Breaking in to Security
2
INFORMATION SECURITY : A SHORT VIEW
“I’d like to get a job in security, how do I
get started?”
6
“What programming language do I need to
learn to be a penetration tester?”
7
“What certification should I get?”
8
Answering these one at a time is
inefficient, biased and time consuming
9
Lets ask the community and get a
definitive answer
10
11
But before we get started...
12
Is this what you want to be?
13
Or maybe this
14
The reality
15
A lot of time in here
16
Meetings
17
Still Interested?
18
For those still here, lets
look at some stats
19
<1year 22 7%
1-3years 64 22%
4-7years 81 27%
7+years 128 43%
Time In Industry
20
Penetrationtester 173 59%
Vulnerabilityauditor 143 49%
Sys-admin 130 45%
IDS/Firewalladmin 102 35%
Policywriter 97 33%
Log...
No,butithelps 182 62%
Yes 78 26%
Other 17 6%
Don'tknow 12 4%
No 6 2%
Do you need to be able to program
to be a pen-tester?...
Python 227 81%
BashScripting 221 79%
Ruby 122 43%
C 116 41%
WindowsPowershell 104 37%
PHP 101 36%
BatchScripting 102 36%
C...
Yes 144 49%
Yes-butonlytogetthroughHR 137 46%
No 14 5%
Are Certifications Useful?
24
SANS/GIAC 189 69%
CISSP 187 68%
OffensiveSecurity(PWB,AWEetc) 111 40%
EC-Council(CEHetc) 64 23%
CompTIA(Security+etc) 63 2...
Other Certificates Include
•OSSTIM
•ISACA
•Cisco
•Microsoft
•Linux/Unix
•Whatever gets you the job
•Anything management has...
Yes 259 88%
Other 24 8%
No 12 4%
Are Conferences Worth Attending?
27
Which Ones?
All of them got a mention
28
That’s the end of the stats
29
What do you know now that
you wish you'd known when
starting out?
31
People skills, managing management
and clients
“I think it's important to note that information security
is a role in a co...
Business skills
“Business skills are more important than
technical skills.”
33
Report writing skills
“It's all about the report... you can be the
best penetration tester in the world, but if
your repor...
Networking is important
“Get out there and network, don't be shy
we are a friendly lot”
35
You can't secure everything and can't be
100% secure so live with it
“Security is a balance between risk
mitigation and co...
“You will live in hotels”
“Pen testing is not so glamorous as it
appears”
37
“Cons are bad for your liver”
38
What one piece advice would
you give to someone wanting
to start a career in security?
39
Learn, learn and learn some more
“Study hard, do the labs and exercises,
experiment with tools.”
40
You need your own lab
“Set a lab environment up to practice
with, virtualisation makes these easy
these days.”
41
Get an all-round education
“Develop skills in other areas of IT
(system administration, network
management, development, e...
Make sure you enjoy what you do
“Do it for love of what you do, not to
make money. The money is good, but if
you really en...
More about soft skills and business
knowledge
“Be tolerant of the non-techs, teach
them, but don't talk down to them. Be
a...
Repeated from earlier, programming is a
useful skill
“Learn to program (scripting at least).”
45
Get yourself known
“To get involved in different projects and
contribute, there are a lot of open source
projects you can ...
“It's all about reputation. Certs are
useful, but if you are unknown you won't
be taken seriously. Get out there, meet
peo...
“Start a blog.. not for fame and glory but
more for keeping a record of what you
learn. Doesn't matter if no one reads it,...
Find your local community - 2600,
hackerspace, DC group
“Find your local community & online
community”
50
Don’t just trust tools
“Learn whats going behind the tools you
are using”
51
“Get in bed with the operations and
finance people (not literally, however this
might also help)”
52
“Work your ass off! Everyone else does
so you better get used to it.”
53
Is it OK to “practice” on sites/
companies without permission
if you don't do any damage?
54
Overwhelming opinion - No, there are
enough resources out there you don’t
need to
55
“Only if you want a new ‘room-mate’
called Bubba......”
56
What I’ve not covered
What do you see as the next up and coming area?
Is there anything you feel you did wrong that you
wo...
Conclusions
If you aren’t passionate it is just another job
Get stuck in, learn and show your interest
Don’t be afraid to ...
Big thanks to all who
responded
61
Lets play a game, who
wants a question
answered?
62
Facebook/D3pak
@D3pak
Deepakniit14@gmail.com
about.me/D3pak
Upcoming SlideShare
Loading in...5
×

Information Security : A look

506

Published on

Information Technology era, Jobs and Certifications

Source: Beyond the sec

Published in: Education, Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
506
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
49
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Information Security : A look

