2020 job opportunities at iDealogic

Cyber Security Consultant

About us

iDealogic CS is originally founded in the Netherlands and specializing in Cybersecurity managed services and distribution in APAC. The organization has offices in the Hongkong, Singapore, Vietnam and continues to expand our business to other countries as well as make starts to provide Cybersecurity services and products. At iDealogic CS, we are aiming to spread the message of cybersecurity insights and awareness to meet customers’ needs.

Our team in the Netherlands has developed the Cyber Security Assessment Tool (CSAT), which organizations can use to gain insights into their Cyber Security status. CSAT helps organizations to develop a roadmap for the implementation of software tools to maximize the security of their infrastructure and information. Currently, we are working closely with Microsoft global and partners around APAC to provide our solutions in delivering our customers the well-tailored services and fully integrated experience. We also provide industrial cybersecurity best practice in delivering high qualified of other services and products with penetration testing (Edgescan), malware hunting (Infocyte Hunt) and endpoints data security (Ego Secure) solutions.

We are pleased to invite qualified and passionate candidates to apply for a Cybersecurity Consultant position as part of our talented team. Experienced candidates will be working in HCMC office and deliver highly professional results.

Company: iDealogic CS, Floor 14th, An Phu Plaza, 117-119 Ly Chinh Thang Street, Ward 7, District 3, Ho Chi Minh City, Vietnam.

Headquarter: QS Solutions, Modemweg 38, 3821 BS Amersfoort, the Netherlands.

Job Purpose: The primary role of the position is to deliver high qualified cybersecurity report to customers and provide technical support to partner around APAC to recommend security best practices in the industry.

Key Responsibilities:

Consultancy services:

  • Study and research on current technologies and company’s products.
  • Analyze customer’s current infrastructure to be able to provide recommendations.
  • Present advised solutions and reports to customers and top management.
  • Proactively working on analysis and identifying opportunities to improve customer’s technology processes and procedures.
  • Conduct gaps analysis for any technology-related and data-related for security findings.
  • Keep track a full cycle of a cybersecurity assessment project to deliver a successful engagement.

 

Support partners:

  • Provide technical support to partners around APAC.
  • Deliver technical training related to current products of organization.
  • Support partners to conduct ongoing solution assessment.
  • Oversee progression and timeline during an assessment.

Job Specification

Qualifications (Degree/Diploma): Bachelor’s degree in Computer Science, Management/ BIS/ MIS/ Information Security, or a related technical field.

Professional Qualification and/or Regulatory, Licensing requirements: Certification (nice to have) such as CISA/CISM/CEH/CompTIA security+ is a plus.

Relevant Work Experience: Minimum from 1 – 3 years working experience in

  • IT Risk Advisory /IT Audit in big 4 professional service firms (PwC, Deloitte, KPMG or E&Y) is a plus

Or

  • Experience in technical positions such as network security consultant/system administrator/security engineer.

Required Competencies and Skills (Essential to succeed in this job):

Technical/Functional skills:

  • Data Analysis and Data investigation skills
  • System administrator experiences.
  • Experience and knowledge in Microsoft technology such as Azure cloud solutions or any related Microsoft technology is a plus.
  • Knowledge and experience in IT security, Identity and access management solutions such as EDR, MFA or Nessus.
  • Knowledge of information security controls, guidelines and standards: ISO/CIS/NIST is a plus.

Personal skills: (Soft Competencies [Core/Leadership])

  • Delivers Result.
  • Builds Relationships.
  • Exercises Sound Judgment.
  • Inquisitive approach and attention to detail.
  • Strong English verbal communication skills.

Please send your CV to: hoang.nguyen@idealogic.com.vn or jameshn@qssolutions.nl

CSAT Lite scan program

Cyber security has always been hot topic from couple of years ago, but not many people take it seriously. You should not just start by buying the most expensive tool out there, but instead start from the very basic like password policy and workflows. We could help you with CSAT quickscan program, and give you practical recommendations from the facts we scanned from your environment.

iDealogic/QSSolutions, together with Microsoft, we have launched a new program to help Small/Medium businesses around the region to improve their Cyber Security situations.

This program is currently on sale!!! Start by clicking on URL below

https://cybersecurityassessmenttool.com/product/csat-quickscan/

How to control your digitization – Softline event 13/9 HCM

On 13/9/2018, iDealogic has got a chance to attend the conference for business leaders in Ho Chi Minh city regarding managing digital assets and how to improve yourself through digitization?

It was first started with a presentation about Softline businesses globally by Mr Trung, Softline Vietnam Sales Director.

Then an interesting topic about controlling power BI, a powerful tool to make business decisions.

After the break, there was a topic about digital migration and how Microsoft solutions could help by Mr Nhựt, Opus CEO

Last but not least, of course, a topic about Cyber Security represented by iDealogic Business Development Lead, Mr Tuan Anh Pham

At the end, the event has given the attendees knowledge on what should they do to control their digitization, it has to be secured too.

What leaders need to digitize their business? – Events with Softline

Applying technologies to your businesses has proven to be very effective these days. However, how you use it, or what to buy seems to be very confusing for some organizations.

On Thursday, 13/09/2018, in Ho Chi Minh city and 04/10/2018, in Hanoi, Softline Vietnam has organized an events on this topic, sharing their expertise and providing knowledge on how to manage your infrastructure/software properly.

Together with iDealogic, we are providing insight information on how to plan your cyber securities projects properly instead of “shooting in the dark” as usual. Through Microsoft SAM programs, iDealogic and Softline could help you transform your business to be more efficient and effective.

SAM Agreement with Microsoft!!!

iDealogic is pleased to announce that it has made the Cyber Security Assessment Tool (CSAT) free of charge for companies in the Microsoft SAM Managed Service Program (MSP). The tool is one of several benefits of the SAM Managed Service Program.

“By providing fact-based information on the security status of the customer’s infrastructure and recommendations for action, the CSAT enables SAM Managed Service Providers to provide a high-value service to their customers.” Paul Dols | CEO at QS solutions

“With the CSAT, the time you spend on Cybersecurity analysis for your customer is shortened and it increases the value you deliver. It’s a very good solution to collect relevant security data for use in your SAM Managed Service offering,” Jackie Carriker | Director Worldwide SAM & Compliance at Microsoft Corp

In the old days, SAM assessment was used to identify compliance of an organisation to Microsoft, but Nowadays, Microsoft do not care much on the licenses anymore, instead, they will give you more insight views of your infrastructure and provide a fact-based report on how you could improve your securities.

Why should we stop buying point solutions?

Through out Cyber Security history, whenever people thinks about upgrading/purchasing Cyber Security solutions. There are two common scenarios:

  • Search out for most comprehensive solutions
  • Make comparison
  • Purchase
  • Try to implement to your environment

Or a bit more careful

  • Define what you need – from memory, from experiences…
  • Then look out for most suitable solutions
  • Purchase
  • Try to implement to your environment

Well, as Tsun Tzu wrote in his book “The Art of War”, “If you know the enemy and know yourself, you need not fear the result of a hundred battles”. Even the greatest IT manager could not know every details of what is happening inside his network, some don’t even know how many end points are being plugged to the network. Then how do you really know what you need?

The practical scenario should be

  • Identify your assets, make groups of components for their functions
  • Make plans of how should you protect each component
  • Execute the plan, not just buying solutions somewhere

Ping us below in comment when you really need to become more mature in Cyber Security.

 

Cyber Security consultant needed:

Who are we?

We are 100% foreign investment organisation, established in Vietnam 5 years ago, in 2013. We do both Outsourcing business and Cyber Security business in South East Asia and Hong Kong. Our office in Ho Chi Minh city is the major development centre which support globally.

What is this position?

We are looking for a talented consultant who has strong knowledge in IT infrastructure and probably a bit of knowledge on Cyber Security to join us in this position. Together we will do consultations on Cyber Security for customers around South East Asia + Hong Kong.

Your job duties?

  • Study and research on current technologies and company’s products
  • Learning customer’s current infrastructure to be able to provide recommendations
  • Present solutions, reports to customers and top management
  • Doing project implementations
  • Provide technical supports to partners around South East Asia

What do we need from you?

We are looking for graduates and experienced candidates who can demonstrate:

  • Bachelor or Master Degree in Computer Engineering, Computer Science, MIS and any IT related fields
  • Working experiences in IT security, IT technical background and / or industry knowledge. Working experiences with Microsoft technologies are preferable
  • Strong IT security and IT technical knowledge as well as working experiences in any of the following areas:
    • Strong database management system including Data Gap Analysis, IAS39, Business Process◦Network security controls including firewall, router, IDS/IPS security configuration and security review
    • Operating system configuration and security review for any of various platforms: Mainframe, Windows NT/2000/2003, UNIX, Middleware, Oracle/SQL databases. This includes vulnerability assessment by using scanning tools
    • Penetration testing at both network and web application level
    • Security audit tools available such as Nessus, IIS, WebInspect, PhoneSweep, etc and hardware/software security implementation
    • Identity and access management solutions and implementation
  • Understanding of business security practices, security controls and risk management concepts
  • Strong analytical and problem solving capabilities
  • Excellent teamwork and inter-personal skills
  • Self-motivated individuals that are willing to develop solutions on their own or in a team of highly skilled professionals

Remember – Attitude is everything!!! We welcome all candidates who want to explore new technologies!!!

9 Ways Your Government Is Spying on Your Internet Activity

In recent years, a lot of concern has come regarding government spying on internet activity. Although the NSA continues to monitor the internet activity of Americans, it has simply become a way of life. Everyone knows their internet activity is being looked at, and we have accepted it.

However, this question remains: How is the government monitoring internet activity? Many people are not aware of the methods they are using.

Method 1: Your Phone Records

The Patriot Act allows the U.S. government to keep phone records. The NSA doesn’t keep the records of specific individuals, but the agency has records of every international and domestic telephone call made in the United States. If you called your uncle last week, NSA spying was in full force. The NSA has a record of the time you made the call, how long you were on the phone, and the telephone number you dialed.

Method 2: Internet Services Must Cooperate with the Government

Google, Facebook, and other top online services have stated that the government has forced them to pass on records about customers. The PRISM program has much to do with this. For instance, Facebook can pass on messages, emails, and documents to the NSA.

Method 3: Device Hacking

If you think that your mobile phone, you are possibly reading this with, is secure, there are all sorts of doorways out there that the NSA has created. It can hack into IT systems and electronic devices anytime. This isn’t true for every device, however, because the FBI had an issue hacking an Apple iPhone belonging to the San Bernardino terrorists. A great deal of controversy came about because creating a “backdoor” to the iPhone for the FBI would create a vulnerability that hackers could use to hack these extremely secure devices.

Method 4: Security Devices Aren’t Foolproof

The NSA has talked manufacturers into making some of their products vulnerable so that those devices can be accessed. This is very similar to what the FBI wanted Apple to do, but the demand was made after the iPhone was manufactured without such vulnerabilities. In this case, the NSA has gotten electronics companies to create backdoors.

Method 5: Cell Towers Do More Than Relay Calls

A cell tower looks rather simple. We all know them to be necessary for making cell phone calls. These towers also give you the capability to connect to the internet, which means the NSA is keeping a record of where you are. When you make a call, your cell phone company knows it’s you. Once upon a time, detailed calling was necessary (some customers still request it). The wireless company would send a bill detailing all calls and texts made on the account. The government has this same information because of the unique identifier in your phone that tells the cell tower that you are permitted to make a call.

Method 6: Internet Lines Are Tapped Around the World

Even if you leave the U.S., you’re still being tracked. The NSA has managed to track people no matter where they are. Consider that there are massive fiber-optic cables under the sea. The amount of data that moves through these cables is amazing. The NSA can work with other intelligence agencies around the world to gather desired data about anyone.

Method 7: Foreign Companies Get Hacked

Companies in other countries are getting hacked. Everything from major credit card networks to wire transfer companies can be breached so data can be gathered about a person. An example of data that can be gathered by hacking a foreign company is an email you may have sent it. The NSA can also look at financial transactions within foreign financial networks.

Method 8: Your Spending Habits Are Tracked

NSA monitoring also goes as far as tracking your spending habits. This is how the purchases of a criminal can be tracked so quickly. Between credit card and bank account transactions, everything you spend can be tracked. The NSA even knows how you get your money. This is especially true if you carry out your transactions online.

Method 9: Email Isn’t Foolproof

Gmail and Yahoo are among the free email services that have been hacked. This means that the contents of the emails have been viewed. In fact, Yahoo just revealed that all 3 billion accounts on its servers were hacked in 2013. That means someone out there has personal details and so much more. This is disturbing because that information could be used in many ways. Unfortunately, the NSA already can quickly access private email accounts unless they are encrypted. If the NSA encounters encrypted email, even it isn’t advanced enough to decipher the contents of the email.

How to Protect Yourself from Government Spying on Internet Activity

To protect yourself online from NSA surveillance, you can do several things, such as use a VPN. There are affordable solutions online that mask your IP. This can help when you want to keep activities and details private.

You also want to be careful when sharing where you are. For instance, a Facebook check-in can reveal where you are. Logging out of Google is also a smart idea because Google tracks your location. If you log into your Google account and go to Google Maps, there is a feature called Google Maps Timeline that tells you where you have been and when you were there. This history goes back years. If you aren’t logged into Google, this activity isn’t tracked. You can also stop Google Maps Tracking.

Lastly, be careful about doing financial transactions online. Get a prepaid card not attached to other accounts or refrain from making the transactions at all.

Combine this with getting an encrypted email account at Secure Swiss Data, and you can have a much more secure online presence. When using encrypted email, like that offered by Secure Swiss Data, your most personal or proprietary pieces of electronic communication can be protected against hackers and the NSA.

According to Secure Switch Data

Another Facebook Quiz App Left 120 Million Users’ Data Exposed

People are still getting over the most controversial data scandal of the year, i.e., Cambridge Analytica scandal, and Facebook is under fire yet again after it emerges that a popular quiz app on the social media platform exposed the private data of up to 120 million users for years.

Facebook was in controversies earlier this year over a quiz app that sold data of 87 million users to a political consultancy firm, who reportedly helped Donald Trump win the US presidency in 2016.

Now, a different third-party quiz app, called NameTests, found exposing data of up to 120 million Facebook users to anyone who happened to find it, an ethical hacker revealed.

NameTests[.]com, the website behind popular social quizzes, like “Which Disney Princess Are You?” that has around 120 million monthly users, uses Facebook’s app platform to offer a fast way to sign up.

Just like any other Facebook app, signing up on the NameTests website using their app allows the company to fetch necessary information about your profile from the Facebook, with consent naturally.

However, Inti De Ceukelaire, a bug bounty hunter and hacker, found that the popular quiz website is leaking logged-in user’s detail to the other websites opened in the same browser, allowing any malicious website to obtain that data easily.

In a Medium post published yesterday, Ceukelaire said he liked to participate in the Data Abuse Bounty Program that Facebook recently launched in the wake of Cambridge Analytica scandal. So, he started looking at the apps his friends on Facebook had installed.

Ceukelaire then decided to take his first quiz through the NameTests app, and as he started taking a closer look on the test process, he noticed that the website was fetching his personal information from “http://nametests[.]com/appconfig_user” and display it on its website.
Ceukelaire was shocked when he saw his personal data in a JavaScript file that could easily be accessed by virtually any website when they would request it.
What Was the Flaw? How It Leaked Users’ Data?

This issue was due to a simple yet severe flaw in NameTests website that appears to have existed since the end of 2016.

Storing user data in JavaScript file caused the website to leak data to other websites, which is otherwise not possible due to browser’s Cross-Origin Resource Sharing (CORS) policy that prevents a website from reading the content of other websites without their explicit permission.

As a proof of concept, Ceukelaire developed a malicious website that would connect to NameTests to mine the data of visitors using the app. Using a simple bit of code, he was able to harvest the names, photos, posts, pictures, and friends lists of anyone taking part in the quiz.

The vigilant hacker also made a video as a proof of his findings, demonstrating how the NameTests website revealed your personal data even after deleting the app.

