A CALL FOR WAR AGAINST CYBER THREAT AND
BANKOLE BOLAJI JAMES
Cisco Cyber Security Expert: CCSE
Certified Ethical Hacker: CEH
Cisco Certified Network Associate :CCNA
Cyber Forensic and Security Expert
Cyber security has risen to become a national concern as threats
concerning it now need to be taken more seriously.
• To help people reduce the vulnerability of their Information and
Communication Technology (ICT) systems and networks.
• To help individuals and institutions develop and nurture a
culture of cyber security.
• To work collaboratively with public, private and international
entities to secure cyberspace.
• To help understand the current trends in IT/cybercrime, and
develop effective solutions.
• Integrity, which may include authenticity and non-repudiation.
Existence of Cybercrime in Nigeria has made it Imperative
to have more Cyber Forensic and Cyber Security Expert as
Internet Business Grow In Nigeria.
Cybercrime is a fast-growing area of crime. More and more
criminals are exploiting the speed, convenience and anonymity of the
Internet to commit a diverse range of criminal activities that know no
borders, either physical or virtual, cause serious harm and pose very
real threats to victims worldwide.
Cyber-space referred to as the space in which computer
transactions occur, particularly transactions between different
computers in a boundless space known as the internet.
Cyber-security is a measures taken to protect a computer or
computer system (as on the Internet) against unauthorized access or
Cyber-crime, or computer crime, refers to any crime that involves a
computer and a network.
Keywords: Cyber-space Cyber-security Cyber-crime.
CYBER THREAT FORCAST 2016
Whaling Attack Users shouldn't reply to suspicious emails and should "obtain the sender's address from
the corporate address book and ask them about the message". Perhaps most
importantly, companies should use two-factor authentication for initiating wire transfers
Ransomware Ransomware will remain a major and rapidly growing threat in 2016, fueled by
anonymizing networks and payment methods,
Inexperienced cybercriminals will leverage ransomwareas-a-service, magnifying the
growth in ransomware.
Attackers will increasingly encrypt files before they are backed up, making remediation
Critical infrastructure systems not designed with outside access in mind will become
vulnerable to low-incident, but high-impact events as they become connected to the
There is an emerging trend in which cybercriminals are selling direct access to critical
Direct attacks on critical infrastructure will continue to be almost exclusively nation-
The objectives of nation-state attackers will include both intelligence gathering and
critical service disruption.
Vulnerability Application vulnerabilities are an ongoing problem for software developers and their customers. Adobe
Flash is perhaps the most frequently attacked product: Flash vulnerabilities.
Payment System in 2016, payment system cybercriminals will increasingly focus on attacks that lead to the theft and sale
of credentials. We think that they will leverage traditional, time-proven mechanisms including phishing
attacks and keystroke loggers, but new methods will emerge too. We also predict that the number of
payment system thefts will continue its relentless growth.
Automobiles Attacks on automobiles will increase sharply in 2016 due to the rapid increase in
connected automobile hardware built without foundational security principles.
In 2016, more automotive system vulnerabilities will be found by security researchers. It
is also possible that zero-days vulnerabilities will be found and exploited
Wearables Wearables will be a prime target for cybercriminals because they collect personal data and they
are relatively insecure back doors into smartphones,
We expect to see the control apps for wearables compromised in a way that will provide
valuable data for spear-phishing attacks.
Cloud Service cybercriminals, nefarious competitors, vigilant justice seekers, and nation-states will increasingly target
hacking into cloud services platforms to exploit companies and steal valuable and confidential data, using
it for competitive advantage, or financial or strategic gain
Cyber Espionage Stealthy Cyberespionage can be lunched with Social Engineering, the threat actor used a
sophisticated spear-phishing campaign to breach defense, and minimize its footprint by
systems and exfiltrate them to control servers
Hacktivism hacktivism in its true sense will continue; but it will likely be limited in scope in comparison with the past.
Many of the most dedicated hacktivists promoting their causes have been arrested, prosecuted, and
imprisoned. What is likely to increase, however, are attacks that appear to be inspired by hacktivism but
actually have very different, hard-to-determine motives
Threat intelligence sharing among enterprises and security vendors will grow rapidly.
Legislative steps will make it possible to share threat intelligence with government
Smart organizations will spend their money not just on technology, but also on more training,
awareness, and personnel.
Establish an efficient online self-reporting system for cybercrime victims to enable widespread gathering
and analysis of cybercrime statistics.
Create an international treaty to promote global cooperation on the detection, investigation and
prosecution of cybercrime.
