Career In Information security
-
Upload
anant-shrivastava -
Category
Technology
-
view
3.168 -
download
0
Transcript of Career In Information security
![Page 1: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/1.jpg)
Career in
Information Security
Anant Shrivastavahttp://anantshri.info
![Page 2: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/2.jpg)
Agenda
• What is Information and Security.• Industry Standards• Job Profiles• Certifications• Tips
![Page 3: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/3.jpg)
What a person wants in life
• Money • Fame • Nirvana
We will talk about first 2
![Page 4: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/4.jpg)
How to be wealthy ?
Have Rich ParentsMarry a Rich SpouseWin the LotteryBecome a Successful Black Hat Hacker (Live
life underground)Work as a White Hat (this presentation)YOU WILL MAKE YOUR OWN CAREER!Others may help, but it’s ALL ON YOU!
![Page 5: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/5.jpg)
Do I have your attention now.
![Page 6: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/6.jpg)
Why Information Security?
• Increasing regulatory compliance• Requires organizations to adopt security standards and
frameworks for long-term approach to mitigating risk• Evolving and emerging threats and attacks• Continual learning of new skills and techniques• Convergence of physical and information security• Accountability between information security
professionals and management falls on several key executives to manage growing risk exposures
![Page 7: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/7.jpg)
What Is Information?
• Information is collection of useful DATA.• Information could be – Your personal details– Your corporate details.– Future plan’s
![Page 8: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/8.jpg)
What is Information Security?1) Access Controls 2) Telecommunications and Network Security 3) Information Security and Risk Management 4) Application Security 5) Cryptography 6) Security Architecture and Design 7) Operations Security 8) Business Continuity and Disaster Recovery Planning 9) Legal, Regulations, Compliance and Investigations 10) Physical (Environmental) Security
![Page 9: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/9.jpg)
What Next
![Page 10: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/10.jpg)
Explore : – Industry Standard
• Knowledge – nothing beats core concept understanding
• Certification – helps in proving your exposure as fresher.
![Page 11: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/11.jpg)
Explore : Types of Info-Sec jobs
• Ethical Hacker– Vulnerability Assessment– Penetration Tester
• Forensic Investigator• Security Governance– Auditor
• Security Administrator• Secure Developer
![Page 12: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/12.jpg)
Explore : Type of certification
• Security Analyst – CEH, ECSA, OSCP• Development – SCJP, MCSE• Server Security – RHCSS• Auditor – ISO 27000 lead auditor
![Page 13: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/13.jpg)
Clarify : Information Security
![Page 14: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/14.jpg)
Clarify : Information Security
• keep the bad guys out• let the trusted guys in• give trusted guys access to what they are
authorized to access
![Page 15: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/15.jpg)
Clarify : Security Triad
![Page 16: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/16.jpg)
Security Triad
![Page 17: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/17.jpg)
Clarify : Secure Developer
• A Developer who is aware about security issues.• Developers now are classified In 3 major
category– Thick Client Developer– Thin Client Developer.– Kernel or driver developer.
• If you can exploit it you need to patch it.
![Page 18: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/18.jpg)
Clarify : Security Administrator
• Server Administrator with background into Security.
• Skills Required– Server Hardening.– Firewall configuration.
![Page 19: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/19.jpg)
Clarify : Vulnerability Assessment
• It is the process of finding possible exploitable situation in a given target.
• Target could be Desktop/ Laptop, Network, Web Application, literally any device with a processor and motive to achieve
• Skill Set– understanding of target architecture.– Eye for details and thinking of an exploiter.– (Optional) Programming for nessus plugin.
![Page 20: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/20.jpg)
Clarify : Penetration Testing
• Next Step to vulnerability assessment.• Here the target is actually evaluated against a
live attack.
• Skills Required:– Programming : C / C++ , Python, Perl , Ruby– Understanding of an exploitation framework.• Metasploit• Core impact
![Page 21: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/21.jpg)
Clarify : Forensic Expert
• The post – mortem specialist for IT• Responsible for after incident evaluation of a
target.
• Skills– All that’s needed for VA/PT.– Understanding of forensic concepts not limited to
data recovery, log evaluation etc.
![Page 22: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/22.jpg)
Clarify : Auditor
• Reviews the systems and networks and related security policies with regards to Industrial standards.
• Skills Required– Understanding of compliance policies• HIPPA, ISO 27001, PCI DSS, SOX and many more.
– Understanding of ethical hacking concepts and application.
![Page 23: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/23.jpg)
Commit : How to gain KnowledgeSpend first few years mastering fundamentals• Get involved in as many systems, apps, platforms,languages, etc. as you can• Key technologies and areas• Relevant security experience• Compliance/regulatory/risk management• Encryption• Firewalls• Policy• IDS/IPS• Programming and scripting
![Page 24: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/24.jpg)
Commit : Technical Skills Required
• LEARN the Operating System• LEARN the Coding Language• LEARN Assembler & Shell Coding• Learn Metasploit• Learn Nessus• Learn Writing exploit for Metasploit• Learn writing scanning plug-in for Nessus.
![Page 25: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/25.jpg)
Commit : Soft Skills Required
• Learn Presentation skills.• Learn business language. Management likes to
hear that.
![Page 26: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/26.jpg)
Commit : how to gain certificate
• Attend Training• Learn, understand and apply the concepts in a
controlled environment.• Take exam when you have confidence.
![Page 27: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/27.jpg)
Commit : how to practice
• Set up a lab at home.– Physical Lab (best)– Virtual Lab (second Best)
• Keep yourself updated subscribe to Vulnerability DB.– Practice regularly on a secured home lab.
![Page 28: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/28.jpg)
Commit : First job
• Lower rungs of the tech ladder• Unpaid Overtime is Expected• When offered company training – take it• Expect to make Mistakes– Learn from them
![Page 29: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/29.jpg)
THINGS TO REMEMBER
![Page 30: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/30.jpg)
Things to Remember
• Learn to Question Everything.• Keep yourself up-to-date. • Be expert in one field however, security
specialist are more on advantage if they develop generalist skills.
• Security is extension of business needs and should support it.
• Form group of like minded people.
![Page 31: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/31.jpg)
HACKER GOT HACKED
• Keep your system and network secure first.• Avoid publicizing about being “HACKER” till
you have practiced enough and feel confident.• Self proclaimers are not seen with good eyes
in security communities.• Your work should speak and not your mouth.
![Page 32: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/32.jpg)
Work and personal Life
![Page 33: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/33.jpg)
CERTIFICATIONS
![Page 34: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/34.jpg)
Why Certification is good
• Nothing beats the first hand Job Exposure.However• When you hit roadblock, certifications helps
![Page 35: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/35.jpg)
More on Certification
• Passing a Certification exam says that:– You have the minimum knowledge to be considered for
certification (at the time of the test) OR
– You are very good at taking tests.
![Page 36: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/36.jpg)
Industry Certifications
• EC-Council– CEH, ECSA, CHFI ,ECSP and More
• ISC2
– CISSP• Offensive Security– OSCP
• ISACA– CISA and CISM
![Page 37: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/37.jpg)
![Page 38: Career In Information security](https://reader036.fdocuments.net/reader036/viewer/2022070519/58f29a441a28ab8b7a8b45d9/html5/thumbnails/38.jpg)
Any Questions