Successfully reported this slideshow.
Your SlideShare is downloading. ×

Careers in Security

Nov. 02, 2015
129 likes 25,709 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
The Psychology of Security Automation
The Psychology of Security Automation
Loading in …3
×

Check these out next

DevSecOps: Taking a DevOps Approach to Security
Alert Logic
Security as Code: DOES15
Ed Bellis
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
Proactive Security AppSec Case Study
Andy Hoernecke
Integrating DevOps and Security
Stijn Muylle
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
DevOps and Application Security
Shahee Mirza
Continuous Security Testing - DevSecCon
Stephen de Vries
1 of 51 Ad

Careers in Security

Nov. 02, 2015
129 likes 25,709 views
Career Technology

An overview of the information security job market and the Netflix security organization. Presented at Binghamton University's Upsilon Pi Epsilon (CS Honor Society) meeting on 10/30/2015.

An overview of the information security job market and the Netflix security organization. Presented at Binghamton University's Upsilon Pi Epsilon (CS Honor Society) meeting on 10/30/2015.

Career Technology
Advertisement

Recommended

The Psychology of Security Automation
Jason Chan
1.5k views
77 slides
Integrating Security into DevOps
CloudPassage
2.6k views
38 slides
DevOpsSec: Appling DevOps Principles to Security, DevOpsDays Austin 2012
Nick Galbreath
9.2k views
41 slides
DevSecOps in Baby Steps
Priyanka Aash
714 views
37 slides
Securing Systems at Cloud Scale with DevSecOps
Amazon Web Services
6.7k views
42 slides
SecDevOps: The New Black of IT
CloudPassage
3.8k views
21 slides
Ast in CI/CD by Ofer Maor
DevSecCon
782 views
37 slides
Introduction to DevSecOps
Amazon Web Services
7.2k views
35 slides
Advertisement

More Related Content

Slideshows for you (20)

DevSecOps: Taking a DevOps Approach to Security
Alert Logic
9.7k views
Security as Code: DOES15
Ed Bellis
2.6k views
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
3.3k views
Proactive Security AppSec Case Study
Andy Hoernecke
734 views
Integrating DevOps and Security
Stijn Muylle
419 views
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
359 views
DevOps and Application Security
Shahee Mirza
1.1k views
Continuous Security Testing - DevSecCon
Stephen de Vries
2.1k views
Alfredo Reino - Monitoring aws and azure
DevSecCon
2.3k views
A Secure DevOps Journey
Sonatype
2k views
Splitting the Check on Compliance and Security
Jason Chan
32.8k views
Real World Cloud Application Security
Jason Chan
1.7k views
DevSecCon London 2017: Shift happens ... by Colin Domoney
DevSecCon
745 views
Shifting left – embedding security into the devops pipeline by Mike d. Kail
DevSecCon
273 views
Performance Optimization of Cloud Based Applications by Peter Smith, ACL
TriNimbus
259 views
DevSecCon London 2017: How far left do you want to go with security? by Javie...
DevSecCon
326 views
Automating security tests for Continuous Integration
Stephen de Vries
10.9k views
DevSecOps - CrikeyCon 2017
kieranjacobsen
679 views
Successfully Implementing DEV-SEC-OPS in the Cloud
Amazon Web Services
908 views
The Rise of DevSecOps - Fabian Lim - DevSecOpsSg
DevSecOpsSg
283 views
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
9.7k views
41 slides
Security as Code: DOES15
Ed Bellis
2.6k views
37 slides
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
3.3k views
37 slides
Proactive Security AppSec Case Study
Andy Hoernecke
734 views
42 slides
Integrating DevOps and Security
Stijn Muylle
419 views
43 slides
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
359 views
38 slides

Viewers also liked (20)

Defending Netflix from Abuse
Jason Chan
2.6k views
Practical Security Automation
Jason Chan
2.1k views
Amazon Web Services Security
Jason Chan
2k views
Culture
Reed Hastings
17.1M views
Cloud Security @ Netflix
Jason Chan
1.8k views
Resilience and Compliance at Speed and Scale
Jason Chan
1.9k views
Cloud Application Security: Lessons Learned
Jason Chan
1.9k views
Informix 12.10.xC7 MQTT listener - june2016
Shawn Moe
568 views
Career Guide in Financial Markets
hanzoh
6.5k views
Analyze System and Code Interactions
Qualcomm Developer Network
1k views
Cloud Application Security: Lessons Learned
Jason Chan
1.5k views
Ibm cloud nativenetflixossfinal
aspyker
2.7k views
Re:invent 2016 Container Scheduling, Execution and AWS Integration
aspyker
5.8k views
Netflix Global Applications - NoSQL Search Roadshow
Adrian Cockcroft
5.7k views
Netflix Cloud Platform and Open Source
aspyker
1.4k views
Phishing
Esraa Yaseen
1.9k views
Mod 6시그마 특강자료(6시그마_활동이란_무엇인가)
korhskim
9.7k views
Netflix OSS Meetup Season 4 Episode 4
aspyker
3.1k views
Netflix Webkit-Based UI for TV Devices
Matt McCarthy
19.6k views
6sigma 혁신활동의 실제기업사례[lg텔레콤(close loop power control)]
Elvin Jung
3.3k views
Defending Netflix from Abuse
Jason Chan
2.6k views
43 slides
Practical Security Automation
Jason Chan
2.1k views
60 slides
Amazon Web Services Security
Jason Chan
2k views
115 slides
Culture
Reed Hastings
17.1M views
125 slides
Cloud Security @ Netflix
Jason Chan
1.8k views
92 slides
Resilience and Compliance at Speed and Scale
Jason Chan
1.9k views
54 slides
Advertisement

Similar to Careers in Security (20)

Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
156 views
System Security on Cloud
Tu Pham
931 views
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
lior mazor
136 views
BSides Vienna 2015
Daniel Liber
146 views
Reversing & Malware Analysis Training Part 13 - Future Roadmap
securityxploded
12.8k views
Cmgt 400 Entire Course NEW
shyamuop
36 views
CMGT 400 Entire Course NEW
shyamuopfive
30 views
Sendachi | 451 | GitHub Webinar: Demystifying Collaboration at Scale: DevOp...
Sendachi
170 views
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
664 views
Application Security in an Agile World - Agile Singapore 2016
Stefan Streichsbier
1.1k views
Privacy Engineering
Tomi Mikkonen
1.2k views
Taking the Share out of Sharepoint: SharePoint Application Security.
Aspenware
1.1k views
What Suppliers Don't Tell You About Security?
PECB
420 views
Skills For Career In Security
Prasanna V
932 views
Executive Proposal ProjectThe purpose of this project is to evalua.docx
rhetttrevannion
6 views
9781839216923-AWS_PENETRATION_TESTING.pdf
Omar Diaz
29 views
Cybersecurity Best Practices in Financial Services
John Rapa
760 views
So you want to be a CISO - 5 steps to Success
Gary Hayslip CISSP, CISA, CRISC, CCSK
567 views
High time to add machine learning to your information security stack
Minhaz A V
293 views
IPNEC - Security Services
Abdus Saboor
191 views
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
156 views
59 slides
System Security on Cloud
Tu Pham
931 views
47 slides
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
lior mazor
136 views
84 slides
BSides Vienna 2015
Daniel Liber
146 views
32 slides
Reversing & Malware Analysis Training Part 13 - Future Roadmap
securityxploded
12.8k views
20 slides
Cmgt 400 Entire Course NEW
shyamuop
36 views
59 slides

Recently uploaded (20)

About me.pptx
KennedyCoen
0 views
FAILURE.pptx
HarshJC1
0 views
Communication.ppt
PaulKamala2
0 views
Influence of IT Components on Industrial Control Systems
VICTOR MAESTRE RAMIREZ
0 views
POWER.pptx
NuwanGunawardena3
0 views
Career History-KvD.pdf
KeesvanDriel1
10 views
Gingras_Ian_DegreeAbbreviation_PB1_2023-March.pptx
IanGingras
0 views
Tips for interview preparation.docx
HarshJC1
0 views
Psychology Lecture 1 course 2016.pdf
SHASHANKCHAKRAVARTY1
0 views
15446183.ppt
NajiZArandi
0 views
literature for you.docx
AfafMega1
0 views
only+children+-+GRAMMATICAL+RANGE+AND+ACCURACY+2.pptx
Baljeet29
0 views
Edited Personal Brand 2.pdf
Giani11
0 views
Uniformed-Powerpoint-for-Orientation-V2.pptx
HimemLizardo
0 views
2557173-Internet+of+Things.pdf
RaviShankarBJ
0 views
LIST BUKU 2023.pdf
MOHDAZARULHAFIZBINAB
0 views
Differences in Deployments of Industrial Control Systems
VICTOR MAESTRE RAMIREZ
0 views
janetcasuncad-130116041835-phpapp02 (1).pptx
JadeDayot1
0 views
CIA Exam Part 1 IIA-CIA-Part1 Updated Dumps 2023
PassquestionExamTrai
0 views
Geo-Syntherics-Civil.pptx
LokeswarSaha1
2 views
About me.pptx
KennedyCoen
0 views
8 slides
FAILURE.pptx
HarshJC1
0 views
13 slides
Communication.ppt
PaulKamala2
0 views
21 slides
Influence of IT Components on Industrial Control Systems
VICTOR MAESTRE RAMIREZ
0 views
1 slide
POWER.pptx
NuwanGunawardena3
0 views
7 slides
Career History-KvD.pdf
KeesvanDriel1
10 views
5 slides
Advertisement

Careers in Security

  1. Careers in Security Jason Chan Engineering Director @ Netflix @chanjbs | chan@netflix.com
  2. I lead the cloud security team @ Netflix Previously: - Security at large tech and startups - Security consulting, defense work Also: - Grew up in Whitney Point - Mom graduated from BU @chanjbs | chan@netflix.com
  3. Trends in Security Hiring @chanjbs | chan@netflix.com
  4. @chanjbs | chan@netflix.com
  5. @chanjbs | chan@netflix.com
  6. @chanjbs | chan@netflix.com
  7. @chanjbs | chan@netflix.com
  8. @chanjbs | chan@netflix.com
  9. Why? @chanjbs | chan@netflix.com
  10. Partially Due to Market Forces @chanjbs | chan@netflix.com
  11. @chanjbs | chan@netflix.com
  12. @chanjbs | chan@netflix.com
  13. @chanjbs | chan@netflix.com
  14. @chanjbs | chan@netflix.com
  15. @chanjbs | chan@netflix.com
  16. This drives hiring: 4 Organizations for their own security teams 4 Vendors to build security solutions 4 Startups to invent new security products 4 Services organizations for consulting, audit, etc. @chanjbs | chan@netflix.com
  17. Partially Due to Dynamics of the Field @chanjbs | chan@netflix.com
  18. There are three professions that beat their practitioners into a state of humility: farming, weather forecasting, and cyber security. -- Dan Geer @chanjbs | chan@netflix.com
  19. @chanjbs | chan@netflix.com
  20. @chanjbs | chan@netflix.com
  21. Defender's Dilemna @chanjbs | chan@netflix.com
  22. @chanjbs | chan@netflix.com
  23. @chanjbs | chan@netflix.com
  24. @chanjbs | chan@netflix.com
  25. cybersecurity is perhaps the most difficult intellectual profession on the planet -- Dan Geer @chanjbs | chan@netflix.com
  26. So, what's it like to work in security? @chanjbs | chan@netflix.com
  27. Employer Characteristics 4 Large vs. Small 4 Government vs. Corporate 4 Financial Services vs. Technology 4 East Coast vs. West Coast 4 Startup vs. Established 4 Consultant vs. Full-Time Employee 4 Criticality (e.g. Nuclear Plant or Netflix) @chanjbs | chan@netflix.com
  28. Basic Focus Build (Defense/Blue Team) - Defensive product development - Controls design, architecture, and operations - Monitoring and response Break (Offense/Red Team) - Offensive tools and product development - Penetration testing @chanjbs | chan@netflix.com
  29. House as Analogy @chanjbs | chan@netflix.com
  30. Architecture and Design @chanjbs | chan@netflix.com
  31. @chanjbs | chan@netflix.com
  32. Construction @chanjbs | chan@netflix.com
  33. @chanjbs | chan@netflix.com
  34. Standard Operations @chanjbs | chan@netflix.com
  35. @chanjbs | chan@netflix.com
  36. @chanjbs | chan@netflix.com
  37. Non-Standard Operations @chanjbs | chan@netflix.com
  38. @chanjbs | chan@netflix.com
  39. Security @ Netflix @chanjbs | chan@netflix.com
  40. Intelligence, Response, and Investigations 4 Respond to incidents (i.e. fire department) 4 Investigate threat actors targeting Netflix and its members 4 Produce and integrate security intelligence @chanjbs | chan@netflix.com
  41. Product and Application Security 4 Work on security-related features of the product 4 Examples: 4 Password reset process 4 Credit card storage 4 Help engineers develop secure applications 4 Lead security testing and disclosure programs @chanjbs | chan@netflix.com
  42. Security Tools and Operations 4 Manage our security infrastructure (Amazon Web Services) 4 Help teams use cloud infrastructure securely 4 Build tools and automation to monitor and secure the environment @chanjbs | chan@netflix.com
  43. Corporate Information Security 4 Protect our employees and corporate systems 4 Network and device (mobile, laptop) security 4 Vendor risk management 4 Regulatory compliance @chanjbs | chan@netflix.com
  44. Privacy Engineering 4 Design and engineering for consumer data privacy 4 Collection, retention, disposal, use, sharing 4 Compliance with global data privacy requirements @chanjbs | chan@netflix.com
  45. Security Data Analytics 4 Extract security value from large data sets 4 Machine learning 4 Anomaly detection @chanjbs | chan@netflix.com
  46. Device and Content Security 4 Digital Rights Management (DRM) 4 Content partner security 4 Device partner security 4 Secure playback @chanjbs | chan@netflix.com
  47. Platform Security 4 Create security-related software components used by other developers and services 4 Examples: 4 Encryption key management 4 Network traffic management @chanjbs | chan@netflix.com
  48. Security Career Tips @chanjbs | chan@netflix.com
  49. Ideal skills & traits for a career in security 4 Computer Science/Engineering/Math training 4 Specific security training is great but not required 4 Communication 4 Creative and pragmatic 4 Curiosity 4 Problem solving @chanjbs | chan@netflix.com
  50. Free resources to learn more 4 Coursera - Dan Boneh's crypto classes 4 OWASP 4 Trail of Bits CTF Guide 4 Twitter @chanjbs | chan@netflix.com
  51. Questions? @chanjbs | chan@netflix.com

×