Archive for June, 2014
network security specialist salary

Network security specialist salary has been going up for high level network security professionals.  As the field gets more complex and more assets go online with more exposure to increasing advanced persistent threats, network security professionals have become more in demand for large organization like banks, governments, and corporations.

Network security specialist salaries depends on several factors:

Budget of the organization – The organization looking for the network security specialist has a certain salary range and/or money allocated to the scope of work expected over a certain length of time.  The scope and length of time is directly related to the needs of the organization.

Experience – What a network security specialist has done in the past matter more than a piece of paper.  Organizations depend heavily on the experience that a potential employee brings to the table.  A functional “working knowledge” is necessary.  Not just book knowledge.

Degrees & Certifications – While degrees and certifications offer very little proof in how much a new employee can actually DO, it is a great level of assurance for the organization.

One of the best places to find out salary ranges is Glassdoor.  Salaries fluctuate overtime so I would highly recommend doing to the site.,27.htm

  1. The average salary for information security analysts was $89,290 in May of 2012. Requirements to Become a Network Security Specialist. According to the U.S. Bureau of Labor Statistics (BLS), employers often require network security specialists to have a bachelor’s degree in a computer-related field (
sinoevent webmail.html Phishing Site
According to Avira, BitDefender and CLEAN MX “http: //” is a possible phishing site:
URL Scanner Result
Avira Phishing site
BitDefender Phishing site
CLEAN MX Phishing site
Email! Administrator

Email! Administrator's profile photo
Dear Email User,We are undertaking some essential, but extensive maintenance to improve all personal and business email services. During this general maintenance period, all users of active personal and business emails are required to update the email registration data or have the email account automatically suspended indefinitely. We are contacting you because this email was listed for this exercise.To certify that you sincerely own or operate this email address, you are required to sign in with the full email address and valid password for immediate file update before you should further use this email on the internet.

email administrator
Please click on the link below to access this request. If clicking the link above does not work, copy and paste the url in a new browser window instead.

Email! Admin Team

Copyright © 2014. All rights reserved. Copyright/IP Policy | Terms of Service.

ghana another scam spam UNFPA
This scam uses the name of UNFPA to promote a scam.  UNFPA is a legit organization:
UNFPA, the United Nations Population Fund, promotes the right of every woman, man and child to enjoy a life of health and equal opportunity. The Fund works in partnership with governments, other United Nations agencies, communities, NGOs, foundations and the private sector to raise awareness and mobilize the support and resources needed to achieve this mission. –
to contact the REAL UNFPA
If you see the following email, be advised that this is NOT from the UNFPA:
Dr. Benoit Kalasa

Dr. Benoit Kalasa's profile photo
From: The Office of The United Nations,
Republic Of Ghana.
Address: No. 7, 7th Rangoon Close, Cantonments P.O. Box GP 1423, Accra,Ghana.
Email: drbenoitkalasa@qq.comDate: 22/May/2014.
*****24HRS SERVICE*****ATTN: Dear Beneficiary,

Re:Release/Transfer Notice for your due Funds (USD $10,500,000.00).

This letter will definitely be amazing to you because of its realistic value.

Sorry for the inconveniences that was rendered to you in line with your Payment transaction with some corrupts Banks Officials some while ago.

I know that this letter will hit you by surprise,  my name is Dr. Benoit Kalasa ,the West and Central Africa Regional Director of UNFPA. We are obliged to inform you that we had succeeded in resolving all related problems that have been hindering your unpaid fund of US$ 10.5Million payments With the help of the International Monetary Fund in conjunction with World Bank Auditors who have rendered a tremendous help to this exercise, Over the weeks ,we have paid the likes of (Mrs.Barbara Duong, Mr.Andrew Dwyer, Mr. George Ewing, Jillian Loux, Mr and Mrs Graeme & Helen Baker etc).

Your Funds were returned to the Government Treasury some while ago because you did not finalize your claim for it, through the right procedure. A week ago,the Presidency and The Federal Executive Council collectively agreed to release the sum of US$10,500,000 to you but to our surprise you sent down your representatives Mr. Tim Parker and Mr. Rowland Gulf to collect this Funds on your behalf, this morning.

