Content Filtering Software List

/0 Comments/in /by

What is Internet Content Filtering?

What if you could block Internet content for your children based on their maturity level? What if you could block porn completely without being forced to use a filter that treats you like a kid?

Internet content filters looks at all websites visited in real time and rates them based on age-appropriateness.  Parents can easily adjust the Filter’s sensitivity as their kids grow older, meaning the Filter grows with them.

 

 

 

InfoSec Jobs – Security Operations Specialist

/0 Comments/in /by

Contact Information:

Srikanth K

SYSTEL INC | Atlanta, GA

Phone:  678 250 9874

T: 888 8SYSTEL Ext:263

mailto: srikanthk@systelinc.com

www.systelinc.com

If you are available & interested in below opportunity contact Srikanth with word version of your resume, best time & number to contact you. Please feel free to contact him to discuss more about this opportunity.

 

To know more about us, please visit www.systelinc.com

Position: 2

Security Operations Specialist

Location: Foster City, CA

Duration: 6+ Months

 

Se. Operation Specialist – The Security Operations Specialist is a key member of the Information Security and Privacy team and works to ensure our SIEM and Vulnerability Scanning solutions are maintained and updated as appropriate. The candidate will assist with identifying and driving necessary configuration changes and enhancements. The role will work collaboratively with the Security Engineering teams to ensure these solutions are up to date and optimized.

 

ESSENTIAL JOB FUNCTIONS:

Vulnerability Scanning

* Customize vulnerability scan reports as needed.

* Ensure that vulnerability scans are occurring at regular intervals.

* Ensure that vulnerability scans are updated regularly as new networks and sites are spun up.

* Regularly test solution upgrades in a test environment and follow change control to implement upgrades in production.

* Creating and tuning vulnerability scan groups and configurations.

 

SIEM

* Install and configure new data / log collectors.

* Create new SIEM content and rules to help identify important security events.

* Work closely with our Security Operation Center to gather their requirements and build content that meets those requirement

* Regularly test solution upgrades in a test environment and follow change control to implement upgrades in production.

 

REQUIRED SKILLS & JOB QUALIFICATIONS:

* Minimum 3-4 years of progressively responsible IT experience with at least 2 years of security/infrastructure protection experience.

* Familiar with general change management procedures and systems.

* Experience performing security operations tasks and working with Engineering teams to implement necessary changed

* Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience.

* Ability to work in a fast paced, highly visible, changing environment.

* Proven ability at building working relationships with partners, peers, and senior Management.

* Excellent analytical and problem solving skills.

* Ability to multitask and manage multiple topics and demands concurrently.

* Familiar with SIEM solutions like Splunk, ArcSight, LogRhythm, QRadar

* Familiar with vulnerability scanning solutions like Qualys, Foundstone, Nexpose

* Prior working experience in a pharmaceutical company is preferred.

* Highly organized, results-oriented and attentive to details.

* Self-motivated, proactive, independent and responsive – requires little supervisory attention.

* Excellent presentation, facilitation and diplomacy skills.

* Able to perform other duties as assigned.

* Ability to document technical changes (i.e. change control documents).

InfoSec Jobs – Vulnerability Management Consultant

/0 Comments/in /by

Contact Information:

Srikanth K

SYSTEL INC | Atlanta, GA

Phone:  678 250 9874

T: 888 8SYSTEL Ext:263

mailto: srikanthk@systelinc.com

www.systelinc.com

 

If you are available & interested in below opportunity contact Srikanth with word version of your resume, best time & number to contact you. Please feel free to contact him to discuss more about this opportunity.

To know more about us, please visit www.systelinc.com

 

Position: 1

Vulnerability Management Consultant

Location: Foster City, CA

Duration: 6+ Months

 

Vulnerability Management role –

The Security Engineer is a key member of the Information Security and Privacy team and works closely with Infrastructure and Application services teams to ensure that software vulnerabilities are patched according to Gilead standards so that related risk can be managed appropriately. The candidate will assist with defining and enhancing patching processes and the supporting technologies such as patch management and vulnerability scanning and testing. The role will also help to collaboratively design and implement the business processes to allow system managers and system administrators to drive towards compliance with internal vulnerability remediation standards.

