Spy vs Spy: Protecting Secrets

download Spy vs Spy: Protecting Secrets

of 20

  • date post

  • Category


  • view

  • download


Embed Size (px)


Presented to NAF Students, May 14th, 2014. Outline career path in Information Security

Transcript of Spy vs Spy: Protecting Secrets

  • 1. Spy vs Spy: Protecting Secrets A Career in Information Security is a Career in Protecting Secrets Michael Scheidell, CCISO, Security Privateers http://slidesha.re/T00Kq7

2. Information Techology: Road to the Future Hardware Management . Software Computer Research Info Systems Managers Hardware Engineers Computer Programmers Support Specialists Systems Analysts Data Base Administrator Web Developers Network Architechs World Wide Jobs Example text 3. Chief Information Security Officer MIS Degree Internship ISACA CSX Cert Security Engineer CISSP, CRISK Sr. Security Architech MBA Degree VP/Dir of IT Security CCISO Cert Like Working with People? Look into Management 4. Started doing database programming Moved into Real time/Control Systems 1994, helped Government adjust to the net Invented and Patented Security Appliance Traveled to Costa Rica, Panama, Jamaica, Canada Got to play with Trains (Risk Assessment, DHS contract) Invited to speak at security conferences, including Cairo Trained FBI agents, worked with Secret Service On TV and quoted by Sun Sentinel Get paid to break into banks! Michael Scheidell Chief Information Security Officer 5. Programming Web Applications E-Commerce Systems Mobile Applications Hardware Engineer Computer Science Firewalls IDS/IPS/Patents Security Architect Design companys network Security is top priority Privacy matters Your own footer Your Logo Bits and Bytes Your thing? 6. Top 10 jobs in Information Security 1. Information Security Crime / Forensics Expert 2. Web Application/ Penetration Testing 3. Forensic Analyst 4. Incident Responder 5. Security Architect 6. Malware Analyst 7. Network Security Engineer 8. Security Analyst 9. Computer Crime Investigator 10. Chief Information Security Officer/CISO/ISO/VP 7. Information Security Crime Investigator Investigation of computer crimes Driven by Curiosity Expert witness testimony in court Consulting firms, PwC, IBM Private Eye, Law Enforcement: FBI, Secret Service Knowledge of Pen Testing, Computer Forensics, Reverse Engineering BS:CS, MS:LE, 3+ years, CEH, CPT 22% Growth, $50K to 100K (gvmt or private) 8. Web Application / Penetration Testing Computer Games: Red Team, Black Team Get paid to break into Banks Part of an IT Audit or Assessment Team Opportunity for Travel Consulting firms, PwC, IBM Direct Hire for Business or Government Stepping stone to IT Auditor BS/4+ years experience, CEH, CISSP Growth 15%, $55-88K a year 9. Forensic Analyst Information Systems Analyst Network Security Engineer Computer Forensics Consultant/Engineer Programming, Reverse Engineering Experience in Malware, APT, Windows, Linux Works with Law Enforcement MS/6+ years experience, CEH, CISSP $50K to 100K, Mgmt $200K 10. Incident Responder Prep for Forensic Analyst/ Investigator/ Manager On the Firing line Work in real time to stop and document attacks Knowledge of Networking, Firewalls Experience in Malware, APT, Windows, Linux BS/3+ $65k to 83K 11. Security Architect Prep for Forensic Analyst/ Investigator/ Manager On the Firing line Work in real time to stop and document attacks Knowledge of Networking, Firewalls Experience in Malware, APT, Windows, Linux BS/3+, Certs: CEH, CompTia Network, CPT, CISSP $55K to 90K 12. Malware Analyst Examine, identify, and understand viruses, worms, Trojans, bots, rootkits Knowledge of reverse engineering and software development Programming, C, Perl, PHP, assembler. Experience in Malware, APT, Windows, Linux Government, Business, AV companies BS/3+, Certs: CEH, CPT, CISSP $50 to 100K 13. Network Security Engineer Work with Security Architect Build, monitor and maintain secure network Knowledge of TCP/IP Understand IDS/Firewalls/DMZ/VPNs Understand test and analysis tools (sniffers, snort) Some Programming or scripting (C, Perl, Java) BS/3+, Certs: CISSP, CCNA/CCIE $DOE: $70K to 130K (Sr, 5+years, MS Degree) 14. Security Analyst Planning and implementing security measures Stay up to date with latest intelligence Anticipate Security Breaches Prevent loss and service interruptions Perform Risk Assessments Install Firewalls, Data Encryption Security Awareness Training MS/5+, CISSP, CISM, CISA, CRISK $80K Average to $125K, 22% Job Growth 15. Computer Crime Investigator Recovery of hidden, encrypted or deleted files Investigates computer crime, fraud and hacking Gather evidence Reconstruct damaged computer systems Testify in court Train Law enforcement on computer related issues MS/4+, CISSP, CEH, CPT $50K to $100K (or more for consultants) 22% Growth 16. Chief Information Security Officer/CISO Top Dog in Information Security Knows Everything forensics, pen testing, auditing, incident response, web app testing, programming, accounting, business Speaking, Training, Mentoring Works with CEO/CIO/CTO/CFO/COO Only works half days (7am to 7pm) 10yrs $180K to 225K Fortune 100 companies, could be in millions MIS degree, MBA Degree Certs: CISSP, CCISO, CISM, CISA, CRISK 17. Education: NAF: Academy of Information Technology (AOIT) Nova Southeast University Florida International University Florida Atlantic University Master of Science in Management Information Systems (MMIS) Master of Science in Information Systems (MSIS) with security focus Master of Business Administration (MBA) CISO: Chief Information Security Officer 18. Certifications: ISACA: Cybersecurity Fundamentals Students and Interns EC-Council: Certified Ethical Hacker (CEH) (ISC)2: Certified Information Systems Security Professional (CISSP) 4 years professional experience + degree or 5 years Associate for Students without the required experience ISACA: Certified Information Security Manager (CISM) EC-Council: Certified Chief Information Security Officer (CCISO) 19. Self Study Free Trials, Amazon/Microsoft Azure Boot and Install Linux/FreeBSD Put a server together with VMWare/Zen Install and Learn Nessus, Snort, Wireshark Practice penetration testing, detection, patching Attend local meetings Information Systems Security Association (ISSA) Information Systems Audit and Control Association (ISACA) International Information System Security Certification Consortium(ISC)2