This document provides an overview of Teri Radichel's background and experience in cybersecurity. It details her progression from software engineer to cloud architect and into cybersecurity roles. It lists her certifications, entrepreneurial ventures, speaking engagements, and publications. The document then discusses different career paths in cybersecurity including security operations, intrusion response, and working as a hacker or for the government/military. It provides examples of security assessments and reviews common frameworks, best practices, and regulations. Finally, it discusses getting a job in cybersecurity through skills acquisition, networking, and continuous learning.
The document provides an overview of penetration testing basics from a presentation by The Internet Storm Center, SANS Institute, and GIAC Certification Program. It discusses the Internet Storm Center, SANS/GIAC training and certifications, common cyber threats, the methodology for penetration testing, tools used for various stages like reconnaissance, scanning, exploitation, and analysis, and the importance of reporting and mitigation strategies.
The document provides an overview of web application security. It discusses what web application security entails, which is achieving an acceptable level of security for a web application solution. It explains why web application security is important given increased reliance on web apps and their global accessibility. It outlines some common security risks like browser hijacking, cookie theft, and denial of service attacks. It also discusses how security problems should be addressed earlier in the development lifecycle to reduce costs. The document then delves into specific vulnerabilities like hidden field manipulation, cookie poisoning, buffer overflows, and cross-site scripting attacks. Examples are provided to illustrate how attackers can exploit these vulnerabilities.
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Jim Butterworth - Senior Cybersecurity Director Guidance Software Inc.
Brasília, 04 de agosto de 2010
This document discusses various types of security assessments, including technical security testing, security process assessments, and security audits. It provides details on vulnerability assessments, network penetration testing, web application penetration testing, and source code analysis. It also discusses security process reviews and the differences between security assessments and security audits.
Security in the cloud protecting your cloud appsCenzic
The document discusses security best practices for cloud applications. It notes that 75% of cyber attacks target internet applications and over 400 new vulnerabilities are discovered each month. The top vulnerabilities include cross-site scripting, SQL injection, and insecure direct object references. The document provides examples of how these vulnerabilities can be exploited by hackers and recommends best practices like input validation, output encoding, secure authentication and session management to help protect applications.
This document is a resume for Dhishant Abrol summarizing his professional experience and qualifications. He has over 6 years of experience in information and network security, currently working as a Security Researcher. Previous roles include managing security operations centers and security architectures for clients. He has various technical certifications and skills in areas like vulnerability assessment, malware analysis, compliance, and security tools.
Digitalization has transformed the way business’s function. With the evolution of technologies, attackers are also evolving. They are finding innovative and more invasive ways to attack organizations. Due to this, the organization's security operations center (SOC) is expected to be
more agile and dynamic in detecting and responding to attacks. Most organizations' security operations and incident response teams are overworked due to high volumes of security threats and alerts that they need to manage every day.
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its
applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
The document provides an overview of penetration testing basics from a presentation by The Internet Storm Center, SANS Institute, and GIAC Certification Program. It discusses the Internet Storm Center, SANS/GIAC training and certifications, common cyber threats, the methodology for penetration testing, tools used for various stages like reconnaissance, scanning, exploitation, and analysis, and the importance of reporting and mitigation strategies.
The document provides an overview of web application security. It discusses what web application security entails, which is achieving an acceptable level of security for a web application solution. It explains why web application security is important given increased reliance on web apps and their global accessibility. It outlines some common security risks like browser hijacking, cookie theft, and denial of service attacks. It also discusses how security problems should be addressed earlier in the development lifecycle to reduce costs. The document then delves into specific vulnerabilities like hidden field manipulation, cookie poisoning, buffer overflows, and cross-site scripting attacks. Examples are provided to illustrate how attackers can exploit these vulnerabilities.
Palestra do evento "Cybersecurity: a nova era em resposta a incidentes e auditoria de dados"
Jim Butterworth - Senior Cybersecurity Director Guidance Software Inc.
Brasília, 04 de agosto de 2010
This document discusses various types of security assessments, including technical security testing, security process assessments, and security audits. It provides details on vulnerability assessments, network penetration testing, web application penetration testing, and source code analysis. It also discusses security process reviews and the differences between security assessments and security audits.
Security in the cloud protecting your cloud appsCenzic
The document discusses security best practices for cloud applications. It notes that 75% of cyber attacks target internet applications and over 400 new vulnerabilities are discovered each month. The top vulnerabilities include cross-site scripting, SQL injection, and insecure direct object references. The document provides examples of how these vulnerabilities can be exploited by hackers and recommends best practices like input validation, output encoding, secure authentication and session management to help protect applications.
This document is a resume for Dhishant Abrol summarizing his professional experience and qualifications. He has over 6 years of experience in information and network security, currently working as a Security Researcher. Previous roles include managing security operations centers and security architectures for clients. He has various technical certifications and skills in areas like vulnerability assessment, malware analysis, compliance, and security tools.
Digitalization has transformed the way business’s function. With the evolution of technologies, attackers are also evolving. They are finding innovative and more invasive ways to attack organizations. Due to this, the organization's security operations center (SOC) is expected to be
more agile and dynamic in detecting and responding to attacks. Most organizations' security operations and incident response teams are overworked due to high volumes of security threats and alerts that they need to manage every day.
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its
applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
The document summarizes a presentation given by Fred Holborn of Psiframe, Inc. on data security for intellectual property managers. It discusses how theft of proprietary information caused the greatest financial losses for many organizations in 2003. It also outlines Psiframe's security assessment services which identify vulnerabilities from an attacker's perspective in order to recommend best practices for protecting information assets and networks. The document provides examples of common vulnerabilities and techniques attackers use, such as exploiting wireless networks and information leakage. It emphasizes the importance of regularly assessing security risks and implementing appropriate safeguards and regulatory compliance.
The document discusses threat modeling for web applications. It begins by defining threat modeling as an approach for analyzing security before coding to identify, mitigate, and prioritize threats. It then outlines the threat modeling process, including when to conduct it, who should be involved, how to describe the application, identify threats and potential weaknesses, determine mitigations, and document findings. Key points are that threat modeling finds different flaws than other security activities, involves understanding business objectives and technical details, and provides guidance for further security work.
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxInfosectrain3
The CompTIA Cybersecurity Analyst (CySA+) certification is the industry standard for demonstrating that cybersecurity professionals can analyze data and interpret the results to detect vulnerabilities, threats, and risks to an organization.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Toward Continuous Cybersecurity With Network AutomationKen Flott
Network security is a dynamic art, with dangers appearing as
fast as black hats can exploit vulnerabilities. While there are
basic “golden rules” which can make life difficult for the bad
guys, it remains a challenge to keep networks secure. John
Chambers, Executive Chairman of Cisco, famously said “there
are two types of companies: those that have been hacked, and
those who don’t know they have been hacked”. The question
for most organizations isn’t if they’re going to be breached, but
how quickly they can isolate and mitigate the threat.
In this paper, we’ll examine best practices for effective
cybersecurity – from both a proactive (access hardening)
and reactive (threat isolation and mitigation) perspective.
We’ll address how network automation can help minimize
cyberattacks by closing vulnerability gaps and how it can
improve incident response times in the event of a cyberthreat.
Finally, we’ll lay a vision for continuous network security, to
explore how machine-to-machine automation may deliver an
auto-securing and self-healing network.
Cybersecurity Presentation at WVONGA spring meeting 2018Jack Shaffer
The document discusses cybersecurity vulnerabilities in the oil and gas industry and frameworks to address them. It notes recent cyber attacks on energy infrastructure and outlines factors that make the industry vulnerable, such as lack of training, remote work practices, outdated systems, and insufficient network separation. It then introduces several cybersecurity standards and frameworks that can help organizations in the industry implement effective security practices, including ISO 27001, NIST Framework, CIS Controls, and IEC 62443. The presentation emphasizes that information security requires an ongoing process rather than just technology solutions.
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
This document discusses evolving cybersecurity strategies and moving to an identity-driven security model. It argues that the traditional approach of using many separate "best of breed" security products is too complex, expensive, and slow. Instead, it recommends moving to an integrated security platform centered around identity. This platform would provide pre-integrated solutions, identity-based policies, and machine learning capabilities to detect threats faster. It also discusses leveraging cloud infrastructure and workloads for improved security through features like regular updates and an "intelligent security graph" using data from billions of signals.
This document discusses threat modeling and network security. It provides an overview of Cyberoam network security appliances and their threat modeling process. This involves identifying critical assets, possible attack points, applicable threats, assigning a risk level using the DREAD model, monitoring security controls, and re-evaluating. The goal is to take a proactive approach to security rather than a reactive one by thoroughly understanding potential threats.
Asset Discovery in India – Redhunt LabsRedhuntLabs2
Leading Asset Discovery Company Redhunt Labs provides a variety of solutions to assist companies in India in securing their online assets and guarding against cyber threats. Our Agent less Platform NVADR has been successful for many of our customers in locating significant data leaks across publicly exposed Docker containers. NVADR has the capability to continually monitor your exposed Docker Assets from across the globe.
We also provide a Free Scan if you'd like to examine the Attack Surface of your company. Here to visit our page for more information.
1. The document discusses intrusion detection systems and proposes a cluster-based intrusion detection system for wireless sensor networks.
2. It proposes a multi-level intrusion detection architecture with detection at both the cluster head and network-wide levels.
3. The proposed system would detect intrusions through anomaly detection and has been evaluated through a survey of 50 experts in the field.
This document provides an overview of NetWatcher's managed detection and response security services. It describes NetWatcher's cloud-based security stack that provides enterprise-level security capabilities typically reserved for large organizations to SMBs through an affordable software-as-a-service model. The summary highlights NetWatcher's security tools and features like sensors, endpoint agents, threat intelligence, compliance reporting, vulnerability scanning, and a customer portal for viewing alerts and scores.
Top 10 Azure Security Best Practices (1).pptxHichamNiamane1
Attack services like ransomware, zero-days, exploit kits, and denial of service can be purchased at relatively low prices online. Ransomware costs $66 upfront or 30% of profits, exploit kits cost $1,400 per month, and denial of service attacks cost $766.67 per month. Other services like compromised accounts and device loads also have relatively low price points. It is important for organizations to implement security best practices like enabling threat protection, practicing secure DevOps, and using tools like Azure Security Center to monitor for attacks.
Slide Griffin - Practical Attacks and MitigationsEnergySec
Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks.
This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
Businesses and organizations have numerous network devices, databases, servers, applications, and domains, and all of these IT assets are through IP addresses and Ports.
Attack Surface Management refers to the proactive detection and management of attack vectors such as open ports, server vulnerabilities, similar domains, phishing, and domains distributing malicious code.
Criminal IP ASM automatically monitors and generates a report on assets exposed to the attack surface.
All IT assets are thoroughly detected globally, with a streamlined introduction procedure requiring registration of only one primary domain.
Request a FREE Demo of Criminal IP ASM at:
https://www.criminalip.io/asm/attack-surface-management
Top Cited Papers - International Journal of Network Security & Its Applicatio...IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Security Considerations in Process Control and SCADA Environmentsamiable_indian
The document discusses security considerations for process control and SCADA environments. It outlines that security risks increase with technological advances and connectivity. The Department of Homeland Security believes critical infrastructure could be targeted. The document provides guidance on establishing security programs, including risk assessment, policies and procedures, secure network architectures, and recommendations for encryption and secure communications.
This document provides an overview of topics, technologies, programming languages, tools, certifications, and job roles commonly required in the field of cybersecurity. It lists fundamentals areas like computer science, networking, and cryptography. It also outlines essential security domains including web security, ethical hacking, incident response, policies, and human factors. Finally, it provides steps to get started in cybersecurity, including choosing a specialization, developing skills, and staying up to date in the field.
The document provides an overview of information security concepts and threats. It discusses how security is difficult to implement due to costs, user resistance, and sophisticated criminals. The document then outlines various hacking techniques like information gathering, social engineering, sniffing, and denial of service attacks. It concludes by describing defensive security measures for organizations, including firewalls, intrusion detection, honeypots, antivirus software, user awareness training, and penetration testing.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
A Guide to a Winning Interview June 2024Bruce Bennett
This webinar is an in-depth review of the interview process. Preparation is a key element to acing an interview. Learn the best approaches from the initial phone screen to the face-to-face meeting with the hiring manager. You will hear great answers to several standard questions, including the dreaded “Tell Me About Yourself”.
The document summarizes a presentation given by Fred Holborn of Psiframe, Inc. on data security for intellectual property managers. It discusses how theft of proprietary information caused the greatest financial losses for many organizations in 2003. It also outlines Psiframe's security assessment services which identify vulnerabilities from an attacker's perspective in order to recommend best practices for protecting information assets and networks. The document provides examples of common vulnerabilities and techniques attackers use, such as exploiting wireless networks and information leakage. It emphasizes the importance of regularly assessing security risks and implementing appropriate safeguards and regulatory compliance.
The document discusses threat modeling for web applications. It begins by defining threat modeling as an approach for analyzing security before coding to identify, mitigate, and prioritize threats. It then outlines the threat modeling process, including when to conduct it, who should be involved, how to describe the application, identify threats and potential weaknesses, determine mitigations, and document findings. Key points are that threat modeling finds different flaws than other security activities, involves understanding business objectives and technical details, and provides guidance for further security work.
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxInfosectrain3
The CompTIA Cybersecurity Analyst (CySA+) certification is the industry standard for demonstrating that cybersecurity professionals can analyze data and interpret the results to detect vulnerabilities, threats, and risks to an organization.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Toward Continuous Cybersecurity With Network AutomationKen Flott
Network security is a dynamic art, with dangers appearing as
fast as black hats can exploit vulnerabilities. While there are
basic “golden rules” which can make life difficult for the bad
guys, it remains a challenge to keep networks secure. John
Chambers, Executive Chairman of Cisco, famously said “there
are two types of companies: those that have been hacked, and
those who don’t know they have been hacked”. The question
for most organizations isn’t if they’re going to be breached, but
how quickly they can isolate and mitigate the threat.
In this paper, we’ll examine best practices for effective
cybersecurity – from both a proactive (access hardening)
and reactive (threat isolation and mitigation) perspective.
We’ll address how network automation can help minimize
cyberattacks by closing vulnerability gaps and how it can
improve incident response times in the event of a cyberthreat.
Finally, we’ll lay a vision for continuous network security, to
explore how machine-to-machine automation may deliver an
auto-securing and self-healing network.
Cybersecurity Presentation at WVONGA spring meeting 2018Jack Shaffer
The document discusses cybersecurity vulnerabilities in the oil and gas industry and frameworks to address them. It notes recent cyber attacks on energy infrastructure and outlines factors that make the industry vulnerable, such as lack of training, remote work practices, outdated systems, and insufficient network separation. It then introduces several cybersecurity standards and frameworks that can help organizations in the industry implement effective security practices, including ISO 27001, NIST Framework, CIS Controls, and IEC 62443. The presentation emphasizes that information security requires an ongoing process rather than just technology solutions.
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
This document discusses evolving cybersecurity strategies and moving to an identity-driven security model. It argues that the traditional approach of using many separate "best of breed" security products is too complex, expensive, and slow. Instead, it recommends moving to an integrated security platform centered around identity. This platform would provide pre-integrated solutions, identity-based policies, and machine learning capabilities to detect threats faster. It also discusses leveraging cloud infrastructure and workloads for improved security through features like regular updates and an "intelligent security graph" using data from billions of signals.
This document discusses threat modeling and network security. It provides an overview of Cyberoam network security appliances and their threat modeling process. This involves identifying critical assets, possible attack points, applicable threats, assigning a risk level using the DREAD model, monitoring security controls, and re-evaluating. The goal is to take a proactive approach to security rather than a reactive one by thoroughly understanding potential threats.
Asset Discovery in India – Redhunt LabsRedhuntLabs2
Leading Asset Discovery Company Redhunt Labs provides a variety of solutions to assist companies in India in securing their online assets and guarding against cyber threats. Our Agent less Platform NVADR has been successful for many of our customers in locating significant data leaks across publicly exposed Docker containers. NVADR has the capability to continually monitor your exposed Docker Assets from across the globe.
We also provide a Free Scan if you'd like to examine the Attack Surface of your company. Here to visit our page for more information.
1. The document discusses intrusion detection systems and proposes a cluster-based intrusion detection system for wireless sensor networks.
2. It proposes a multi-level intrusion detection architecture with detection at both the cluster head and network-wide levels.
3. The proposed system would detect intrusions through anomaly detection and has been evaluated through a survey of 50 experts in the field.
This document provides an overview of NetWatcher's managed detection and response security services. It describes NetWatcher's cloud-based security stack that provides enterprise-level security capabilities typically reserved for large organizations to SMBs through an affordable software-as-a-service model. The summary highlights NetWatcher's security tools and features like sensors, endpoint agents, threat intelligence, compliance reporting, vulnerability scanning, and a customer portal for viewing alerts and scores.
Top 10 Azure Security Best Practices (1).pptxHichamNiamane1
Attack services like ransomware, zero-days, exploit kits, and denial of service can be purchased at relatively low prices online. Ransomware costs $66 upfront or 30% of profits, exploit kits cost $1,400 per month, and denial of service attacks cost $766.67 per month. Other services like compromised accounts and device loads also have relatively low price points. It is important for organizations to implement security best practices like enabling threat protection, practicing secure DevOps, and using tools like Azure Security Center to monitor for attacks.
Slide Griffin - Practical Attacks and MitigationsEnergySec
Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks.
This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
Businesses and organizations have numerous network devices, databases, servers, applications, and domains, and all of these IT assets are through IP addresses and Ports.
Attack Surface Management refers to the proactive detection and management of attack vectors such as open ports, server vulnerabilities, similar domains, phishing, and domains distributing malicious code.
Criminal IP ASM automatically monitors and generates a report on assets exposed to the attack surface.
All IT assets are thoroughly detected globally, with a streamlined introduction procedure requiring registration of only one primary domain.
Request a FREE Demo of Criminal IP ASM at:
https://www.criminalip.io/asm/attack-surface-management
Top Cited Papers - International Journal of Network Security & Its Applicatio...IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
Security Considerations in Process Control and SCADA Environmentsamiable_indian
The document discusses security considerations for process control and SCADA environments. It outlines that security risks increase with technological advances and connectivity. The Department of Homeland Security believes critical infrastructure could be targeted. The document provides guidance on establishing security programs, including risk assessment, policies and procedures, secure network architectures, and recommendations for encryption and secure communications.
This document provides an overview of topics, technologies, programming languages, tools, certifications, and job roles commonly required in the field of cybersecurity. It lists fundamentals areas like computer science, networking, and cryptography. It also outlines essential security domains including web security, ethical hacking, incident response, policies, and human factors. Finally, it provides steps to get started in cybersecurity, including choosing a specialization, developing skills, and staying up to date in the field.
The document provides an overview of information security concepts and threats. It discusses how security is difficult to implement due to costs, user resistance, and sophisticated criminals. The document then outlines various hacking techniques like information gathering, social engineering, sniffing, and denial of service attacks. It concludes by describing defensive security measures for organizations, including firewalls, intrusion detection, honeypots, antivirus software, user awareness training, and penetration testing.
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
A Guide to a Winning Interview June 2024Bruce Bennett
This webinar is an in-depth review of the interview process. Preparation is a key element to acing an interview. Learn the best approaches from the initial phone screen to the face-to-face meeting with the hiring manager. You will hear great answers to several standard questions, including the dreaded “Tell Me About Yourself”.
Learnings from Successful Jobs SearchersBruce Bennett
Are you interested to know what actions help in a job search? This webinar is the summary of several individuals who discussed their job search journey for others to follow. You will learn there are common actions that helped them succeed in their quest for gainful employment.
Success is often not achievable without facing and overcoming obstacles along the way. To reach our goals and achieve success, it is important to understand and resolve the obstacles that come in our way.
In this article, we will discuss the various obstacles that hinder success, strategies to overcome them, and examples of individuals who have successfully surmounted their obstacles.
Joyce M Sullivan, Founder & CEO of SocMediaFin, Inc. shares her "Five Questions - The Story of You", "Reflections - What Matters to You?" and "The Three Circle Exercise" to guide those evaluating what their next move may be in their careers.
In the intricate tapestry of life, connections serve as the vibrant threads that weave together opportunities, experiences, and growth. Whether in personal or professional spheres, the ability to forge meaningful connections opens doors to a multitude of possibilities, propelling individuals toward success and fulfillment.
Eirini is an HR professional with strong passion for technology and semiconductors industry in particular. She started her career as a software recruiter in 2012, and developed an interest for business development, talent enablement and innovation which later got her setting up the concept of Software Community Management in ASML, and to Developer Relations today. She holds a bachelor degree in Lifelong Learning and an MBA specialised in Strategic Human Resources Management. She is a world citizen, having grown up in Greece, she studied and kickstarted her career in The Netherlands and can currently be found in Santa Clara, CA.
1. So you want a
JOB
in
CYBER
SECURITY?
@TeriRadichel
2. My Background
Tech: Software Engineer > Cloud Engineer > Cloud Architect > Cybersecurity
Entrepreneur (3x): > Writing, E-commerce & Web Hosting, Cybersecurity
Degrees: BA Business, 2 Master’s Software Engineering, Cybersecurity
Certifications: Many, including SANS GSE
CEO of 2nd Sight Lab > Training, Assessments, Penetration Tests
IANS Research Faculty > Phone consulting
Infragard, AWS Hero, SANS Difference Maker’s Award
Professional Speaker: Conferences around the world (RSA, OWASP, etc)
Author: Cybersecurity for Executives in the Age of Cloud
https://medium.com/cloud-security/women-in-tech-cyber-security/home
3. Organizations I’ve worked for (that I can say)
…as employee, consultant, took my classes…
Subcontractor
4. Hey, what’s that?
Something weird is going on here.
Hey, someone’s on our machine!
Investigate systems and network.
Obsess over figuring out how they did it.
Try to make sure it never happens again.
That’s my story.
How people used to get into cybersecurity
Security Operations
Intrusion Detection & Response
5. Misfit messing around with computers.
Hack something.
Maybe get arrested.
Or not.
Attend hacker conferences.
End up working for the government.
Or Corporate America.
Or both.
Alternatively….
Cybersecurity legends ~ Hackers
6. Also check out:
RSA
OWASP AppSec
BSides
ISACA
Black Hat
ATT&CK CON
REcon
DEFCON
https://www.youtube.com/user/DEFCONConference/videos
8. Exposure in mainstream media.
More training options.
More certifications.
Cybersecurity degrees.
Training at technical colleges.
More meetups and conferences.
More books, blogs, videos.
Cybersecurity today
No cybersecurity degree existed when I started
11. PCI: Payment Card Industry
https://www.pcisecuritystandards.org/
HIPAA: Health care data https://www.hhs.gov
GDPR: Data of European Citizens https://gdpr-info.eu/
NERC: North America Power System
https://www.nerc.com/Pages/default.aspx
State privacy laws https://iapp.org/resources/article/us-
state-privacy-legislation-tracker/
GSA Privacy Act: PII https://www.gsa.gov/reference/gsa-
privacy-program/rules-and-policies-protecting-pii-privacy-act
Examples of Regulation
Follow rules!
(Compliance)
12. NIST (National Institutes of Standards & Technology)
https://www.nist.gov/
ISACA (Information Systems Audit & Control Association)
https://www.isaca.org/
SOC2 Compliance
https://www.aicpa.org/interestareas/frc/assuranceadvisoryse
rvices/aicpasoc2report.html
ISO27001 https://www.iso.org/isoiec-27001-information-
security.html
Cybersecurity Audits Prove it.
13. Compliance is a minimum
Cybersecurity fundamentals
Industry knowledge and information sharing
Good cybersecurity architecture & processes
Vendor guidance
Monitor the news! What are attackers doing?
Adjust security practices accordingly.
Best Practices (not laws)
Regulatory compliance
does not equal
security.
14. CIS Benchmarks https://www.cisecurity.org/cis-benchmarks/
CIS Controls https://www.cisecurity.org/controls/cis-controls-
list/
OWASP Top 10 https://owasp.org/www-project-top-ten/
MITRE ATT&CK https://attack.mitre.org/
CWEs https://cwe.mitre.org/
Top 25 most dangerous software weaknesses
https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.
html
Vendor security documentation – especially for cloud systems.
Industry Guidance(More lists…)
15. Vary widely in scope and objectives.
Run a scan and generate an automated report for a customer.
Evaluate system architecture and networks.
Ask questions about tools, systems, and processes.
Review company standards, policies, and procedures.
Consider most common attack vectors.
Interview development teams, business professionals, or
others.
Evaluate system code or test security product functionality.
Cybersecurity AssessmentsMinimum.
Not great.
Also, cheap.
16. Find and exploit system vulnerabilities.
Sort of like a hacker, but not really
Much more limited time frame
Limited by scope (provided by customer)
Network, internal, cloud, deployments, applications, products
Some access to expose vulnerabilities
Objective: Coverage or target?
Approaches: scanning, reverse-engineering, social engineering
Penetration Tests
Try to break in!
Then write a 40-80+
page report (in my
case)
17. Software & Hardware Vulnerabilities
Input
bad
stuff.
Make bad things
happen here
19. Systems exposed to the Internet are attacked
Attackers scan for open ports
System vulnerabilities
Exploit to get foothold
Call home to C2
Send commands
Get credentials
Repeat
23. Verify it’s a security problem.
Capture evidence in a way that proves no one tampered with
it.
Handle evidence in a secure manner (chain of custody).
Contain the malware to prevent spread.
Potentially observe it or use the copy for analysis.
Remove it from systems – completely!
Report and learn from the incident.
Digital Forensics &
Incident Response (DFIR)
Sample breach
notifications in
my weekly news
feed.
24. Q: How did our systems get breached?
A: An attacker got ransomware onto our systems.
Q: How did the attacker get ransomware onto our systems?
A: They got onto one of the machines in our network.
Q: How did they get onto the machine?
A: General: Evil link in email, vulnerability, misconfiguration.
Q: What was the link? What was the vulnerability?
A: Specific: The actual link, CVE, IP address, port, software.
Breach reports need root cause
Ask the right
questions.
28. Risk Management
Reduce risk of a data breach and potential damage.
Attack vectors: The different attacks available on your
systems.
Attack surface: The amount of exposure available to
attack.
Blast Radius: How much damage unauthorized access
can cause.
Key to security
29. 1. Immutable software deliverables in Solar Winds
deployments.
2. Identification of C2 network traffic by affected customers.
3. Least-privilege for credentials on infected systems.
4. Just-in-time and conditional access for high-risk actions.
What could have prevented the attack?
Security architecture
Security operations or analyst
Governance & Risk Management, IAM
Governance & Risk Management, IAM
30. Security has a lot of rules and lists!
Where should you start?
How do attackers get in?
1. Abstract the details to core principles.
2. Prioritize fixing highest risk findings.
3. Avoid over-analysis.
4. Avoid repeat problems.
Getting a handle on complexity
What
Causes
Data
Breaches?
32. The same set of
principles can stop or
limit damage for a
myriad of attacks!
33. 20 cybersecurity questions
Key factors that drive data breaches.
Learn fundamental cybersecurity.
Study how attacks work.
Abstract common attack vectors.
Understand what stops them.
Reduce the chances you give attackers.
Create metrics that make a difference.
Automated reporting + Manual analysis.
34. 20 questions to ask your security team
How many CVEs? Developer security training? Network, data, app?
Percent of systems exposed to the
Internet?
What are our security policies?
Data exposed to Internet? Who generates most exceptions? Why?
Total attack paths on our network? Security checks built into deployment systems?
Potential damage if credentials stolen? Are we vetting our vendors? How?
Percentage of accounts with MFA? Proof that our security solutions provide value?
Percentage data encrypted when stored? Do we have an incident handling team or plan?
Percentage of network traffic encrypted? What percent activities can be and are
automated?
Findings from pentests and assessments? What is the overall risk level? Getting better?
Can we restore from backups? Tested? How is the threat landscape changing?
36. U.S. average cost of a data breach
https://www.ibm.com/security/data-breach
37. Measure risk and reduce it
$2.30M
Cost difference for
breaches with high vs.
low level of compliance
failures
- IBM Cost of a Data
Breach
38. Automation
$2.90M
Average cost of a data
breach at organizations
with security AI and
automation fully
deployed.
- IBM Cost of a Data
Breach
39. We still need
humans for
analysis.
Not all
problems can
be solved by
automation.
Analysis
40. Executives
Developers
Marketing
Human resources
Salespeople
Interns!
Contractors
Third-party vendors
Everyone needs security awareness!
All it takes is one mistake…
41. People need to understand why rules exist.
Communication is critical.
Email and videos not that effective.
Iterative fixes.
Test before blocking.
Get executive support.
The organization still needs to function
https://www.sans.org/white-papers/36837
Without this, an exercise in futility
42. Non-exhaustive list of security jobs
Chief Information Security Officer (CISO) Security Administrator
Risk Management & Governance / Privacy Officer Security Operations Center (SOC) Analyst
Auditors and Assessors Cryptography / Cryptology / Cryptanalyst
Blue Team (Defense) Penetration Testers / Red Team (Offense)
Security Engineer (Application, Cloud, System,
Network, Product, Hardware, Network)
Security Architect (Application, System, Cloud,
Enterprise, Product, Hardware, Network)
Security Researcher / Malware Analyst Security Sales, Marketing, Product Management
Digital Forensics & Incident Response (DFIR) Security Consultant / Specialist
FBI Agent / Counter Espionage Agent / Cyber Spy Cyber Intelligence Specialist
Information Security Analyst Security Manager
43. Catch hackers in the act? (Security Analyst, SOC)
Help companies after a cyber attack? (DFIR, CERT)
Study malware & attacks? (Security Researcher)
Hack? (Pentester, Red Team, Bug Bounties, Criminals)
Design & build secure systems? (Architect, Engineer)
Policies and risk reduction? (Risk Management, Governance)
Validate orgs follow rules? (Assessor, Auditor)
Implement policies and work with executives? (CISO)
Enforce policies? (CEO, Board of Directors)
What do you want to do?
Security Pros do
not enforce!
45. Obtain skills: Look at job descriptions.
On-the-job training: Find a company that will train you.
Certifications / Degrees: Get you past the HR department.
Establish trust: Security is all about trust.
Meet people: Get involved in the security community.
Get experience: Internships, personal projects, CTFs, volunteer.
Demonstrate knowledge: Writing, GitHub, speaking, videos (use sources!)
Continuous learning: Security is a moving target.
Be familiar with current events: Read, Twitter, my news blog!
How to get a job in cybersecurity