Career In Information security

Anant Shrivastava
Anant Shrivastava
Career in Information Security Anant Shrivastava http://anantshri.info
Agenda • What is Information and Security. • Industry Standards • Job Profiles • Certifications • Tips
What a person wants in life • Money  • Fame    • Nirvana  We will talk about first 2 
How to be wealthy ? Have Rich Parents Marry a Rich Spouse Win the Lottery Become a Successful Black Hat Hacker (Live life underground) Work as a White Hat (this presentation) YOU WILL MAKE YOUR OWN CAREER! Others may help, but it’s ALL ON YOU!
Do I have your attention now.
Why Information Security? • Increasing regulatory compliance • Requires organizations to adopt security standards and frameworks for long-term approach to mitigating risk • Evolving and emerging threats and attacks • Continual learning of new skills and techniques • Convergence of physical and information security • Accountability between information security professionals and management falls on several key executives to manage growing risk exposures
What Is Information? • Information is collection of useful DATA. • Information could be – Your personal details – Your corporate details. – Future plan’s
What is Information Security? 1) Access Controls 2) Telecommunications and Network Security 3) Information Security and Risk Management 4) Application Security 5) Cryptography 6) Security Architecture and Design 7) Operations Security 8) Business Continuity and Disaster Recovery Planning 9) Legal, Regulations, Compliance and Investigations 10) Physical (Environmental) Security
What Next
Explore : – Industry Standard • Knowledge – nothing beats core concept understanding • Certification – helps in proving your exposure as fresher.
Explore : Types of Info-Sec jobs • Ethical Hacker – Vulnerability Assessment – Penetration Tester • Forensic Investigator • Security Governance – Auditor • Security Administrator • Secure Developer
Explore : Type of certification • Security Analyst – CEH, ECSA, OSCP • Development – SCJP, MCSE • Server Security – RHCSS • Auditor – ISO 27000 lead auditor
Clarify : Information Security
Clarify : Information Security • keep the bad guys out • let the trusted guys in • give trusted guys access to what they are authorized to access
Clarify : Security Triad
Security Triad
Clarify : Secure Developer • A Developer who is aware about security issues. • Developers now are classified In 3 major category – Thick Client Developer – Thin Client Developer. – Kernel or driver developer. • If you can exploit it you need to patch it.
Clarify : Security Administrator • Server Administrator with background into Security. • Skills Required – Server Hardening. – Firewall configuration.
Clarify : Vulnerability Assessment • It is the process of finding possible exploitable situation in a given target. • Target could be Desktop/ Laptop, Network, Web Application, literally any device with a processor and motive to achieve  • Skill Set – understanding of target architecture. – Eye for details and thinking of an exploiter. – (Optional) Programming for nessus plugin.
Clarify : Penetration Testing • Next Step to vulnerability assessment. • Here the target is actually evaluated against a live attack. • Skills Required: – Programming : C / C++ , Python, Perl , Ruby – Understanding of an exploitation framework. • Metasploit • Core impact
Clarify : Forensic Expert • The post – mortem specialist for IT • Responsible for after incident evaluation of a target. • Skills – All that’s needed for VA/PT. – Understanding of forensic concepts not limited to data recovery, log evaluation etc.
Clarify : Auditor • Reviews the systems and networks and related security policies with regards to Industrial standards. • Skills Required – Understanding of compliance policies • HIPPA, ISO 27001, PCI DSS, SOX and many more. – Understanding of ethical hacking concepts and application.
Commit : How to gain Knowledge Spend first few years mastering fundamentals • Get involved in as many systems, apps, platforms, languages, etc. as you can • Key technologies and areas • Relevant security experience • Compliance/regulatory/risk management • Encryption • Firewalls • Policy • IDS/IPS • Programming and scripting
Commit : Technical Skills Required • LEARN the Operating System • LEARN the Coding Language • LEARN Assembler & Shell Coding • Learn Metasploit • Learn Nessus • Learn Writing exploit for Metasploit • Learn writing scanning plug-in for Nessus.
Commit : Soft Skills Required • Learn Presentation skills. • Learn business language. Management likes to hear that.
Commit : how to gain certificate • Attend Training • Learn, understand and apply the concepts in a controlled environment. • Take exam when you have confidence.
Commit : how to practice • Set up a lab at home. – Physical Lab (best) – Virtual Lab (second Best) • Keep yourself updated subscribe to Vulnerability DB. – Practice regularly on a secured home lab.
Commit : First job • Lower rungs of the tech ladder • Unpaid Overtime is Expected • When offered company training – take it • Expect to make Mistakes – Learn from them
THINGS TO REMEMBER
Things to Remember • Learn to Question Everything. • Keep yourself up-to-date. • Be expert in one field however, security specialist are more on advantage if they develop generalist skills. • Security is extension of business needs and should support it. • Form group of like minded people.
HACKER GOT HACKED • Keep your system and network secure first. • Avoid publicizing about being “HACKER” till you have practiced enough and feel confident. • Self proclaimers are not seen with good eyes in security communities. • Your work should speak and not your mouth.
Work and personal Life
CERTIFICATIONS
Why Certification is good • Nothing beats the first hand Job Exposure. However • When you hit roadblock, certifications helps
More on Certification • Passing a Certification exam says that: – You have the minimum knowledge to be considered for certification (at the time of the test) OR – You are very good at taking tests.
Industry Certifications • EC-Council – CEH, ECSA, CHFI ,ECSP and More • ISC2 – CISSP • Offensive Security – OSCP • ISACA – CISA and CISM
Career In Information security
Any Questions
1 of 38

