Tech

now browsing by tag

 
 

#cybersecurity | #hackerspace | Encryption Wars, Part IV: Barr vs. Big Tech

Source: National Cyber Security – Produced By Gregory Evans

Will AG Barr succeed in his fight to empower the U.S. government with the ability to break strong encryption against tech companies?

U.S. Attorney General Bill Barr once again is decrying the fact that tech companies are proposing strong security standards for data at rest and data in transmission. By using encryption to protect data, the nation’s chief law enforcement official explains, companies will enable terrorists, pedophiles and mass murderers to communicate without fear that government officials, armed with warrants, will be able to listen in on their communications, read their emails and direct messages and discover the contents of their cloud applications and hardware devices. It’s time to empower law enforcement to break strong encryption—of course, with a warrant. Because, in the same breath, Barr also decries what he calls systematic abuse of the warrant application process through multiple layers of the FBI and U.S. Department of Justice (DoJ), through two political administrations, in one of the most sensitive and highly regulated and supervised criminal and national security investigations.

Trust us. We’re the FBI.

AG Barr added another arrow in his quiver to attempt to compel tech companies to comply with his demand that they make the internet less secure: removing their immunity. Section 230 of the Communications Decency Act (CDA) provides that “carriers” of information are not “publishers” of that information when posted by third parties. There are good and bad consequences to this policy decision. The good is that tech giants are not required to read and censor every internet posting, every instant message or direct message, every comment and every website. It means a more free and open sharing of opinions and a more free and open internet in general. The bad is that tech giants are not required to read and censor every internet posting. It means that individuals defamed or injured by such postings, who suffer loss of reputation or who are doxed or stalked online, who are victims of revenge porn, fake news or trolling attacks have little recourse both against the tech companies that disseminate and “broadcast” (in the general sense of making available to the public) the injurious content and against the actual creator or poster of the content, who can generally hide behind various legal and technological shields of anonymity.

Section 230 immunity is a great boon to tech giants who want the benefits of collecting massive amounts of information from individuals about their use of these services without the muss and fuss of having to police the trolls. That’s someone else’s problem.

So now the DoJ and Congress are threatening to remove Section 230 immunity (or to limit it in some fashion). Among the “concessions” the administration wants is for the tech giants to give some additional leeway to law enforcement and the intel community on the issue of data encryption. “Dat’s a nice little free and open internet youze got there … it would be a shame should sumthing happen to it …”

Both Section 230 and the so-called “going dark” problem present nuanced and difficult public policy choices. Weaken encryption to go after child molesters and you invite more hacking of banking systems, less privacy and more abuse even by law enforcement and the intel community. Make crypto unbreakable and you destroy accountability—sort of. Give absolute 230 immunity and there’s little incentive to create safe spaces on the internet or to provide information from which users can be held accountable for their actions. Remove immunity and the quantity and quality and openness of the internet is destroyed. Conflate the two policies and the problems are exponentially more difficult to solve.

I have written on the “going dark” problem many times before, and I am firmly in the camp of a stronger, safer and more secure internet without back doors for one government or another. The perception that the Huawei technology behind our 5G backbone is riddled with actual or potential back doors was enough for Congress and the FCC to demand that the infrastructure be ripped out root and stem. Imagine the international reaction if such “back doors” were perceived to be an integral part of communications, telecom and OSes? Not pretty.

There are plenty of reasons and ways to regulate big tech. These may not be the best ones.

Source link

The post #cybersecurity | #hackerspace |<p> Encryption Wars, Part IV: Barr vs. Big Tech <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Stolen credit card data from Singapore banks worth more on Dark Web, Tech News & Top Stories

Source: National Cyber Security – Produced By Gregory Evans

Stolen credit card data from Singapore banks is valued higher on the Dark Web than that from other countries because of the robust cyber security measures protecting it and the difficulty in obtaining such data, according to new research from cyber security firm Group-IB.

The Singapore-based firm yesterday said that for cards from the United States, the average price for raw payment card data, which includes credit card number, expiration date, cardholder name and CVV number, is between US$8 (S$11) and US$10 on Dark Web shops.

Please subscribe or log in to continue reading the full article. Learn more about ST PREMIUM.

Enjoy unlimited access to ST’s best work

  • Exclusive stories and features on multiple devices
  • In-depth analyses and opinion pieces
  • ePaper and award-winning multimedia content

Source link
——————————————————————————————————

The post #deepweb | <p> Stolen credit card data from Singapore banks worth more on Dark Web, Tech News & Top Stories <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#androidsecurity | Google opens its Android security-key tech to iPhone and iPad users – TechCrunch

Source: National Cyber Security – Produced By Gregory Evans

Google will now allow iPhone and iPad owners to use their Android security key to verify sign-ins, the company said Wednesday.

Last month, the search and mobile giant said it developed a new Bluetooth-based protocol that will allow modern Android 7.0 devices and later to act as a security key for two-factor authentication. Since then, Google said 100,000 users are already using their Android phones as a security key.

Since its debut, the technology was limited to Chrome sign-ins. Now Google says Apple device owners can get the same protections without having to plug anything in.

Signing in to a Google account on an iPad using an Android 7.0 device (Image: Google)

Security keys are an important security step for users who are particularly at risk of advanced attacks. They’re designed to thwart even the smartest and most resourceful attackers, like nation-state hackers. Instead of a security key that you keep on your key ring, newer Android devices have the technology built-in. When you log in to your account, you are prompted to authenticate with your key. Even if someone steals your password, they can’t log in without your authenticating device. Even phishing pages won’t work because only legitimate websites support security keys.

For the most part, security keys are a last line of defense. Google admitted last month that its standalone Titan security keys were vulnerable to a pairing bug, potentially putting it at risk of hijack. The company offered a free replacement for any affected device.

The security key technology is also FIDO2 compliant, a secure and flexible standard that allows various devices running different operating systems to communicate with each other for authentication.

For the Android security key to work, iPhone and iPad users need the Google Smart Lock app installed. For now, Google said the Android security key will be limited to sign-ins to Google accounts only.

Source link

The post #androidsecurity | Google opens its Android security-key tech to iPhone and iPad users – TechCrunch appeared first on National Cyber Security.

View full post on National Cyber Security

Cybersecurity #Expert on #Tech #Giants Collecting Our #Data: ‘It’s Not #Surprising’

Software developer Dylan McKay discovered that Facebook has been collecting caller history and SMS data from outside the app. According to McKay, he became interested in what Facebook had collected on him after political consultancy Cambridge Analytica was accused of improperly harvesting the information of nearly 50 million Facebook users.

According to reports, Facebook became aware of Cambridge Analytica’s access to personal data back in 2015, after which it demanded that the acquired information be deleted.

While the firm assured the tech giant that its requirements have been fulfilled, Facebook recently learned that the data has not been completely destroyed.

Radio Sputnik discussed this with Kenneth Shak, senior cybersecurity consultant at LGMS, a professional information security service firm from South Asia.

Kenneth Shak: It’s not surprising that these tech giants are actually collecting our data. For example, from my own experience, I have come across when discussing some sort of information with my colleagues or my friends, for example, and, all of a sudden, in my Facebook or in my Google I can see ads targeted to what I was actually discussing. So there’s actually no fine line on how much these tech giants are actually collecting data from, so it’s quite scary, to be honest. All in all, it all boils down to the permissions given to the applications. It is not only the main Facebook application.

You have the Messenger application; you have the Messenger Lite application. I’m not sure that you realized upon installing and using these applications the first time on your phone you are actually asked a few questions. In the first, installing and using this application they will actually ask if you would like to link and upload your phone’s contacts to Facebook because you will make things easier for users to find or add friends on Facebook with all this contact data.

This step, though, is optional but not only on the Facebook application. Messenger will actually ask users for permission to access the SMS and call data on your phones for a similar purpose. But for Messenger, in particular, not the plain Facebook app, you’ll also be able to access your SMS messages and also your call log logs directly from your Messenger application. Think of it as an all-in-one messenger. When you have given all these permissions to Facebook to access all this data that was actually how they have managed to update all this data they have stored. Outside of the application and not just inside what you have given to Facebook and all these things are actually stored on your phone.

Sputnik: Do you think that in the future we can expect that there will be some kind of way to opt out of certain permissions?

Kenneth Shak: They should give a bit more convenience to the users to choose what they want to share. Actually, on your phones you can explicitly disable what you can share, for example the phone, the contacts, the storage, the camera. You can actually disable all those but they need all these permissions in order to work properly.

I’m not sure if you know, back February this year, Germany actually came to a ruling that how Facebook actually collects and uses the personal data of these users to be illegal. The reason is because there is insufficient information provided by Facebook to the users in order for the users to run their meaningful consent. So the users actually don’t know what exactly they are giving consent to. Facebook actually asked the users to agree to give access to camera, to the contacts, to the SMSs, to the address books but they do not tell the users to what extent they are giving or how much data they’re actually giving. This is actually a very-very vague consent given to Facebook.

Sputnik: So, now after that ruling, were there any changes made or was Facebook subjected any fines? What happened with Facebook in that situation?
Kenneth Shak: It depends very much from country to country. Since Facebook actually asked the users for their consents, no matter how vague they are, to gather and store this data during the installation, it may actually be legal for Facebook to do so. It’s a very-very fine line. It also boils down to the regulations imposed by different countries or their governments and where the Facebook actually operates. Germany can’t do much.

They can just rule that, this information, how they gather it, is very illegal. But since Facebook operates in Ireland and the US, users outside of these countries mainly are not able to do anything except filing a lawsuit from where Facebook is operating from, for example US or Ireland. For example, from our side, users from Malaysia definitely wouldn’t be able to do anything in regards to this issue because Facebook is not sanctioned under our Malaysian laws.

Sputnik: Do you think that we could see some serious legal action that’s going to have some really huge impact, not only on Facebook but on other tech companies as well?

Kenneth Shak: Definitely this is just the tip of the iceberg, but again as you know this is not the first kind of problem relating to personal data that actually surfaced. So for Facebook we actually see quite a number of lawsuits coming in and several governments are actually inquiring into this particular issue. Of course, all this amounts to Facebook losing nearly $50 billion off their share price. There is a long road ahead for Facebook trying to recover from all this. In light of all these issues Facebook, and not just Facebook, in particular and social media platforms like Instagram may be imposed with further regulations as well. This problem brings to light many other enhancements and additions of the regulations for other companies or tech giants as well in the future, not just for Facebook. The world will actually start to learn from this particular big issue and we will see further developments to this question as investigations on this issue are still on going.

advertisement:

The post Cybersecurity #Expert on #Tech #Giants Collecting Our #Data: ‘It’s Not #Surprising’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

PayThink #Users are #compromising #most #security #tech

Source: National Cyber Security – Produced By Gregory Evans

It took Bonnie and Clyde three years to rob about a dozen banks, but the scourge of bankers today is a quiet Russian hacking group called, appropriately enough, MoneyTaker, and they don’t need nearly as much drama to abscond with cash.

Using often tailor-made hack attacks that regularly rely on near-undetectable fileless malware, the MoneyTaker gang has, in barely a year and a half, robbed millions from 20 banks so far and counting. What’s worse is that the gang has stolen data that could let it hijack Swift transactions, leading Swift for the first time to issue a report on cyber-vulnerabilities with the banks it works with.

While hackers usually don’t discriminate, they’ve got no problem attacking servers at hospitals, schools and corporations with trade secrets and valuable intellectual property, banks hold a special place in their heart as that is where the money is, as yet another famous Depression-era bank robber once said.

Once a bank’s security is compromised, hackers can pay themselves from the funds on hand, transferring sums large and small to their accounts. However, with information about the global payment systems like Swift that’s also available only at the bank, hackers can do a lot more damage.

Hackers are getting better at “data mining” all the time. According to Kaspersky, Russian hackers operating just a couple of Darknet marketplaces in 2017 were offering this year an astounding 85,000 servers for sale (meaning, the authentication information that will let a hacker take control of the server), some for as little as $6! In 2016 there were “only” 70,000 such servers for sale, meaning that whatever we are doing to keep hackers at bay, it isn’t enough.

Included in those compromised servers are apparently some containing key Swift information, and it’s just a matter of time before the MoneyTaker gang will also use that information for fun and profit.

How are gangs like MoneyTaker getting away with this, especially with servers belonging to banks which are presumably protected by the latest cybersecurity systems? According to a study by the SANS Institute, it’s the “human factor” that is at work: As many as 95% of all attacks on enterprise networks begin with a spear phishing attack in which hackers dispatch their malware hidden inside email attachments. That attack could consist of trojans that pave the way for malware that allows hackers to take over servers, or the newer fileless malware attacks (where an agent installs itself in memory, hijacking servers for the use of hackers).

Cybersecurity systems, as sophisticated as they are, are clearly not doing the job — and maybe they never will, given that in the end the effectiveness of those systems can be overridden by workers inside the organization. The best systems then are the ones that take away from users and employees any opportunity to override security by responding to the phishing messages that get them, and their organizations, into trouble.

Systems like that need to be able to analyze messages and incoming files for malware or threats, and remove them before passing the file or message on to workers.

In addition, the system has to be robust and innovative enough to arrest malware that is passed on in innovative ways with traditional cybersecurity systems, like sandboxes that are perhaps not up to date on phenomena like fileless malware. With thousands of security systems out there, organizations are understandably confused about what systems are the most effective. But in our opinion, the systems that will perform best are the ones that limit opportunities for spearphishers to have their way with employees.

The post PayThink #Users are #compromising #most #security #tech appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Feds Eye #Cybersecurity Risks of #Tech #Providers

Source: National Cyber Security – Produced By Gregory Evans

Financial regulators just named cybersecurity as one of their top concerns going into 2018, with a heap of worry specifically about third-party contractors supporting the financial system.

So for compliance officers looking for yet another reason to move third-party risk management up the priority scale, now you have one.

The alarm was raised last week in the 2017 report of the Financial Stability Oversight Council. (That’s the council of U.S. financial regulators mandated by the Dodd-Frank Act, to help coordinate regulatory policy and anticipate future financial crises.) Financial firms have come to rely on technology service providers so much, the report said, that a poor understanding of their cybersecurity postures could create risk for the financial system overall:

Maintaining confidence in the security practices of third-party service providers has become increasingly important, particularly since financial institutions are often serviced by the same providers. The Council encourages additional collaboration between government and industry on addressing cybersecurity risk related to third-party service providers, including an effort to promote the use of appropriately tailored contracting language.

What’s more, the FSOC even raised the idea of regulating tech providers in a more uniform fashion, so the current patchwork of supervision doesn’t allow cracks in the system that others could exploit:

[T]he authority to supervise third-party service providers continues to vary across financial regulators. The Council supports efforts to synchronize these authorities and enhance third-party service provider information security. The Council recommends that Congress pass legislation that grants examination and enforcement powers … to oversee third-party service providers and encourages coordination among federal and state regulators in the oversight of these providers.

Wow. When a group of Republican regulators tell a Republican Congress that they might need more regulation, you know things are bad.

Will Congress actually respond to these ideas? Probably not, given the floundering leadership in Washington these days. But the fundamental point — that service providers can now pose dire cybersecurity risk to the financial sector and many others — is not news to compliance officers. So let’s ponder a few other points about how to manage third-party risk in useful ways right now.

The Business Imperative
First, consider the FSOC’s true worry here. Regulators are one party, acting to protect the interests of a second party: the public, which ultimately supports and pays for the financial system. Regulators do that by imposing standards on third parties (financial firms) — and now regulators are worried about the tech service providers supporting those financial firms.

In other words, the FSOC is really worried about fourth-party risk to the financial system.

This underlines a point I’ve been making for a while: the better your firm is at at managing third-party risk, the more attractive you become as a third party yourself. After all, your third parties are your customer’s fourth parties. Fourth-party risk is where your customers start to get antsy, because they can’t easily see what those risks might pose to them. They don’t have visibility into those distant parties.

And that’s what third-party risk management is all about: making your supply chain more transparent, so you can see those risks more clearly. So any compliance program that can achieve that transparency, and pass that assurance along to your customers, will have a strategic advantage over your rivals.

The compliance community likes to talk a lot about the strategic advantage of a strong compliance program. This is the most urgent example. When your board or CFO start complaining about that budget request for more investment in third-party governance, remind them: “If we can’t govern our third parties and possible cybersecurity risk, eventually we’ll get locked out of courting financial services firms.” That’s why investing in third-party governance is worth it.

Three Practical Challenges
So what bumps will compliance and audit officers hit on the road to better cybersecurity assurance? A few come to mind.

Scoping SOC 2 audits. A SOC 2 audit examines a service provider’s data security controls. A Type I audit determines whether vendor’s controls are designed properly at a certain point in time; a Type II audit examines whether the controls work as designed for a set period of time.

Yes, your big firm can probably squeeze an eager vendor to pay for the SOC 2 audit — but scoping the audit correctly is still your responsibility. If the scope is too narrow, you might miss risks that the vendor has, but weren’t audited; if the scope is too broad, you’ve wasted money on “over-compliance” for risks you won’t face.

I wrote a longer essay about scoping SOC 2 audits earlier this year for Reciprocity Labs, if you want to read more there. Suffice to say, you need to understand your own firm’s cybersecurity risks, and the risks of outsourcing some data functions to a vendor, and the vendor’s own security protocols, to do this well.

Implementation of NIST protocols. NIST has several sets of controls it recommends for cybersecurity. They are an outstanding resource, and should be adopted. The FSOC praised NIST, and urged financial regulators to keep current with new advances in the NIST standards as they evolve.

In the private sector, compliance officers, audit executives, and internal control departments should examine the standards and see how to implement those controls into your own operations — and this is especially true for tech service vendors themselves. NIST 800-171 is the standard government contractors are supposed to use to comply with DFARS, which spells out cybersecurity standards if you want to bid on defense contracts.

I have another essay, and companion white paper, about the NIST standards that I wrote for Rapid7 earlier this year. Companies may have a long want to go for compliance, but the NIST standards are the clear destination.

Preparing for more scrutiny. The Securities and Exchange Commission already pressures companies to disclose cybersecurity concerns as risk factors. Good news: many more companies are. According to a report from Intelligize released last week, the number of firms disclosing cybersecurity as a risk factor went from 426 in 2012 to 1,680 this year.

The bad news: those disclosures usually don’t say much, and they certainly don’t capture the full picture of risk from tech service providers. Hence the SEC is talking about enhanced disclosure of cybersecurity risk, or even required disclosure of cybersecurity incidents. (Imagine filing a Form 8-K to disclose a breach every time you have one.)

Likewise, the Public Company Accounting Oversight Board wants audit firms to step up their scrutiny of your cybersecurity risks. I still struggle to understand what that scrutiny will look like in practice, since cybersecurity breaches rarely lead to a material risk of misstated financial results — but that’s the point, really. Regulators know they need to do more about cybersecurity; they just aren’t quite sure what.

I suspect many of us feel the same way.

The post Feds Eye #Cybersecurity Risks of #Tech #Providers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity: The #Tech #Companies More #Important than the #FANGs.

Source: National Cyber Security – Produced By Gregory Evans

The products and services provided by the behemoths of the tech industry may seem indispensable, and the most fundamental features of the technological environment, however, there are a group of less glamorous firms that arguably are the necessary foundations of the whole industry: cybersecurity firms.

Cybersecurity is defined as the measures taken to ensure protection against unauthorised or criminal use of electronic data.

The world has become acutely aware in recent years that data is the new oil- and reserves are plentiful and exponentially growing. The amount of data in the digital world is growing so rapidly due to trends such as the ‘internet of things’ and ‘bring your own device’ (BYOD); the enormous amount of devices connected to the internet makes data abundant and cybersecurity a constant war ground.

The main antagonist in the cybersecurity realm is ransomware which is a pernicious software emanating from cryptovirology that poses the threat of making a victim’s data public, or permanently blocking access to it, unless a ransom is paid.

Therefore, as more data is created, more ransomware will inevitably be deployed. The ubiquity of ransomware is debilitating for anyone with data and internet access, but it represents a pot of gold for cybersecurity firms – the mercenaries of the technological age.

The Casualties

Everyone reading this will likely be aware of some large organisation that has been attacked by ransomware during 2017. Ransomware victims range from multinational companies such as Equifax and WPP to state institutions such as the NHS.

One of the most malicious attacks that has been seen was this year’s ‘WannaCry’ attack, which impacted 230,000 computers and 10,000 companies throughout 150 countries.

WannaCry infected 47 NHS hospitals, starkly highlighting the callous nature of these attacks. They are not just against multi-billion dollar institutes that are considered to line the pockets of the top 1%, but are also instigated much like actual warfare and terrorism, with no consideration for the innocence or relevance of its victims.

No sector is immune from cyber attacks and over 20% of institutions in financial services, education, entertainment, media, IT and telecoms have all been targeted recently.

One reason for the rapid increase in attacks is that it is becoming increasingly easy to launch a malware attack due to the ability to hire malware. By having the option to hire malware, criminals can launch attacks online with rented viruses which in turn opens up the battlefield to low-skilled, street criminals as well as highly-educated criminals.

The Figures

The opportunities available to cybersecurity firms are plentiful, providing they have the ability to innovate and stay ahead of the malware. The industry is so dynamic as attackers are constantly evolving and producing more vicious, efficient attacks and providing cybersecurity firms can produce the solutions to these attacks: they are indispensable to helpless victims.

The growth that has already been witnessed in this industry is evidence of the huge future potential for growth: the global cybersecurity market was worth $3.5bn in 2004, $64bn in 2011, $138bn in 2017, and is projected to be worth $232bn by 2022.

Furthermore, the US Bureau of Labor Statistics reports that by 2024 there will be an increase in the demand for cybersecurity staff by 36% – double the demand compared to digital workers in other fields.

The vast increase in demand for workers in cybersecurity corroborates the notion that this industry is on track to being one of the most important and lucrative sectors out there.

The Firms

Fortinet is arguably the market leader in cybersecurity and has a very large, diverse product base which enables it to trade with large and small firms. Its reports from 2017 Q1 showed a 20% increase in revenue and an increase in net income of 410% YTD, taking it to $10.7 million. Fortinet’s expected revenue for the entire year is estimated at $1.77bn.

CyberArk Software primarily focuses on protecting internal digital infrastructure, keeping privileged accounts safe, which includes the most sacred and hence potentially dangerous data.

In essence, if an attack manages to breach an initial firewall, CyberArk’s security will keep the crown jewels safe. CyberArk currently has flat earnings but is debt free and has amassed cash assets of $287m.

Furthermore, CyberArk is one of the pioneering companies in the industry and has an impressive client list of 3,200 and does business with 45% of Fortune 100 companies. Additionally, CyberArk acquired Conjur this year ($42m) which will allow it to expand into other areas of security.

Palo Alto Networks focuses on protecting data infrastructure and sells its products and services to 85 of the Fortune 100 companies. This year adjust EPS rose 32.6% to $0.61 and the 3Q revenue report showed a record of $432m, as well as gaining the second highest number of new customers since the business began.

Going Forward

It is clear that the growth potential for cybersecurity is enormous. In fact, some might even say that it is terrifying how dependent society will be on this industry in the near future. People must also not approach cybersecurity in a myopic sense and assume that it only has applications for large firms that have the capital to pay high-price ransoms.

The futuristic phrase of ‘cyberwarfare’ may seem reserved for the cinema screens, however, if hackers sitting in their bedrooms can wreak havoc on some of the biggest institutions in the world, imagine what a government-funded group of experienced, ruthless ‘cyber soldiers’ could do. Less than 10 countries have nuclear capabilities but any country with an internet connection could have access to cyber arms.

Conclusion

Finishing on a more positive note, cybersecurity is currently one of the most highly paid careers in technology with 39% of its employees earning more than £87,000 and 75% earning more than £47,000.

In the past, one would have to risk their lives for almost no remuneration to complete patriotic duty. Now, one can fulfil this moral craving whilst sitting at home, rather than in a dilapidated barracks.

The post Cybersecurity: The #Tech #Companies More #Important than the #FANGs. appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Main #cybersecurity #management #challenge? People, but simple #tech can help

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Alissa Johnson doesn’t hesitate when asked whether people or technology is the harder-to-crack cybersecurity management challenge. It’s people, the Xerox Corp. CISO told SearchCIO at Gartner Symposium/ITxpo in Orlando, Fla., earlier this month. “You can tell technology exactly what you want it to do, and it’s […] View full post on AmIHackerProof.com | Can You Be Hacked?

Mac Certified Tech/ IT Operations Support Engineer

Source: National Cyber Security – Produced By Gregory Evans

Mac Certified Tech/ IT Operations Support Engineer

Position Summary
Chegg is looking for a strong Desktop Support Engineer to join its lean but highly visible and productive team. This person will provide day-to-day hands on support to Chegg’s end user desktop and applications. There will be a ton of interaction with all areas of the company, directly with internal customers and various departments, troubleshooting user desktop issues to resolution.

Other areas of responsibility are LAN support, workstation deployments, break/fix, software/hardware upgrades, patch management, Anti-Virus management, workstation security, image management, application installs, user support and training, etc. Ever the collaborative role, there are a number of additional specific processes and services outside the desktop support role that this position may also be involved in. Most notably, this position will also act as first level support to critical systems and applications during normal business hours.

The role reports to our Sr Manager of IT Operations and is located in our Santa Clara, CA headquarters.

Responsibilities:

Maintain detailed and up-to-date licenses and hardware/software inventory
Deployments and Break/Fix
for workstations, printers, faxes, etc.
IT Equipment and Supplies Procurement
Hardware/Software installs and upgrades
Workstation Patch Management
User Support and Training
Maintain WDS Image Library
Manage IT Department documentation
Perform Preventive Maintenance
LAN Support
Exchange/Outlook Support and Active Directory support
Blackberry / iPhone/ wireless devices deployment and support
Windows 7 Enterprise/ Microsoft Application Support
Avaya IP phone support
VPN Account Setup and Support
- Desktop Security
AntiVirus Management and Support

Qualifications:

Education and/or Experience

A Bachelor’s degree in a related field or IT related degree and/or combination of directly related work experience commensurate to 2-5 years experience

Computer / Technical Skills
LAN / WAN experience required
Desktop and Laptop Break/Fix experience
WDS (Windows Deployment Services) experience
Exchange/Outlook 2010, 2013 (Mac 2011) experience
Lenovo IBM Hardware / MacBook and MacBookPro experience required
Desktop Security Best Practices required
Solid and current experience in the following: Windows7 Enterprise, FTP Server, Symantec AntiVirus, DNS/DHCP Administration; Active Directory
Proficient in Microsoft Office (Excel, Word, PowerPoint, Access)
Demonstrated work experience in project and task management proficiency with the ability to prioritize and execute accordingly
Must be able to work varied work hours, ‘On-Call’, including evenings, weekends and holidays

The post Mac Certified Tech/ IT Operations Support Engineer appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Democrats’ Biggest Cybersecurity Upgrade Is Their New Tech Chief

Source: National Cyber Security – Produced By Gregory Evans

The Democratic National Committee is upping its cybersecurity efforts — and it’s getting some help from a former Silicon Valley exec. Back in June, the committee hired Raffi Krikorian — a former top engineer at Uber and Twitter — as chief technology officer. Since his hire, Krikorian has instituted better…

The post Democrats’ Biggest Cybersecurity Upgrade Is Their New Tech Chief appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures