Polyverse raises $2 million to stop cyberattackers in their tracks

Alexander Gounares
Alexander Gounares

A Seattle area startup by the name of Polyverse believes it has developed new technology to stop cyberattackers in their tracks, and it has raised $2 million in fresh funding to protect organizations’ server and cloud applications from end-to-end.

The funding follows a $1 million round last summer. Polyverse is led by Alex Gounares, who previously served as CTO of AOL and corporate vice president at Microsoft. Prior to starting Polyverse, Gounares was CEO of Concurix Corporation, which he sold earlier this year to San Mateo, Calif.-based Strongloop in a deal of undisclosed size.

Kirkland-based Polyverse uses what it calls “moving target defense” to prevent cyberattacks, storing data in an array of containers instead of storing millions of records in a few databases. The company claims this system “completely undermines the economics of cybercrime,” making it so “cyberthieves must endlessly rethink their attack strategies.”

Polyverse also says the the technology — which integrates with existing hardware and software systems — self heals, creating new containers in a method that’s similar to wiping a hard disk.

Containers are continuously created from last known good state and put into use servicing requests,” the company writes in a white paper. “After a brief time (typically five seconds), containers are then garbage collected. Any malware that may have been inserted is thus automatically removed. Among other advantages, this makes it far more difficult for cyberattackers to execute advanced-persistent-threat (APT) attacks.

SpringRock Ventures led the round, with SpringRock’s Kirsten Morbeck noting in a release that “Polyverse has an exceptional team building on a paradigm shift in cybersecurity.” Polyverse employs just under 20 people.

Source: www.geekwire.com/2016/polyverse-raises-2-million-stop-cyberattackers-tracks/

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #200

We are implementing governance standard and control frameworks focused on internal risk analysis. What should we implement?
A: COBIT.
B: ITIL.
C: COSO.
D: FRAP

CBK 1: Security and Risk Management
Source: ThorTeaches.com practice tests

Answer


D: FRAP (Facilitated Risk Analysis Process) analyses one business unit, application or system at a time in a roundtable brainstorm with internal employees. Impact analyzed, Threats and Risks Prioritized.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

My thoughts on the April 15th CISSP curriculum updates.

TL;DR; No need to buy new study materials, the changes are 1% or less, it is just reshuffling of knowledge areas.

With the updates to the CISSP curriculum I figured I would also give my 2 cents on the updates.

The updates are mostly on the organizational side of the curriculum, and not the actual content. It is mostly renaming, reorganizing and domain weight redistribution.

As a teacher I will buy the new books as soon as they are out (they are already pre-ordered).

If I was studying for the CISSP, I probably would not buy anything to replace my old materials, the changes being 1% actual updates or less.

That really goes for any study materials: Books, videos, practice tests, pod casts, anything.
If you have the 2015 versions, buying newer versions would not help you really.

I am going to update my practice tests in early May with questions from some of the actual updates (attribute-based access control, asset management, more IOT, more AI and some standards).

Previous domain name/weight:                   New domain name/weight:

Domain 1:
Security and Risk Management – 16%        Security and Risk Management – 15%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 2:
Asset Security – 10%                                      Asset Security – 10%
Cryptography moved to domain 3 where it should be and smaller format and name changes of content. 0-1% update on actual curriculum.

Domain 3:
Security Engineering – 12%                            Security Architecture and Engineering – 13%
Mostly format and name changes of content. 1-2% update on actual curriculum, mostly IOT and newer technologies, which are already on the exam and Cryptography being moved in from other domains.

Domain 4:
Communications and Network Security – 12%   Communication and Network Security – 14%
Cryptography moved to domain 3 where it should be and smaller format and name changes of content. 0-1% update on actual curriculum.

Domain 5:
Identity and Access Management – 13%         Identity and Access Management (IAM) – 13%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 6:
Security and Assessment Testing – 11%           Security Assessment and Testing – 12%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 7:
Security Operations – 16%                                 Security Operations – 13%
Mostly format and name changes of content. 0-1% update on actual curriculum.

Domain 8:
Software Development Security – 10%              Software Development Security – 10%
Mostly format and name changes of content. 0-1% update on actual curriculum.

If you have any questions about the upcoming changes feel free to post on this thread.

I hope I can help you get certified,

Thor

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Cybercrime Damage Costs $6 Trillion in 2021, Cybersecurity Market Data

Cybersecurity Ventures predicts cybercrime damages will cost the world $6 trillion annually by 2021

Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades.

– Steve Morgan, Editor-In-Chief

Menlo Park, Calif. — Oct. 16, 2017

Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the numbers.

Last year, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.

The cybercrime prediction stands, and over the past year it has been corroborated by hundreds of major media outlets, universities and colleges, senior government officials, associations, industry experts, the largest technology and cybersecurity companies, and cybercrime fighters globally.

The damage cost projections are based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation state sponsored and organized crime gang hacking activities, and a cyber attack surface which will be an order of magnitude greater in 2021 than it is today.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

Source: cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Cybersecurity Workforce Shortage Projected at 1.8 Million by 2022

Cybersecurity Workforce Shortage Projected at 1.8 Million by 2022

The results from the eighth Global Information Security Workforce Study (GISWS) have been released this week. The workforce gap is estimated to be growing, with the projected shortage reaching 1.8 million professionals by 2022. While the gap is not news, the fact that it is growing is of great concern to an already exhausted workforce. The question of how to fill the gap has been answered, and millennials are an integral part of the plan. “For years, we’ve known about the impending shortage of the information security workforce, as evidenced by our study year over year,” said David Shearer, CEO,…

Source: blog.isc2.org/isc2_blog/2017/02/cybersecurity-workforce-gap.html

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Cybersecurity Unemployment Rate Drops To Zero Percent

Cybersecurity Unemployment Rate Drops To Zero Percent

There’s a job for everyone with cybersecurity experience.

