This document discusses information security professionals. It describes how some gain their knowledge through hacking as "natural born hackers" while others get formal education. It outlines the different types of hackers and professionals that work in information security like security officers, analysts, auditors, and engineers. Requirements for these roles include skills, experience, certification, and the ability to work independently or as part of a team. Maintaining the right attitude and continuing improvement are also important to avoid failure in these types of positions.
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
Information Security Professional Career Paths
1. Information Security
Professional
UIN - 16 Nov 2011 - @y3dips
Wednesday, November 16, 11
2. y3dips
• Freelance IT Security Consultant
• More than 9 years in IT Security
• Founder of “ECHO” one of Indonesian
Hacker Community, established 2003
• Founder of IDSECCONF - Indonesia
Security Conference
@y3dips
Wednesday, November 16, 11
3. InfoSec
Means protecting information and
information systems from unauthorized
access, use, disclosure, disruption,
modification, perusal, inspection,
recording or destruction [1]
[1] h&p://wikipedia.org
Wednesday, November 16, 11
4. Information Security
• Information : Set or collection of data that has meaning
• Level [2]
• Non-Classified
• Public Information
• Personal Information
• Routine Business Information
• Classified
• Confidential
• Secret
• Top Secret
[2] h&p://wikipedia.org
Wednesday, November 16, 11
5. InfoSec Pro
People Working in Information security
Wednesday, November 16, 11
6. InfoSec Pro
Background
• Natural Born Hacker
• Formal Education
Wednesday, November 16, 11
7. Hackers
Natural Born Hacker, Gain their InfoSec
Knowledge by Hacking; Hack to Learn not
Wednesday, November 16, 11
9. Newbie
A wanna be hacker
Wednesday, November 16, 11
10. Script Kiddies
Know the Tools, Able to use the tools;
But, Not how the tool “really” works
Wednesday, November 16, 11
11. Develop Kiddies
Able to Create a Tools,
Know how the tool “really” works
But Still lack with attitude
Wednesday, November 16, 11
12. Hacker
Know Exactly What they’re Doin and
How to Do it
Wednesday, November 16, 11
13. 1337
Nobody Know what They are Doing
Wednesday, November 16, 11
14. Hacker
[+]
• Proven Skill and Exprerience
• Able to do a proof of concept
[-]
• Lack of Metodhologies
• Lack or Organizations/Managerial
Wednesday, November 16, 11
18. InfoSec Student
Gain Information Security Knowledge from formal
Education, Course, Certification
Wednesday, November 16, 11
19. InfoSec Student
[+]
• Strong in Concept and Metodhologies
[-]
• Lack of Skill and Experience
• Unable to do Proof Of concept
Wednesday, November 16, 11
20. InfoSec Pro
• IT Security Officer
• IT Security Analyst
• IT Security Auditor
• IT Security Engineer
Wednesday, November 16, 11
21. Security Officer
• Security Contact Point for Organization
• Principle Advisor for IT Security
• Ensure Security Program Running ( Security
Awareness course, etc)
• Creating Security Policy, Procedures,
Hardening guide
Wednesday, November 16, 11
22. Security Analyst
• Monitor all type of access to protect
confidentiality and integrity
• Provides Direct Support and Advise to the
IT Security Manager
• System Security Analyst, Network Security
Analyst
Wednesday, November 16, 11
23. Security Auditor
• Auditing an Organizations Technology
processess and security.
• IT General Controls Reviews
• Application Controls Reviews
• Security Auditor, Penetration Tester
Wednesday, November 16, 11
24. Security Engineer
• Maintenance Computer Hardware and
Software that comprises a computer
Network
• Doing a Security hardening and
Configuration
• System Security Engineer, Network Security
Engineer
Wednesday, November 16, 11
25. Requirements
• Skill
• Experience
• Attitude
• Able to work independent/group
• Certification?
Wednesday, November 16, 11
26. Skill
• In depth knowledge of Operating System
• In depth knowledge of Networking
• In depth knowledge of Application
• In defpth knowledge of Programming
• Much more :)
Wednesday, November 16, 11
27. Experience
• How long you’ve been in that field
• + the Security afterward.
Wednesday, November 16, 11
28. Attitude
With Great Power Comes Great
Responsibilities
Wednesday, November 16, 11
29. Work
• Able to work Alone (individualist),
• or a Team Player
Wednesday, November 16, 11
30. Certification
• In someway, its a [+]
• Is it badly needed?
Wednesday, November 16, 11
31. Limitation
• Government Rule : UU ITE
• Organization/company Rule: NDA
Wednesday, November 16, 11
32. Failed
• Always Take not Give
• Lack of Attitude
• Kiddies Minded
• Lazy to Improve
Wednesday, November 16, 11