future shaped by rapid technological advancement, saw Nadella open up about his plans for Microsoft and his views of a mobile-first, cloud-first world where indviduals and businesses are empowered by the devices that they own.

The age of Mobile


With studies indicating that in 2014 the average European household owns 10 digital devices, this truly is the age of mobile. Mobile devices now outnumber people on the planet, even greater in number however are sensors which through the aid of mobile we can now interact with the internet of things. 

Speaking on Microsoft's mobile-first, cloud-first ethos, Nadella said:

"To me, when we say mobile first, it's not the mobility of the device, it's actually the mobility of the individual experience.

Speaking of the sensors that surround us, Nadella talked about the emergence of new mobiles services made possible through the power of cloud computing in combination with mobile. Nadella went on to say:

"The only way you are going to be able to orchestrate the mobility of these applications and data is through the cloud... That's why the juxtaposition of cloud infrastructure and mobile experiences is where the world is going."

Take Hive as an example, through the power of mobile you can now control heating from your mobile. Geolocation allows you to turn off the heating when you leave, and turn it on as you are return home. All this enriches your experience whilst also helping to save up to £150 a year. 






Facilitating innovation

Today's changing technology industry only respects one thing, innovation. An ideal at the forefront of Nadella's plans for Microsoft. He went on to talk about how to facilitate innovation and change, talking about the the 3 concentric circles for any organisation to continually innovate and succeed.




  • New concepts - a company cannot stick to existing concepts, they become outdated. New concepts are required to invent new ideas.
  • New capabilities - these are required to support the new concepts. Nadella used Microsoft's example of their Cloud infrastructure and how this new capability in combination with silicon allow them to innovate.
  • Supporting Culture - core to innovation is a culture that actively encourages and facilitates the act.


No big reveal 

Satya Nadella's first UK appearance was quietly understated. There were no revelations, no new technologies were not announced nor worldwide technological revolution promised. Instead this was an intimate conversation introducing us to the new Microsoft CEO where we learned about his ideals, his motivations and his vision for future technology and Microsoft.

This may have left a few dissapointed, but I along with the masses came away with a valuable insight into the man at the helm of a global technological super power now valued at $400 billion. Did I mention that's bigger than Google Inc.? 


Author

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how to guides. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor.

Friday, 31 October 2014

What you need to know before taking on the Lean Six Sigma Black Belt


Are you ready to take on the Black Belt?
freedigitalphotos.net / rawich
The Lean Six Sigma management philosophy can boost efficiency, save money and improve customer services within your organisation. It’s especially applicable if you need to generate business improvements in areas like: customer satisfaction, service delivery and cost control.

But it can only be effective when used properly and it takes a skilled professional to make the most out of Lean Six Sigma’s complex processes.

Luckily, there’s a range of certifications available to improve and validate your Lean Six Sigma knowledge. From the entry-level Yellow Belt, to the Master Black Belt, whatever your familiarity, there’s a cert for you.

- Lean Six Sigma Green Belt

A Green Belt certification identifies you as a trained professional in Six Sigma’s Lean methodology and tools. You’ll be able to work on small scope business improvement projects as part of your job role and will be an effective team member on any Black Belt team. 

Your training will also help you to promote a common set of behaviours and practices which drive acceptance and familiarity of Lean and Sigma concepts inside your organisation. 

There are no prerequisites for the Lean Six Sigma Green Belt certification. And because of this, it can sometimes be difficult to know when you’re ready to take on the more advanced Black Belt. 

- Lean Six Sigma Black Belt

With a Black Belt, you’ll be qualified to lead Six Sigma projects and enterprises as well as executing and completing crucial business improvement projects.

Your enhanced Lean Six Sigma knowledge will make you ideal for providing expert opinions and thought leadership around Six Sigma and Lean. 

As leaders, Black belts will often find themselves in the role of educator. You’ll be teaching team members about Lean Six Sigma methodology and tools as well as coaching Green Belts in your organisation.


Think you’re ready?

If you’re considering taking on the Black Belt, here’s what to look out for:


The Black Belt is a lot more statistics heavy

The Lean Six Sigma Black Belt has the ability to surprise candidates with its larger focus on statistics. 

It is advised that anybody with a desire to achieve the Black belt is quantitatively oriented with a good brain for numbers.

