Featured

My First Blog Post

Journey to the thousand miles begin with one single step…

This is Midhun Nirmal. I am passionate towards cybersecurity and started this blog which could be helpful for netizens looking for informaton in cybersecurity space. Lets being…

Attackers are now using more sophisticated techniques to target the systems. Individuals, small-scale businesses or large organization, are all being impacted. So, all these firms whether IT or non-IT firms have understood the importance of Cyber Security and focusing on adopting all possible measures to deal with cyber threats.

With the game up for cyber threats and hackers, organizations and their employees should take a step head to deal with them. As we like to connect everything to the internet, this also increases the chances of vulnerabilities, breaches, and flaws.

Gone are the days when passwords were enough to protect the system and its data. We all want to protect our personal and professional data, and thus Cyber Security is what you should know to ensure data protection.

Do not miss to check about my next post….

The key concept of Cyber Security

The Cyber Security on a whole is a very broad term but is based on three fundamental concepts known as “The CIA Triad“.

It consists of Confidentiality, Integrity and Availability. This model is designed to guide the organization with the policies of Cyber Security in the realm of Information security.

CIA Triad

Confidentiality

It defines the rules that limits the access of information. Confidentiality takes on the measures to restrict the sensitive information from being accessed by cyber attackers and hackers.

In an organization, peoples are allowed or denied the access of information according to its category by authorizing the right persons in a department. They are also given proper training about the sharing of information and securing their accounts with strong passwords.

Confidentiality

Integrity

This assures that the data is consistent, accurate and trustworthy over its time period. It means that the data within the transit should not be changed, altered, deleted or illegally being accessed.

Proper measures should be taken in an organization to ensure its safety. File permissions and user access control are the measures controlling the data breach. Also, there should be tools and technologies implemented to detect any change or breach in the data. Various Organizations uses a checksum, and even cryptographic checksum to verify the integrity of data.

To cope with data loss or accidental deletion or even cyber attacks, regular backups should be there. Cloud backups are now the most trusted solution for this.

CIA Details

Availability

Availability in terms of all necessary components like hardware, software, networks, devices and security equipment should all be maintained and upgraded. This will ensure the smooth functioning and access of Data without any disruption. Also providing constant communication between the components through providing enough bandwidth.

Availability of Critical Infrastructure

it also involves opting for extra security equipment in case of any disaster or bottlenecks. Utilities like firewalls, disaster recovery plans, proxy servers and a proper backup solution should ensure to cope with DoS attacks.

For a successful approach, it should go through multiple layers of security to ensure protection to every constituent of CyberSecurity. Particularly involving computers, hardware systems, networks, software programs and the data which are shared among them.

Difference Between CyberSecurity and Network Security

Cyber security is a subset of information security which refers to a set of techniques and methodologies used to protect integrity of networks, devices, programs, and data from damage, attack, or unauthorized access. In simple terms, cyber security is the practice of protecting internet-connected systems and networks from digital attacks. Network security, on the other hand, is the act of protecting files and directories in a network of computers against misuse, hacking, and unauthorized access to the system. Network security is a subset of cyber security which protects the integrity of your network and network-accessible resources from unauthorized access. You can refer the following image as well.

Cyber Security Vs Network Security

Best sites to Learn about Cyber Security

With the increasing need for cyber-security professionals in this day and age of constant threats and sophisticated hackers, having even the most basic knowledge in cyber-security is more important than ever. With the constant looming threats, the Internet is lurking with bad guys waiting to attack businesses and even you.

With basic or even more advanced knowledge in cyber-security, you can easily increase the security and privacy of your life as well as others. Once you begin to understand the complexity and specifics behind attacks, you can start to understand how these attackers work and even grab yourself a job in the cyber-security industry.

The increasing need for information security professionals is skyrocketing, and this coming 2019 will be no different. The Internet-of-Things continues to take over new markets while security standards get continuously bogged down til something catastrophic occurs.

Learning cyber-security is becoming a necessity just to browse the Internet today, and there are dozens of ways to learn. Whether you’re looking to secure yourself, learn hacking or grab a job in the cyber-security industry, the list of five free websites to learn hacking below will help!

1. Cybrary

Cybrary is a rather new site that offers a wide range of courses and classes spanning everything from basic networking to advanced penetration testing. The website has dozens of detailed courses all taught by leading professionals in the industry. Cybrary even offers certification classes that can prepare you before applying for security certifications in a certain field, ensuring your ready for course material.