To tackle cybercrime effectively, establish multidimensional public-private collaborations between law
enforcement agencies, the information technology industry, information security organizations
Intensify research into cyber attackers’ psychological and developmental profiles, motives and
behavior—and develop efficient identification and rehabilitation mechanisms based on the related
Improve public education systems for all potential internet users about the threat of cybercrime, and
teach them ways of detecting potential cyber attackers and protecting themselves
To foster incentives for the development of products less likely to be attacked, initiate producer liability
of software and other internet applications
Establish virtual taskforces to promote better international coordination between interregional law
enforcement and governmental cybersecurity agencies.
Traditional cyber security is proving an increasingly inadequate response to the modern cyber threat
landscape. It’s no longer sufficient to suppose that you can defend against any potential attack; you
must accept that an attack will inevitably succeed. An organization’s resilience to these attacks –
identifying and responding to security breaches – will become a critical survival trait in the future
WAR AGANST CYBER THREAT & CYBER CRIME
I Have the mandate to encourage Interested persons to build
career in Cyber Security &Cyber Forensic as this will also help in
the war against Cyber Threat and Cyber Crime.
HOW TO BUILD YOUR CAREER
CYBER SECURITY PROFESIONAL
I have been privileged to build my career as a Security and a Cyber Forensic
Professional, you will have a huge range of career options across a wide variety of
industries (e.g. finance, government, retail, etc.). But IT security is a specialist field.
You’re unlikely to start your professional life as a penetration tester or a security
IF YOU HAVE PASSION TOWARD ANY PROFESSION IN LIFE YOU ARE BOUND TO SUCCEED,
YOUR PASSION WILL PUSH YOU TO SEEK FOR CHANGE,
WILL MAKE YOU GET INCUSITIVE,
WILL MAKE YOU SPEAK TO PEOPLE ABOUT YOUR INTEREST, WILL MAKE YOU SEEK HELP OR
ASSISTANCE ON HOW TO GET ON THE RIGHT PATH TO BECOMING THE BES
YOUR DREAMS AND YOUR GOALS ,
SHOW ME A MAN DRIVEN BY PASSION THEN I WILL SHOW YOU A MAN WHO IS DESTINED TO
WITH THE POWER OF YOUR IMAGINATION ,
IF YOU CAN IMAGINE IT AND BELIEVE IN IT ,THEN YOU ARE SURE TO ACHIEVE WHATEVER GOAL
YOU SET IN LIFE.
Explore A Career in Cybersecurity
Are you a student, current cyber worker, or career changer? Are you thinking about a job in
cybersecurity? Learning about and understanding the field's unique requirements will help you
determine whether a career in cybersecurity is in your future. The work environment for cyber
professionals is dynamic and exciting, with competitive salaries and growing opportunities.
Cybersecurity professionals often thrive in an informal atmosphere, unconventional working
hours, and shifting work responsibilities aimed at keeping knowledge fresh and work exciting.
There are many different jobs within the cybersecurity field that require a broad range of
knowledge, skills and abilities. Cybersecurity professionals must have the ability to rapidly
respond to threats as soon as they are detected. Professionals must also possess a range of
technical abilities to perform a variety of activities, and be able to work in different locations and
Cybersecurity work also includes the analysis of policy, trends, and intelligence to better
understand how an adversary may think or act - using problem solving skills often compared to
those of a detective. This level of work complexity requires the cybersecurity workforce to
possess both a wide array of technical IT skills as well as advanced analysis capabilities.
Below are examples of some jobs found in cybersecurity:
Chief Information Security Officer (CISO)
Computer Crime Investigator
Computer Security Incident Responder
Disaster Recovery Analyst
Information Assurance Analyst
Intrusion Detection Specialist
Network Security Engineer
Security Operations Center Analyst
Security Systems Administrator
Security Software Developer
Source Code Auditor
Web Penetration Tester
THIS IS A GOOD POINT TO START
Start with this resource. It’s intended to help anyone interested in building a career in
cyber security from a non-security career. We’ve included advice on choosing a starter
IT job, tips on building your résumé and ideas for gaining practical experience. We’ve
also listed hard IT skills and non-security certifications that will give you a solid
grounding for the future.
CAREER PATH OPTIONS
There is no one true path to working in cyber security. People come at it from all
angles – math, computer science, even history or philosophy. Yet all of them share a
deep and abiding interest in how technology works. Security gurus say this is critical.
You need to know exactly what you’re protecting and the reason things are insecure.
TRAIN IN GENERAL IT
Many experts suggest that you begin with a job, internship or apprenticeship in IT.
This will verse you in fundamentals such as administering & configuring systems,
networks, database management and coding. You’ll also get a sense of IT procedures
and real-world business operations.
FOCUS YOUR INTERESTS
Because it’s impossible to be an expert in all categories, employers also suggest you
focus on an area (e.g. networking security) and do it well. Think ahead 5-10 years to
your “ultimate security career” then look for starter IT jobs that will supply you with
the right skills. Sample career paths could include:
• Exchange administrator → Email security
• Network administrator → Network security, forensics, etc.