Career In Information security

Download to read offline
Technology

This Presentation tries to provide a insider view on various career opportunities for new budding talents in the field of information security.

Anant Shrivastava
Anant Shrivastava

Recommended

Penetration Testing Basics by
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
12.7K views62 slides
Malware by
MalwareMalware
MalwareAnoushka Srivastava
1.6K views20 slides
basic knowhow hacking by
basic knowhow hackingbasic knowhow hacking
basic knowhow hackingAnant Shrivastava
6K views31 slides
Application Security by
Application SecurityApplication Security
Application Securityflorinc
1.7K views39 slides
Penetration testing reporting and methodology by
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
5.3K views18 slides
Cyber Security Incident Response by
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
11K views85 slides

More Related Content

What's hot

Web application security by
Web application securityWeb application security
Web application securityAkhil Raj
753 views30 slides
Overview of the Cyber Kill Chain [TM] by
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
3.5K views16 slides
Web vulnerabilities by
Web vulnerabilitiesWeb vulnerabilities
Web vulnerabilitiesKrishna Gehlot
1.4K views64 slides
Computer Security 101 by
Computer Security 101Computer Security 101
Computer Security 101Progressive Integrations
11.1K views39 slides
Cyber security by
Cyber securityCyber security
Cyber securityChethanMp7
644 views22 slides
Security Vulnerabilities by
Security VulnerabilitiesSecurity Vulnerabilities
Security VulnerabilitiesMarius Vorster
1.1K views35 slides

What's hot(20)

Web application security by Akhil Raj
Web application securityWeb application security
Web application security
Akhil Raj753 views
Overview of the Cyber Kill Chain [TM] by David Sweigert
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert3.5K views
Web vulnerabilities by Krishna Gehlot
Web vulnerabilitiesWeb vulnerabilities
Web vulnerabilities
Krishna Gehlot1.4K views
Computer Security 101 by Progressive Integrations
Computer Security 101Computer Security 101
Computer Security 101
Progressive Integrations11.1K views
Cyber security by ChethanMp7
Cyber securityCyber security
Cyber security
ChethanMp7644 views
Security Vulnerabilities by Marius Vorster
Security VulnerabilitiesSecurity Vulnerabilities
Security Vulnerabilities
Marius Vorster1.1K views
Ransomware by m3 Networks Limited
RansomwareRansomware
Ransomware
m3 Networks Limited651 views
Red team Engagement by Indranil Banerjee
Red team EngagementRed team Engagement
Red team Engagement
Indranil Banerjee1.8K views
Ethical hacking ppt by Nitesh Dubey
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey340 views
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra... by Edureka!
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!3.5K views
Cyber security and demonstration of security tools by Vicky Fernandes
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes2.6K views
ISA/IEC 62443: Intro and How To by Jim Gilsinn
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
Jim Gilsinn3.8K views
Web application security by Kapil Sharma
Web application securityWeb application security
Web application security
Kapil Sharma3.2K views
Information security by Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2969 views
Inetsecurity.in Ethical Hacking presentation by Joshua Prince
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince1.4K views
Security operation center by MuthuKumaran267
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267471 views
Cyber security and AI by DexterJanPineda
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda473 views
Different types of attacks in internet by Rohan Bharadwaj
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj35.2K views
Web Application Penetration Testing by Priyanka Aash
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash925 views
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ... by Edureka!
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Edureka!3.1K views

