Resource Library

For several years, most news articles about a computer, network, or Internet-based compromise have mentioned the phrase "zero day exploit" or "zero day attack," but rarely do these articles define what this is. A zero day exploit is any attack that was previously unknown to the target or security experts in general. Many believe that the term refers to attacks that were just released into the wild or developed by hackers in the current calendar day. This is generally not the case. The "zero day" component of the term refers to the lack of prior knowledge about the attack, highlighting the idea that the victim has zero day's notice of an attack. The main feature of a zero day attack is that since it is an unknown attack, there are no specific defenses or filters for it. Thus, a wide number of targets are vulnerable to the exploit.

The novel coronavirus has changed many aspects of life for millions of people globally, including where they work. With the increase in remote work, it is important for both individuals and companies to be aware of the added cybersecurity risks. Join us as Paula shares real world examples and tips on how we all can be better prepared.

For women in IT, advancing your career can be a challenge in itself. In the Global Knowledge 2019 IT Skills and Salary Report, only eight percent of senior- and executive-level IT professionals are women. We have pulled data from our research that sheds light on the job roles, skills, challenges, certifications and experience of women in tech who have progressed to the highest levels of an organization.

Does your company have a risk management program? In this hour-long webinar, cybersecurity expert and Global Knowledge instructor David Willson will explain why you should. In light of recent breaches at Target, Nieman Marcus, Michaels, Yahoo, and a growing list of others, we're learning that FBI Director Mueller was right when he said getting breached is not a matter of if, but when. While having a risk management program may not prevent a breach, it can certainly lower the risk of one, ensure compliance, and reduce or even eliminate your liability if a breach does occur, enabling you to recover quickly and to protect your reputation. Beyond explaining the importance of a risk management program, David will tell you how to implement one, including conducting a basic risk assessment, policies you'll need, and training your workforce.

Watch this recorded webinar as CompTIA’s chief technology evangelist and Global Knowledge’s federal sales director discuss how pentesting has morphed.

This year, CISSP-certified IT professionals have the third highest global salary ($116,573) and the 10th highest in North America ($123,815). This is nothing new—CISSP has ranked in the top 10 in the U.S. each year since 2015, even coming in first in 2018. CISSP is a top-paying certification year after year. But how has it remained so relevant and valuable?

One of the main weapons of organized crime on the Internet is the use of junk email, also called spam. Hackers use spam for a number of purposes such as selling counterfeit products (medicines, particularly) to steal your personal or financial information, or to infect your computer with spyware and malware. This malicious software can then hijack your computer and your Internet connection to help propagate itself.

According to Cisco marketing, Dynamic Multipoint VPN (DMVPN) “will lower capital and operation expenses, simplifies branch communications, reduces deployment complexity, and improves business resiliency.” Okay. But what is it, really, and why should we care?

The bad guys just keep getting better! No matter how much patching and tweaking we do, the bad guys' constantly changing tactics and techniques continue harming our networks, stealing and damaging data, and just generally screw things up. What motivates someone to do such terrible things in the first place? How have these hackers changed and improved? What kinds of attacks are popular now and why? In this hour-long webinar, security expert, former hacker and Global Knowledge instructor Phillip D. Shade will provide insight into understanding the latest hacking techniques, what the current threat landscape looks like, and suggested countermeasures to mitigate threats. He will include specific examples of the current threat landscape, including data mining, social engineering cyber threat terminology, man-in-the- middle attacks and Denial of Service (DoS) attacks.

Networks are under attack as hackers try to access systems to compromise or steal sensitive data and information. Understand the threats posed by malware, ransomware and social engineering.

Driven by recent increases in cryptocurrency values, Cryptojacking is poised to be the center of conversation in 2018. It’s one of the latest innovations in hacking in which a victim’s computer is enlisted to mine cryptocurrency. Unlike ransomware, this attack steals processor cycles in an attempt to mine Monero and other currencies, typically without the user’s knowledge or consent. Watch this timely 1-hour webinar where we will discuss – A quick overview of cryptocurrencies. A walk-through of a typical attack. The economics of the attackers. Possible mitigation strategies to keep you and your organization safe. With miners trying to take advantage of the rising cryptocurrency industry, join us as we investigate this cyber-crime and learn how you can protect yourself and your organization. View our complete Cybersecurity curriculum for courses that help you build fundamental to advanced cybersecurity techniques, prepare for top industry-recognized certifications or master product-specific skills.