• System administrator → Security administrator, forensics, etc.
• Web developer → Web security, security software developer, etc.
GAIN PRACTICAL EXPERIENCE
I would like to recommend you gain as much practical experience as humanly possible.
Even if you’re not in IT, you can accomplish a lot with self-directed learning and guided
STARTER IT JOBS
IT jobs that can lead to cyber security careers include:
• Computer Programmer
• Computer Software Engineer
• Computer Support Specialist
• Computer Systems Analyst
• Database Administrator
• IT Technician
• IT Technical Support
• IT Customer Service
• Network Administrator
• Network Engineer
• Network Systems & Data Analyst
• System Administrator
• Web Administrator
Trying to narrow your options?
Make sure your entry-level IT position will give you some security-related experience.
If this isn’t clear in the job description, you have an excellent question to ask the hiring
committee during your interview.
BUILDING YOUR CYBER SECURITY RÉSUMÉ
The Ideal Cyber Security Candidate
The ideal cyber security candidate has a mixture of technical and soft skills. On the
technical side, most employers want proof that you are:
• Grounded in IT fundamentals: e.g. networking, systems administration, database
management, web applications, etc.
• Versed in day-to-day operations: e.g. physical security, networks, server
equipment, enterprise storage, users, applications, etc.
For soft skills, they’re looking for candidates who:
• Know how to communicate with non-IT colleagues and work in a team
• Understand business procedures & processes
• Love to solve complex puzzles and unpick problems
WHAT TO LIST ON YOUR RÉSUMÉ
1. College Degree
Although it’s not always necessary to have a college degree to land your first cyber
security job, it’s bloody useful. College teaches you important skills in communication,
writing, business and project management – skills you’ll appreciate in later years.
What’s more, a strong academic qualification will ease your way to management
positions. Some employers now demand proof of a bachelor’s degree before they will
consider candidates. Learn more about your options in Choosing a Cyber Security
2. Relevant Job Experience
List any previous IT positions plus any other work related to IT security. That includes
volunteer work, internships and apprenticeships. For government jobs, hiring
committees will be interested in any military or law enforcement experience.
3. Hard IT Skills
We catalog some of the most useful hard IT skills below.
4. Professional IT Certifications
Don’t have a beginner’s security certification like Security+? Employers will still be
interested to see if you have relevant IT certifications. Just be prepared to back up
these qualifications with proof of real-world experience.
5. IT Achievements
List any IT and cyber security achievements that you think your employers will respect.
These could include Capture The Flag (CTF) standings, contest awards, training course
certificates and scholarships.
HOW TO GAIN PRACTICAL CYBER SECURITY EXPERIENCE
• Teach yourself to code. (Experts recommend this again and again.)
• Build your own computer and security lab using old PCs, your own wireless
router with firewall, network switch, etc. Practice securing the computer and network,
then try hacking it.
• Create an open source project.
• Participate in cyber security contests and training games. e.g. Wargames,
Capture the Flag competitions (CTFs), etc.
• Look for vulnerabilities on open source projects and sites with bug bounties.
Document your work and findings.
• Pair your cyber security certification exams with side projects that utilize the
• Offer to help your professor or employer with security-related tasks.
• Take free online cyber security MOOCs.
• Invest in training courses (e.g. SANS).
Networking & Volunteering
• Join LinkedIn groups, professional networks and security organizations.
• Attend local security group meetings and events.
• Connect with peers playing CTFs and Wargames.
• Collaborate with a team (at work or in school) on a cyber security project.
• Volunteer at IT and cyber security conferences.
• Volunteer to do IT security work for a non-profit or charity.
• Read IT and security magazines/news sites and blogs.
• Bookmark useful cyber security websites.
• Keep tabs on cyber security message boards like Information Security Stack
• Run a background check on yourself to see if there are any existing red flags,
then determine what you can do to address them. Security is a sensitive field and
employers are looking for ethical candidates.
USEFUL IT SKILLS & CERTIFICATIONS
Hard IT Skills To Cultivate
While you’re building your cyber security résumé (see above), work on developing hard
IT skills like the ones listed below. These are often in high demand by employers. Since
technology is always subject to change, we also recommend you consult your
colleagues, mentors and/or professors for the most up-to-date advice.