Viewers also liked

Null bhopal Sep 2016: What it Takes to Secure a Web Application by
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
4.1K views48 slides
When the internet bleeded : RootConf 2014 by
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
2.3K views23 slides
Web2.0 : an introduction by
Web2.0 : an introductionWeb2.0 : an introduction
Web2.0 : an introductionAnant Shrivastava
3.6K views44 slides
Raspberry pi Beginners Session by
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners SessionAnant Shrivastava
5.1K views15 slides
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014 by
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
41K views17 slides
Avr introduction by
Avr introductionAvr introduction
Avr introductionAnant Shrivastava
7.7K views10 slides

Viewers also liked(20)

Null bhopal Sep 2016: What it Takes to Secure a Web Application by Anant Shrivastava
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava4.1K views
When the internet bleeded : RootConf 2014 by Anant Shrivastava
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
Anant Shrivastava2.3K views
Web2.0 : an introduction by Anant Shrivastava
Web2.0 : an introductionWeb2.0 : an introduction
Web2.0 : an introduction
Anant Shrivastava3.6K views
Raspberry pi Beginners Session by Anant Shrivastava
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners Session
Anant Shrivastava5.1K views
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014 by Anant Shrivastava
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Anant Shrivastava41K views
Avr introduction by Anant Shrivastava
Avr introductionAvr introduction
Avr introduction
Anant Shrivastava7.7K views
Exploiting publically exposed Version Control System by Anant Shrivastava
Exploiting publically exposed Version Control SystemExploiting publically exposed Version Control System
Exploiting publically exposed Version Control System
Anant Shrivastava5.2K views
Rothke stimulating your career as an information security professional by Ben Rothke
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
Ben Rothke3K views
Security Issues in Android Custom ROM by Anant Shrivastava
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROM
Anant Shrivastava3.4K views
My tryst with sourcecode review by Anant Shrivastava
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
Anant Shrivastava2.6K views
Android Tamer BH USA 2016 : Arsenal Presentation by Anant Shrivastava
Android Tamer BH USA 2016 : Arsenal PresentationAndroid Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal Presentation
Anant Shrivastava1.9K views
Snake bites : Python for Pentesters by Anant Shrivastava
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for Pentesters
Anant Shrivastava3.1K views
OWASP Bangalore : OWTF demo : 13 Dec 2014 by Anant Shrivastava
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
Anant Shrivastava4.6K views
Android Tamer: Virtual Machine for Android (Security) Professionals by Anant Shrivastava
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
Anant Shrivastava22.5K views
Tale of Forgotten Disclosure and Lesson learned by Anant Shrivastava
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava12.9K views
Slides null puliya linux basics by Anant Shrivastava
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basics
Anant Shrivastava4K views
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities by Anant Shrivastava
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava5.2K views
SSL Pinning and Bypasses: Android and iOS by Anant Shrivastava
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
Anant Shrivastava21.2K views
Owasp Mobile Risk Series : M4 : Unintended Data Leakage by Anant Shrivastava
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Anant Shrivastava40.3K views
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection by Anant Shrivastava
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava40.5K views

Similar to Career In Information security

Mash f43 by
Mash f43Mash f43
Mash f43SelectedPresentations
137 views14 slides
2021 BSides Tampa Cyber Security Careers by
2021 BSides Tampa Cyber Security Careers2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security CareersScott Stanton
103 views28 slides
Starting your Career in Information Security by
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
326 views37 slides
Careers in Cyber Security by
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber SecurityDeep Shankar Yadav
182 views24 slides
WTF is Penetration Testing by
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingScott Sutherland
2K views22 slides
Aligning Application Security to Compliance by
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
162 views39 slides

Similar to Career In Information security(20)

Mash f43 by SelectedPresentations
Mash f43Mash f43
Mash f43
SelectedPresentations137 views
2021 BSides Tampa Cyber Security Careers by Scott Stanton
2021 BSides Tampa Cyber Security Careers2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security Careers
Scott Stanton103 views
Starting your Career in Information Security by Ahmed Sayed-
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
Ahmed Sayed-326 views
Careers in Cyber Security by Deep Shankar Yadav
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
Deep Shankar Yadav182 views
WTF is Penetration Testing by Scott Sutherland
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
Scott Sutherland2K views
Aligning Application Security to Compliance by Security Innovation
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation162 views
Security Outsourcing - Couples Counseling - Atif Ghauri by Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri524 views
WTF is Penetration Testing by NetSPI
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
NetSPI2.1K views
What Suppliers Don't Tell You About Security? by PECB
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?
PECB 421 views
A guide to Sustainable Cyber Security by Ernest Staats
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats518 views
How to Boost your Cyber Risk Management Program and Capabilities? by PECB
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
PECB 575 views
What is penetration testing and career path by Vikram Khanna
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
Vikram Khanna117 views
Just Trust Everyone and We Will Be Fine, Right? by Scott Carlson
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
Scott Carlson208 views
cybersecurity analyst.pptx by Boni Yeamin
cybersecurity analyst.pptxcybersecurity analyst.pptx
cybersecurity analyst.pptx
Boni Yeamin199 views
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program by FRSecure
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
FRSecure1.3K views
New Horizons SCYBER Presentation by New Horizons Computer Learning Centers / 5PE
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
New Horizons Computer Learning Centers / 5PE630 views
Intro to INFOSEC by Sean Whalen
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen1.2K views
Your cyber security webinar by Intergen
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen711 views
Security Fundamentals and Threat Modelling by Knoldus Inc.
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
Knoldus Inc.139 views
Cybersecurity Frameworks and You: The Perfect Match by McKonly & Asbury, LLP
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
McKonly & Asbury, LLP945 views

More from Anant Shrivastava

Diverseccon keynote: My 2 Paisa's on Infosec World by
Diverseccon keynote: My 2 Paisa's on Infosec WorldDiverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldAnant Shrivastava
1.7K views12 slides
WhitePaper : Security issues in android custom rom by
WhitePaper : Security issues in android custom romWhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romAnant Shrivastava
1.8K views12 slides
Web application finger printing - whitepaper by
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaperAnant Shrivastava
1.4K views17 slides
Battle Underground NullCon 2011 Walkthrough by
Battle Underground NullCon 2011 WalkthroughBattle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughAnant Shrivastava
2.3K views17 slides
Nullcon Hack IM 2011 walk through by
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughAnant Shrivastava
16.8K views28 slides
Embedded Systems : introduction by
Embedded Systems : introductionEmbedded Systems : introduction
Embedded Systems : introductionAnant Shrivastava
2.6K views8 slides

More from Anant Shrivastava(9)

Diverseccon keynote: My 2 Paisa's on Infosec World by Anant Shrivastava
Diverseccon keynote: My 2 Paisa's on Infosec WorldDiverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec World
Anant Shrivastava1.7K views
WhitePaper : Security issues in android custom rom by Anant Shrivastava
WhitePaper : Security issues in android custom romWhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom rom
Anant Shrivastava1.8K views
Web application finger printing - whitepaper by Anant Shrivastava
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaper
Anant Shrivastava1.4K views
Battle Underground NullCon 2011 Walkthrough by Anant Shrivastava
Battle Underground NullCon 2011 WalkthroughBattle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 Walkthrough
Anant Shrivastava2.3K views
Nullcon Hack IM 2011 walk through by Anant Shrivastava
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk through
Anant Shrivastava16.8K views
Embedded Systems : introduction by Anant Shrivastava
Embedded Systems : introductionEmbedded Systems : introduction
Embedded Systems : introduction
Anant Shrivastava2.6K views
introduction to Lamp Stack by Anant Shrivastava
introduction to Lamp Stackintroduction to Lamp Stack
introduction to Lamp Stack
Anant Shrivastava9.6K views
Logic Families Electronics by Anant Shrivastava
Logic Families ElectronicsLogic Families Electronics
Logic Families Electronics
Anant Shrivastava9.6K views
Filesystem by Anant Shrivastava
FilesystemFilesystem
Filesystem
Anant Shrivastava981 views