Ceukelaire reported the flaw via Facebook’s Data Abuse Bounty Program on April 22, and over a month later the social media informed him that it could take three to six months to investigate the issue.

Over two months after initially reporting the issue to Facebook, Ceukelaire noticed that NameTests has fixed the issue, and told him it had found no evidence of abuse of the exposed data by any third party.

On 27th June, Facebook contacted Ceukelaire and informed him that NameTests had fixed the issue, and at his request, donated $8,000 to the Freedom of the Press Foundation as part of its Data Abuse Bounty Program.
German company Social Sweethearts, who is behind NameTests, claims to have more than 250 million registered users and have reached more than 3 billion page views per month.

The latest incident shows that, even after the social media giant changed its conditions for apps to access data on its platform back in 2015, Facebook failed to adequately police such apps that have access to substantial amounts of personal data on its platform.

According to the Hacker News

WPA3 Standard Officially Launches With New Wi-Fi Security Features

The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks.

WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data.

However, in late last year, security researchers uncovered a severe flaw in the current WPA2 protocol, dubbed KRACK (Key Reinstallation Attack), that made it possible for attackers to intercept, decrypt and even manipulate WiFi network traffic.

Although most device manufacturers patched their devices against KRACK attacks, the WiFi Alliance, without much delay, rushed to finalize and launch WPA3 in order to address WPA2’s technical shortcomings from the ground.

What is WPA3? What New Security Features WPA3 Offers?

WPA3 security standard will replace the existing WPA2 that has been around for at least 15 years and widely used by billions of devices every day.

The new security protocol provides some big improvements for Wi-Fi enabled devices in terms of configuration, authentication, and encryption enhancements, making it harder for hackers to hack your Wi-Fi or eavesdrop on your network.

On Monday, the Wi-Fi Alliance launched two flavors of latest security protocol—WPA3-Personal and WPA3-Enterprise—for personal, enterprise, and IoT wireless networks.

Here are some key features provided by the new protocol:

  1. Protection Against Brute-Force Attacks: WPA3 provides enhanced protection against offline brute-force dictionary attacks, making it harder for hackers to crack your WiFi password—even if you choose less complex passwords—by using commonly used passwords over and over again.
  2. WPA3 Forward Secrecy: WPA3 leverages SAE (Simultaneous Authentication of Equals) handshake to offer forward secrecy, a security feature that prevents attackers from decrypting old captured traffic even if they ever learn the password of a network.
  3. Protecting Public/Open Wi-Fi Networks: WPA3 strengthens user privacy in open networks through individualized data encryption, a feature that encrypts the wireless traffic between your device and the Wi-Fi access point to mitigate the risk of Man-in-the-Middle (MitM) attacks. To prevent such passive attacks, WPA3 could add support for Opportunistic Wireless Encryption (OWE).
  4. Strong Encryption for Critical Networks: Using WPA3 Enterprise, critical Wi-Fi networks handling sensitive information (such as government, , and industrial organizations), can protect their Wi-Fi connections with 192-bit encryption.

Wi-Fi Easy Connect

Alongside WPA3, the WiFi Alliance has also announced a new feature, called Wi-Fi Easy Connect, that simplifies the process of pairing smart home gadgets (without any screen or display) to your router.

Wi-Fi Easy Connect is a replacement for Wi-Fi Protected Setup (WPS), which has been considered insecure.

With the support for Easy Connect, you will be able to pair your smart gadget with the router by simply scanning a QR code with your smartphone to have the Wi-Fi credentials automatically sent to the new smart device.

It should be noted that both WPA3 and Wi-Fi Easy Connect will not hit the mainstream right away. In fact, it is going to be a many-years-long process that will require new routers and smart gadgets to support WPA3.

Therefore, WPA2 will not stop working any time soon, and devices with WPA3 support will still be able to connect with devices that use WPA2 for the working of your gadgets, but WPA3 support will eventually become mandatory as adoption grows.

WPA3 is set to roll out later this year and is expected to hit mass adoption in late 2019, when it eventually become a requirement for devices to be considered Wi-Fi certified, according to the WiFi Alliance.

According to The Hacker News