Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Case Studies
Hacking the Industry
-
Upload
deepak-duhan -
Category
Documents
-
view
217 -
download
0
Transcript of Hacking the Industry
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 1/39
Page 1
Hacking the Industry
© 2012 S. Malone & N. Beddome
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 2/39
Page 2
Step 1:Build Your Tool Kit
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 3/39
Page 3
What Your Tool Kit Should Contain
To be successful in the industry
just like in a penetration test
you need a robust tool kit.
• 5 P’s Approach
• Research
• Entry Level Certifications & Degrees
• Developing Basic Aptitudes & Skills
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 4/39
Page 4
5 P’s Approach
Proper
Preparation
PreventsPoor
Performance
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 5/39
Page 5
Research
• Do it early
• Do it thoroughly
• Identify: – What the industry wants
– What you want
– Personal strategy that satisfies both
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 6/39
Page 6
Entry Level Certificates
• Select certifications that serve your goal
– Security+
– CEH
– [Others, depending on your goal]
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 7/39
Page 7
Basic Aptitudes
• Look for something that sets you apart andmakes you valuable to as an employee
•
Problem solving Troubleshooting
Web-Design
Public Speaking
Self-Management
Computer Repair
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 8/39
Page 8
Step 2:Conduct Reconnaissance
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 9/39
Page 9
Industry
Market
Focus Company
Position
Team /Region /
OfficeNeeds
LeaderPriorities
CorporateValues
YourRole
Top Down Approach
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 10/39
Page 10
Step 3:Gain Access
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 11/39
Page 11
Getting in the Front Door
Don’t give up!
• Instead, try to:
• Set yourself apart
• Escalate your approach
• Widen your net
• Follow up
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 12/39
Page 12
Set Yourself Apart
• Define your unique offerings
– To yourself
– To an interviewer
• Prevents landing in the “slush pile” of
similar applications
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 13/39
Page 13
Escalate Your Approach
• Know the industry-standard approach to
the application process
• Know when to push those boundaries
• Know when to stop so you aren’t booted
back out the door
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 14/39
Page 14
Widen Your Net
• If at first you don’t succeed …
– Adapt your standards
– Change your scope
– Evaluate your expectations
– Be flexible
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 15/39
Page 15
Follow Up
• Don’t let them “silence” you out the door
– Always follow up
– Continue to do so until you receive a concrete
answer or next steps
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 16/39
Page 16
Step 4:
Escalate Privilege
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 17/39
Page 17
Find Your Niche
• What is lacking in your organization?
• How can you fill that hole?
“Be as valuable as possible
to as many people as possible”
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 18/39
Page 18
What is Your Goal?
Penetration
Testing
Security
Architecture
Security
Management
Your Own
Company
What do you want to be doing in 10 years?
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 19/39
Page 19
How do you get there?
• Look at job postings and talk to people
who have that role
• What do you lack that is required for that
position?
– Experience
– Training
– Certification
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 20/39
Page 20
Certifications
• Primarily “book knowledge”
• Useful to get to the interview stage
Acting like certifications should matter to a
security industry veteran is a Bad Idea
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 21/39
Page 21
Security+
CompTia Security+
Entry-level general-purpose security certification
Experience Requirements NoneFormat Multiple-Choice
Value to HR Medium
Value to Peers Low
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 22/39
Page 22
CEH
Certified Ethical Hacker
Entry-level penetration testing certification
Experience Requirements Formal training or 2 years
professional experience
Format Multiple-Choice
Value to HR Medium
Value to Peers Low
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 23/39
Page 23
CCNA
Cisco Certified Network Associate
Entry-level networking certification
Experience Requirements NoneFormat Multiple-Choice &
Simulation Tests
Value to HR Medium
Value to Peers Medium
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 24/39
Page 24
OSCP
Offensive Security Certified Professional
Mid-level penetration testing certification
Experience Requirements NoneFormat Live, limited-time
capture-the-flag challenge
Value to HR Medium
Value to Peers High
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 25/39
Page 25
CISSP
Certified Information Systems Security Professional
Mid-level general-purpose security certification
Experience
Requirements
5 years professional infosec
experience (waivers available)
Format Multiple-Choice
Value to HR High
Value to Peers Low
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 26/39
Page 26
CISA
Certified Information Systems Auditor
Mid-level IT auditing certification
Experience
Requirements
5 years of professional information
systems auditing, control or securitywork experience (waivers available)
Format Multiple-Choice
Value to HR High
Value to Peers Medium
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 27/39
Page 27
Step 5:
Pivot
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 28/39
Page 28
The Aggressive Career Cycle
Recruited
Competent
Optimized
Plateaued
•Recruited: new challenges
and required skills
•Competent: able to
perform as expected with
enthusiasm
•Optimized: performing all
duties at peak efficiency
and interest
•Plateaued: doing the same
tasks repeatedly with littleengagement
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 29/39
Page 29
Passive Marketing
• Recruiters are out there looking … make it
easy for them to find you!
• Google yourself; know what’s out there • “How would this look to a hiring manager?”
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 30/39
Page 30
• Primary way that recruiters find candidates• Fill it out – include:
– Work history
– Certifications – Skills
– Photo
– Contact Information
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 31/39
Page 31
Personal Website
• Cover Letter
• Photo
• Resume• Projects
• Contact Information
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 34/39
Page 34
Networking
• Conferences
• Industry organizations
•
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 35/39
Page 35
Step 6:
Maintain Access
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 36/39
Page 36
Fallback Plan
If I were let go tomorrow, I would …
______________________.
• Know what companies you would look at
• Know what recruiters you would talk to
• Know who could provide a good reference
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 37/39
Page 37
Continual Improvement
• Don’t go stale! Keep learning.
• What are the emerging trends in security?
• Change your niche as necessary … themarket for COBOL programmers is small.
• Find and minimize your weak points.
8/17/2019 Hacking the Industry
http://slidepdf.com/reader/full/hacking-the-industry 38/39
Page 38
Soft Skills
• Be able to:
Listen Speak Write
ManageProjects
Interview