 

ESSENTIAL JOB FUNCTIONS:

* Responsible for implementing and tuning the technical solution used to identify and manage the versions of Java used in the environment.

* Customize as needed the vulnerability reports that will be used by system managers, system administrators and management.

* Liaise with system, database and application administrators to assist with implementation and rollout of a vulnerability management process.

* Research emerging technologies in support of IT security enhancement and development efforts.

* Assist in formalizing and updating security policies, procedures and technical standards; auditing/monitoring compliance with those standards; developing technical checks to verify compliance with technical controls.

* Creating and tuning vulnerability scan groups and configurations.

 

REQUIRED SKILLS & JOB QUALIFICATIONS:

* Minimum 5 years of progressively responsible IT experience with at least 3 years of security/infrastructure protection experience.

* Experience performing project focused information security work with cross-functional teams in an enterprise setting.

* Must have a good understanding of the following security domains: Audit and Monitoring, Risk Response & Recovery, Cryptography, Data Communications, Computer Operations Security, Telecommunications & Network Security, Security Architecture & Models.

* Strong verbal and written communication skills with the ability to adapt information delivery based on the target audience.

* Ability to work in a fast paced, highly visible, changing environment.

* Proven ability at building working relationships with partners, peers, and senior Management.

* Excellent analytical and problem solving skills.

* Ability to multitask and manage multiple topics and demands concurrently.

* Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management.

* Familiar with patch management solutions like Satellite, SCCM, WSUS, Shavlik, Secunia, LANDesk.

* Familiar with vulnerability scanning solutions like Qualys, Foundstone, Nexpose

* Prior working experience in a pharmaceutical company is preferred.

* Highly organized, results-oriented and attentive to details.

* Self-motivated, proactive, independent and responsive – requires little supervisory attention.

* Excellent presentation, facilitation and diplomacy skills.

* Able to perform other duties as assigned.

* Ability to document technical solutions with excellent grammar.

IT, Cybersecurity Salaries on the Rise

/0 Comments/in /by

In-demand IT professionals like Jonathan Villa, a senior cloud security architect for an IT security firm in the Midwest, gets unsolicited job offers all the time.

“I received a LinkedIn message this morning for an opportunity paying up to $200K plus bonus,” he told SHRM Online via LinkedIn. He said the job description read “any skills/experience with cybersecurity is a plus.”

A lot of other IT professionals who have profiles on LinkedIn are similarly bombarded by recruiters with lucrative salary and bonus offers for jobs in the technology field.

And those offers aren’t likely to stop coming anytime soon. Studies show that tech workers are in demand. Very in demand. So much so that some can command $300,000 annual salaries.

Plus bonuses.

“I am contacted at least four to six times a week and have seen [stints] where I am contacted every day,” Villa said. “I’ve been contacted by recruiting firms as well as directly by company recruiters for large companies (Target, Netflix, Chase, Wells Fargo, Sony, and more).”

IT and cybersecurity salaries are on the rise, according to recent studies by Menlo Park, Calif.-based HR consultancy Robert Half and Manchester, Conn.-based cybersecurity recruiting firm SilverBull.

At the high end of the scale, Robert Half lists the average salary for chief information officer (CIO) at $268,250—a nearly 5 percent increase from 2015. Mobile app developers can earn up to an average of $175,750 annually, an 8.2 percent increase from 2015. At the low end, technical writers can earn up to an average of $87,250, a nearly 2 percent increase from 2015.

SilverBull lists its salary information by region. For example, it states that a chief information security officer (CISO) living in San Francisco can earn up to an average of $380,000 annually. That same CISO can earn up to an average of $334,000 in Washington, D.C., or an average of up to $328,000 in Chicago.