  1. 1. Breaking in to Security 2 INFORMATION SECURITY : A SHORT VIEW
  2. 2. “I’d like to get a job in security, how do I get started?” 6
  3. 3. “What programming language do I need to learn to be a penetration tester?” 7
  4. 4. “What certification should I get?” 8
  5. 5. Answering these one at a time is inefficient, biased and time consuming 9
  6. 6. Lets ask the community and get a definitive answer 10
  7. 7. 11
  8. 8. But before we get started... 12
  9. 9. Is this what you want to be? 13
  10. 10. Or maybe this 14
  11. 11. The reality 15
  12. 12. A lot of time in here 16
  13. 13. Meetings 17
  14. 14. Still Interested? 18
  15. 15. For those still here, lets look at some stats 19
  16. 16. <1year 22 7% 1-3years 64 22% 4-7years 81 27% 7+years 128 43% Time In Industry 20
  17. 17. Penetrationtester 173 59% Vulnerabilityauditor 143 49% Sys-admin 130 45% IDS/Firewalladmin 102 35% Policywriter 97 33% Loganalyst 97 33% Incidentresponse 74 25% Other 66 23% Manager 64 22% Malwareanalyst 49 17% ITForensices 48 16% Reverseengineer 38 13% Exploitdeveloper 36 12% Helpdesk 35 12% PCIauditor 33 11% Job Types 21
  18. 18. No,butithelps 182 62% Yes 78 26% Other 17 6% Don'tknow 12 4% No 6 2% Do you need to be able to program to be a pen-tester? 22
  19. 19. Python 227 81% BashScripting 221 79% Ruby 122 43% C 116 41% WindowsPowershell 104 37% PHP 101 36% BatchScripting 102 36% C++ 62 22% Java 63 22% Other 51 18% Perl 46 16% VB 29 10% C# 25 9% Lua 23 8% What Language? 23
  20. 20. Yes 144 49% Yes-butonlytogetthroughHR 137 46% No 14 5% Are Certifications Useful? 24
  21. 21. SANS/GIAC 189 69% CISSP 187 68% OffensiveSecurity(PWB,AWEetc) 111 40% EC-Council(CEHetc) 64 23% CompTIA(Security+etc) 63 23% Vendorspecific 60 22% Other 55 20% CHECKTeamLeader(CREST/TigerScheme) 31 11% CHECKTeamMember(CREST/TigerScheme) 30 11% Which Certs? 25
  22. 22. Other Certificates Include •OSSTIM •ISACA •Cisco •Microsoft •Linux/Unix •Whatever gets you the job •Anything management has heard of •Networking 26
  23. 23. Yes 259 88% Other 24 8% No 12 4% Are Conferences Worth Attending? 27
  24. 24. Which Ones? All of them got a mention 28
  25. 25. That’s the end of the stats 29
  26. 26. What do you know now that you wish you'd known when starting out? 31
  27. 27. People skills, managing management and clients “I think it's important to note that information security is a role in a company that involves dealing with people. Brush up on your public speaking and negotiation skills. I'm much better at hacking silicon than I am hacking carbon, but each is important. Take time to learn and practice those soft skills.” 32
  28. 28. Business skills “Business skills are more important than technical skills.” 33
  29. 29. Report writing skills “It's all about the report... you can be the best penetration tester in the world, but if your report sucks, so does your test!” 34
  30. 30. Networking is important “Get out there and network, don't be shy we are a friendly lot” 35
  31. 31. You can't secure everything and can't be 100% secure so live with it “Security is a balance between risk mitigation and corporate earnings. Companies must continue making money to pay your salary. Ergo, the best security may not be the right security.” 36
  32. 32. “You will live in hotels” “Pen testing is not so glamorous as it appears” 37
  33. 33. “Cons are bad for your liver” 38
  34. 34. What one piece advice would you give to someone wanting to start a career in security? 39
  35. 35. Learn, learn and learn some more “Study hard, do the labs and exercises, experiment with tools.” 40
  36. 36. You need your own lab “Set a lab environment up to practice with, virtualisation makes these easy these days.” 41
  37. 37. Get an all-round education “Develop skills in other areas of IT (system administration, network management, development, etc.) either before or in addition to InfoSec.” 42
  38. 38. Make sure you enjoy what you do “Do it for love of what you do, not to make money. The money is good, but if you really enjoy it, it's the best job in the world.” “Make sure its something you really want and can keep up with, not just something you enjoy on the side.” 43
  39. 39. More about soft skills and business knowledge “Be tolerant of the non-techs, teach them, but don't talk down to them. Be aware that sometimes, the business needs trump security best practices.” 44
  40. 40. Repeated from earlier, programming is a useful skill “Learn to program (scripting at least).” 45
  41. 41. Get yourself known “To get involved in different projects and contribute, there are a lot of open source projects you can contribute to in different ways.” 46
  42. 42. “It's all about reputation. Certs are useful, but if you are unknown you won't be taken seriously. Get out there, meet people, and learn from them!” 47
  43. 43. “Start a blog.. not for fame and glory but more for keeping a record of what you learn. Doesn't matter if no one reads it, do it for yourself.” 48
  44. 44. Find your local community - 2600, hackerspace, DC group “Find your local community & online community” 50
  45. 45. Don’t just trust tools “Learn whats going behind the tools you are using” 51
  46. 46. “Get in bed with the operations and finance people (not literally, however this might also help)” 52
  47. 47. “Work your ass off! Everyone else does so you better get used to it.” 53
  48. 48. Is it OK to “practice” on sites/ companies without permission if you don't do any damage? 54
  49. 49. Overwhelming opinion - No, there are enough resources out there you don’t need to 55
  50. 50. “Only if you want a new ‘room-mate’ called Bubba......” 56
  51. 51. What I’ve not covered What do you see as the next up and coming area? Is there anything you feel you did wrong that you would advise against? 57
  52. 52. Conclusions If you aren’t passionate it is just another job Get stuck in, learn and show your interest Don’t be afraid to ask questions - but show you’ve tried to find the answer yourself first It isn’t all about the tech 60
  53. 53. Big thanks to all who responded 61
  54. 54. Lets play a game, who wants a question answered? 62 Facebook/D3pak @D3pak Deepakniit14@gmail.com about.me/D3pak
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×