Cloud and virtualization technologies have spawned a whole ecosystem of applications. But like any powerful technology, they can be used for bad as well as good. This session reviews the top 10 most common mistakes made in cloud and virtualization security.

Cyber resilience is becoming a bigger issue for all organizations. But what does “good cyber resilience” look like? And how do you get there?

There are some common misconceptions on the part of some of my students as to how VPN sessions are established from either a remote location or remote user to the ASA firewall. In particular, a “gray area” seems to be when the attributes from the tunnel group are app...

While the last few years have brought about many great advances in IT and network technology security and risk management have a critical point. There is a host of new concerns the IT security manager must be concerned with, including social networking, mobile, cloud, and information sharing. This has unleashed a new wave of change and potential risk. Risk management is required to deal with these emerging technologies and should provide the rationale for all information security activities within the organization. You can think of risk management as the process of ensuring that the impact of threats and exploited vulnerabilities is within acceptable limits at an acceptable cost. Risk management requires the use of countermeasures. Countermeasures can include any process that serves to reduce threats or vulnerabilities.

Occasionally as I'm teaching a Cisco training class, I get an idea for a blog post and it happened again this week. The Securing Networks with ASA Fundamentals curriculum is mostly based on the Adaptive Security Device Manager (ASDM). While the class describes the us...

A brief introduction to the basics of penetration testing.

The responsibility for securing organizational data has spread beyond the traditional IT professional. While there are more diverse security solutions, there are more diverse and sophisticated security threats. Security awareness and training is essential for everyone within an organization. Learn how Cisco has continued to evolve its security solutions and training.

The VMware NSX platform combines networking and security functionality directly in the hypervisor and it interoperable with a vast majority of VMware’s products. The platform provides a set of logical networking elements and services, using logical switching, routing, load balancing, VPN, firewall, etc. This product decouples network functionality from the physical devices.

Explore how IT decision-makers’ training views have changed since we first released our annual IT Skills and Salary Report 12 years ago. Once viewed as an expense, IT leadership now sees professional development as an investment. Even with shrinking budgets and a recent rise in skills gaps, the value of training is currently at an all-time high.

The Internet is not a safe place. We see that more than ever with the security breaches of businesses and individuals in the news on a daily basis. As Internet citizens, we need to take our protection into our own hands, as obviously most online services are not doing their best to protect us.

Many employees are not as well-versed in their company’s security policy as they should be. This may result in workers performing tasks that might seem innocent or benign on the surface, but which actually put the organization at risk of a security breach. Understanding what you are doing (as an employee) or what your users are doing (as a boss or manager), can help you work toward a viable resolution to these situations. In most cases, user behavior changes as well as implementation of new technological solutions can curb exposure to risk and increase security policy compliance.

Dell SonicWALL's CSSA (Certified SonicWALL Security Administrator) exam is an open book, online certification exam that certifies a student’s understanding of the SonicOS Unified Threat Management (UTM) operating system. The exam tests a student’s network security knowledge, and their ability to use the GUI menu structure for configuration of standard network security scenarios.

Global Knowledge subject matter experts predict the top trends for 2020 in IT training, Microsoft, Cisco, AWS, cybersecurity and more.

Managers are in dire need of cybersecurity professionals with specific skills. If you’re looking to advance your career, or transfer into the cyber field, now is the time to get certified.

The Cyber Risk landscape is rapidly evolving leaving Cybersecurity professionals dazzled and lost in prioritizing their cybersecurity needs. Limited budget and low cyber resilience lead organizations in adopting re-active defensive measures. In this webinar, we will go through a methodological approach for assessing top cyber-risks a typical enterprise might encounter. And will address different scenarios for mitigating, transferring, or avoiding encountered risks.  

These technology job roles are proven to be essential during a crisis as enterprises scramble to change strategies and meet goals. The skills demonstrated by IT professionals in these 10 positions can make the difference between business success and failure, especially during a recession.

Rather than looking back over the past year, organizations and individuals need to start assessing cybersecurity threats that lie ahead in the New Year. While there is always the chance for a new threat or risk to be unearthed this year, often the risks of the New Year are predicable from the trends of attacks from the previous year. However, other factors need to be considered as well, including new technologies, new software and applications, mobility, etc. Here are my predictions of the areas to watch for new security threats. When it comes to cybersecurity, we have a lot to look out for, take precautions against and be paranoid about.

National Cybersecurity Awareness Month has grown into a global effort, with both individuals and organizations taking part — and for good reason.

Attackers use a method called scanning before they attack a network. Often attackers use automated tools such as network/host scanners and war dialers to locate systems and attempt to discover vulnerabilities.

Once an attacker gains access to the target system, the attacker can choose to use both the system and its resources and further use the system as a launch pad to scan and exploit other systems, or he can keep a low profile and continue exploiting the system.

An attacker needs to destroy evidence of his presence and activities for several reasons like being able to maintain access and evade detection (and the resulting punishment). Erasing evidence of a compromise is a requirement for any attacker who wants to remain obscure and evade trace back. This usually starts with erasing the contaminated logins and any possible error messages that may have been generated from the attack process.

From the largest to the smallest company, the inescapable truth is that with the click of a few keys or even a simple phone call, intruders can bypass all of your carefully constructed security. According to the Ponemon Institute's 2015 Cost of Data Breach Study, the average total cost of a data breach increased from $3.52 million to $3.79 million in 2014. While a number of major data breaches have made the news, often overlooked are the events and decisions that set the stage for the breach to occur. In this hour-long webinar, Global Knowledge instructor Phill Shade will walk through a number of key areas in which today's decisions set the stage for tomorrow's breach.

There’s a lot of pressure on IT decision-makers to fill the cybersecurity holes in their organization. The cyber skills shortage is palpable and growing. Cybersecurity is the most challenging IT hiring area in the world. Those of you expecting to hire your way out of your cyber skills gaps, we have some bad news for you—it’s not viable.

The Information Technology (IT) profession is a pretty exciting place to be, right now. We’re seeing an unprecedented influx of new technologies and approaches, including AI, robotics, automation, and next-level networking. More importantly, today’s IT workers have become the guardians of identity and curators of information. Given the increased movement to remote working the IT community must be conscious their teams skillset in the midst of increasing and complex cybersecurity threats designed to hit organizations where it hurts...their people. If you’re curious about what it’s like to be part of the IT profession in quickly changing virtual world, then watch CompTIA’s Chief Technology Evangelist, Dr. James Stanger, to learn more. James discusses the pillars of IT that help create our (post)-modern world, and dispel a few myths about the cybersecurity profession. If you’re interested in learning more about the different cybersecurity pathways available to you, and how you can become a unique contributor to the cybersecurity profession, then we welcome you.

When it comes to developing new, innovative ways and tools for breaching security, the attackers never stay idle – and so shouldn’t we when it comes to counteracting! Through the past few years, their inventiveness caused substantial damage in the area of supply chain attacks. During this webinar, Paula will demonstrate techniques of using the supply chain method and show tactics used today by cyber-criminals that allow them to deliver it and what are the prevention mechanisms to avoid being attacked by the newest innovations! Bring some coffee before attending!

As IT departments struggle with skills gaps and businesses attempt to recovery economically from the COVID-19 pandemic, these 10 IT skills are essential to drive success. Job roles in these areas pay well, but decision-makers are struggling to find qualified candidates. If you’re looking to make an IT skills investment or start a new career path this year, these are the areas to consider.

You are a problem. You are a risk to your employer. The actions you take and the activities you perform at work, online, and even in your personal life put your employer at risk. You need to know how you are a security risk to the organization and what you can do to reduce or eliminate those risks. In this paper, I discuss ten common risky behaviors that typical workers engage in and what you can do to avoid being the weakest link in your company.

Technology is a wonderful thing, but it comes with a price: cybersecurity. Free Web browsers, social media sites and other digital services collect personal information like email addresses, phone numbers, place of employment, buying habits, mortgage data that is shared with advertisers. The availability of this information leaves us vulnerable to hackers. This white paper can help you learn more about what kind of personal data is typically collected, and how to secure your information online.

In the digital age, people and intellectual property have supplanted physical assets as the most important criteria for determining the value of an organization. It is the employees who develop the next big product or improve the practices, processes, services and internal culture that add significant value to an organization.

Increased interconnectivity via machine-to-machine (M2M) communications, the IoE, and smart systems holds profound implications for how business trends continue to evolve. In terms of M2M growth, key developments in security will be essential, from the design and manufacture of devices to more robust cloud security and ensuring the integrity of wireless data transmissions. Without these safeguards in place, organizations and industries that rely on M2M will continue to place themselves at risk.

In this webinar, the second of two based on our Cybersecurity Foundations course, you'll build on what you learned in the first of the series, Protecting Your Network with Authentication and Cryptography.

Risk is something we deal with on a daily basis. Living in New Jersey and having the occasional storm, I’ve recently performed my own risk assessment determining the value of certain assets and activities and made a decision on what I was willing to spend to reduce risk to what I perceived as an acceptable level. My management of risk was a rather simple case. Sure, in my revised business continuity plan for my home, I’ll make sure that I have more D cell batteries, have my garage door adjusted so it opens manually again, more food I can heat on a stove and that doesn’t rely on refrigeration, and finally I’ll consider a whole house gas generator that uses natural gas, which has always been available to power critical systems like the sump pump in my basement. What if, however, I was a really large business? One with lots of components and interdependencies that require a tight integration in order to succeed? How and where can a large volume of information necessary to management, business continuity, and disaster recovery be correlated and communicated to those individuals who, because of their roles and responsibilities, need to make the critical decisions regarding the management of risk?

Has your company implemented "reasonable security"? If so, you should be able to avoid lawsuits and fines after a breach. But what is "reasonable security," and is there a definition?

In this webinar, the first of two based on our Cybersecurity Foundations course, you will examine the following topics: verifying users and what they can access, ways a user can be validated to computer and network resources, how cryptography is used to protect data, symmetric and asymmetric encryption and hashes.

Pen testers beware. Whether you believe you know and understand all the potential legal issues, read on. First of all, a penetration test or “pen test” is a method that’s used to evaluate the security and/or vulnerabilities in a network. This test is normally conducted externally wherein the tester is attempting to hack a network or computer. Breaking into computers and networks is illegal under the Computer Fraud and Abuse Act (CFAA), and depending on your activities and other factors, other federal laws and state laws may be broken.

Using Palo Alto Networks, PAN-OS, enterprises can build an IT Security Platform capable of delivering protection against all stages of the Cyber-Attack Lifecycle. From Reconnaissance to Act on Objective, the PAN-OS Single-Pass Parallel Processing (SP3) engine combines efficient throughput with maximum data protection. This recorded webinar will describe how the SP3 Architecture can increase network traffic visibility and enable you to control your environment.

Using Palo Alto Networks, PAN-OS, enterprises can build an IT Security Platform capable of delivering protection against all stages of the Cyber-Attack Lifecycle. From Reconnaissance to Act on Objective, the PAN-OS Single-Pass Parallel Processing (SP3) engine combines efficient throughput with maximum data protection. This recorded webinar will describe how the SP3 Architecture can increase network traffic visibility and enable you to control your environment. View the slide deck>

It has been over three years since the last revision of the CompTIA Security+ exam back on May 1, 2014. In fall of 2017, the latest version, SY0-501, was released. This revamped exam retains the same six domains as established in SY0-401, which emphasizes security in three main areas: application, data, and host.

The network forensics market is set to dramatically expand as increasing numbers of organizations become the victims of malware attacks. Limiting the damage from these incursions, and avoiding potentially crippling losses, are key motivators for businesses of any size. And network forensics offers a powerful set of tools to help companies achieve those goals.

In this hour-long webinar, security expert and Global Knowledge instructor Phillip D. Shade will provide insight into the emerging network security science of network forensics analysis, a.k.a. security event analysis and reconstruction. Using case studies, you will examine the role of data retention in network forensics analysis, and you will learn about applying forensics analysis techniques to handle application-based attacks, VoIP call interception, and worms, bots, and viruses.

ASA and PIX software version 7.0 introduced the configuration command nat-control which didn’t exist in previous versions of code. Although training course material for both the SNAF (Securing Networks with ASA Fundamentals) and SNAA (Securing Networks with ASA Advan...

While cybersecurity remains the most popular certification category in our IT Skills and Salary Report, foundational-level certifications highlight our list of the most popular IT certifications of 2020. 

According to the Global Knowledge IT Skills and Salary Report, women make up 16% of the tech workforce, and an even smaller percentage (8%) are at the senior or executive level. Here’s an overview of the most popular and most pursued certifications by women in tech.

Organizations are moving strongly toward Bring Your Own Device (BYOD) access, bringing outsourced activities back in-house, and finding ways to make use of the growing amounts of data flowing in from many new sources such as social media. These factors create an increasing shift in required and desired skills showing up in IT departments. Hiring and salary surveys, such as the 2014 IT Skills and Salary Survey from Global Knowledge and Windows IP Pro, TEKsystems' 2014 Annual IT Forecast, Foote Research Group's 2014 IT Skills and Certifications Pay Index, Computerworld's annual Forecast survey, Robert Half Technology Survey, and information from the US Bureau of Labor Statistics, Futurestep, Mondo, GovLoop, and Dice have presented a developing picture of the IT skills that will be in demand in 2014. Here, in survey order, are the top 10 major skills and why they made the list.

The coronavirus pandemic changed how people around the world work and receive skills training. Virtual meeting services saw incredible growth, they also faced new security challenges. As a key Global Knowledge partner, we worked closely with Gary and the Zoom team as they rapidly upgraded their platform to ensure the maximum possible level of safety for all users. However, technology is only as powerful, or safe as the people who use it. So, in this webinar Gary will provide expert (and entertaining!) advice on how to use virtual meetings safely when there is not a Global Knowledge instructor on-hand to help. Joining Gary is Kevin, our CXO: another big personality with a wealth of IT experience and a passion for ensuring our customers receive the best possible experience, every time they connect with Global Knowledge.

ISACA’s role is to help those in the field of cybersecurity get greater utilization out of the people already in the fold. This means enabling IT professionals to take a leadership role and increase their depth of knowledge. 

Should an organization that is the victim of an intentional nefarious hacking activity resort to retaliation? It’s a question that has been gathering a lot of attention. Retaliating against bad actors might seem appealing, but what are the legal ramifications? In this article, find out if there is a legal precedent to "hacking back."

Times are changing. Attacks are becoming much more sophisticated and hackers are exploiting human vulnerabilities to gain access to enterprise networks and private information. Employees and end users want to help protect your company's sensitive data, we just need to motivate them as to why they should care. By educating your employees on security best practices and current human vulnerabilities, you can take a step forward to ensuring you're not a part of the many organizations that are breached.

Have you ever Googled yourself to see how much of your personal information is online? In many cases it can be pretty scary and include things like your home address, phone number, likes, dislikes, etc. One young man searched for himself and found all of his banking information online. In that case it turned out to be a mistake by a bank employee, exposing the banking information of 86,000 customers.

Have you been afraid to implement PowerShell in your environment because of security fears? The reality of PowerShell security doesn’t always match the perception. When compared to other scripting languages, PowerShell is actually more secure by default.

The goal of risk management is to reduce risk down to an acceptable or tolerable level. Understand countermeasures, safeguards, and security controls that can be selected to eliminate or reduce risk.

An incident is an event that could lead to loss of, or disruption to, an organization's operations, services or functions. Understand how an incident response team prepares, plans, and responds to a security breach.

For every organization, effective cybersecurity is reliant on a careful deployment of technology, processes and people. The Global Knowledge cybersecurity perspective features a three-tiered organizational matrix, ranging from foundational to expert skills, coupled with eight functional specializations that encompass the features of a successful cybersecurity organization.

Digital transformation has bred equal parts innovation and risk. And it’s not just the IT department that’s been disrupted—technology is now the most critical risk factor for the entire organization.

Planning for a cyber disaster makes recovering from one much easier. Still, as important as disaster planning is, it's often overlooked or put off until it is too late. In this webinar, Global Knowledge instructor Debbie Dahlin discusses planning for the unexpected -- whether the unexpected means a simple power outage, a network security breach, or a major natural disaster. She'll discuss risk analysis and risk management techniques and explain the importance and process of creating a business continuity plan. Using a fictional company as an example, Debbie will walk you through the disaster planning process a security professional should use, and she will provide simple tricks to reduce your company's downtime before, during, and after a disaster.

A firewall is a security tool which may be a hardware or software solution that is used to filter network traffic. Understand the basic functionality of a firewall where traffic is blocked or allowed to enter the network.

Cybersecurity is a top technology investment area around the globe, with over half of our survey respondents saying it’s a priority. It’s no longer a niche skill—every IT professional needs some cybersecurity knowledge.

Discover why healthcare organizations must take an immediate active role in securing their data. It is much more costly, monetarily as well as with regard to reputation, for an organization to react to a breach rather than plan for it.

Your business has been hacked, leaving you with a persistent bot; now what? In this hour-long webinar, security expert David Willson will discuss ways you can eliminate the threat in an act of self-defense or defense of property. As new laws are explored, old ones amended, and solutions sought, you'll take a look at thinking outside the box to give the good guys the advantage-or at least a fighting chance.

Google takes security to a whole new level thanks to their years of experience as one of the most popular targets on the internet for would-be hackers and denial of service bots. This led Google to build a sophisticated security infrastructure the likes of which few companies or organizations can claim. Google approaches security holistically and involves everything from the physical data centers, to the data pipelines between them, down to the training of each employee that is responsible for managing the infrastructure.

Securing corporate information can be a challenge, considering the numerous technologies and platforms that need to be protected. One technology that definitely helps achieve secure data is public key infrastructure (PKI), which enhances the security of data by using advanced access methods and making sure the authenticity of the data flow is preserved.

Whether you’re a current cyber pro looking to specialize, or new to the industry and looking for direction, Focal Point Academy’s lead cyber workforce expert can give you the insight needed to fast-track a career into today’s most in-demand cyber jobs, like Threat Hunting and Reverse Engineering. We’ll profile the top job roles for the next few years, break down the knowledge, skills, and abilities required in each, and show you how to build a training plan that gets you the job you want. And best of all, we’ll end with a special offer designed to help jump start the process for you and your team. View the slide deck>

Mobile payment systems have solid promise to become the dominant means of financial transactions, but there are some hurdles to overcome. Apple Pay might be the dominant force today, but Google Wallet and others are not far behind. The year 2014 was when digital and mobile payment systems became known to a wide range of the general population, while only techno-enthusiasts were aware of the options in the four to five years prior. Thus, mobile payment systems are not new, but customers and merchants are quickly adopting them now that they have become popular. It still remains your responsibility to thoroughly research any mobile payment option before implementing it. It is your money and you have the burden of ensuring that it has the best protection possible.

Global Knowledge instructor Doug Notini discusses the benefits of our FIREWALL 2.0 - Deploying Cisco ASA Firewall Solutions course.

A feature common to IPSec Virtual Private Network implementations throughout the Cisco product line is Perfect Forward Secrecy (PFS). This optional additional component is now a default supplied configuration setting with the Adaptive Security Device Manager (ASDM) I...

The 2021 revised and updated version CISSP (Certified Information System Security Practitioner) certification exam will be released on May 1, 2021. This new version of the popular CISSP exam will include a modest revision and re-organization of previously included topics, but will integrate a significant number of new topics.

There are two types of networks: those that have been hacked and those that will be. To defend against hacks, cyber professionals can benefit greatly from ethical hacking programs.

This quick reference guide will highlight the various certification tracks to help you find your path through the EC-Council programs.

A Dynamic Multipoint Virtual Private Network (DMVPN) can be used with other networks like Multiprotocol Label Switching (MPLS), but streaming multicast is accomplished quite well using "Default" and "Data" Multicast Distribution Trees (MDTs) with MPLS.