Definitely maths.
morguefile / cohdra


You’ll be expected to use data to convert broad generalisations into clear and actionable goals. You should also be proficient in determining statistical significance and possess good skills in quantitative analysis of data.

Most Lean Six Sigma courses even feature additional training in the use of statistical processing software. These handy pieces of software enhance a Black Belts ability to investigate and analyse complex data. Think of them as a more specialised version of Microsoft’s Excel. 

Try out Minitab, our preferred statistical analysis tool of choice.


Expect a massively increased scope

But it isn’t only about statistics; the Six Sigma Black Belt is bigger in almost every respect. You can expect a bigger curriculum and a greater emphasis on large case studies which can often span your entire certification course.

You might be familiar with studying several ‘mini-case’ studies during your Lean Six Sigma Green Belt course. The small size of these case studies reduces the depth of analysis and enabled a focus on the ‘end outcome.’

However, when studying for the Black Belt, you’ll likely focus on just one large case study. And as a result, you’ll be going into far more depth than you might have been prepared for during your Green Belt.


Not all Lean Six Sigma training is created equally

It’s important to note that there isn’t just one Lean Six Sigma vendor. Because of this, not all Lean Six Sigma training, courses and certifications are created equally. 

Lean Six Sigma training can vary depending on the provider. Some training providers will focus on aspects of the Black Belt that others might mention only in passing.

As a result, it’s advised that if possible, when you undergo your Black Belt, you stick with the same Lean Six Sigma certification provider that you gained your Green Belt with. 

If you have to make the change, be sure you double check the curriculum and speak to the providers to ensure that you’re not revising the wrong material. You don’t want to attend a training course only to find that you have been studying a slightly different curriculum. It’s true, you’ll possess more knowledge, but it won’t help you pass the exam.


Assess your company’s requirements

If you’re taking the Black Belt to help improve the organisation you work for, it would be an oversight not to confirm their requirements.

As we’ve mentioned, Lean Six Sigma courses can vary in terms of curriculum and the content that they cover. It’s important that you’re on a course that teaches skills and techniques applicable to your organisation. It wouldn’t reflect well if you returned to work without this crucial knowledge.


Thursday, 30 October 2014

Firebrand win big at EC-Council Global Awards 2014

By Edward Jones 


Firebrand Training picked up two accolades at the EC-Council Global Awards 2014Firebrand has been named EC-Council Accredited Training Centre of the Year - for a record-breaking sixth year in a row!

Firebrand Instructor, Richard Millet, was also honoured claiming the impressive Instructor of the Year Award. This is the second time Richard picked up an EC-Council Global Award being named in Instructor Circle of Excellence category back in 2011.

Jay Bavisi, President of EC-Council, said this of the awards:

We have some of the best training organizations representing EC-Council across the globe and they have again demonstrated the commitment to high-quality training, winning them awards again this year

Picking up the Auhtorized Training Centre of the Year (Europe) and Instructor of the Year (Europe), Firebrand was selected from EC-Council's extensive Training Partner network which spans the globe with over 700 training centres across 107 countries, and a vast pool of Certified EC-Council Instructors. After meeting the extensive and stringent criteria set by the EC-Council Awards Committee, Firebrand was chosen as the best in both categories for Europe.

The Authorized Training Centre of the Year award recognizes the training centres most successful in providing top-level information security training programs, whilst the Instructor of the Year honours the instructors who guide students to deeper understanding and enhanced skills.


Here's what President of EC-Council, Jay Bavisi had to say about Firebrand Training when we caught up with him at Hacker Halted 2012:


Author

As part of Firebrand's global marketing team, Edward actively works to serve the IT community with news, reviews and technical how-to guides. Edward is an active member of the IT community contributing to a variety of tech publications including Microsoft TechNet, Channel Pro and PC Advisor.

Friday, 24 October 2014

How to become a CISSP


CISSP is a global standard, widely recognized as the information and cybersecurity benchmark certification.

It’s an advanced cert that demonstrates a wealth of IT security knowledge and experience. If you want to ascend the ranks of information security, a CISSP can be an incredibly valuable asset.

The CISSP is a demonstration of your information security acumen and fundamental step for the senior role of Chief Information Security Officer (CISO). With the CISSP, you’ll have a common baseline and standardisation of knowledge, a proven record of ethics and a solid reputation of professional conduct (crucial for a business leader and any striving for senior level positions).

