security

https://www.facebook.com/ConvoCourses-108091850619388

Podcast version of the content:

https://podcasts.apple.com/us/podcast/convocourses/id1500188278

http://www.nist80037rmf.com/google_podcast

Microsoft Windows Defender Antivirus STIG V1R1

October 3, 2017 by Bruce Brown Leave a Comment

STIG Update – Microsoft Windows Defender Antivirus STIG V1R1

DISA Risk Management Executive has released the Microsoft Windows Defender Antivirus Security Technical Implementation Guide (STIG) Version 1 Release 1. The requirements of the STIG become effective immediately. The STIG is available on IASE at https://iase.disa.mil/stigs/app-security/antivirus/Pages/index.aspx.

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

Security Roles and Responsibilities

July 19, 2016 by Bruce Brown Leave a Comment

There are hundreds of different roles & responsibilities in the IT Security career field alone. Here are some of the common types that I have seen:

Information System Security Manager – coordinate with the system owner and the information system security officer to ensure security is on the systems.
Information System Security Officer – coordinate with management and system administrators to implement system security controls. Ensures security controls are tracked and documented.
System Administrator – applies technical functionality and security on information systems.
Architect – assists in the design of enterprise information systems.
Security Analyst – review the logs of information systems to determine if there are any malicious activities happening.
Auditors – review the information systems to make sure the security controls are applied, documented and continuously monitored.

Full Time Position Immediate Interview Need Network Technician location Gunter AFB Montgomery, AL with Air Force

April 11, 2016 by Bruce Brown Leave a Comment

Conduct network security monitoring and intrusion detection analysis for the NIPRNet and SIPRNet using the AF’s selected IDS/IPS toolset

– Research NIPR and SIPR defensive cyber operations events to determine the necessity for deeper analysis and conduct an initial assessment of type and extent of intruder activities.

– Enter event data into mission support systems according to operational procedures and reports through the 33rd operational chain.

– Record suspicious events, meeting established thresholds, into the operational database for suspicious traffic. Records shall contain sufficient information to stimulate future research of suspicious traffic. The record shall answer the: who, what, where, why and when for this suspicious activity.

– Provide computer security-related assistance to Air Force field units (example: the Integrated Network Operations and Security Center (INOSC), Base Information Assurance shop) in countering vulnerabilities, minimizing risk, and improving the security posture of AF computer networks and systems within the scope of operational requirements and mission execution.

BASIC QUALIFICATIONS:

– Intermediate knowledge with one or more of the IDS/IPS systems currently in use by the Department of Defense (DoD), Services, and Agencies (i.e., AF, Navy, Army, DC3, DISA) or Federal Government and intermediate experience in the following areas:

EDUCATION REQUIREMENTS:

– One or more of the following IAT Level II Certifications (GSEC, Security +, SSCP, CCNA-Security)

– CND Certification (GCIA, CEH, GCIH).

Thanks & Regards,

Harpal Singh

Technical Recruiter

22nd Century Technologies Inc. (TSCTI)

8(a) / SDB | CMMI level 3 Certified

Direct: 1-908-765-0003 Ext: 315

Need Help Desk Specialist in Honolulu, HI with US Army

April 11, 2016 by Bruce Brown Leave a Comment

Job title :Help Desk Specialist

Location: Honolulu, HI

Client : US Army

CLEARANCE: SECRET

Description

The contractor shall provide service execution to CLIN conversion within two (2) business days.
The contractor shall provide service management to EITSMS processing within one (1) business day.

Contractor will implement and operate an IT Infrastructure Library (ITIL)-based service desk to provide the HQ a single assured point of contact for all Automated Data Processing (ADP) hardware, software, and networking problems; for service requests, to include new systems, major modifications to existing systems and entry points for emerging technologies. Also maintains service catalogs, an approved product list, and

a knowledge base for Service Desk operations. Adhere to HQs policy of using Information Technology Requests for all maintenance requests. Documents all users’ trouble calls and coordinates all software maintenance changes with government leads while ensuring project maintenance logs are maintained and reviewed.

Special Qualifications:

experience using Microsoft Office tools (Word, PowerPoint, Excel, and Outlook)
Security+ Certification

Thanks & Regards,

Kartik Jain

Technical Recruiter

Direct : 908-765-0002 Ext: 388

Should You Get a Comptia Security+ IT Certification

March 30, 2016 by Bruce Brown Leave a Comment

The Comptia Security+ IT certification is a very good certification for IT professionals getting into IT security and for IT security professional that have been doing cyber security for a while. If you already have a high-level security certification (i.e. CISSP, CISM,CISA,CASP) I would say the Security+ is not necessary, because those certs already cover everything in the Security+ and more. But if you don’t have any general security certs then you should definitely get it.

What are the benefits:

It is a well known certification that lets employers know that you are more than familiar with security best practice.

Having the Security+ alone is enough to get a job or a raise in some situations.

If you are unfamiliar with all the security best practices it is a great start in getting to know an important body of knowledge.

It is 8570/8140 compliant.

For more information on the Security+: https://certification.comptia.org/certifications/security

Exam Codes	SY0-401
Launch Date	May 1, 2014
Exam Description	CompTIA Security+ certification covers network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Also included are access control, identity management, and cryptography.
Number of Questions	Maximum of 90 questions
Type of Questions	Multiple choice and performance-based
Length of Test	90 Minutes
Passing Score	750 (on a scale of 100-900)
Recommended Experience	CompTIA Network+ and two years of experience in IT administration with a security focus
Languages	English, Japanese and Portuguese
Retirement	TBD – Usually three years after launch.
Price	$311.00 USD (See all pricing)