In the year ahead, Robert Half’s 2016 Salary Guide for Technology Professionals states, those in the financial services, managed services, telecommunications, health care and hospitality sectors will be most in demand. The positions these individuals will hold? Business analysts, quality assurance professionals, systems engineers and systems administrators, help desk and desktop support staff, and database administrators and business intelligence analysts.

Recruiting those people can be hard. “So many IT-related positions are being created that employers throughout North America and across industries often must wait months to staff key roles,” Robert Half states in its report.

“Competition among businesses for top IT talent today makes it critical for managers to rethink their recruitment and retention methods,” according to the report. “Speeding up hiring times, training from within, filling skills gaps with project professionals and offering attractive compensation can help you hire—and keep—the best and brightest for your organization.”

As Forbes reported earlier this year, “Research firm IDC predicts that by 2018, fully 75 percent of chief security officers and chief information security officers will report directly to the CEO, not the CIO.

“When CISO positions elevate to the C-Suite alongside chief financial officers and chief operating officers, it will arguably move the salary needle into the half-million dollar range for some,” Forbes stated.

Robert Half also points out that the high salaries may hinder some companies from getting the senior-level technology talent they need. So, many companies are training existing employees to fill those roles.

But why so much money?

“The technology landscape has widened, and the IT professionals that command the higher salaries have a skill set that spans the expanded horizon,” Villa said. “I would compare it to features in a vehicle. If you want to be able to heat and cool your seats, you’re definitely going to pay for it.”

He added that many IT professionals are considering more than just salary when it comes to accepting a job offer. “For example, I’ve considered work-from-home policies, the culture of the company in regard to whether or not they work on newer technologies, the title of the position, and even their use of Apple or Microsoft products.”

Having cybersecurity or cloud experience makes potential candidates even more valuable, Villa said.

IT Recruitment Strategies

“One of the best ways to approach the shortage of highly skilled talent is to build a reputation as an employer of choice,” Robert Half states in its report.

It said companies can do that by:

  • Paying at or above market salaries for top talent.
    Providing exciting and challenging assignments.
    Fostering a corporate culture where innovation is crucial and business and technology are intertwined.
    Making sure technology professionals have the latest tools.
    Promoting flexible schedules and remote working arrangements.
    Offering professional development opportunities
    Showing a clear path for growth and promotion.
    Listening to employees and taking action on their requests, as appropriate.
    Establishing a strong employee referral program.

Aliah D. Wright is an online editor and manager for SHRM. You can reach her via Twitter @1SHRMScribe and on Facebook at aliahwrites.

The SecurityOrb Show – An Interview with Marcus J. Carey Founder of vThreat: A Cyber-Attack Simulation Company

/0 Comments/in /by

Listen to what Marcus has to say here:

Cyber-attack simulation is the practice of testing an organization’s network security and incident response preparedness on-demand and without exploits to determine an organization’s security posture.

Cyber-attack simulation differs from many of the current and already practiced security controls such as Penetration Testing (pentesting), security assessment and table-top exercises. For example, pentesting makes use of exploitation code whereas cyber-attack simulation does not. In addition, cyber-attack simulation differs from a security assessments since the breach method used may not be from an actual vulnerability, it maybe in policy deficiencies or human-error. While in a table-top exercise a rehearsal of what your organization will do in the case of an emergency is conducted, but in a cyber-attack simulation it replicates the actions of an attacker.

SecurityOrb.com had the opportunity to interview Marcus j. Carey, the founder of vThreat, a cyberattack simulation start-up that offers its cyberattack simulation as a software-as-a service (SaaS) application. Carey stated, “Vthreat offers its service on-demand, you can conduct an attack simulation anytime. You do not have to wait annually or quarterly as with some of the other services.”

vThreat has a free tier as well as paid tier delivery for its cyber-attack simulation service. One key attribute of vThreat’s cyber-attack simulation offering pertains to the non-use of software agents on organizational assets, instead they make use of the cloud or java-script snippets.

Listen to the full interview with vThreat Founder, Marcus J. Carey here.

If you will like to meet Marcus to obtain more information about his Cyber-Attack Simulation service, he will be attending the upcoming ShmooCon 2016 on Jan. 15 to 17 at the Washington Hilton Hotel in Washington, DC.

 

My Security Thoughts – Your Cell Phone

/0 Comments/in , /by

Melvin: I know that I am old. I remember when you had to be at home for someone to reach you by phone. I remember when you paid for everything with either cash or check, well you had credit cards but it was mostly cash or checks. Oh yeah airline tickets were paper. For that matter all of your documents were paper.

Now thanks to advances in technology we can put all of that on your cell phone. Yes every piece of identifying documentation can go on your phone. All of your financial transactions can be done via your phone within the next 5 years. Think of it the police pull you over for speeding you bring up your license and registration on the phone and hand it to them to scan into the system. They may even be able to bill you right there on the spot and you pay with a tap on the screen.

You can even unlock your doors at home with your phone. Soon all cars will be able to be unlocked and started via your phone. I am sure that I have left things out that can be done with your phone besides make calls, search the web, and post selfies. Which leads to why am I discussing cell phones on this forum.

I feel that these phones are one of the greatest threats to personal security. The phones are growing to be the center of our lives. They will soon contain every aspect of our digital lives. It is a wave that will turn into a tsunami of unstoppable ingress into everyone’s lives.

Now there are some that might say that the average wallet of an American contained their lives. Not only might there be a driver’s license but you could also find a social security card, health insurance card, credit cards, ATM cards, and possibly phone numbers.

As a side note, are there any out there like me that cannot remember phone numbers now that we have the contact lists on our phones. I search by name and never see the phone number. Does that mean that the smart phone is making me dumber? Probably.

Okay back to the discussion, even with the wallet and lets not discuss a woman’s purse, I still feel that there is more stored on a smart phone then can ever be placed into a similar physical space carried on one’s person.

Thoughts?

 

Brian: You are correct on a number of issues – first, I can’t remember anyone’s phone number, or birthday, or E-mail – all of that is in the phone – heck, it’s to the point that I don’t recognize the number unless the phone tells me who it is that is calling – I have better things to dedicate those neurons to. I figure whomever is calling will leave a message, and I’ll listen in – if I can… And answer if it’s someone I want to talk to. One of the advantages of the old answering machines on an old land-line, well that and the fact that they worked without electricity (they used something like 6 volts over the old copper wire) – now that everything is a packet – my land line sends via Ethernet – so if power is out, the hub is down, or overloaded. Phone is useless when power is out today… Remember 9/11 and all of the busy-signals? Expect that to be the norm in any emergency these days… Unless you have a satellite phone – then you may be able to reach someone that is outside of the area affected… But your cell will be as useful as a rock.

I remember being in a cave (Carlsbad) and some idiot in the group pulled out his cell phone to call his wife… Are people really that dumb? Um, you’re underground, I think the area was like 164 feet underground, your cell phone can barely go through the walls of your house, and you want to call your wife? Although these days they probably have an access point that goes over the wire up to the surface – but they didn’t back then… Of course, I was the guy on the tour that wore a glow in the dark tee-shirt, so when they tried to show was “real darkness” looks like, I could see people and they were all looking at ME… Then I looked down and saw my little bats glowing on my shirt… D’uh…

Anyway, as far as security – encrypt, encrypt, encrypt… (And I mean that literally, if you can – multiple encryption methods.) I’ve taken to running hashes on passphrases so if someone tries to force me to reveal the password, I can honestly say that I don’t know the password. True – I know what will yield a hash. And while the law can force you to yield a password, they cannot force you to take an action, or reveal a procedure. (That’s to protect you from being forced to commit a crime, then be charged for it, so if you have to call a program to generate a hash from the passphrase – that you then cut and paste the 128 character string generated to decrypt your drive, you cannot be forced to tell them that process – and if your hash is then simply ROT-64 encoded, hey – it’s not your fault they can’t get that pass-phrase to work.) Anyway… My passphrases all a miss-spelled phrase, including numbers, and keyboard positions so I may know the pattern, but not the keys. So I literally cannot “write down” the pass-phrase doesn’t matter how much I want to I can’t do it. Now that’s a bit much for a cell phone – but we’re getting close to needing something like that… Scan your fingerprint, scan your IRIS, and it’s in standby so you have to enter a swipe-pattern…

Anyway – treat your phone like you do your IRS software – I’m assuming that you have all of that data multiply encrypted as well. And if you have a phone for your family, you should be establishing encrypted communication tunnels. If it’s good for the military – it’s good for you… I’ve always lived by the phrase, “just because you’re paranoid, doesn’t mean someone isn’t out to get you”… Heck, I have Tor on my phone, and recently added a VPN… Yes, it’s slow – so I’ll use the VPN most of the time, but some searches, I want to keep to myself – that is what Tor is for.. That’s why I have USB sticks that boot up computer systems at home – no traces… Yeah, you can do forensics all you want – good luck with that… The only down side to all of the above is I had a drive die that wasn’t being backed up – couldn’t even get one of the latest forensic tools to see the partition on the drive… Can’t read something that you can’t see…

I’ve been looking for tools like peer-block for my phone – the CPU is fast enough to monitor comms, so there should be tools to do it…

 

Melvin: I agree with you that encryption is the key. You have no other option to protect your data on your electronic device. I just assume that if they want to get into my gear then they probably can with enough time and effort. I also assume that strong encryption will protect my data.

Now I don’t believe that they can force you to reveal your password. I believe that you cannot self incriminate. You can be forced to use your finger to unlock your phone if you enable that feature. I, myself, do not have that feature enabled.

I know that I am not as hardcore as Brian but I have started using a VPN application even when at home. It also gives me a certain level of comfort to use my laptop at Starbucks. Though I still will not do any online shopping or banking.

This conversation has made me think of other things that people are using their phones to accomplish. One of those is the use of the phone as a key. Drone Mobile and Viper are two vendors that have products that will allow you to unlock, start, and track your vehicle. Tesla has an app for iPhone that allows remote start. It just seems to me that if you lose your phone or it is stolen your car, data, and electronic wallet could be lost to you.

Sad part is how many people know their master passwords so that they can start to get back to normal. How many people backup their phones so that they can restore to a new phone?

I am seeing an avoidable trend of using the smart phone to control or store every aspect of a person’s life. What will be the outcome when people ‘s phones are compromised? I don’t even want to guess.

 

Tony: Hmm, I would separate personal security into two categories – 1) physical security and 2) information security.

Arguably, phones do not do hurt are physical security in any way. My wallet is still more important than my phone to the average criminal. In fact, I would be safer if the criminal knew I only had a phone and no wallet; that way the reward or payoff would be much less certain for the criminal…no immediate cash or credit card payoff. The phone provides a much greater physical barrier to information than my wallet…access barriers are a big deterrent to the criminal element. +1 phones

Information security is a much bigger issue and certainly not limited to phones, but I agree, it is hard to argue against the information security risk presented by phones, they contain a lot of information. Basically, it is the price you pay for having all your data at your finger-tips…there is no *free* lunch. However, I think the risk is greatly mitigated by biometric access, lock screens and other mechanisms like that. I mean, who does not password protect their phone these days? What phone OS does not provide a remote security-wipe feature? This is common stuff and it will probably get better with features that track your location or your biometrics (i.e., how far is the phone from your Fitbit?) I envision lots of cool stuff in the future with respect to securing access to the phone. Bottomline, it is pretty good now and going to get much better in the future. +1 phones

Ok, I cannot help but laugh a little about smartphones making people dumber. Well, if access to information makes you dumber than…yeah I guess it does. The whole notion of attaching a number to a person is a bit wonky anyway. The goal is to communicate with the other person…not to remember numbers? The phone just provides access to a variety of mechanisms to communicate with the other person. The “number” is a detail that should not be so prominent/important. Plus, numbers just do not scale well and is definitely a very limited abstraction for “communication”. I mean c’mon…Captain Kirk probably does not know Spock’s or Scotty’s number…oh…wait…1-ENT-ERP-RISE!

Comments?