How to become a CISSP

The journey to becoming a CISSP takes hard work and dedication. If it didn’t, this certification wouldn’t be so valuable.

There are five steps to becoming (and maintaining a) CISSP:
  1. Meet the experience requirements
  2. Pass the exam 
  3. Obtain an Endorsement
  4. Prepare for an Audit
  5. Recertification

Don't let the bad guys in.
morguefile / larryfarr

1. Meet the experience requirements 

In order to even register for your CISSP exam, you’ll need to prove you possess five (or more) years of professional experience in information security. 

Plus, you’re history of professional experience must have involved at least two of the following 10 domains present in the CISSP Common Body of Knowledge (CBK):

  1. Access Control
  2. Telecommunications and Network Security
  3. Information Security Governance and Risk Management
  4. Software Development Security
  5. Cryptography
  6. Security Architecture and Design
  7. Operations Security
  8. Business continuity and Disaster Recovery Planning
  9. Legal, Regulations, Investigations and Compliance
  10. Physical (Environmental) Security 

(ISC)2 provide one-year reductions in professional experience if you possess on of the following:

  • A four-year college degree
  • You hold a credential from (ISC)2’s approved list. Examples include: MCSE, MCSA, MCITP CompTIA Security+, the CISA / CISM and the CCNP (to name just a few)
  • An advanced degree in information security from the U.S. National Centre of Academic Excellence in Information Assurance Education (CAE/IAE)

It’s worth noting that you cannot combine these qualifications, regardless of how many you possess, you can only receive a maximum reduction of one year.


2. Pass the exam

So you’ve accumulated 5 years of information security experience (or 4 years with the 1 year waiver) and your work embraces two of the 10 CISSP CBK domains.

But before you can even sit the exam you’ll also have to complete the Candidate agreement, confirming your aforementioned experience, and legally committing to the Code of Ethics. You’ll then be required to successfully answer four questions regarding your criminal history and related background.

Now you just need to pass the exam, right? Well, as you can imagine, passing the CISSP exam is going to take some serious preparation.

In fact, in the words of (ISC)2 – ‘The vast breadth of knowledge and experience required to pass the CISSP is what sets it apart.’

The CISSP exam will test your knowledge of the 10 CISSP domains. Achieving the standard of knowledge you need to pass the exam takes time and dedication.

Many CISSP holders recommend taking up to 15 days off work, just to round off your 4 month revision journey. If you can’t afford to take this much time off work, there are always more efficient ways to achieve your CISSP, like training courses or varying speeds.

Now, book the exam – do it early and you’ll save money. But, please note: some training providers do include the exam cost in their training package.

Either way, it’s time for your exam. Be ready for a test of endurance – you’ll have 6 hours to answer as many of the 250 multiple choice questions as you can. 
 

3. Obtain an Endorsement 

Congratulations, you passed your exam! But you’re not done yet. You’ll now have to proposition an active (ISC)2 credential holder to attest to your industry experience.
They’ll have to fill out an endorsement form for you. Once (ISC)2 receives and approves the endorsement, you can finally take up the mantle of a fully-qualified CISSP.


4. Prepare for an audit

(ISC)2 randomly submits some of its CISSP professionals to audits. It’s never a good idea to skew the facts on your application, especially so if you’re singled out for an audit.

If you are found to have incorrect or falsified data on your application, you’re going to lose your CISSP. Honesty really is the best policy.


5. Maintaining your certification 

To remain a member of the (ISC)2, and to keep your CISSP certification, you must:

  • Abide by the (ISC)2 Code of Ethics
  • Obtain and submit the required Continuing Professional Education credits (CPEs)
  • Submit Annual Maintenance Fees (AMFs) upon receipt of annual invoices

The information security landscape is constantly in flux, perhaps no more so than information security. As a result, your CISSP must be maintained with CPEs – a minimum of 20 CPEs every year for the first two years of the three-year cycle.

Even if you satisfy the CPE requirements of your first or second year, your tally must still equal 120 by the end of the third year.

CPE’s can be gained through live educational events and online seminars (available to (ISC)2 members only).

If your certification is terminated, you’ll need to retake the examination before you can return to being CISSP certified. You’ll also be charged a $35 reinstatement fee upon recertification (though this pales in comparison to working through the 6 hour exam once more).



