A short introduction to the various fields of Information Security, along with a brief description of each minor filed, the responsibilities for people working in that field, the skills needed for entering the field and what kind of knowledge should be acquired. This presentation serves as an introduction only, and shouldn't by any mean be taken as a definitive guide to those minor fields or the major filed of information security.

1. Introduction to Information
Security Field

2. Quick
Survey

3. WHO
AM I

4. What
IS
Information
Security

5. Statistics

6. of organizations are short on staff with strong cyber security
and networking knowledge.

7. of organizations are unable to fill open security jobs,
despite the fact that 82 percent expect to be attacked this year.

8. Is the growth rate for demand on security analysts
between 2012 - 2020

9. The increase in security jobs postings between 2007 and 2013

10. 103,226Dollars ($)

11. Is the number of security jobs shortage by 2017
MILLION

12. Sounds
Good

14. Security
Management

16. Security Manager
Responsibilities

17. Skills

18. What to Learn?
• Practices and methods of IT strategy, enterprise architecture and security architecture
• Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation
technologies
• ISO 27001/27002, ITIL and COBIT frameworks
• PCI, HIPAA, NIST, GLBA and SOX compliance assessments
• Windows, UNIX and Linux operating systems
• C, C++, C#, Java and/or PHP programming languages
• Firewall and intrusion detection/prevention protocols
• Secure coding practices, ethical hacking and threat modeling
• TCP/IP, computer networking, routing and switching
• Network security architecture development and definition
• Knowledge of third party auditing and cloud risk assessment methodologies.

19. Risk Analysis

20. Risk Analyst
Responsibilities

21. Skills

22. Penetration
Testing

23. “A penetration test, or pen test, is an attempt to
evaluate the security of an IT infrastructure by
safely trying to exploit vulnerabilities. These
vulnerabilities may exist in operating systems,
service and application flaws, improper
configurations, or risky end-user behavior.”

24. External Penetration Testing
Internal Penetration Testing
Application Penetration Testing
Mobile App Penetration Testing
Wireless Penetration Testing
Social Engineering Testing

25. Penetration Tester
Responsibilities

26. Skills

27. What to Learn?
• Windows, UNIX and Linux operating systems
• C, C++, C#, Java, ASM, PHP, PERL
• Network servers and networking tools (e.g. Nessus, nmap, Burp, etc.)
• Computer hardware and software systems
• Web-based applications
• Security frameworks (e.g. ISO 27001/27002, NIST, HIPPA, SOX, etc.)
• Security tools and products (Fortify, AppScan, etc.)
• Vulnerability analysis and reverse engineering
• Metasploit framework
• Forensics tools
• Cryptography principles

28. Digital
Forensics

30. Forensics
Investigator
Responsibilities

31. Skills

32. What to Learn?
• Network skills, including TCP/IP-based network communications (much of modern forensics involves reading network traces)
• Windows, UNIX and Linux operating systems
• C, C++, C#, Java and similar programming languages
• Computer hardware and software systems
• Operating system installation, patching and configuration
• Backup and archiving technologies
• Cryptography principles
• eDiscovery tools (NUIX, Relativity, Clearwell, etc.)
• Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.)
• Data processing skills in electronic disclosure environments
• Evidence handling procedures and ACPO guidelines
• Cloud computing

33. Application
Security

34. Skills

35. What to Learn?
• An in-depth understanding of programming languages. These can
include C/C++, C#, Java/JSP, .NET, Perl, PHP, Ruby, Python, etc.
• CERT/CC, MITRE, Sun and NIST secure coding guidelines and
standards
• Software and web application development practices
• Penetration testing and vulnerability assessments

36. Network
Security

37. Security Admin
Responsibilities

38. Skills

39. What to Learn?
• Knowledge of common L4-L7 protocols such as SSL, HTTP, DNS, SMTP and IPSec
• Strong understanding of firewall technologies
• Juniper/Cisco/Checkpoint
• Packet Shaper, Load Balancer and Proxy Server knowledge
• Intermediate to expert IDS/IPS knowledge
• TCP/IP, computer networking, routing and switching
• Network protocols and packet analysis tools
• Windows, UNIX and Linux operating systems
• Firewall and intrusion detection/prevention protocols

40. Malware
Analysis

41. Malware Analyst
Responsibilities

42. Skills

43. What to Learn?
• Operating System Concepts
• High Level & Low Level Programming (familiarity is fine, working knowledge not
required at first)
• Fundamentals of networking
• How to use the internet to perform research.
• Malware Analysis Tools.
• Learn about Malware itself.

44. Security
Auditing

45. Security Auditor
Responsibilities

46. Skills

47. What to Learn?
• Working knowledge of regulatory and industry data security standards (e.g.
FFIEC, HIPAA, PCI, NERC, SOX, NIST, EU/Safe Harbor and GLBA)
• ISO 27001/27002, ITIL and COBIT frameworks
• Windows, UNIX and Linux operating systems
• MSSQL and ORACLE databases
• C, C++, C#, Java and/or PHP programming languages
• ACL, IDEA and/or similar software programs for data analysis
• Fidelis, ArcSight, Niksun, Websense, ProofPoint, BlueCoat and/or similar auditing
and network defense tools
• Firewall and intrusion detection/prevention protocols

48. Security
Awareness

49. Security Awareness
Offficer
Responsibilities

50. Skills

52. Thank You