Recently uploaded

The Role of Patterns in the Era of Large Language Models by
The Role of Patterns in the Era of Large Language ModelsThe Role of Patterns in the Era of Large Language Models
The Role of Patterns in the Era of Large Language ModelsYunyao Li
91 views65 slides
CryptoBotsAI by
CryptoBotsAICryptoBotsAI
CryptoBotsAIchandureddyvadala199
42 views5 slides
MVP and prioritization.pdf by
MVP and prioritization.pdfMVP and prioritization.pdf
MVP and prioritization.pdfrahuldharwal141
39 views8 slides
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue by
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueCloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueShapeBlue
139 views15 slides
"Surviving highload with Node.js", Andrii Shumada by
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada Fwdays
58 views29 slides
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue by
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueShapeBlue
207 views54 slides

Recently uploaded(20)

The Role of Patterns in the Era of Large Language Models by Yunyao Li
The Role of Patterns in the Era of Large Language ModelsThe Role of Patterns in the Era of Large Language Models
The Role of Patterns in the Era of Large Language Models
Yunyao Li91 views
CryptoBotsAI by chandureddyvadala199
CryptoBotsAICryptoBotsAI
CryptoBotsAI
chandureddyvadala19942 views
MVP and prioritization.pdf by rahuldharwal141
MVP and prioritization.pdfMVP and prioritization.pdf
MVP and prioritization.pdf
rahuldharwal14139 views
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue by ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueCloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
ShapeBlue139 views
"Surviving highload with Node.js", Andrii Shumada by Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays58 views
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue by ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue207 views
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda... by ShapeBlue
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
ShapeBlue164 views
Ransomware is Knocking your Door_Final.pdf by Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp98 views
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue by ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
ShapeBlue224 views
"Node.js Development in 2024: trends and tools", Nikita Galkin by Fwdays
"Node.js Development in 2024: trends and tools", Nikita Galkin "Node.js Development in 2024: trends and tools", Nikita Galkin
"Node.js Development in 2024: trends and tools", Nikita Galkin
Fwdays33 views
Cencora Executive Symposium by marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21160 views
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue by ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue265 views
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by ShapeBlue
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue162 views
Evaluation of Quality of Experience of ABR Schemes in Gaming Stream by Alpen-Adria-Universität
Evaluation of Quality of Experience of ABR Schemes in Gaming StreamEvaluation of Quality of Experience of ABR Schemes in Gaming Stream
Evaluation of Quality of Experience of ABR Schemes in Gaming Stream
Alpen-Adria-Universität38 views
Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10146 views
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by ShapeBlue
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue108 views
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash162 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue129 views
The Power of Heat Decarbonisation Plans in the Built Environment by IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE84 views
Future of AR - Facebook Presentation by Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty65 views

