SlideShare a Scribd company logo

2019 Metro Atlanta ISSA Conference - Cyber Security Careers

Download as PPTX, PDF
Scott Stanton
Scott Stanton

How to enter or advance a career in the cyber security industry. Presented by Scott Stanton at the 2019 Metro Atlanta ISSA Conference, 7-Nov-2019

Technology
1 of 27
CYBER SECURITY CAREERS SECURITY SPECIALTIES AND SKILLS DEVELOPMENT SCOTT STANTON HALYARD HEALTH
ABOUT ME C:>whoami /groups GROUP INFORMATION ----------------- Group Name Type SID Attributes =============== ================ ================== ========================== CURRENTHalyard Health Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group HALYARDCyber Security Alias S-1-5-32-544 Group used for deny only CURRENTH-ISAC Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group CURRENTDC404 Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group PREVIOUSCisco Systems Well-known group S-1-5-32-545 Mandatory group, Enabled by default, Enabled group PREVIOUSGE Energy Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
AGENDA • Cyber Security Career Tracks • Entering the Cyber Security Industry • Degrees and Certifications • Career Progression • Improving Your Effectiveness • Continuing Education
Information Security Cyber Security FIRST, WHY “CYBER SECURITY”? OT/IOT Security IT Security
CYBER SECURITY CAREER TRACKS DEFENDERS, ASSESSORS, AND RESEARCHERS
CAREER TRACKS – DEFENDERS Policy & Standards Design & Implementation Security Operations Products & Services Industry Associations Insurance
CAREER TRACKS – ASSESSORS Security Assurance Attestation Penetration Testing Risk Assessment Threat Modeling Compliance Certification
CAREER TRACKS – RESEARCHERS @briankrebs @taviso @malwaretechblog
ENTERING THE CYBER SECURITY INDUSTRY
ENTERING THE CYBER SECURITY INDUSTRY • You can start a cyber security career from just about any background.. • BUT technical careers will require a technical background • You can get a degree in cyber security • The traditional approach is to get a job in technology, then pivot into security • Software Developer -> Software Security, Malware Reversing • Network Admin -> Network Security • Application Platform Admin -> Identity & Access Security • Desktop Admin -> Endpoint Security, AD Security, or
HOW DO YOU PIVOT INTO SECURITY? • Learn a technology, then learn what “Security” is for that technology • Learn the security features, policy options, default vs. secure configuration, recommended security settings • Research past/known vulnerabilities in the technology • Learn how to “hack” the technology • Learn how to protect against hacking • Use free resources (SANS, CIS, OWASP, Adsecurity.org, decentsecurity.com)
WHAT IF I’M NOT TECHNICAL? Still Need to Learn Security Fundamentals and Concepts! • Project Management, Program Management • Compliance, Audit • Governance, Policy • Awareness, Training, Technical Writing • Risk Quantification • Legal, Regulatory, Privacy • Sales/Marketing!
ABOUT DEGREES AND CERTIFICATIONS • Why are college degrees worthwhile and/or required? • About Cyber Security degrees • Industry Certifications – the Good, the Bad, and the Ugly
CAREER PROGRESSION
DEFENDERS CAREER PROGRESSION – ENTRY LEVEL • Operator (Level 1): Technical support role. Follows scripted processes and procedures. Uses documented knowledge base articles for operations, troubleshooting, and support. Little to no creative flexibility. • Operations Lead (Level 2): Oversees execution of Level 1 Operations teams. Acts as escalation point when Level 1 staff cannot resolve issues. • System Administrator (Level 2): Trained on operation/use of specific products. Knowledgeable about configuration, maintenance, and troubleshooting. Focus is on stable
DEFENDERS CAREER PROGRESSION – ADVANCED • System Engineer (Level 3): Expert knowledge of specific products, processes, or capabilities. • Program Manager (Level 3): Functional responsibility for delivering security services, capabilities, or compliance. • System Architect (Level 4): Design integrations between multiple systems to provide holistic security capability or end- to-end policy implementation. • Principal Engineer (Level 4): Industry-leading knowledge or expertise in a domain.
IMPROVING YOUR EFFECTIVENESS
USE THREAT MODELING “Threat Actor X seeks to achieve Outcome Z” What are the Actions (Y) that they could perform? Opportunistic, Organized Crime, Insiders, Nation-States, Competitors
SECURITY IS THE ART OF RISK MANAGEMENT
LOOK FOR THE END-TO-END VIEW How do you respond to a malware infection? • Scan and clean? (Nuke and Pave?) • Offline analysis/clean? • Submit to vendors? • Remediate infection ingress root cause? • Share threat intelligence?
HAVE A VISION AND ARTICULATE IT • Effective Communication Is Critical • Don’t Assume That Constraints Are By Design • Speak Up When You See Opportunity
THINK LIKE AN ADVERSARY “Why Will This Work?” “Why Will This Not Work?” “How Could An Adversary Respond?”
ANALYTICAL PROGRESSION How is it done today? What are we functionally trying to achieve? What are the gaps in the current approach? What are the factors to consider? How should it be done?
CONTINUING EDUCATION
CONTINUING EDUCATION • Advance Your Threat Models • Technical, Cybercrime, Nation-State • What is State-of-the-Art? • Improve your Toolbox • Keep Up With Industry News • Learn New Threat Mitigations
CONTINUING EDUCATION • Security Social Media – Twitter, Podcasts, Slack/Discord channels, LinkedIn groups • Beware the “echo chamber” • Attend vendor events and conferences • Take their promises/vision with a grain of salt • Attend vendor-sponsored learning/networking events • Attend industry/community events and conferences – ISSA, BSides, OWASP, DEF CON, etc. • Attend paid conferences • Attend paid technical trainings
QUESTIONS? Scott Stanton @scott_stanton

Recommended

2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security Careers2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security CareersScott Stanton
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeamDan Vasile
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingEric Jernigan MSIA, CISSP, CISM, CRISC
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In SecurityPrasanna V
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 

Recommended

2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security Careers2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security CareersScott Stanton
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeamDan Vasile
 
Using the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingUsing the Threat Agent Library to improve threat modeling
Using the Threat Agent Library to improve threat modelingEric Jernigan MSIA, CISSP, CISM, CRISC
 
Assess all the things
Assess all the thingsAssess all the things
Assess all the thingsJerod Brennen
 
Skills For Career In Security
Skills For Career In SecuritySkills For Career In Security
Skills For Career In SecurityPrasanna V
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingRochester Security Summit
 
Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Eduardo Arriols Nuñez
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Cigital
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Santiago Bassett
 
Grc t17
Grc t17Grc t17
Grc t17SelectedPresentations
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security AssuranceRafal Los
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Securitygjdevos
 
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton Chuvakin
 
Security and Penetration Testing Overview
Security and Penetration Testing OverviewSecurity and Penetration Testing Overview
Security and Penetration Testing OverviewQA InfoTech
 
The Path to Proactive Application Security
The Path to Proactive Application SecurityThe Path to Proactive Application Security
The Path to Proactive Application SecurityCigital
 
Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Saurabh Upadhyay
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Aditya Mukherjee Information Security
 
Modern SOC Trends 2020
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020Anton Chuvakin
 
Berezha Security
Berezha SecurityBerezha Security
Berezha SecurityVlad Styran
 
Preparing a Next Generation IT Strategy
Preparing a Next Generation IT StrategyPreparing a Next Generation IT Strategy
Preparing a Next Generation IT StrategyBishop Fox
 
2023 HackRedCon Penetration Testing from the CISOs Perspective
2023 HackRedCon Penetration Testing from the CISOs Perspective2023 HackRedCon Penetration Testing from the CISOs Perspective
2023 HackRedCon Penetration Testing from the CISOs PerspectiveScott Stanton
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 

More Related Content

What's hot

Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Eduardo Arriols Nuñez
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Cigital
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Santiago Bassett
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security AssuranceRafal Los
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Securitygjdevos
 
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton Chuvakin
 
Security and Penetration Testing Overview
Security and Penetration Testing OverviewSecurity and Penetration Testing Overview
Security and Penetration Testing OverviewQA InfoTech
 
The Path to Proactive Application Security
The Path to Proactive Application SecurityThe Path to Proactive Application Security
The Path to Proactive Application SecurityCigital
 
Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Saurabh Upadhyay
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...Mark Arena
 
Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Aditya Mukherjee Information Security
 
Modern SOC Trends 2020
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020Anton Chuvakin
 
Berezha Security
Berezha SecurityBerezha Security
Berezha SecurityVlad Styran
 
Preparing a Next Generation IT Strategy
Preparing a Next Generation IT StrategyPreparing a Next Generation IT Strategy
Preparing a Next Generation IT StrategyBishop Fox
 

What's hot (20)

Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)Physical Penetration Testing (RootedCON 2015)
Physical Penetration Testing (RootedCON 2015)
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin?
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
 
Grc t17
Grc t17Grc t17
Grc t17
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Anton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in BriefAnton's 2020 SIEM Best and Worst Practices - in Brief
Anton's 2020 SIEM Best and Worst Practices - in Brief
 
Security and Penetration Testing Overview
Security and Penetration Testing OverviewSecurity and Penetration Testing Overview
Security and Penetration Testing Overview
 
The Path to Proactive Application Security
The Path to Proactive Application SecurityThe Path to Proactive Application Security
The Path to Proactive Application Security
 
Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Ethical hacking concept-Part 1
Ethical hacking concept-Part 1
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...The Cybercriminal Underground: Understanding and categorising criminal market...
The Cybercriminal Underground: Understanding and categorising criminal market...
 
Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.Need for Threat Intelligence & How to Operationalize it for your Organisation.
Need for Threat Intelligence & How to Operationalize it for your Organisation.
 
Modern SOC Trends 2020
Modern SOC Trends 2020Modern SOC Trends 2020
Modern SOC Trends 2020
 
Berezha Security
Berezha SecurityBerezha Security
Berezha Security
 
Preparing a Next Generation IT Strategy
Preparing a Next Generation IT StrategyPreparing a Next Generation IT Strategy
Preparing a Next Generation IT Strategy
 

Similar to 2019 Metro Atlanta ISSA Conference - Cyber Security Careers

2023 HackRedCon Penetration Testing from the CISOs Perspective
2023 HackRedCon Penetration Testing from the CISOs Perspective2023 HackRedCon Penetration Testing from the CISOs Perspective
2023 HackRedCon Penetration Testing from the CISOs PerspectiveScott Stanton
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingScott Sutherland
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingSaqib Raza
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchMcKonly & Asbury, LLP
 
Selling Infosec to the CSuite
Selling Infosec to the CSuiteSelling Infosec to the CSuite
Selling Infosec to the CSuiteDave R. Taylor
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
International Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekInternational Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekDavid Knox
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionCylance
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019Fahad Al-Hasan
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingNetSPI
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart WaySecurity Innovation
 

Similar to 2019 Metro Atlanta ISSA Conference - Cyber Security Careers (20)

2023 HackRedCon Penetration Testing from the CISOs Perspective
2023 HackRedCon Penetration Testing from the CISOs Perspective2023 HackRedCon Penetration Testing from the CISOs Perspective
2023 HackRedCon Penetration Testing from the CISOs Perspective
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
How To Become An IT Security Risk Analyst
How To Become An IT Security Risk AnalystHow To Become An IT Security Risk Analyst
How To Become An IT Security Risk Analyst
 
Mash f43
Mash f43Mash f43
Mash f43
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
Selling Infosec to the CSuite
Selling Infosec to the CSuiteSelling Infosec to the CSuite
Selling Infosec to the CSuite
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
International Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekInternational Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go Seek
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your Decision
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 

Recently uploaded

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

2019 Metro Atlanta ISSA Conference - Cyber Security Careers

  • 1. CYBER SECURITY CAREERS SECURITY SPECIALTIES AND SKILLS DEVELOPMENT SCOTT STANTON HALYARD HEALTH
  • 2. ABOUT ME C:>whoami /groups GROUP INFORMATION ----------------- Group Name Type SID Attributes =============== ================ ================== ========================== CURRENTHalyard Health Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group HALYARDCyber Security Alias S-1-5-32-544 Group used for deny only CURRENTH-ISAC Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group CURRENTDC404 Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group PREVIOUSCisco Systems Well-known group S-1-5-32-545 Mandatory group, Enabled by default, Enabled group PREVIOUSGE Energy Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
  • 3. AGENDA • Cyber Security Career Tracks • Entering the Cyber Security Industry • Degrees and Certifications • Career Progression • Improving Your Effectiveness • Continuing Education
  • 4. Information Security Cyber Security FIRST, WHY “CYBER SECURITY”? OT/IOT Security IT Security
  • 5. CYBER SECURITY CAREER TRACKS DEFENDERS, ASSESSORS, AND RESEARCHERS
  • 6. CAREER TRACKS – DEFENDERS Policy & Standards Design & Implementation Security Operations Products & Services Industry Associations Insurance
  • 7. CAREER TRACKS – ASSESSORS Security Assurance Attestation Penetration Testing Risk Assessment Threat Modeling Compliance Certification
  • 8. CAREER TRACKS – RESEARCHERS @briankrebs @taviso @malwaretechblog
  • 9. ENTERING THE CYBER SECURITY INDUSTRY
  • 10. ENTERING THE CYBER SECURITY INDUSTRY • You can start a cyber security career from just about any background.. • BUT technical careers will require a technical background • You can get a degree in cyber security • The traditional approach is to get a job in technology, then pivot into security • Software Developer -> Software Security, Malware Reversing • Network Admin -> Network Security • Application Platform Admin -> Identity & Access Security • Desktop Admin -> Endpoint Security, AD Security, or
  • 11. HOW DO YOU PIVOT INTO SECURITY? • Learn a technology, then learn what “Security” is for that technology • Learn the security features, policy options, default vs. secure configuration, recommended security settings • Research past/known vulnerabilities in the technology • Learn how to “hack” the technology • Learn how to protect against hacking • Use free resources (SANS, CIS, OWASP, Adsecurity.org, decentsecurity.com)
  • 12. WHAT IF I’M NOT TECHNICAL? Still Need to Learn Security Fundamentals and Concepts! • Project Management, Program Management • Compliance, Audit • Governance, Policy • Awareness, Training, Technical Writing • Risk Quantification • Legal, Regulatory, Privacy • Sales/Marketing!
  • 13. ABOUT DEGREES AND CERTIFICATIONS • Why are college degrees worthwhile and/or required? • About Cyber Security degrees • Industry Certifications – the Good, the Bad, and the Ugly
  • 15. DEFENDERS CAREER PROGRESSION – ENTRY LEVEL • Operator (Level 1): Technical support role. Follows scripted processes and procedures. Uses documented knowledge base articles for operations, troubleshooting, and support. Little to no creative flexibility. • Operations Lead (Level 2): Oversees execution of Level 1 Operations teams. Acts as escalation point when Level 1 staff cannot resolve issues. • System Administrator (Level 2): Trained on operation/use of specific products. Knowledgeable about configuration, maintenance, and troubleshooting. Focus is on stable
  • 16. DEFENDERS CAREER PROGRESSION – ADVANCED • System Engineer (Level 3): Expert knowledge of specific products, processes, or capabilities. • Program Manager (Level 3): Functional responsibility for delivering security services, capabilities, or compliance. • System Architect (Level 4): Design integrations between multiple systems to provide holistic security capability or end- to-end policy implementation. • Principal Engineer (Level 4): Industry-leading knowledge or expertise in a domain.
  • 18. USE THREAT MODELING “Threat Actor X seeks to achieve Outcome Z” What are the Actions (Y) that they could perform? Opportunistic, Organized Crime, Insiders, Nation-States, Competitors
  • 19. SECURITY IS THE ART OF RISK MANAGEMENT
  • 20. LOOK FOR THE END-TO-END VIEW How do you respond to a malware infection? • Scan and clean? (Nuke and Pave?) • Offline analysis/clean? • Submit to vendors? • Remediate infection ingress root cause? • Share threat intelligence?
  • 21. HAVE A VISION AND ARTICULATE IT • Effective Communication Is Critical • Don’t Assume That Constraints Are By Design • Speak Up When You See Opportunity
  • 22. THINK LIKE AN ADVERSARY “Why Will This Work?” “Why Will This Not Work?” “How Could An Adversary Respond?”
  • 23. ANALYTICAL PROGRESSION How is it done today? What are we functionally trying to achieve? What are the gaps in the current approach? What are the factors to consider? How should it be done?
  • 25. CONTINUING EDUCATION • Advance Your Threat Models • Technical, Cybercrime, Nation-State • What is State-of-the-Art? • Improve your Toolbox • Keep Up With Industry News • Learn New Threat Mitigations
  • 26. CONTINUING EDUCATION • Security Social Media – Twitter, Podcasts, Slack/Discord channels, LinkedIn groups • Beware the “echo chamber” • Attend vendor events and conferences • Take their promises/vision with a grain of salt • Attend vendor-sponsored learning/networking events • Attend industry/community events and conferences – ISSA, BSides, OWASP, DEF CON, etc. • Attend paid conferences • Attend paid technical trainings

Editor's Notes

  1. Cool circuit board theme I use the word cyber a lot, don’t make it a drinking game. You might not survive.
  2. Speaking of the word cyber, why do I use that term? What is the scope of the security team’s mission? IT Security – Protecting assets managed by the CIO – network, servers, PCs, applications Information Security – Protecting information in all forms; includes handling policies, retention policies, clean desk, media, etc. OT – Factories, Refineries, Utilities, Industrial Control and Automation Systems IOT – Internet of Things; widely deployed sensors and controllers Cyber Security encompasses the digital realms of IT, OT, and IOT security but not the physical realm of information protection
  3. Three primary types of career tracks in Cyber Security Defenders Assessors (not Attackers!) and Researchers
  4. Defenders – Responsible for protecting an organization’s information, assets, or technology. Define organizational policies, standards, processes, and procedures Design, implement, and operate security tools, platforms, and secure systems Develop secure products and services Industry associations (ISSA, ISACA, ISACs, Forums) Landscape from Momentum cyber security almanac 2019 https://momentumcyber.com/cybersecurity-almanac-2019/
  5. Assessors – Responsible for measuring and assessing an organization’s posture, compliance, risks, vulnerabilities, or threats Risk assessment, adversarial emulation, threat modeling, capability/maturity evaluation, standards/policy compliance evaluation Recommend risk mitigations or controls efficacy improvements Provide assurance certifications to third parties Security Assurance Attestation Penetration Testing Risk Assessment / Register Threat Modeling / Attack Tree Compliance Certification or Attestation
  6. Researchers – Advance the state of cyber security Discover new vulnerabilities and exploits Analyze how vulnerabilities are exploited by threat actors Show of hands – how many people know: Marcus Hutchins – Wannacry ransomware takedown / kill switch – arrested in 2017 in LV after DEFCON Tavis Ormandy – Google Project Zero – OSS, Windows, Linux, Imperva, D-Link, LastPass, and more Brian Krebs – Cyber Underground and Data Breach Reporter
  7. The focus of the remainder of this presentation is on the Defenders career track #1 because that’s what I do #2 because that’s where most of the jobs are If the Assessments or Research tracks are of interest to you, think about the remaining presentation from that context
  8. SW Devs can also pivot into Penetration Testing or Exploitation Research
  9. Internet Storm Center Reading room
  10. Cyber security degrees are all unique – some are glorified Metasploit and vuln scanning certifications, others are much deeper Security degrees go technically deep much faster than could be achieved via a career pivot, but don’t generally focus on mitigations and threat details
  11. What does career advancement look like in Cyber Security?
  12. What does career path look like? Depth + Width of expertise Width: How many technology domains you know Depth: How well you know them Level 1 Ops – Narrow and shallow Level 2 Ops – Wider and shallow Level 2 Sysadmin – Narrow and Moderately Deep
  13. Depth + Width of expertise Level 3 Engineer – Narrow, Deep Level 3 Program Mgr – Wide, Moderately Deep Level 4 Architect – Wide, Deep Level 4 Principal – Moderately wide, Very Deep
  14. So you’ve been in your security career for a few (or several) years now and you want to get to the next level..
  15. Accept, Mitigate, Transfer, and Avoid
  16. Example of SMS for password reset versus the risk of Adversary performing a SIM hijack
  17. Talked earlier about Level 2, 3, 4 roles – What is the defining characteristic of those who advance? Defining characteristic of experienced practitioners is their critical thinking and analytical ability With experience comes the knowledge of your organization, risk factors, threat models, and how controls address risks How is it done today: Basic understanding of the issue and process to address it What are we trying to achieve: Understanding the intent behind the outcome What are the gaps: Ability to compare the existing solution/process against the intent of the objective Factors to consider: What are the risks, threats, limitations of controls, scalability or complexity of solution, etc? How should it be done: Considering all of the above, what is the best way to achieve the desired outcome?