Cybrary covers a wide range of hacking topics including:

  • Ethical Hacking
  • Penetration Testing
  • Cryptography
  • Forensics
  • Social Engineering
  • Post Exploitation
  • Malware Analysis and Reverse Engineering
  • Dozens of certification courses

Alongside their vast range of classes they also offer material specific to certifications including, A+, Linux+, Network+, Security+ and can also prepare you for MCSA, CCNA, CISA, CASP, CISSP and several other certifications.

Cybrary is a great free tool for learning and can help any newbie just starting or help advanced hackers take their skills to the next level.

2. SecurityTube

Starting all the way back in 2008, SecurityTube was created by fellow security researcher Vivek Ramachandran, a trusted professional in the security industry.

As the name suggests, SecurityTube is virtually the YouTube for ethical hacking and information security. Containing everything from basic penetration testing in a variety of fields to full hacking tool rundowns, SecurityTube is jam packed with dozens of security courses.

With its community style layout, SecurityTube offers various collections of courses taught by Vivek himself alongside several hundred other security researchers. The site offers hundreds of hours of security, vulnerability, and hacking related content.

After providing free information security courses for nearly eight years, Vivek started to offer additional in-depth security classes at his premium site, pentesteracademy. However, all courses on SecurityTube are 100% free of charge and will remain free for their lifetime.

3. Harvard/EDX

You read that right! Contrary to popular belief, you don’t need to be accepted into a prestigious college to be able to enroll in a number of their classes. That’s where EDX comes in, compiling a large catalog of free college-level courses you can sign up for. Among everything from Business to agriculture, EDX has you covered with college courses.

EDX complies college-level courses from top institutions that make them publicly available online, allowing you to freely signup and enroll in the class. If you want a certified form of completion for your college course, you can grab most certificates in the $100-$200+ range on EDX. This can show employers that you are properly certified and have taken the college level course and successfully completed it along with its online tasks

4. SANS Cyber Aces

The SANS Institute is a company that specializes in information security and cybersecurity training. The SANS Institute is among the top information security trainers in the world, offering dozens of high-priced classes touring the world every year.

Among their dozens of high-value classes comes SANS Cyber Aces, a free information security initiative developed by the SANS Institute. While SANS understands not everyone can afford $5,000 for a four-day cyber-security course, they birthed Cyber Aces.

Cyber Aces offers a great way for both teachers and students to learn hacking and information security from true experts. As SANS continues to grow and develop Cyber Aces, more information is being added all the time!

For true cyber-security training by the professionals, be sure to check out the SANS Institute and Cyber Aces

There is no reason you shouldn’t be getting started on your cyber-security career this 2019! With millions of free resources available online, cyber-security professionals have made it easier than ever to become a certified ethical hacker.

Whether you’re looking to hack commercially or for fun, getting a start on the basics of Internet security is crucial. Hacking is not only a fun skill to develop, but can prove to be useful when evaluating and working out complex or critical situations.

These are just five sites of the hundreds that exist online. Be sure to comment below with your favorite sites to learn cyber-security and hacking-related material from!

Jobs in Cyber Security

While other types of IT jobs like network administrator or software developer are more common and well-known, cyber security jobs are smaller in number but fast increasing in importance. As our global economy has led to more Internet-based computing and connectivity the world over, organizations have grown ever more vulnerable to hacking and cyber attacks. And just as a business might hire security even when there’s a local police force, so must a business hire cyber security staff. It is ultimately the duty of the organization to protect their proprietary data as well as any customer information they are privy to.

These cyber security professionals are in short supply, however. Last year, NASSCOM reported that India alone would need 1 million cyber security professionals by 2020, while job portal Indeed reported a spike of 150 percent in cyber security roles between January 2017 and March 2018. Companies like KPMG have doubled the size of their cyber security teams in recent years.

The recent overwhelming need for cyber security is the result of several factors:

Digital India and demonetization: According to Ashok Pamidi, the senior director of NASSCOM, while the government’s initiatives such as Digital India and demonetisation have pushed companies towards digital transformation, doing so has also made them vulnerable to cyber attacks. In turn, this has led to a demand for cyber security professionals who can help companies achieve the digital transformation without compromising security.
General Data Protection Regulation (GDPR): Although the GDPR didn’t go into effect until late in May, 2018, companies across the world have been preparing to safeguard their database from cyber crimes and comply with GDPR rules. This has driven a need for cyber security experts.
Aftermath of WannaCry ransomware: During 2017, government agencies and organizations across the world fell prey to the WannaCry ransomware, which infected over 200,000 computers in 150 countries within just three days. According to the latest numbers, it led to damage estimated up to hundreds of billions of dollars! The attack launched a debate on the vulnerability of data and the pressing need for stronger cyber laws and security systems. It has also caused many organizations to be more aware of the perils of cyber security loopholes and take steps to safeguard their organization from future attacks.

