Your SlideShare is downloading. ×
Career In Information security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Career In Information security

1,857
views

Published on

This Presentation tries to provide a insider view on various career opportunities for new budding talents in the field of information security.

This Presentation tries to provide a insider view on various career opportunities for new budding talents in the field of information security.

Published in: Technology

1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total Views
1,857
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
112
Comments
1
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Career inInformation Security Anant Shrivastava http://anantshri.info
  • 2. Agenda• What is Information and Security.• Industry Standards• Job Profiles• Certifications• Tips
  • 3. What a person wants in life• Money • Fame   • Nirvana We will talk about first 2 
  • 4. How to be wealthy ?Have Rich ParentsMarry a Rich SpouseWin the LotteryBecome a Successful Black Hat Hacker (Live life underground)Work as a White Hat (this presentation)YOU WILL MAKE YOUR OWN CAREER!Others may help, but it’s ALL ON YOU!
  • 5. Do I have your attention now.
  • 6. Why Information Security?• Increasing regulatory compliance• Requires organizations to adopt security standards and frameworks for long-term approach to mitigating risk• Evolving and emerging threats and attacks• Continual learning of new skills and techniques• Convergence of physical and information security• Accountability between information security professionals and management falls on several key executives to manage growing risk exposures
  • 7. What Is Information?• Information is collection of useful DATA.• Information could be – Your personal details – Your corporate details. – Future plan’s
  • 8. What is Information Security?1) Access Controls2) Telecommunications and Network Security3) Information Security and Risk Management4) Application Security5) Cryptography6) Security Architecture and Design7) Operations Security8) Business Continuity and Disaster Recovery Planning9) Legal, Regulations, Compliance and Investigations10) Physical (Environmental) Security
  • 9. What Next
  • 10. Explore : – Industry Standard• Knowledge – nothing beats core concept understanding• Certification – helps in proving your exposure as fresher.
  • 11. Explore : Types of Info-Sec jobs• Ethical Hacker – Vulnerability Assessment – Penetration Tester• Forensic Investigator• Security Governance – Auditor• Security Administrator• Secure Developer
  • 12. Explore : Type of certification• Security Analyst – CEH, ECSA, OSCP• Development – SCJP, MCSE• Server Security – RHCSS• Auditor – ISO 27000 lead auditor
  • 13. Clarify : Information Security
  • 14. Clarify : Information Security• keep the bad guys out• let the trusted guys in• give trusted guys access to what they are authorized to access
  • 15. Clarify : Security Triad
  • 16. Security Triad
  • 17. Clarify : Secure Developer• A Developer who is aware about security issues.• Developers now are classified In 3 major category – Thick Client Developer – Thin Client Developer. – Kernel or driver developer.• If you can exploit it you need to patch it.
  • 18. Clarify : Security Administrator• Server Administrator with background into Security.• Skills Required – Server Hardening. – Firewall configuration.
  • 19. Clarify : Vulnerability Assessment• It is the process of finding possible exploitable situation in a given target.• Target could be Desktop/ Laptop, Network, Web Application, literally any device with a processor and motive to achieve • Skill Set – understanding of target architecture. – Eye for details and thinking of an exploiter. – (Optional) Programming for nessus plugin.
  • 20. Clarify : Penetration Testing• Next Step to vulnerability assessment.• Here the target is actually evaluated against a live attack.• Skills Required: – Programming : C / C++ , Python, Perl , Ruby – Understanding of an exploitation framework. • Metasploit • Core impact
  • 21. Clarify : Forensic Expert• The post – mortem specialist for IT• Responsible for after incident evaluation of a target.• Skills – All that’s needed for VA/PT. – Understanding of forensic concepts not limited to data recovery, log evaluation etc.
  • 22. Clarify : Auditor• Reviews the systems and networks and related security policies with regards to Industrial standards.• Skills Required – Understanding of compliance policies • HIPPA, ISO 27001, PCI DSS, SOX and many more. – Understanding of ethical hacking concepts and application.
  • 23. Commit : How to gain KnowledgeSpend first few years mastering fundamentals• Get involved in as many systems, apps, platforms,languages, etc. as you can• Key technologies and areas• Relevant security experience• Compliance/regulatory/risk management• Encryption• Firewalls• Policy• IDS/IPS• Programming and scripting
  • 24. Commit : Technical Skills Required• LEARN the Operating System• LEARN the Coding Language• LEARN Assembler & Shell Coding• Learn Metasploit• Learn Nessus• Learn Writing exploit for Metasploit• Learn writing scanning plug-in for Nessus.
  • 25. Commit : Soft Skills Required• Learn Presentation skills.• Learn business language. Management likes to hear that.
  • 26. Commit : how to gain certificate• Attend Training• Learn, understand and apply the concepts in a controlled environment.• Take exam when you have confidence.
  • 27. Commit : how to practice• Set up a lab at home. – Physical Lab (best) – Virtual Lab (second Best)• Keep yourself updated subscribe to Vulnerability DB. – Practice regularly on a secured home lab.
  • 28. Commit : First job• Lower rungs of the tech ladder• Unpaid Overtime is Expected• When offered company training – take it• Expect to make Mistakes – Learn from them
  • 29. THINGS TO REMEMBER
  • 30. Things to Remember• Learn to Question Everything.• Keep yourself up-to-date.• Be expert in one field however, security specialist are more on advantage if they develop generalist skills.• Security is extension of business needs and should support it.• Form group of like minded people.
  • 31. HACKER GOT HACKED• Keep your system and network secure first.• Avoid publicizing about being “HACKER” till you have practiced enough and feel confident.• Self proclaimers are not seen with good eyes in security communities.• Your work should speak and not your mouth.
  • 32. Work and personal Life
  • 33. CERTIFICATIONS
  • 34. Why Certification is good• Nothing beats the first hand Job Exposure.However• When you hit roadblock, certifications helps
  • 35. More on Certification• Passing a Certification exam says that: – You have the minimum knowledge to be considered for certification (at the time of the test) OR – You are very good at taking tests.
  • 36. Industry Certifications• EC-Council – CEH, ECSA, CHFI ,ECSP and More• ISC2 – CISSP• Offensive Security – OSCP• ISACA – CISA and CISM
  • 37. Any Questions

×