Career In Information security

  • 1. Career in Information Security Anant Shrivastava http://anantshri.info
  • 2. Agenda • What is Information and Security. • Industry Standards • Job Profiles • Certifications • Tips
  • 3. What a person wants in life • Money  • Fame    • Nirvana  We will talk about first 2 
  • 4. How to be wealthy ? Have Rich Parents Marry a Rich Spouse Win the Lottery Become a Successful Black Hat Hacker (Live life underground) Work as a White Hat (this presentation) YOU WILL MAKE YOUR OWN CAREER! Others may help, but it’s ALL ON YOU!
  • 5. Do I have your attention now.
  • 6. Why Information Security? • Increasing regulatory compliance • Requires organizations to adopt security standards and frameworks for long-term approach to mitigating risk • Evolving and emerging threats and attacks • Continual learning of new skills and techniques • Convergence of physical and information security • Accountability between information security professionals and management falls on several key executives to manage growing risk exposures
  • 7. What Is Information? • Information is collection of useful DATA. • Information could be – Your personal details – Your corporate details. – Future plan’s
  • 8. What is Information Security? 1) Access Controls 2) Telecommunications and Network Security 3) Information Security and Risk Management 4) Application Security 5) Cryptography 6) Security Architecture and Design 7) Operations Security 8) Business Continuity and Disaster Recovery Planning 9) Legal, Regulations, Compliance and Investigations 10) Physical (Environmental) Security
  • 10. Explore : – Industry Standard • Knowledge – nothing beats core concept understanding • Certification – helps in proving your exposure as fresher.
  • 11. Explore : Types of Info-Sec jobs • Ethical Hacker – Vulnerability Assessment – Penetration Tester • Forensic Investigator • Security Governance – Auditor • Security Administrator • Secure Developer
  • 12. Explore : Type of certification • Security Analyst – CEH, ECSA, OSCP • Development – SCJP, MCSE • Server Security – RHCSS • Auditor – ISO 27000 lead auditor
  • 14. Clarify : Information Security • keep the bad guys out • let the trusted guys in • give trusted guys access to what they are authorized to access
  • 17. Clarify : Secure Developer • A Developer who is aware about security issues. • Developers now are classified In 3 major category – Thick Client Developer – Thin Client Developer. – Kernel or driver developer. • If you can exploit it you need to patch it.
  • 18. Clarify : Security Administrator • Server Administrator with background into Security. • Skills Required – Server Hardening. – Firewall configuration.
  • 19. Clarify : Vulnerability Assessment • It is the process of finding possible exploitable situation in a given target. • Target could be Desktop/ Laptop, Network, Web Application, literally any device with a processor and motive to achieve  • Skill Set – understanding of target architecture. – Eye for details and thinking of an exploiter. – (Optional) Programming for nessus plugin.
  • 20. Clarify : Penetration Testing • Next Step to vulnerability assessment. • Here the target is actually evaluated against a live attack. • Skills Required: – Programming : C / C++ , Python, Perl , Ruby – Understanding of an exploitation framework. • Metasploit • Core impact
  • 21. Clarify : Forensic Expert • The post – mortem specialist for IT • Responsible for after incident evaluation of a target. • Skills – All that’s needed for VA/PT. – Understanding of forensic concepts not limited to data recovery, log evaluation etc.
  • 22. Clarify : Auditor • Reviews the systems and networks and related security policies with regards to Industrial standards. • Skills Required – Understanding of compliance policies • HIPPA, ISO 27001, PCI DSS, SOX and many more. – Understanding of ethical hacking concepts and application.
  • 23. Commit : How to gain Knowledge Spend first few years mastering fundamentals • Get involved in as many systems, apps, platforms, languages, etc. as you can • Key technologies and areas • Relevant security experience • Compliance/regulatory/risk management • Encryption • Firewalls • Policy • IDS/IPS • Programming and scripting
  • 24. Commit : Technical Skills Required • LEARN the Operating System • LEARN the Coding Language • LEARN Assembler & Shell Coding • Learn Metasploit • Learn Nessus • Learn Writing exploit for Metasploit • Learn writing scanning plug-in for Nessus.
  • 25. Commit : Soft Skills Required • Learn Presentation skills. • Learn business language. Management likes to hear that.
  • 26. Commit : how to gain certificate • Attend Training • Learn, understand and apply the concepts in a controlled environment. • Take exam when you have confidence.
  • 27. Commit : how to practice • Set up a lab at home. – Physical Lab (best) – Virtual Lab (second Best) • Keep yourself updated subscribe to Vulnerability DB. – Practice regularly on a secured home lab.
  • 28. Commit : First job • Lower rungs of the tech ladder • Unpaid Overtime is Expected • When offered company training – take it • Expect to make Mistakes – Learn from them
  • 30. Things to Remember • Learn to Question Everything. • Keep yourself up-to-date. • Be expert in one field however, security specialist are more on advantage if they develop generalist skills. • Security is extension of business needs and should support it. • Form group of like minded people.
  • 31. HACKER GOT HACKED • Keep your system and network secure first. • Avoid publicizing about being “HACKER” till you have practiced enough and feel confident. • Self proclaimers are not seen with good eyes in security communities. • Your work should speak and not your mouth.
  • 34. Why Certification is good • Nothing beats the first hand Job Exposure. However • When you hit roadblock, certifications helps
  • 35. More on Certification • Passing a Certification exam says that: – You have the minimum knowledge to be considered for certification (at the time of the test) OR – You are very good at taking tests.
  • 36. Industry Certifications • EC-Council – CEH, ECSA, CHFI ,ECSP and More • ISC2 – CISSP • Offensive Security – OSCP • ISACA – CISA and CISM