Operating Systems & Database Management
• Windows, UNIX and Linux operating systems
• MySQL/SQLlite environments
Programming & Coding
• C, C++, C# and Java
• Python, Ruby, PHP, Perl and/or shell
• Assembly language & disassemblers
• Regular Expression (regex) skills
• Linux/MAC Bash shell scripting
• System/network configuration
• TCP/IP, computer networking, routing and switching
• Network protocols and packet analysis tools
• Firewall and intrusion detection/prevention protocols
• Packet Shaper, Load Balancer and Proxy Server knowledge
Thanks to the nature of their job and industry, security experts usually end up
specializing in a specific area of interest. For example:
• Cisco networks
• Cloud computing
• Microsoft technologies
• Database modeling
• Open source applications
And so on. To gain extra experience in these areas, you can volunteer for tasks at
work, collaborate with a mentor and/or invest in self-directed learning and guided
Helpful Non-Security IT Certifications
Before you get too deep into security-focused certifications, check out the following IT
credentials. You’ll often spot these acronyms on the LinkedIn profiles of security
professionals. However, we’d be the first to state there are plenty of others out there.
Ask around or visit security message boards to decide which ones are worth the
CISCO CERTIFIED NETWORK ASSOCIATE (CCNA) Routing And Switching
A “go-to” certification for entry-level network engineers and specialists working with
Cisco routers and network systems. CCNA certificate holders have proven their ability
to install, configure, operate and troubleshoot medium-size routed and switched
This qualification is on par with CCNA Security, which emphasizes core security
technologies, confidentiality, the availability of data/devices and competency in the
technologies that Cisco uses in its security structure. Experienced Cisco engineers can
aim for the higher level Professional and Expert levels.
CompTIA A+ is one of the most common baseline certifications for IT professionals,
especially IT support specialists and technicians. The exams cover the maintenance of
PCs, mobile devices, laptops, operating systems and printers.
A+ is required for Dell, Lenovo and Intel service technicians and recognized by the U.S.
Department of Defense. Many folks follow it up with Network+ and Security+.
The second in CompTIA’s trinity of qualifications (which includes A+ and Security+).
Network+ is an ISO-17024 compliant certification that tests a professional’s knowledge
of data networks. This includes building, installing, operating, maintaining and protecting
Network+ fulfills U.S. DoD Directive 8570.01-M and is held by nearly half a million
people worldwide. It’s often recommended for network administrators, technicians and
INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY (ITIL) FOUNDATION
ITIL certifications focus on ITIL best practices. Foundation is the basic level and the
ITIL credential most frequently seen on job requirements.
The exam tests candidates in key elements, concepts and terminology used in the ITIL
service lifecycle, including the links between lifecycle stages, the processes used and
their contribution to service management practices. If your company is using ITIL
processes to handle their services to internal/external customers, then Foundation is
MICROSOFT CERTIFIED SOLUTIONS EXPERT (MCSE)
Anyone working with Microsoft technologies should take a close look at the Microsoft
Certificate Solutions Associate (MCSA)and the expert MCSE. You must complete the
MCSA before tackling the MCSE.
Widely respected in the industry, MCSE demonstrates a professional’s ability to build,
deploy, operate, maintain and optimize Microsoft-based systems. For the MCSE, you
can choose one of nine certification paths, including Server Infrastructure, Private
Cloud, SharePoint and more.
PROJECT MANAGEMENT PROFESSIONAL (PMP)
PMP is aimed at mid-level project managers. Candidates without a bachelor’s degree
must have at least five years of project management experience (7,500 hours leading
and directing projects); bachelor’s degree holders must have at least three years (4,500
hours leading and directing projects).
Successful PMP holders have demonstrated they have the experience, education and
competency to handle project teams. It’s not a “must-have” by any means, but it can
certainly help you zip through the résumé screening process and proceed into
discussions about salary.
RED HAT CERTIFIED ARCHITECT (RHCA)
Interested in becoming a Linux expert? Take a look at RHCA, probably the most
challenging qualification in the Red Hat certification program. To attain RHCA status,
Red Hat Certified Engineers (RHCEs) must pass at least 5 exams and demonstrate their
skills in performance-based tasks. Beginners should consider the RHCAS and the
CompTIA Linux+ certification.
VMWARE CERTIFIED PROFESSIONAL 5 – DATA CENTER VIRTUALIZATION (VCP5-
VCP5-DCV is expensive, but probably worth it if you’re interested in virtualization. To
obtain this foundation-level certification, candidates must demonstrate hands-on
experience with VMware technologies, complete a VMware-authorized training course
and pass an exam. This proves a certificate holder’s ability to install, deploy, monitor,
scale and manage VMware vSphere environments.
Once you have the VCP5-DCV, you might wish to consider more advanced levels of
VMWare DCV certification. In addition to data centers, VMWare also offers credentials
in the cloud, end user computing and network virtualization.
This document is developed for educational purposes, Inother to help bring to
mind current threats, proffer ways to mitigate attacks ,Inspire someone to
develop proactive approach to combat cyber crime with proven security solutions
and services that protect systems, networks, and mobile devices for business
and personal use around the world and give everyone the confidence to live and
work safely and securely in the digital world