Primarily this role involves implementing, maintaining, monitoring, reporting off and supporting client firewall and related network security infrastructure.

Experience
Minimum of 2 years applicable experience

Skills:
Applicant should have good TCP/IP understanding and strong routing knowledge.
Applicant should have good network/application troubelshooting skills.
Firewall experience is necessary specifically on technologies such as Check Point,Cisco ASA, Fortigate , Juniper and the like .
Knowledge and experience of clustering of these technologies in addition with  IPS,IDS/VPN functionality/deployment and understanding will secure.
Switching/trunking/vlan knowledge, Linux/Unix knowledge and experience will make the applicant more attractive.

Certifications/Degree’s/Diploma’s (all beneficial not ultimately required if applicant has experience or skills outlined above)
University Degree
CCSA/CCSE
CCNA/CCNA Security
CISSP
CCSP
CEH

Location : Johannesburg , South Africa
Remuneration: Negotiable depending on calibre of applicant

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

A malware-laden flash drive inserted in a laptop at a U.S. military base in the Middle East in 2008 led to the “most significant breach of” the nation’s military computers ever, according to a new magazine article by a top defense official.

The malware uploaded itself to the U.S. Central Command network and spread undetected on classified and unclassified computers creating a “digital beachhead, from which data could be transferred to servers under foreign control,” William J. Lynn III, U.S. deputy secretary of defense, wrote in his essay in the September/October issue of Foreign Affairs. “It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” he wrote.

This previously classified incident was the most significant breach of U.S. military computers ever, and it served as an important wake-up call. The Pentagon’s operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyberdefense strategy.” Lynn doesn’t say who was believed to be responsible for the breach, but says the malicious code on the flash drive was placed there by a “foreign intelligence agency.” In his essay, entitled “Defending a New Domain: The Pentagon’s Cyberstrategy,” (registration required for full article) Lynn estimates that more than 100 foreign intelligence organizations are trying to break into U.S. networks and said some governments have the ability to disrupt parts of the U.S. information infrastructure. Military and civilian networks in the U.S. are scanned millions of times each day and thousands of files, including weapons blueprints, operations plans, and surveillance data, have been stolen by adversaries, he says. The military’s global communications backbone alone covers 15,000 networks and 7 million computing devices in dozens of countries, according to Lynn. “Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks that control critical civilian infrastructure. Computer-induced failures of U.S. power grids, transportation networks, or financial systems could cause massive physical damage and economic disruption,” he wrote.

Meanwhile, Lynn warns of the threat from products shipped to the U.S. being tampered with and said counterfeit hardware has been detected in systems purchased by the Defense Department. “Rogue code, including so-called logic bombs, which cause sudden malfunctions, can be inserted into software as it is being developed. As for hardware, remotely operated ‘kill switches’ and hidden ‘backdoors’ can be written into the computer chips used by the military, allowing outside actors to manipulate the systems from afar,” he wrote. “The risk of compromise in the manufacturing process is very real and is perhaps the least understood cyberthreat. Tampering is almost impossible to detect and even harder to eradicate.” To deal with these varied and mounting threats, the Pentagon recognizes cyberspace as a “new domain of warfare,” that is just as critical to military operations as “land, sea, air, and space,” Lynn wrote. The Defense Department needs a proper organizational structure to handle threats in cyberspace, needs to be able to respond quickly, and must ensure that civilian infrastructure is secure, he said. The Pentagon also must hire more trained cybersecurity professionals and innovate faster. “Cyberattacks offer a means for potential adversaries to overcome overwhelming U.S. advantages in conventional military power and to do so in ways that are instantaneous and exceedingly hard to trace. Such attacks may not cause the mass casualties of a nuclear strike, but they could paralyze U.S. society all the same,” he wrote. “In the long run, hackers’ systematic penetration of U.S. universities and businesses could rob the United States of its intellectual property and competitive edge in the global economy.”

http://news.cnet.com/8301-27080_3-20014732-245.htm

Quantum Crypto

Date: 8 July 2010
Time: 18:40 (6:30pm)
Venue: Elephant Room, M Block, UKZN Westville Campus
Speaker: Abdul Mirza
Title: “Quantum Cryptography: In Principle and Practice”

Hope to see you all there.

Take note…get skilled & benefit!

Cheers

Craig

———————————————————————-

Information security is becoming more mainstream in business organizations – and so are the new job opportunities for security pros.

Product/service implementation, forensics and audit functions are among the growth areas, according to the latest IT Skills Demand and Pay Trends Report from Foote Partners, an independent IT analyst firm focusing on IT workforce demand and compensation trends.

“Security is becoming more mainstream in organizations, with a focus on an enabler’s role,” says David Foote, CEO and Chief Research Officer. The focus is shifting from just ‘hands-on’ technical security skills to an integrated business approach of security and strategic risk management. New jobs are opening up that are not deeply technical, but more oriented to business issues in functional areas such as marketing, finance, HR, operations and in product development, where security is a concern for the customer.

Top Certifications

With such a clear shift from focus on operational security to strategic areas involving business issues of risk management, Foote says, the trend is evident in the current list of hot certifications. Given the marketplace’s demands, these professional certifications are earning the highest premium pay for pros:

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM);
• Certified Information Systems Security Professional (CISSP);
• Information Systems Security Engineering Professional (CISSP/ ISSEP);
• Information Systems Security Management Professional (CISSP/ ISSMP);
• Check Point Certified Security Expert (CCSE);
• Check Point Certified Master Architect (CCMA);
• CISCO Certified Security Professional (CCSP);
• GIAC Secure Software Programmer (GSSP);
• GIAC Certified Intrusion Analyst (GCIA).

2010 Trends

The biggest differences between now and Foote’s 4th quarter 2009 report are an increase in adoption of security managed services, including wireless and voice over IP, and opening of more security jobs in strategic and business functions. These jobs are more oriented to risk management and assessment of new products and services, including cloud computing.

That’s not to say that technical skills are not still a huge concern for employers, Foote says. “But the danger is that technology doesn’t drive strategy, and it won’t as far as enterprise security is concerned going forward.”

Today, information security careers benefit from companies looking to acquire a wider mix of both technical and business skills, as well as to hire and retain hybrid business and technology security professionals across several security and business domains. But since speed and predictability of execution are critical, organizations are also seeking in-demand skills from contractors and consultants, looking at managed security services.

Employers also are thinking beyond the type of threats and attacks they face, investing time in understanding the impact of these threats on existing business assets and the value of information to the organization, its products, customers and revenues.

Among the key drivers pushing the demand for information security workforce, Foote says:

• Increased cybersecurity vulnerabilities;
• Accelerating demand for cloud computing, managed services;
• Increased security and privacy regulation and legal risks for non-compliance;
• Electronic medical record systems mandate;
• Retirement ‘bubble” — new pool of qualified candidates to fill gaps left by increasing number of security professionals leaving the workforce.

Hot Skills and Competencies

Foote tracks and updates the skills and competencies hot lists quarterly. Among the top security skills continuing to attract the most interest from employers:

• Intrusion detection and prevention;
• Forensic analysis;
• Identity & access management;
• Compliance;
• Threat and vulnerability assessment;
• Encryption;
• Data loss prevention;
• Penetration testing;
• Incident analysis and handling;
• Biometrics

Foote sees an unprecedented high volatility in the demand for IT skills, including security, as companies accelerate the shift to new IT service delivery and sourcing models. The new emphasis on strategic enterprise security is redistributing IT security resources and the skills and jobs required in the future, he says. For example, the managed security services market is expected to exceed $6 billion in revenues by next year, with wireless security services growing 27% per year through 2014. The services industries therefore, will be looking for talent to achieve this growth.

Among the hottest competencies in the marketplace:

• Forensics;
• Identity and access management;
• Intrusion detection and prevention;
• Penetration testing;
• Threat/vulnerability assessment management;
• Litigation support (e-discovery);
• Disk and file level encryption solutions;
• Data loss prevention;
• Application security;
• Governance, compliance & audit.

• Provides framework for security assessments
• Initiate Programmes and Projects for bettering the Information Security Infrastructure and/or division where necessary.
• Initiate discussions and meetings where specific subjects of Information Security need to be discussed within IT & the MCA business.

2.    Assess

• Performing analysis on security requirements
• Performing analysis on possible deviations from current policies, standards, procedures, processes and architectures
• Seeking advice on security legislation, assurance and other legal imperatives applicable to MCA
• Conduct approved investigations, combining knowledge across the IT platform to ensure that all possible areas are considered.
• Assess Information Security related problems when they occur and determine actions necessary to rectify those problems.

Experience & Qualifications required

7 years IT exp.

4 Years Information Security experience

CISSP certification

Relevant Tertiary qualification (minimal Diploma)

THIS POSITION IS TARGETING AFRICAN CANDIDATES ONLY

Are you interested in this dynamic and challenging position?  Please send your CV to Ntombiningi Ngubo at nngubo@multichoice.co.za

Experience

• Minimum of four to seven years applicable experience
• Experience in information security

Role Responsibilities

• Act as a security services consultant to projects, work requests, proof of concept initiatives, and incidents for the business units/GSO, allocated to them.
• Play a line management function to 3-6 employees
• Coordinate, manage and successfully deliver information security solutions
• Define additional information security service requirements in a capacity as a security consultant
• Analyse internal and external projects to determine risk factors and provide mitigating controls and/or recommendations for adoption.
• Assist in the management of incidents that affect or have a bearing on IT Security/ fraud
• Enforce IT governance and regulatory compliance on projects and initiatives
• Align information security technology recommendations and controls to the published policies and standards.
• Build and maintain good quality relationships with internal and external services suppliers, customers and colleagues.

Proactively protect and project a positive image of the GSO department as well as the bank in all business dealings.

For a full job spec or to apply for the post – please email Kesh.Pillay@standardbank.co.za

Craig Rosewarne  has a live discussion with Jeremy Maggs on eNews around cyber crime activity facing major banks in South Africa.

Craig Rosewarne, founder of the Information Security Group of Africa (www.isgafrica.org ) & senior manager, Risk Advisory, Deloitte & Touche, has a discussion on CNBC around typical cyber criminal activity that a major event attracts to a country – in this case the FIFA 2010 world cup coming to South Africa.

Durban ISG Chapter

Durban Meeting: 27 May 2010

Due to all the various security conferences this month, our monthly meeting is moved to 27 May 2010 this month. We will be back in the Elephant Room at UKZN Westville (M Block).
Title: Metadata: Have you sprung a leak?
Speaker: Sean Thomas
Date: 27 May 2010
Time: 18:30
Venue: Elephant Room, M Block.

If you have any problems or need help getting to the venue, email me on ralfepoisson@gmail.com .