What does this mean for IT professionals?

Regardless of the reasons for the increase in demand, the pressing problem is a shortage of people trained and capable enough to fill the growing number of cyber security roles. NASSCOM reports that despite having the largest IT talent pool in the world, India simply lacks skilled cyber security professionals. In fact, the need for experienced professionals is so high that companies are willing to pay a premium salary of over Rs 1.5 to 4 crore to top talent. This has increased the cyber security budget by 71% as observed by PwC in its 2016 report.

The jobs that are seeing this sharp increase in pay include the following five cyber security roles:

#1 Network Security Engineer

The network security engineer is a critical position within every organization. This person ensures the security systems are implemented within the organization to counter and stop threats. Their main responsibilities include maintaining systems, identifying vulnerabilities, and improving automation. They also oversee the maintenance of firewalls, routers, switches, various network monitoring tools and VPNs (virtual private networks).
 
The minimum salary of a network security engineer begins at Rs 4 lakhs and can go up to 8 lakhs per annum.

#2 Cyber Security Analyst

A cyber security analyst helps in planning, implementing and upgrading security measures and controls. They continuously monitor security access and perform internal and external security audits to ensure there are no loopholes or evidence of security lapses. A cyber security analyst is also responsible for conducting vulnerability testing, risk analyses, and security assessments, and for managing the network. In addition to these tasks, the analyst trains fellow employees in security awareness and procedures, so they are aware of the best practices to be followed to avoid security breaches.

The salary of a cyber security analyst begins at Rs 6 lakhs per annum.

#3 Security Architect

A security architect plays a crucial role in designing the network and computer security architecture for their company. The security architect helps in planning, researching and designing elements of security. Without a security architect, a company’s security system is vulnerable to attacks. The security architect first creates a design based on the needs of the company and then works together with the programming team to build the final structure. Besides building the architecture, they also develop company policies and procedures for how their company’s employees should use the security systems and decide on the punitive action in case of lapses.

The average pay of a security architect begins at Rs 17 lakhs per annum.

#4 Cyber Security Manager

Cyber security managers are responsible for the maintenance of security protocols throughout the organization. They create strategies to increase network and Internet security related to different projects and manage a team of IT professionals to ensure the highest standards of data security. A cyber security manager also frequently reviews the existing security policies and ensures the policies are current based on new threats. They also perform regular checks on all servers, switches, routers and other connected devices to make sure there are no loopholes in the security.

The average salary of a cyber security manager begins at Rs 12 lakhs per annum.

#5 Chief Information Security Officer (CISO)

According to a report by PWC, over 80 percent of companies now have a CISO on the management team. This trend shows that companies have grown aware of the threats of cyber crimes and the potential damage such attacks can cause. The CISO is a senior-level executive within an organization who ensures that the cyber security plan is aligned with the business’s vision, operations and technologies. The CISO works with the staff to identify, develop, implement and maintain processes across the organization to ensure there are no security breaches. They respond to incidents and set up appropriate standards and controls to mitigate security risks without causing any interruption to the business. They are also responsible for overseeing the implementation of security policies and procedures within the organization.

The average salary for top CISOs is anywhere between Rs 2 crores to 4 crores.

Those are the top five cyber security jobs in India today, but plenty of other roles exist and go unfilled, including information risk auditors, firewall, and security device development professionals, security analysts, intrusion detection specialists, computer security incident responders, cryptologists and vulnerability assessors.

As organizations across a wide range of different industries such as banks, government, retail, and BFSI sectors actively recruit cyber security professionals, the job demand will only go up. The challenge is to meet that demand by making sure people are getting trained for these critical security roles. And once they are trained, exciting and well-paying jobs await!

#6 Security Trainer

Role of a security trainer is to train employees in security best practices. Average salary for security trainers begins at 4 Lakhs per annum.

#7 Security Auditor

Report on a security system’s effectiveness and suggest ways to improve it. Because a security auditor is more high-level and uses established standards to evaluate a system. Average salary for security auditor begins at 5 Lakshs per Annum.

%d bloggers like this: