Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Cyber Education: Your Options & Resources Mapped Out 
Kelly Shortridge 
October 18, 2014
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Agenda 
Your burning questions: 
What careers are there? 
H...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Who am I? 
Kelly Shortridge 
Currently an Entrepreneur in Re...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
At first… 
4
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
And then… 
5
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
But mostly… 
6
Toward a Career
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Very General Advice 
No one can ever predict what they’ll be ...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Careers in InfoSec 
9 
Not just about hacking the mainframe.
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Careers in InfoSec 
10 
Also about hardening applications
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Careers in InfoSec 
11 
Also about developing security strate...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Careers in InfoSec 
12 
Also about monitoring systems
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Careers in InfoSec 
13 
Also about responding to incidents
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Careers in InfoSec 
14 
As well as attack-centric R&D
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
InfoSec Jobs 
A career in InfoSec offers many options: 
Appl...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
The “Basics” 
16 
Roles often overlap and blend together 
Co...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
The Future! 
17
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Skill Sets – Example #1 
Network Security Engineer / Ops & Mo...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Skill Sets – Example #2 
Vulnerability Research & Reverse Eng...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Skill Sets – Example #3 
Application Security 
Audit applica...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Potential Employers 
Major hubs include DC, SF & NYC – each c...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Guiding Your Education 
Find a few areas of interest / passi...
Learning the Field
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Where to Start 
24 
When I first started exploring InfoSec, s...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Where to Start, continued 
25 
Diving in head-first actually ...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Formal Education 
Academia 
Certifications 
Helpful if no ot...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Certifications 
27 
Provides professional certifications in I...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Informal Education 
Take advantage of valuable informal chann...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Conferences 
Cons are often how people stay in touch 
Check ...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
CTFs 
Test your skills & gain recognition 
Industry – DEFCON...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Trainings – Roles 
Practical education for professional secur...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Trainings – Skills 
Expensive ($2,000 - $4,000), but can subs...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Academic Papers 
Helps you find emerging areas of research 
...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Academics 
Don’t be shy about contacting authors! 
They’ll mo...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
How to Break In 
InfoSec is more open now than ever on how to...
Meeting People & Networking
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
37
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
The Social Network 
InfoSec is a trust-based industry. 
A str...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Tl;dr on Networking 
Get as many “at bats” as possible 
Meet...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Persistence & Haters 
Don’t let someone convince you that you...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Social Events 
NYC – NYSec & iSec Open Forum 
Look @ “CityS...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Maintaining the Network 
Regularly follow-up, but be mindful ...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
On Randomness 
43 
Life is random – you never know what oppor...
Staying Up-to-Date
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Socializing 
45 
Staying in touch and meeting new people help...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
News – A Word of Caution 
46 
News is important, but not alwa...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
News Sources 
CyberWire – aggregates InfoSec news daily 
Re...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
InfoSec Treadmill 
48 
As a (relatively) nascent industry, In...
Conclusion
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Your Personal Brand 
50 
Consistently build your personal por...
Shortridge – Cyber Education 
NYU Poly Cyber Symposium 2014 
Take It from This Guy 
51 
Work as hard and as much as you wa...
Upcoming SlideShare
Loading in …5
×

Cyber Education: Your Options & Resources Mapped Out

2,101 views

Published on

NYU Poly Women's Cyber Security Conference - Cyber Education: Your Options & Resources Mapped Out

Published in: Technology
  • Be the first to comment

Cyber Education: Your Options & Resources Mapped Out

  1. 1. Cyber Education: Your Options & Resources Mapped Out Kelly Shortridge October 18, 2014
  2. 2. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Agenda Your burning questions: What careers are there? How do I learn more about the field? How do I meet people / network? How do I stay current on industry trends? 2
  3. 3. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Who am I? Kelly Shortridge Currently an Entrepreneur in Residence Formerly advised InfoSec companies on M&A and private capital raises Absolutely no technical background Built an InfoSec knowledge base & professional network from scratch 3
  4. 4. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 At first… 4
  5. 5. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 And then… 5
  6. 6. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 But mostly… 6
  7. 7. Toward a Career
  8. 8. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Very General Advice No one can ever predict what they’ll be doing 5 years from now, let alone the rest of their lives Learn the “basics” and cross-over skills… …but make sure to learn about things you find interesting, too 8
  9. 9. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 9 Not just about hacking the mainframe.
  10. 10. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 10 Also about hardening applications
  11. 11. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 11 Also about developing security strategies
  12. 12. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 12 Also about monitoring systems
  13. 13. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 13 Also about responding to incidents
  14. 14. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Careers in InfoSec 14 As well as attack-centric R&D
  15. 15. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 InfoSec Jobs A career in InfoSec offers many options: Application Security Compliance & Policy Data Forensics & Incident Response Network Security Engineer / Ops & Monitoring Penetration Testing Security Architecture Vulnerability Research & Reverse Engineering 15
  16. 16. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 The “Basics” 16 Roles often overlap and blend together Cover different aspects of the lifecycle of security operations Some areas of study are broadly applicable Network & System Architecture Math Software Development
  17. 17. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 The Future! 17
  18. 18. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Skill Sets – Example #1 Network Security Engineer / Ops & Monitoring Understand network design & architecture Familiarity with security tech – IDS/IPS, SIEM, firewalls, vulnerability detection & remediation Develop custom tooling for security monitoring Some knowledge on machine learning is a plus 18
  19. 19. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Skill Sets – Example #2 Vulnerability Research & Reverse Engineering Analyze malicious code, shellcode, packed & obfuscated code Identify attacker methodology Strong math abilities, particularly graph theory Familiarity with IDA Pro and user & kernel- mode debuggers Languages: Assembly (x86 & x64), C/C++, Python 19
  20. 20. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Skill Sets – Example #3 Application Security Audit applications for vulnerabilities (XSS, SQLI, logic flaws, etc.) Understanding of application architecture Help development teams implement SDL Build tooling to improve testing & auditing Languages: Java, PHP, C / C++, Python, Ruby 20
  21. 21. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Potential Employers Major hubs include DC, SF & NYC – each city has its own “flavor” driven by employer base Government Fortune 500 Industry Defense Contractors & Gov’t Agencies Tech, Finance, Media, eCommerce, etc. Security Vendors & Consultancies 21
  22. 22. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Guiding Your Education Find a few areas of interest / passion Determine what abilities are required 22
  23. 23. Learning the Field
  24. 24. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Where to Start 24 When I first started exploring InfoSec, someone told me Phrack was a leading industry publication. So I read every issue… Including the first 40, which are just about phones.
  25. 25. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Where to Start, continued 25 Diving in head-first actually isn’t a bad strategy; there is some truth to learning by osmosis. Luckily, there are both formal and informal channels to help you live and breathe InfoSec.
  26. 26. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Formal Education Academia Certifications Helpful if no other means of vetting abilities 26
  27. 27. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Certifications 27 Provides professional certifications in InfoSec Covers a wide breadth of security topics $250 - $600 per examination Variable years of experience required: <1 year 1 year 2 years 4 years 5 years Years of Experience
  28. 28. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Informal Education Take advantage of valuable informal channels: Visit conferences (or find talks posted online) CTF competitions Trainings (usually expensive) Social events (usually exclusive) Academic papers (contact authors) 28
  29. 29. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Conferences Cons are often how people stay in touch Check out talks, or find them online Social events – great for networking Parties requiring challenges (Caesar’s Challenge at Blackhat/DEFCON) 29
  30. 30. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 CTFs Test your skills & gain recognition Industry – DEFCON, Ghost in the Shellcode (Shmoocon), company-sponsored CTFs Private – Smash the Stack, Over the Wire, others hosted by hacker groups Collegiate – CSAW CTF, NECCDC Government – DARPA, semi-public or 100% private IC-focused CTFs 30
  31. 31. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Trainings – Roles Practical education for professional security roles Multi-week courses Both on-demand & in-person Expensive (typically $4,500 - $5,000) Value depends widely on the teacher 31
  32. 32. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Trainings – Skills Expensive ($2,000 - $4,000), but can substantially improve your skills & teach you new techniques 32 Private Conferences
  33. 33. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Academic Papers Helps you find emerging areas of research IEEE Microsoft – Security & Privacy Research Reddit.com/r/NetSec USENIX ACM Digital Library (search by keywords, e.g. malware) 33
  34. 34. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Academics Don’t be shy about contacting authors! They’ll most likely be flattered. 34
  35. 35. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 How to Break In InfoSec is more open now than ever on how to find people – they just aren’t always welcoming… 35
  36. 36. Meeting People & Networking
  37. 37. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 37
  38. 38. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 The Social Network InfoSec is a trust-based industry. A strong social network is critical. 38
  39. 39. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Tl;dr on Networking Get as many “at bats” as possible Meet many people across various areas of expertise, employers & career stages Not everyone will respond, so need to maximize your hit rate by reaching out to more people Expand your network by asking new contacts (politely) if they know anyone you should meet 39
  40. 40. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Persistence & Haters Don’t let someone convince you that you won’t be successful, or don’t belong 40 People like passion and want to “back winners” Persistence is key (true of most things)
  41. 41. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Social Events NYC – NYSec & iSec Open Forum Look @ “CitySec Meetups” on Reddit NetSec Non-Industry Events NYC – Hack Nite @ NYU Nationally, check out local OWASP events Niche (e.g. hardware) meetups (meetup.com is helpful) 41
  42. 42. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Maintaining the Network Regularly follow-up, but be mindful of people’s time Coffees are generally quick & easy Even starting out, consider how you can be helpful Try to maintain a 50/50 ask to give ratio Keeping an eye out for potential hires, making introductions, etc. 42
  43. 43. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 On Randomness 43 Life is random – you never know what opportunities will come from your connections.
  44. 44. Staying Up-to-Date
  45. 45. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Socializing 45 Staying in touch and meeting new people helps enormously in knowing the “latest” Not all research / projects are discussed online Gossip and chatter can also inform you of career opportunities or new, interesting companies Fills in gaps in news you might have missed
  46. 46. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 News – A Word of Caution 46 News is important, but not always directly beneficial to your learning & career development Hard to weed out signal from noise in the media Why???
  47. 47. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 News Sources CyberWire – aggregates InfoSec news daily Reddit NetSec – consistently updated content Twitter – where the industry “chatter” happens Plus individual sites: 47
  48. 48. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 InfoSec Treadmill 48 As a (relatively) nascent industry, InfoSec evolves rapidly – exciting, but with the potential for burnout.
  49. 49. Conclusion
  50. 50. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Your Personal Brand 50 Consistently build your personal portfolio of skills, experience and industry connections.
  51. 51. Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 Take It from This Guy 51 Work as hard and as much as you want to on the things you like to do the best. Don't think about what you want to be, but what you want to do. – Richard P. Feynman

×