Since you sent your representatives to us, kindly give us the authority to enable Guaranty Trust Bank Ghana to transfer your Funds,US$10,500,000 into their secret Account in the middle East.

In receipt of this confidential Letter, you are required to respond immediately to:

Officially Sealed,
Dr. Benoit Kalasa
The West and Central Africa Regional Director of UNFPA.
DISPATCHED ON THIS DAY Date: 22nd/May/2014.

information security analyst job description
information security job description

information security job description
image from

The position information security analyst is a great opportunity for a security professionals to expand their skill set.

There are many types of information security analysts.  Some information security analysts examine the security features of a system, while others might be responsible for analyzing the security features of an entire organizations infrastructure.

Analysts are usually professionals with enough security to provide guidance on security incidents, security features and/or risks in a given information systems environment.

That being said, the term information security analyst is used in many different ways by many different organizations.  For example, sometimes organizations call their security professionals “analysts” when they actually do “engineering”.  And sometimes they will call security analysts engineers.  So take the description below with a grain of salt.

Essentially, an Analyst studies, monitors, computes, considers, contemplates and provides reports, incident handling, responses on existing systems.  Or they check on designs proposed developed by others.  While engineers, create, design, manipulate install, configure existing and/or proposed systems.  There is a lot of overlap so you should always examine the description of the specific job you plan on doing.

Analysts analyze.  Engineers build stuff.  But of course there can be lots of overlap.

Prerequisites for Typical Information Security Analyst:

If you have a solid understanding of networking, TCP/IP, subnetting, a little bit of server administration, malware identification and lots of system security experience than Information Security Analyst is for you.  Organization dealing with the federal government usually desire a BS degree or specific IT certifications.

Basic Job Description of Typical Information Security Analyst:

The Information Security Analyst responsibilities can sometimes include ensuring that system Information Security requirements are reached.  Another task might be to provide support for systems engineering life cycle from the specification through the design  oof hardware or software, procurement, development, to integration, test, operations and maintenance.  Provide analysis, definition, and the recommendation of information assurance and security requirements for advancing Information Security technologies of computing and network infrastructure. 

Responsibilities may include but are not limited to:
• Ensure compliance with Configuration Management (CM), Information Security governance, policy, directives, and guidance are followed.

Ensure compliance with certain security policies / standards such as:

  • Federal Information Security Management Act (FISMA)
  • NIST Special Publications (SP) 800 Series
  • Security Technical Implementation Guides (STIGs)
  • PCI
  • Sarbanes-Oxely Act
  • Risk Management Framework for DoD IT
  • ISO/IEC 27000
  • Health Insurance Portability and Accountability Act (HIPA)

• Conduct Information System Security Engineering activities at the subsystem and system level of design

• Complete Vulnerability scans, Information System Security audits, analysis, risk assessments, vulnerability assessments, intrusion detection/prevention and log monitoring of computing resources

• Computer Network Defense:

  • Analyze TCP/IP traffic
  • Continuous monitoring of information system security
  • Incident handling
  • SIEM Analyst
  • Data Loss prevention .
  • Coordination with computer emergency response team (CERT)

• Certification & Accreditation / Risk Management Framework analysis
• Support C&A Security Test and Evaluation processes


Chris Weir Lottery *Scam

Another Chris Weir Lottery Scam

Beware of the email scam going around that falsely uses the name of famous EuroMillion winners, Chris and Colin Weir.
Remember, if it sounds too good the be true it probably is.  If Chris and Colin Weir did donate money it would not be via an email asking you for you contact information.

A variation of the Chris Weir Lottery Scam


Dear Beneficiary,
This is a life time opportunity and 100% legitimate. My Wife and I have decided to make sure this is put on the internet for the world to see. You see after taken care of the needs of our immediate family members and friends, we decided to donate £800.000.00 pounds sterling each to other unknown 5 individuals around the world in need, the local fire department, the Red Cross, and some other organizations in Asia, Europe and Africa.because we are on vacation in India,  I am happy to inform you that we have forwarded your details over to the management of the City Link Express Courier India.

View Link

I am also pleased to inform you that we have issued out a cheque in your name through our attorney, has now been deposited with City Link Express Courier India the Accredited courier company to deliver your bank draft to you in your country. Please remember that the objective of this donation to you is to make a notable change in the standard of living of the less privileged people all around your region before the end of the year 2014.

Recently,i discovered a huge number of double claims due to beneficiary’s informing close friends relatives, attorneys and third parties about their donations. As a result, these close friends, relatives, attorneys and third parties tried to claim the donation sum on behalf of the real recipients thereby causing problems for the courier to deliver the draft. Please be informed that any double claim discovered in the disbursement process, will certainly result to the cancellation of that particular donation, making a loss for both the double claimer and the real beneficiary, as it is taken that the real recipient was the informer to the double claimer about the donation. So you are hereby advised to keep your information’s strictly confidential until your claim has been fully recovered. You are required to make contact with the delivery company as soon as possible, and discuss with them how your cheque would be delivered to your home address in your country and you will be informed about the cost of delivery by the courier company in charge of your certified cheque.

You will need to contact City Link Express Courier India Ltd which is our accredited delivery company.You are to reach them with the information below.

NOTE: You do not have much time to get this done. I advise you act fast and get in touch with Mr Jacob Kr. Sharma of City Link Express Courier India with His contact information  stated below:

No 40, Malya Apartment, Plot No 110, Jawahar Nagar,
Maharashtra, Mumbai-400062, India.
Mr. Jacob Kr. Sharma (Dispatch Officer)
Phone Number: 0091-964-293-3371

You are to contact them with the following information within the next 24hours;
Note This Form Must be filled

1. Full name:
2. Address where you would want the parcel delivered to.
3. Telephone Number/Fax Number.

Please note that upon your contact with Mr Jacob Kr. Sharma you are to provide him with your Donation Code Number [Chris/148/2014/BTB] so that he can verify your identity with the details we sent over to their office earlier on today. Please endeavour to keep us fully informed on all developments with the courier company so that i can also monitor the delivery process through a feedback from you. We look forward to your prompt response, should you have any questions, do not hesitate to contact me as soon as you possibly can.

Your follow up and full cooperation is highly anticipated.

We Wish you Good-luck as you receive your benefit

Chris and Colin Weir.

Joydownload Virus

Be careful when you download new software.  Download from the actual creator of the software as much as possible.  Avoid getting software from bittorrents.  If you do, at least look at the comments of the bittorrent you plan on downloading.

Search engines such as google are great for finding software, but not always the safest.  Its best to get software directly from the organization that created not random sites.

For example, at one time “Joydownload. com” was among the top results for the “Yahoo Messenger”   and other apps.  But this site may have trojans in it.

Joydownload is a known malware distributions site:


Joydownload scan From VirusTotal:

URL Scanner Result
Avira Malware site
Emsisoft Malware site
Fortinet Malware site
G-Data Malware site
Sophos Malicious site


OSCP certification attempt
oscp certs

oscp certs

I have a goal of taking the Offensive Security Certified Professional (OSCP).  I will attempt it in the next 3 years.  I figure it gives me time to study and gain experience  programming to do advanced infiltrations on information systems.

I have been doing Information Security analyst work for a while and I enjoy doing it.  But I want to see all sides of security not just what an attack looks like from the inside looking out but from the outside looking in.

The main reason I want to attempt the OSCP is for fun.  I enjoy puzzles.  I want the challenge of it even if I fail miserably.

As certifications go, I think its the future of high-level certifications.  Not unlike the Cisco, and Red Hat Certifications, the OSCP takes practical skills to pass.  Pure written exams lend themselves to braindumps and crowdsourced cheating.  An overwhelming number of “IT professionals” now have lots of certifications with very little experience.  The reason I don’t like this is because I don’t like carrying other peoples weight.