– Steve Morgan, Editor-In-Chief

The demand for cybersecurity professionals will increase to approximately 6 million globally by 2019, according to some industry experts cited by the Palo Alto Networks Research Center.

Earlier this year, Cybersecurity Ventures predicted there will be 3.5 million unfilled cybersecurity jobs by 2021, up from an estimate of 1 million by Cisco in 2014.

Almost anyone with cybersecurity experience and realistic salary expectations can find immediate employment. There may be a small percentage of the cyber workforce who are in between jobs, some who have resigned to explore new opportunities, and others who are unrealistic about which positions they qualify for (and the compensation commensurate with their experience) — but there’s an abundance of positions available for cybersecurity pros.

Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015… and the world will spend $1 trillion cumulatively over the next five years from 2017 to 2021 on cybersecurity products and services to combat cybercrime. These figures suggest the cyber employment problem will get worse before it gets better.

We interviewed several industry experts who corroborate the unemployment rate, and share the recruiting challenges that come with it.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

The 13 most valuable IT certifications today

The 13 most valuable IT certifications today

Looking for a leg up in your IT career? IT certifications remain a proven way to quickly gain valuable skills and demonstrate deeper interest and know-how in a domain that will further your career.

Certifications and skills can help boost your salary, set you apart from the competition and help you land promotions in your current role. A survey from Global Knowledge found that 83 percent of IT professionals in the U.S. and Canada hold an IT certification — and in the U.S. the average salary for a certified IT professional is on average $8,400 (or 11.7 percent) higher.

Hiring certified professionals is also beneficial for employers. Of those surveyed, 44 percent of IT decision-makers say certifications result in employees performing work faster, 33 percent said it results in more efficiency when implementing systems and 23 percent say it helps deploy products and services faster with fewer errors.

Here are the 13 trending skills and certifications for tech workers in the new year.

The 13 top-paying certifications of 2018

  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Security Manager (CISM)
  • AWS Certified Solutions Architect – Associate
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Project Management Professional (PMP)
  • Citrix Certified Professional – Virtualization (CCP-V)
  • Citrix Certified Associate – Networking (CCA-N)
  • VMware Certified Professional 6 – Data Center Virtualization (VCP6-DCV)
  • Citrix Certified Associate – Virtualization (CCA-V)
  • ITIL v3 Foundation
  • CompTIA Project +
  • Cisco Certified Network Professional (CCNP) Routing and Switching

Source: www.cio.com/article/2392856/it-skills-training/careers-staffing-12-it-certifications-that-deliver-career-advancement.html

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Scholarships for Women | Center for Cyber Security and Education

IT Scholarships for Women | Center for Cyber Security and Education

(ISC)² WOMEN’S SCHOLARSHIPS NOW OPEN!

Applications will close at 11:59 PM on March 1, 2018

Award notifications will be made the week of April 16th 2018

Scholarships to inspire women to join the ever-growing field of Information Security   

The application period for the (ISC)² Women’s and Raytheon’s Women in Cybersecurity Scholarships is now open. Applications will be accepted for Undergraduate Scholarships beginning February 1, 2018, and Graduate Scholarships on March 1, 2018. For details on the Raytheon’s Women in Cyber Security Scholarship click here

BOTH CENTER WOMEN’S AND RAYTHEON SCHOLARSHIP APPLICANTS: CLICK HERE TO APPLY

You will need to submit an application for the Undergraduate or Graduate Scholarships in order to be considered for one of those awards, applications will NOT be automatically transferred. You will be able to import your Women’s/Raytheon application information and documents directly into the Undergraduate or Graduate application. Just click on the link for the appropriate scholarship and look for the import button on the top right of your dashboard.   Learn how to apply

Source: iamcybersafe.org/scholarships/womens-scholarships/

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

(ISC)² Cybersecurity Workforce Shortage Continues to Grow Worldwide, to 1.8 Million in Five Years

(ISC)² Cybersecurity Workforce Shortage Continues to Grow Worldwide, to 1.8 Million in Five Years

Attracting and Retaining Millennial Workers Vital to Closing the Gap

Clearwater FL, February 13, 2017 — According to new research from the Center for Cyber Safety and Education™ (the Center) — part of its eighth Global Information Security Workforce Study (GISWS) – sponsored by (ISC)²® and Booz Allen Hamilton, a serious talent shortage looms in the information security workforce. The survey and analysis, which includes feedback from over 19,000 information security professionals worldwide, indicates that employers must look to millennials to fill the projected 1.8 million information security workforce gap that is estimated to exist by 2022.  This is an increase of 20 percent from the 1.5 million worker shortfall forecast by the 2015 GISWS.

Source: www.isc2.org/News-and-Events/Press-Room/Posts/2017/02/13/Cybersecurity-Workforce-Shortage-Continues-to-Grow-Worldwide

The 2017 GISWS Millennial analysis can be viewed here: https://iamcybersafe.org/research_millennials/

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

A password for the Hawaii emergency agency was hiding in a public photo, written on a Post-it note

While the Hawaii Emergency Management Agency says a false missile alert was not a hack, a password in a photo has drawn criticism of its security practices.

Source: www.businessinsider.com/hawaii-emergency-agency-password-discovered-in-photo-sparks-security-criticism-2018-1

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading