Advertisement
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out
Cyber Education: Your Options & Resources Mapped Out

Check these out next

Purdue unal iron hacks 2018 spring - award ceremony
Purdue unal iron hacks 2018 spring - award ceremony
Purdue RCODI
Charting a Career in Information Security - August 2020
Charting a Career in Information Security - August 2020
JayTymchuk
Oxford cluster overview 160414
Oxford cluster overview 160414
Stewart Benger
Cyber security Guide
Cyber security Guide
Ila Group
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestration
Chadni Islam
Presentation
Presentation
Colin McLean
Accessible Privacy and Security
Accessible Privacy and Security
Pavithren V S Pakianathan
Ethical Hacking
Ethical Hacking
Jakub Ruzicka
1 of 51

Cyber Education: Your Options & Resources Mapped Out

Oct. 18, 2014
Download to read offline
Technology

NYU Poly Women's Cyber Security Conference - Cyber Education: Your Options & Resources Mapped Out

Kelly Shortridge
Product Manager at Security Scorecard
Advertisement
Advertisement
Advertisement

Recommended

DIY Education in Cyber SecurityDIY Education in Cyber Security
DIY Education in Cyber SecurityKelly Shortridge1.9K views38 slides
Behavioral Models of Information Security: Industry irrationality & what to d...Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...Kelly Shortridge2.7K views43 slides
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspacezapp01.4K views72 slides
6528 opensource intelligence as the new introduction in the graduate cybersec...6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...Damir Delija53 views9 slides
Talks submittedTalks submitted
Talks submittedKim Minh1.5K views65 slides
Education to cyber securityEducation to cyber security
Education to cyber securityzapp0752 views11 slides

More Related Content

Similar to Cyber Education: Your Options & Resources Mapped Out(20)

Purdue unal iron hacks 2018 spring - award ceremonyPurdue unal iron hacks 2018 spring - award ceremony
Purdue unal iron hacks 2018 spring - award ceremony
Purdue RCODI206 views
Charting a Career in Information Security - August 2020Charting a Career in Information Security - August 2020
Charting a Career in Information Security - August 2020
JayTymchuk81 views
Oxford cluster overview 160414Oxford cluster overview 160414
Oxford cluster overview 160414
Stewart Benger198 views
Cyber security GuideCyber security Guide
Cyber security Guide
Ila Group389 views
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestration
Chadni Islam385 views
PresentationPresentation
Presentation
Colin McLean513 views
Accessible Privacy and SecurityAccessible Privacy and Security
Accessible Privacy and Security
Pavithren V S Pakianathan100 views
Ethical HackingEthical Hacking
Ethical Hacking
Jakub Ruzicka9.5K views
Research paper-a-synopsis-on-cyber-terrorism-and-warfare-by-shreedeep-rayamajhiResearch paper-a-synopsis-on-cyber-terrorism-and-warfare-by-shreedeep-rayamajhi
Research paper-a-synopsis-on-cyber-terrorism-and-warfare-by-shreedeep-rayamajhi
Shreedeep Rayamajhi1.2K views
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017
Maurice Dawson144 views
Online eminence with Social Media & Systems of EngagementOnline eminence with Social Media & Systems of Engagement
Online eminence with Social Media & Systems of Engagement
Nico Chillemi677 views
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk
BeyondTrust674 views
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
wannabe Cyberpunk; “I don’t know what I’m supposed to do.”
Moshiul Islam, CISSP, CISA, CFE752 views
OISF - Continuous Skills Improvement for EveryoneOISF - Continuous Skills Improvement for Everyone
OISF - Continuous Skills Improvement for Everyone
CiNPA Security SIG481 views
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
Segun Ebenezer Olaniyan126 views
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
Security Innovation1.5K views
Uhmlg2011Uhmlg2011
Uhmlg2011
SuzanneHardy554 views
CPD is for life: opportunities within and outside the LIS sectorCPD is for life: opportunities within and outside the LIS sector
CPD is for life: opportunities within and outside the LIS sector
CILIP Ireland 88 views
Deep sec talk - Addressing the skills gapDeep sec talk - Addressing the skills gap
Deep sec talk - Addressing the skills gap
Colin McLean418 views
DeepSec: Social driven vulnerability assessmentDeepSec: Social driven vulnerability assessment
DeepSec: Social driven vulnerability assessment
Cefriel3.3K views

More from Kelly Shortridge(7)

Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec GameBig Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
Kelly Shortridge463 views
The Red Pill of ResilienceThe Red Pill of Resilience
The Red Pill of Resilience
Kelly Shortridge333 views
Volatile Memory: Behavioral Game Theory in Defensive SecurityVolatile Memory: Behavioral Game Theory in Defensive Security
Volatile Memory: Behavioral Game Theory in Defensive Security
Kelly Shortridge3.6K views
Know Thyself: Optimizing Team Decision-MakingKnow Thyself: Optimizing Team Decision-Making
Know Thyself: Optimizing Team Decision-Making
Kelly Shortridge1K views
How to Become an InfoSec AutodidactHow to Become an InfoSec Autodidact
How to Become an InfoSec Autodidact
Kelly Shortridge1.1K views
The Art of Explanation: Behavioral models of infosecThe Art of Explanation: Behavioral models of infosec
The Art of Explanation: Behavioral models of infosec
Kelly Shortridge733 views
Privacy vs. Security: A False Trade-Off? Privacy vs. Security: A False Trade-Off?
Privacy vs. Security: A False Trade-Off?
Kelly Shortridge495 views
Advertisement

Recently uploaded(20)

Webinar - Making the business case - resources.pptxWebinar - Making the business case - resources.pptx
Webinar - Making the business case - resources.pptx
OpenAthens0 views
Report & Dashboard REST API : Get your report accessible anywhere !, Romain Q...Report & Dashboard REST API : Get your report accessible anywhere !, Romain Q...
Report & Dashboard REST API : Get your report accessible anywhere !, Romain Q...
CzechDreamin0 views
5 key ideas for robust and flexible REST API integrations with Apex, Lucian M...5 key ideas for robust and flexible REST API integrations with Apex, Lucian M...
5 key ideas for robust and flexible REST API integrations with Apex, Lucian M...
CzechDreamin0 views
20230601_FinOps_Meetup_Switzerland.pdf20230601_FinOps_Meetup_Switzerland.pdf
20230601_FinOps_Meetup_Switzerland.pdf
Wuming Zhang0 views
Deep Dive into Dashboard Components, David CarnesDeep Dive into Dashboard Components, David Carnes
Deep Dive into Dashboard Components, David Carnes
CzechDreamin0 views
Taking control of your queries with GraphQL, Alba RivasTaking control of your queries with GraphQL, Alba Rivas
Taking control of your queries with GraphQL, Alba Rivas
CzechDreamin0 views
Design Thinking - Ramco.pptDesign Thinking - Ramco.ppt
Design Thinking - Ramco.ppt
silas Sargunam0 views
Architect’s View On Time Based Workflows, Pawel DobrzynskiArchitect’s View On Time Based Workflows, Pawel Dobrzynski
Architect’s View On Time Based Workflows, Pawel Dobrzynski
CzechDreamin0 views
GitHub Copilot: An AI Agent of Change for Civic CodersGitHub Copilot: An AI Agent of Change for Civic Coders
GitHub Copilot: An AI Agent of Change for Civic Coders
Alicia Brown0 views
“Soft Skills” are the new “Hard Skills” – Tips & Tricks for Salesforce Projec...“Soft Skills” are the new “Hard Skills” – Tips & Tricks for Salesforce Projec...
“Soft Skills” are the new “Hard Skills” – Tips & Tricks for Salesforce Projec...
CzechDreamin0 views
Human Centred Design and Architecting a Solution that stands the test of time...Human Centred Design and Architecting a Solution that stands the test of time...
Human Centred Design and Architecting a Solution that stands the test of time...
CzechDreamin0 views
Introduction to Custom Journey Builder Activities, Orkhan AlakbarliIntroduction to Custom Journey Builder Activities, Orkhan Alakbarli
Introduction to Custom Journey Builder Activities, Orkhan Alakbarli
CzechDreamin0 views
SRE_Lecture_1,2,3,4.pptxSRE_Lecture_1,2,3,4.pptx
SRE_Lecture_1,2,3,4.pptx
AlideveroMurtaza0 views
NOTICIA TINA TURNER.docNOTICIA TINA TURNER.doc
NOTICIA TINA TURNER.doc
AnaAvellaneda30 views
The CTA Mindset for Architects, Melissa Shepard & Lilith Van BiesenThe CTA Mindset for Architects, Melissa Shepard & Lilith Van Biesen
The CTA Mindset for Architects, Melissa Shepard & Lilith Van Biesen
CzechDreamin0 views
Real-time communication with Account Engagement (Pardot). Marketers meet deve...Real-time communication with Account Engagement (Pardot). Marketers meet deve...
Real-time communication with Account Engagement (Pardot). Marketers meet deve...
CzechDreamin0 views
HA and DR Architecture for HANA on Power Deck - 2022-Nov-21.PPTXHA and DR Architecture for HANA on Power Deck - 2022-Nov-21.PPTX
HA and DR Architecture for HANA on Power Deck - 2022-Nov-21.PPTX
ThinL3899170 views
Building a Powerful Board of Directors - Mastersfund Curriculum.pdfBuilding a Powerful Board of Directors - Mastersfund Curriculum.pdf
Building a Powerful Board of Directors - Mastersfund Curriculum.pdf
Gillian Muessig0 views
Blockchain Development KitBlockchain Development Kit
Blockchain Development Kit
Huda Seyam0 views
The Art of Discovery – Why Requirements Matter, Pallavi AgarwalThe Art of Discovery – Why Requirements Matter, Pallavi Agarwal
The Art of Discovery – Why Requirements Matter, Pallavi Agarwal
CzechDreamin0 views

Cyber Education: Your Options & Resources Mapped Out

  1. Cyber Education: Your Options & Resources Mapped Out Kelly Shortridge October 18, 2014
  2. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Agenda Your burning questions: What careers are there? How do I learn more about the field? How do I meet people / network? How do I stay current on industry trends? 2
  3. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Who am I? Kelly Shortridge Currently an Entrepreneur in Residence Formerly advised InfoSec companies on M&A and private capital raises Absolutely no technical background Built an InfoSec knowledge base & professional network from scratch 3
  4. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 At first… 4
  5. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 And then… 5
  6. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 But mostly… 6
  7. Toward a Career
  8. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Very General Advice No one can ever predict what they’ll be doing 5 years from now, let alone the rest of their lives Learn the “basics” and cross-over skills… …but make sure to learn about things you find interesting, too 8
  9. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 9 Not just about hacking the mainframe.
  10. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 10 Also about hardening applications
  11. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 11 Also about developing security strategies
  12. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 12 Also about monitoring systems
  13. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 13 Also about responding to incidents
  14. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 14 As well as attack-centric R&D
  15. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 InfoSec Jobs A career in InfoSec offers many options: Application Security Compliance & Policy Data Forensics & Incident Response Network Security Engineer / Ops & Monitoring Penetration Testing Security Architecture Vulnerability Research & Reverse Engineering 15
  16. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 The “Basics” 16 Roles often overlap and blend together Cover different aspects of the lifecycle of security operations Some areas of study are broadly applicable Network & System Architecture Math Software Development
  17. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 The Future! 17
  18. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Skill Sets – Example #1 Network Security Engineer / Ops & Monitoring Understand network design & architecture Familiarity with security tech – IDS/IPS, SIEM, firewalls, vulnerability detection & remediation Develop custom tooling for security monitoring Some knowledge on machine learning is a plus 18
  19. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Skill Sets – Example #2 Vulnerability Research & Reverse Engineering Analyze malicious code, shellcode, packed & obfuscated code Identify attacker methodology Strong math abilities, particularly graph theory Familiarity with IDA Pro and user & kernel- mode debuggers Languages: Assembly (x86 & x64), C/C++, Python 19
  20. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Skill Sets – Example #3 Application Security Audit applications for vulnerabilities (XSS, SQLI, logic flaws, etc.) Understanding of application architecture Help development teams implement SDL Build tooling to improve testing & auditing Languages: Java, PHP, C / C++, Python, Ruby 20
  21. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Potential Employers Major hubs include DC, SF & NYC – each city has its own “flavor” driven by employer base Government Fortune 500 Industry Defense Contractors & Gov’t Agencies Tech, Finance, Media, eCommerce, etc. Security Vendors & Consultancies 21
  22. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Guiding Your Education Find a few areas of interest / passion Determine what abilities are required 22
  23. Learning the Field
  24. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Where to Start 24 When I first started exploring InfoSec, someone told me Phrack was a leading industry publication. So I read every issue… Including the first 40, which are just about phones.
  25. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Where to Start, continued 25 Diving in head-first actually isn’t a bad strategy; there is some truth to learning by osmosis. Luckily, there are both formal and informal channels to help you live and breathe InfoSec.
  26. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Formal Education Academia Certifications Helpful if no other means of vetting abilities 26
  27. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Certifications 27 Provides professional certifications in InfoSec Covers a wide breadth of security topics $250 - $600 per examination Variable years of experience required: <1 year 1 year 2 years 4 years 5 years Years of Experience
  28. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Informal Education Take advantage of valuable informal channels: Visit conferences (or find talks posted online) CTF competitions Trainings (usually expensive) Social events (usually exclusive) Academic papers (contact authors) 28
  29. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Conferences Cons are often how people stay in touch Check out talks, or find them online Social events – great for networking Parties requiring challenges (Caesar’s Challenge at Blackhat/DEFCON) 29
  30. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 CTFs Test your skills & gain recognition Industry – DEFCON, Ghost in the Shellcode (Shmoocon), company-sponsored CTFs Private – Smash the Stack, Over the Wire, others hosted by hacker groups Collegiate – CSAW CTF, NECCDC Government – DARPA, semi-public or 100% private IC-focused CTFs 30
  31. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Trainings – Roles Practical education for professional security roles Multi-week courses Both on-demand & in-person Expensive (typically $4,500 - $5,000) Value depends widely on the teacher 31
  32. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Trainings – Skills Expensive ($2,000 - $4,000), but can substantially improve your skills & teach you new techniques 32 Private Conferences
  33. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Academic Papers Helps you find emerging areas of research IEEE Microsoft – Security & Privacy Research Reddit.com/r/NetSec USENIX ACM Digital Library (search by keywords, e.g. malware) 33
  34. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Academics Don’t be shy about contacting authors! They’ll most likely be flattered. 34
  35. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 How to Break In InfoSec is more open now than ever on how to find people – they just aren’t always welcoming… 35
  36. Meeting People & Networking
  37. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 37
  38. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 The Social Network InfoSec is a trust-based industry. A strong social network is critical. 38
  39. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Tl;dr on Networking Get as many “at bats” as possible Meet many people across various areas of expertise, employers & career stages Not everyone will respond, so need to maximize your hit rate by reaching out to more people Expand your network by asking new contacts (politely) if they know anyone you should meet 39
  40. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Persistence & Haters Don’t let someone convince you that you won’t be successful, or don’t belong 40 People like passion and want to “back winners” Persistence is key (true of most things)
  41. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Social Events NYC – NYSec & iSec Open Forum Look @ “CitySec Meetups” on Reddit NetSec Non-Industry Events NYC – Hack Nite @ NYU Nationally, check out local OWASP events Niche (e.g. hardware) meetups (meetup.com is helpful) 41
  42. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Maintaining the Network Regularly follow-up, but be mindful of people’s time Coffees are generally quick & easy Even starting out, consider how you can be helpful Try to maintain a 50/50 ask to give ratio Keeping an eye out for potential hires, making introductions, etc. 42
  43. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 On Randomness 43 Life is random – you never know what opportunities will come from your connections.
  44. Staying Up-to-Date
  45. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Socializing 45 Staying in touch and meeting new people helps enormously in knowing the “latest” Not all research / projects are discussed online Gossip and chatter can also inform you of career opportunities or new, interesting companies Fills in gaps in news you might have missed
  46. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 News – A Word of Caution 46 News is important, but not always directly beneficial to your learning & career development Hard to weed out signal from noise in the media Why???
  47. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 News Sources CyberWire – aggregates InfoSec news daily Reddit NetSec – consistently updated content Twitter – where the industry “chatter” happens Plus individual sites: 47
  48. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 InfoSec Treadmill 48 As a (relatively) nascent industry, InfoSec evolves rapidly – exciting, but with the potential for burnout.
  49. Conclusion
  50. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Your Personal Brand 50 Consistently build your personal portfolio of skills, experience and industry connections.
  51. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Take It from This Guy 51 Work as hard and as much as you want to on the things you like to do the best. Don't think about what you want to be, but what you want to do. – Richard P. Feynman
Advertisement