Prepare Yourself to Become Infosec Professional

M.Syarifudin, ST, OSCP, OSWP
M.Syarifudin, ST, OSCP, OSWP Information Security Trainer
PREPAREYOURSELF TOBECOMEINFOSECPROFESSIONAL Presented by M. Syarifudin, ST, OSCP, OSWP Bandung, Jul 28 2016 Stadium General Course Telkom University 1
Who is M. SYARIFUDIN ? • Former Lecturer and Assistant Manager • OSCP & OSWP Certified • Information Security Trainer and Researcher • Official Indonesian Kali Linux Translator • Homepage : http://fl3x.us 2
LET’S TALK ABOUT… • Information Security • What Should be Prepared to become Infosec Professional 3
INFORMATION SECURITY OVERVIEW • The practice of defending information from (un)authorised access, (mis)use, disclosure, disruption, modification, or destruction 4 Confidentiality Integrity Availability source:wikipedia
WHY INFORMATION SECURITY NEEDED ? • Information is very important asset • Impact to the Business 5 People Technology System
SOME CASES 6 Referral System Vulnerability
SOME BREACHES 7 Source : https://haveibeenpwned.com
SOME CYBER ATTACKS 8 Source : http://www.thejakartapost.com/
SOME CYBER ATTACKS 9 Source : http://www.bbc.com/news/uk-36239805
10 Infosec Pro are always needed
INFOSEC PRO JOBS • Penetration Tester / Ethical Hacker • Information Security Consultant • Security Engineer • Information Security Specialist 11
INFOSEC PRO JOBS • Information Security Manager • Chief Information Security Officer • Information Security Trainer • etc 12
SAMPLE SALARY ( PENTESTER ) 13 Source:http://www.payscale.com/research/US/Job=Penetration_Tester/Salary
SAMPLE SALARY ( PENTESTER ) 14 77K USD per year -> 6.4K USD per month = Rp 84.000.000 per month
WHAT SHOULD BE PREPARED ? • Have the Passion & Good Mental • More focus on these Subjects : • Operating System • Computer Network and Security • Cryptography, and Programming 15
WHAT SHOULD BE PREPARED ? • Join to the Laboratory • Join to the Infosec Community • Decide your Interest • Taking the Infosec Courses and Certifications 16
SOME INFOSEC CERTIFICATIONS 17 More info: https://www.offensive-security.com/information-security-certifications/
SOME INFOSEC CERTIFICATIONS 18 More info: http://www.giac.org/certifications/categories
SOME INFOSEC CERTIFICATIONS 19 More info: http://www.isaca.org/ More info: https://www.isc2.org/
20 Which one of your interest ?
What is PenTest ? 21 Real Attacks The Target Gain Access Application NetworkSystem
Why Do a PenTest ? 22 $$$$$ Security Program Protecting Infrastructure Prevent Data Breaches Penetration Test
About PenTest 23 Compromise IT System Security Find SecurityVulnerabilitiesMust Have a Permission Be Creative Exploit the SecurityVuln. Bypass Security MechanismThink like an Attacker
Penetration Testing Execution Standard 24 Intelligence GatheringPre-engagement Threat ModellingVulnerability Analysis Exploitation Post Exploitation Reporting http://www.pentest-standard.org
PENTEST DEMO 25 Let’s Hack the Target ;)
ThankYou Any Question ? “Contact Me” on http://fl3x.us 26
1 of 26

Prepare Yourself to Become Infosec Professional

Download to read offline
Career

Prepare Yourself to Become Information Security Professional.

M.Syarifudin, ST, OSCP, OSWP
M.Syarifudin, ST, OSCP, OSWP Information Security Trainer

Recommended

Information gath by
Information gathInformation gath
Information gathM.Syarifudin, ST, OSCP, OSWP
14K views21 slides
Bsides by
BsidesBsides
BsidesRoberto Sponchioni
1.1K views21 slides
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industry by
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industrySeminario-15-04-2015-IT_professions_in_the_anti-malware_industry
Seminario-15-04-2015-IT_professions_in_the_anti-malware_industryRoberto Sponchioni
424 views35 slides
Sigma and YARA Rules by
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
1.5K views36 slides
IOT Security FUN-damental by
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damentalSatria Ady Pradana
390 views29 slides
HeartBleed Bug, by Megat Muazzam [APNIC 38] by
HeartBleed Bug, by Megat Muazzam [APNIC 38]HeartBleed Bug, by Megat Muazzam [APNIC 38]
HeartBleed Bug, by Megat Muazzam [APNIC 38]APNIC
1.2K views16 slides

More Related Content

What's hot

Security Issues in Internet of Things by
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of ThingsLohith Haravu Chandrashekar
116 views21 slides
Ground Zero Training- Metasploit For Web by
Ground Zero Training- Metasploit For WebGround Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For WebNipun Jaswal
827 views23 slides
Ethical hacking by
Ethical hackingEthical hacking
Ethical hackingAishwary Sinha
306 views16 slides
Hijacking Softwares for fun and profit by
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profitNipun Jaswal
567 views37 slides
Developing secure mobile apps by Alexandru Catariov Endava by
Developing secure mobile apps by Alexandru Catariov EndavaDeveloping secure mobile apps by Alexandru Catariov Endava
Developing secure mobile apps by Alexandru Catariov EndavaMoldova ICT Summit
493 views23 slides
A survey of ethical hacking process and security by
A survey of ethical hacking process and securityA survey of ethical hacking process and security
A survey of ethical hacking process and securityAhmad El Tawil
393 views24 slides

What's hot(20)

Security Issues in Internet of Things by Lohith Haravu Chandrashekar
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
Lohith Haravu Chandrashekar116 views
Ground Zero Training- Metasploit For Web by Nipun Jaswal
Ground Zero Training- Metasploit For WebGround Zero Training- Metasploit For Web
Ground Zero Training- Metasploit For Web
Nipun Jaswal827 views
Ethical hacking by Aishwary Sinha
Ethical hackingEthical hacking
Ethical hacking
Aishwary Sinha306 views
Hijacking Softwares for fun and profit by Nipun Jaswal
Hijacking Softwares for fun and profitHijacking Softwares for fun and profit
Hijacking Softwares for fun and profit
Nipun Jaswal567 views
Developing secure mobile apps by Alexandru Catariov Endava by Moldova ICT Summit
Developing secure mobile apps by Alexandru Catariov EndavaDeveloping secure mobile apps by Alexandru Catariov Endava
Developing secure mobile apps by Alexandru Catariov Endava
Moldova ICT Summit 493 views
A survey of ethical hacking process and security by Ahmad El Tawil
A survey of ethical hacking process and securityA survey of ethical hacking process and security
A survey of ethical hacking process and security
Ahmad El Tawil393 views
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co... by Edureka!
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
Edureka!935 views
Ethical hacking by Alapan Banerjee
Ethical hackingEthical hacking
Ethical hacking
Alapan Banerjee802 views
Ethical hacking introduction to ethical hacking by MissStevenson1
Ethical hacking introduction to ethical hackingEthical hacking introduction to ethical hacking
Ethical hacking introduction to ethical hacking
MissStevenson1370 views
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux... by Edureka!
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Edureka!785 views
Ethical hacking basics by Meenesh Jain
Ethical hacking basicsEthical hacking basics
Ethical hacking basics
Meenesh Jain5K views
OWASP Mobile Top 10 by NowSecure
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure5.7K views
Ethical Hacking by Aryan Saxena
Ethical HackingEthical Hacking
Ethical Hacking
Aryan Saxena939 views
Ethical Hacking by Rishab garg
Ethical HackingEthical Hacking
Ethical Hacking
Rishab garg229 views
Hacking Question and Answer by Greater Noida Institute Of Technology
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer
Greater Noida Institute Of Technology172 views
Ethical Hacking by Tharindu Kalubowila
Ethical HackingEthical Hacking
Ethical Hacking
Tharindu Kalubowila2.9K views
Infomration & network security by Rajkumar Pawar
Infomration & network securityInfomration & network security
Infomration & network security
Rajkumar Pawar1.4K views
Secure Software Development by Asankhaya Sharma
Secure Software DevelopmentSecure Software Development
Secure Software Development
Asankhaya Sharma371 views
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg by Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric VanderburgInformation Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg
Eric Vanderburg1K views
NTXISSACSC3 - Metasploit Year in Review by James Lee by North Texas Chapter of the ISSA
NTXISSACSC3 - Metasploit Year in Review by James LeeNTXISSACSC3 - Metasploit Year in Review by James Lee
NTXISSACSC3 - Metasploit Year in Review by James Lee
North Texas Chapter of the ISSA220 views

Viewers also liked

iCrOSS 2013_Pentest by
iCrOSS 2013_PentestiCrOSS 2013_Pentest
iCrOSS 2013_PentestM.Syarifudin, ST, OSCP, OSWP
14.8K views39 slides
IPTV Security by
IPTV SecurityIPTV Security
IPTV SecurityM.Syarifudin, ST, OSCP, OSWP
18.4K views17 slides
My pwk & oscp journey by
My pwk & oscp journeyMy pwk & oscp journey
My pwk & oscp journeyM.Syarifudin, ST, OSCP, OSWP
25.5K views14 slides
Pentest with Metasploit by
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
23.6K views36 slides
Wireless LAN Security-Bimtek Kominfo by
Wireless LAN Security-Bimtek KominfoWireless LAN Security-Bimtek Kominfo
Wireless LAN Security-Bimtek KominfoM.Syarifudin, ST, OSCP, OSWP
13.3K views10 slides
Social Network Security & Backdooring email by
Social Network Security & Backdooring emailSocial Network Security & Backdooring email
Social Network Security & Backdooring emailM.Syarifudin, ST, OSCP, OSWP
16.6K views20 slides

Viewers also liked(6)

Similar to Prepare Yourself to Become Infosec Professional

Web appsec and it’s 10 best SDLC practices by
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practicesPotato
1.2K views23 slides
Web Security Overview by
Web Security OverviewWeb Security Overview
Web Security OverviewNoah Jaehnert
150 views34 slides
Intro to INFOSEC by
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
1.2K views44 slides
Application Security: What do we need to know? by
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?Jose L. Quiñones-Borrero
326 views35 slides
How to build app sec team & culture in your organization the hack summi... by
How to build app sec team & culture in your organization the hack summi...How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...kunwaratul hax0r
38 views28 slides
Starting your Career in Information Security by
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
326 views37 slides

Similar to Prepare Yourself to Become Infosec Professional(20)

Web appsec and it’s 10 best SDLC practices by Potato
Web appsec and it’s 10 best SDLC practicesWeb appsec and it’s 10 best SDLC practices
Web appsec and it’s 10 best SDLC practices
Potato1.2K views
Web Security Overview by Noah Jaehnert
Web Security OverviewWeb Security Overview
Web Security Overview
Noah Jaehnert150 views
Intro to INFOSEC by Sean Whalen
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen1.2K views
Application Security: What do we need to know? by Jose L. Quiñones-Borrero
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
Jose L. Quiñones-Borrero326 views
How to build app sec team & culture in your organization the hack summi... by kunwaratul hax0r
How to build app sec team & culture in your organization the hack summi...How to build app sec team & culture in your organization the hack summi...
How to build app sec team & culture in your organization the hack summi...
kunwaratul hax0r38 views
Starting your Career in Information Security by Ahmed Sayed-
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
Ahmed Sayed-326 views
Cybersecurity Awareness Session by Adam by Mohammed Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
Mohammed Adam456 views
IoT – Breaking Bad by NUS-ISS
IoT – Breaking BadIoT – Breaking Bad
IoT – Breaking Bad
NUS-ISS1.2K views
The 5 ws of Cyber Security by Misha Hanin
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber Security
Misha Hanin1.1K views
Secure Your WordPress Site - And Your Business by Stacy Clements
Secure Your WordPress Site - And Your BusinessSecure Your WordPress Site - And Your Business
Secure Your WordPress Site - And Your Business
Stacy Clements86 views
Career In Information security by Anant Shrivastava
Career In Information securityCareer In Information security
Career In Information security
Anant Shrivastava5.1K views
HDI Capital Area Slides August 17, 2018 by hdicapitalarea
HDI Capital Area Slides August 17, 2018HDI Capital Area Slides August 17, 2018
HDI Capital Area Slides August 17, 2018
hdicapitalarea148 views
Aligning Application Security to Compliance by Security Innovation
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation161 views
Cyber Security and Healthcare by Jonathon Coulter
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
Jonathon Coulter960 views
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers by Michael Davis
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Michael Davis1.1K views
Security Training: Making your weakest link the strongest - CircleCityCon 2017 by Aaron Hnatiw
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Aaron Hnatiw391 views
Presentation 1.pptx by rabeetkashif
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
rabeetkashif6 views
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S... by WhiteSource
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource Webinar-New Research Reveals Key Strategy to Manage Open Source S...
WhiteSource125 views
Boosting IoT Protection: An Enterprise Risk Imperative by National Retail Federation
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk Imperative
National Retail Federation348 views
PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit... by Florence Hudson
PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...
PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...
Florence Hudson27 views

Recently uploaded

Software Engineer's Career Management Toolkit by
Software Engineer's Career Management ToolkitSoftware Engineer's Career Management Toolkit
Software Engineer's Career Management Toolkitozgengungor1
17 views41 slides
IIBA Melbourne - Pave your Path to Success by
IIBA Melbourne - Pave your Path to Success IIBA Melbourne - Pave your Path to Success
IIBA Melbourne - Pave your Path to Success AustraliaChapterIIBA
36 views10 slides
IIBA Adelaide Lean Coffee - FOBA & other Acronyms by
IIBA Adelaide Lean Coffee - FOBA & other AcronymsIIBA Adelaide Lean Coffee - FOBA & other Acronyms
IIBA Adelaide Lean Coffee - FOBA & other AcronymsAustraliaChapterIIBA
18 views11 slides
WordCamp (Why fret over AI overlords when you can befriend them).pdf by
WordCamp (Why fret over AI overlords when you can befriend them).pdfWordCamp (Why fret over AI overlords when you can befriend them).pdf
WordCamp (Why fret over AI overlords when you can befriend them).pdfBiaAhmed1
25 views14 slides
Danny Gaethofs CV - n English.pdf by
Danny Gaethofs CV - n English.pdfDanny Gaethofs CV - n English.pdf
Danny Gaethofs CV - n English.pdfDanny Gaethofs
13 views12 slides
Readiness Quiz - Staff Engineer.pptx by
Readiness Quiz - Staff Engineer.pptxReadiness Quiz - Staff Engineer.pptx
Readiness Quiz - Staff Engineer.pptxguptanavneet1
621 views5 slides

Recently uploaded(13)

Software Engineer's Career Management Toolkit by ozgengungor1
Software Engineer's Career Management ToolkitSoftware Engineer's Career Management Toolkit
Software Engineer's Career Management Toolkit
ozgengungor117 views
IIBA Melbourne - Pave your Path to Success by AustraliaChapterIIBA
IIBA Melbourne - Pave your Path to Success IIBA Melbourne - Pave your Path to Success
IIBA Melbourne - Pave your Path to Success
AustraliaChapterIIBA36 views
IIBA Adelaide Lean Coffee - FOBA & other Acronyms by AustraliaChapterIIBA
IIBA Adelaide Lean Coffee - FOBA & other AcronymsIIBA Adelaide Lean Coffee - FOBA & other Acronyms
IIBA Adelaide Lean Coffee - FOBA & other Acronyms
AustraliaChapterIIBA18 views
WordCamp (Why fret over AI overlords when you can befriend them).pdf by BiaAhmed1
WordCamp (Why fret over AI overlords when you can befriend them).pdfWordCamp (Why fret over AI overlords when you can befriend them).pdf
WordCamp (Why fret over AI overlords when you can befriend them).pdf
BiaAhmed125 views
Danny Gaethofs CV - n English.pdf by Danny Gaethofs
Danny Gaethofs CV - n English.pdfDanny Gaethofs CV - n English.pdf
Danny Gaethofs CV - n English.pdf
Danny Gaethofs13 views
Readiness Quiz - Staff Engineer.pptx by guptanavneet1
Readiness Quiz - Staff Engineer.pptxReadiness Quiz - Staff Engineer.pptx
Readiness Quiz - Staff Engineer.pptx
guptanavneet1621 views
Resume_McCauleyFynnBullock-1 (1).pdf by FynnBullock
Resume_McCauleyFynnBullock-1 (1).pdfResume_McCauleyFynnBullock-1 (1).pdf
Resume_McCauleyFynnBullock-1 (1).pdf
FynnBullock16 views
Public Speaking by Basel Ahmed
Public SpeakingPublic Speaking
Public Speaking
Basel Ahmed45 views
113. BP International by Manu Mitra
113. BP International113. BP International
113. BP International
Manu Mitra5 views
Part 6.pptx by Sheldon Byron
Part 6.pptxPart 6.pptx
Part 6.pptx
Sheldon Byron5 views
Readiness Quiz - Sr. Engineer.pptx by guptanavneet1
Readiness Quiz - Sr. Engineer.pptxReadiness Quiz - Sr. Engineer.pptx
Readiness Quiz - Sr. Engineer.pptx
guptanavneet1443 views
SUDIP DHAR Resume.pdf by Sudip Dhar
SUDIP DHAR Resume.pdfSUDIP DHAR Resume.pdf
SUDIP DHAR Resume.pdf
Sudip Dhar13 views
kibria_portfolio.pdf by MasumKhan59
kibria_portfolio.pdfkibria_portfolio.pdf
kibria_portfolio.pdf
MasumKhan596 views

Prepare Yourself to Become Infosec Professional