Got what it takes?

If you’ve got the experience, determination and drive to crush the CISSP but don’t want to take several weeks off work – try an accelerated course. You could be certified in only 5 working days.

Related articles:


Wednesday, 22 October 2014

5 incredible jobs for a Certified Ethical Hacker


EC-Council’s Certified Ethical Hacker certification opens doors for IT security professionals. Take on the CEH and you’ll get comprehensive ethical hacking and network security training – you’ll learn to think (and hack) like a hacker.

And like most certifications, the CEH is only a stepping stone to your dream career. The experience you’ll get from becoming a CEH can be applied across a huge variety of job roles. Let’s take a look at some of the most impressive ones:


1. Penetration Tester 

Average advertised salary - £55,000*


Just like malicious hackers, penetration testers attack IT systems to locate security flaws. But, unlike hackers, penetration testers are White Hats - their aim is to protect systems, not exploit them.

The only difference between penetration testing and hacking is whether you have the system owner’s permission. If you want the thrill of hacking and enjoy the challenge of breaking into networks, penetration testing could be an incredibly rewarding career for you.

"pssst, what's Frank's password?"
If you can find a vulnerability during your simulated real-life cyber-attack, then you’ve earned your wages.

You’ll establish the viability of attack vectors (also known as an ‘attack-surface’), research known vulnerabilities within the client’s hardware and software stacks and identify weaknesses using common hacking tools.

And you might even find yourself using social engineering to legally con client’s employees, e.g. trying to solicit employee passwords from other employees.


2. Forensics Analyst

Average advertised salary - £42,500*


This ultra-modern role involves analysing the way in which intruders breach IT infrastructure. You’ll be assessing the full extent of any malicious breaches in order to identify additional systems / networks that have been compromised.

Investigating the minute traces left by complex Black Hat attacks requires an IT expert proficient in cutting edge forensic and reverse engineering skills. You’ll need to think and act like a hacker in order to identify the ways they breached your client’s system. 

You'll be using a hacker's malware as evidence for his crimes
Image courtesy of Stephen Miles
To be a successful forensic expert you’ll need to master prevention / detection, hacker exploit techniques and reverse engineering of malware.

Perhaps most importantly, you’ll need to stay at the cutting edge of attack methodologies. Hackers won’t get complacent, so neither can you. If you can keep your security knowledge and skills up-to-date, you’ll find success as a Forensics expert.

And whilst many job postings advertise the CEH certification as a desired qualification, EC-Council also offers a specific digital forensics course. It’s called the Computer Hackings Forensics Investigator (CHFI) and will teach you everything you need to know about investigating, recovering and tracking cybercrime.


3. Internet / Network Security Administrator

Average advertised salary - £47,500*


Internet security administrators are responsible for protecting vulnerable computer systems and networks against attack. Also known as security specialists, the security administrator handles all aspects of information security.

You’ll be the go-to professional for all aspects of an organisation’s information security. As well as teaching your colleagues about computer security, you’ll check for security violations, research and install protection software and defend/take action against cyber-attacks.

If the breach is serious, you may even find yourself providing evidence of cyber-attacks to prosecute individuals for breaching security.

You’ll have a great deal of responsibility and as a result, you’ll need good communication skills and the ability to react exceptionally fast to security problems. You might even be expected to work on-call in case of emergencies. 


Pictured above: a visual metaphor for network security.
sidewinder123 / MorgueFile


4. Application Security Architect

Average advertised salary - £65,000*


Application security architects work with development and computer architecture teams to create security applications.

You’ll likely find yourself testing programs for security weaknesses and performing vulnerability scans. You’ll be responsible for creating effective security applications and will work closely with software development teams, providing security guidance and expertise.

To succeed in this role you’ll need great problem solving skills and the ability to anticipate vulnerabilities in new software. And, as with most security roles, you’ll also need a deep understanding and appreciation of emerging cyber security risks.


5. Computer Network Defense Analyst

Average advertised salary - £40,000**


Computer network defence analysts work with cutting edge cyber-security technologies to provide expert opinions on current and emerging network security threats.

Get it? Program...
DogertonSkillhause / MorgueFile
You’ll create security threat analysis reports and briefs that describe the risks of potential threats and the risks these threats may pose to your organisation networks.

Tasks could include:
  • Analysing network traffic to identify anomalous activity
  • Determining appropriate response to anomalous network activity
  • Studying identified malicious activity to determine weaknesses exploited
  • Examine network topologies to understand data flows through the network
  • Provide daily summaries and news, events and activities and distinguish these incidents and events from benign activities.



Secure your dream security job

The CEH certification is great for any information security professional. Secure it (in only 5 days?) and prove you can defend your organisation from malicious attacks; you’ll be well on your way to your dream job.

*data from ITjobsWatch.co.uk
*data from simplyhired.com

Wednesday, 15 October 2014

Using Host Groups to build a Private Cloud based on System Center 2012/2012 R2



By Debra Littlejohn Shinder


Everybody is migrating to the cloud – or so it seems. But some companies just aren’t ready to put everything “out there” in a public cloud, and for them, the private or hybrid cloud deployment model makes the most sense. Building a private cloud from scratch can be a daunting task, though. Microsoft has tried to make it a little easier for customers with Windows Server 2012/2012 R2 Hyper-V and System Center 2012/2012 R2.


Definitely clouds.
Image courtesy of arztsamui / morguefile
One of the important concepts involved in creating a private cloud that’s easy to manage is that of host groups. Host groups are created in System Center 2012 R2’s Virtual Machine Manager (VMM). VMM is Microsoft’s management solution for virtualized resources, including those in a private cloud. 

A host group is a simple idea: it allows you to manage multiple servers as one entity. You can then create your private cloud based on the resources that reside in one or more of your host groups. Microsoft’s cloud computing model encompasses three resource pools that make up the fabric. These are defined as compute, network and storage pools. The three resource pools are managed by VMM. For a better understanding of this, see the post Fabric, Cloud Computing Abstraction Integrated in VMM on Yung Chou’s Hybrid Cloud blog on the TechNet web site. 

Once you have a basic understanding, you can create your private cloud. Of course, you’ll need admin privileges to do this. There are some requisites, which include the preparation of the fabric in VMM. You can find out how to do that via the TechNet article Preparing the Fabric Scenario in VMM.

Once that’s done, you can get down to the business of creating the host groups in VMM. Here’s how: In System Center 2012 or 2012 R2 VMM, open the Fabric workspace and follow these steps:


  1. In the Fabric pane, expand the Servers node.
  2. Right click All Hosts.
  3. Click Create Host Group. 
  4. Replace the default name (New host group) with the new name that you want to assign to the host group.


You can create a tiered host group structure by repeating the process after right clicking the parent node under which you want to create a new child host group. You can create a parent host group for each different physical location, for example, and then within each one you could create host groups based on hardware capabilities (that is, the top tier group in each location offers the highest level of performance and reliability, etc.). You could also group hosts based on server roles or business units, or whatever structure makes sense for your organization. Note that you can also move host groups around to different locations within the tree structure if you need to. 

After you create your host group structure, you can configure the properties of the host groups. Back in the Fabric workspace, expand Servers again and then expand All Hosts, and click the host group you want to configure. Click the Folder tab, and click Properties in the Properties group. 

Here you can configure the following host group properties: 

  • General settings (group name, location in the hierarchy, description and encryption)
  • Placement rules for customizing on which host virtual machines are deployed
  • Host reserves (the amount of CPU, memory, disk input/output, disk space and network input/output that will be allocated for the host operating system on each virtual machine, either specified for a host group or for an individual host)
  • Dynamic optimization and power optimization settings (balancing of VM loads within a host cluster and evacuation of hosts to save power)
  • Network (inheritance settings for network resources including IP address pools, load balancers, logical networks and MAC address pools)
  • Storage (allocation of storage logical units and allocation of storage pools to host groups)
  • Custom properties for VMs, VM machine templates, hosts, host clusters, host groups, service templates, service instances, computer tiers and cloud. 


For more information about building host groups, see Part 2 of Brien Posey’s 11-part article on Building a Private Cloud with System Center 2012 over on the WindowsNetworking web site or to learn more about private cloud read Private Cloud Storage Network Storage Considerations series on CloudComputingAdmin.com

Author Profile

DEBRA LITTLEJOHN SHINDER, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security.

She is also a tech editor, developmental editor and contributor to over 20 additional books. Her articles are regularly published on TechRepublic's TechProGuild Web site and WindowSecurity.com, and has appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine.