Prasanna V, profile picture
Uploaded byPrasanna V
983 views

Skills For Career In Security

The document outlines the current trends in information security, highlighting a growing demand for skilled professionals due to the rise of cybercrime and the need for robust security measures. It details the necessary skills, fields of work, and certifications for various job titles within security roles, such as security engineer, administrator, and manager. Additionally, it emphasizes the importance of continuous learning and obtaining relevant certifications to enhance career prospects in the security domain.

Embed presentation

Downloaded 62 times
Skills For A Career In Security http://vprasanna.com
“There is a difference between knowing the path and walking the path” http://vprasanna.com
Agenda Today’s Security trends Why a Career in Information Security Skills required Profiles Certifications. Are they required? Q & A http://vprasanna.com
Today’s Security trends The information explosion caused by Internet has also shortened the geographical boundaries, and has brought about immense data for exploration and exploitation. http://vprasanna.com
'Man is a Social Animal' - Aristotle http://vprasanna.com
Terms like Cyber crime economy, corporate cyber espionage, Cyber Warfare have now come into vogue..Its a constant game of catch- up 6 Today’s Security trends (cont..) Governments & Corporations are setting up Cyber Labs with specialized training for its workforce to tackle these….
7 Today’s Security trends (cont..) www.packetverify.com Unlike the old times when hacking was for fun and to show off one’s ability, today the primary motivation is driven by Money.
Today’s Security Trends (cont) …Of-course some still do it for fun and more….
Today’s Security Trends (cont) Breaches still continue to happen due to user errors as well…
What does this bring to picture? Need of good folks…. http://vprasanna.com
So, who could be these good folks? http://vprasanna.com
Interesting? Lets Explore… http://vprasanna.com
• Requires specialized Skills • Opportunity for continuous learning • Challenging job prospectus • Niche Area • Currently there is a big shortage of skilled Information Security Professionals in line with Data exploration and exploitation. http://vprasanna.com Why a career in Security ?
Why a career in Security ?(cont) Courtesy: www.ecommercetimes.com
http://vprasanna.com Education Level of Professionals in Security Statistics: Global Workforce Study www.isc2.org Source:www.isc2.org
Security Engineering Field of work:  Product design and development  Hardware programming  Application Testing  Hardware Testing  Review codes for vulnerabilities  Fix vulnerabilities through patching (some more coding)  Research and Development  Malware Analysis, Reverse Engineering  Application Security review http://vprasanna.com
Security Engineering Typical skills required:  Programming  Unix, C,C++, Shell, PERL,Python, Java, .NET & etc  Scripting  Databases  Cryptography  TCP/IP Stack, OSI Model  Software Development Life Cycle (SDLC)  Common Sense http://vprasanna.com
Certifications & Resources: • Certified Secure Software Lifecycle Professional (CSSLP) from ISC2 • SANS Secure Coding Certifications – Java - Secure Coding - Developing Defensible Apps – .NET - Secure Coding - Developing Defensible Apps – C/C++ - Secure Coding - Developing Defensible Apps – PCI - Secure Coding for PCI Compliance (DEV 536) • Microsoft Security Development Lifecycle • CMMI practises • Many more… http://vprasanna.com
Popular Job Titles include: • Security Engineer • Security Researcher • Application Security Researcher • Product Engineer • Security Tester http://vprasanna.com
Security Administration Field of Work:  System Security, OS hardening, patching,  Network Security, Firewall, IDS/IPS, SIEM,PKI  Vulnerability Assessment & Penetration Testing  Incident Response  Troubleshooting and fixing security issues  Awareness and Training  Identity and Access Management  IT Audits http://vprasanna.com
Security Administration Typical Skills required:  Solid understanding of Operating Systems  OSI Model, TCP/IP Stack, DNS, Routing, Switching, HTTP, SSL, LAN, WAN, DNS, DHCP, Routing, Wi-Fi, and VoIP.  Firewalls, Intrusion Detection Systems (IDS), IPS, Routers, Switches  Antivirus, Content filters  Databases http://vprasanna.com
Security Administration (cont..)  Scripting (highly desirable & makes like easier): Unix, PERL,Python, Windows Shell Scripting  Data mining  Protocol dissection  Exposure and knowledge of various security best practices and standards like ISO 27001, PCI-DSS, Common Criteria, PCI-DSS and etc  Good Documentation and Communications skills  Appetite for Learning http://vprasanna.com
Certifications & Resources: • Certified Information Systems Security Professional (CISSP) from ISC2 • SANS Global Information Assurance Certifications (GIAC) • Security + • Certified Ethical Hacker (CEH) • ISO 27001Implementor /Internal Auditor / Lead Auditor • Computer Hacking Forensic Investigator • Vendor Certifications from Checkpoint, Symantec, Juniper, Cisco and etc http://vprasanna.com
Popular Job Titles include: • IT Security Manager • Network Security Administrator • Security Analyst • Security Administrator Involves hands on work generally and partly managerial as well. http://vprasanna.com
Security Management Field of work:  More of Auditing, Compliance, Governance & Risk Management  Compliance to standards like ISO27001, PCI-DSS, HIPAA,  Information Systems Audits  Security Awareness Trainings and evaluation  Business Continuity and Disaster Recovery.  Covers IT as well as Non-IT aspects of Security in an Organization http://vprasanna.com
Security Management Typical Skills:  Good understanding of Auditing standards,  Networks, System level Security hardening mechanism  Risk Assessment and mitigation strategies  Standards & Compliances  ISO27001, Common Criteria, COBIT,GLBA  SOX  Payment Card Industry Data Security Standards (PCI –DSS)  IT Legal concepts  Indian IT Act 2000  Data Privacy Laws & Regulations  Good Documentation and Communications skills http://vprasanna.com
Certifications & Resources: • Certified Information Systems Security Professional (CISSP) from ISC2 • Certified Information Systems Auditor (CISA) from ISACA • Certified Information Systems Manager(CISM) from ISACA • ISO 27001Implementor /Internal Auditor / Lead Auditor • Cyber Law http://vprasanna.com
Popular Job Titles include: • Information Security Manager • IT Risk Manager • Chief Information Security Officer • Chief Privacy Officer • Chief Risk Officer These positions involves more of managerial responsibilities and limited hands on as well http://vprasanna.com
• Certification compliments the skills and experience • Give yourself sufficient time and experience to see catch up with the requirements • Go for the certifications that are accredited by the recognized organizations • Don’t get certified for the heck of it, rather the whole process from studying to certifying should be an enriching experience NOTE: Nothing substitutes right skills & experience http://vprasanna.com Should I get Certified ?
Does Certifying pay me more? http://packetverify.com Survey from ISC2 says, Yes. Statistics: Global Workforce Study www.isc2.org
Write-ups and Blogs on Security.. • NIST • SANS Security Resources • EFF • Openwall • Naked Security • Bruce Schneier on Security • Krebs on Security • Open Web Application Security Project • Open Source Security Testing Methodology Manual (OSSTMM) • Google Summer Of Code • Insecure.org Mailing lists • CERTs http://vprasanna.com
Hackers & Entertainment • Wargames • The Matrix • Italian Job • Swordfish • Pirates of Silicon Valley • Takedown • & many more....... http://vprasanna.com
Background about this presentation Please note that this is not a definitive guide about starting or building a career in security. I used to get questions on this subject and thought of skills that helped me in my InfoSec Career. I have put these here and believe it could help you in your InfoSec career journey. May The Force Be With You http://vprasanna.com
What I do? I am a Information Security professional :) http://vprasanna.com
Thank You @terminalfix vprasanna.com Prasanna Venkatesh

More Related Content

PPTX
Career In Information security
byAnant Shrivastava
 
PPTX
How to Pass the CISSP Exam For the First Time
byMercury Solutions Limited
 
PPTX
A Career in Cybersecurity
bylfh663
 
PPTX
Ceh vs Cissp difficulty, Salary, Job!
byMercury Solutions Limited
 
PDF
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
byEdureka!
 
PDF
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
byEdureka!
 
PDF
Ceh v11 all you need to know-converted
byredteamacademypromo
 
PPTX
Career Guidance on Cybersecurity by Mohammed Adam
byMohammed Adam
 
Career In Information security
byAnant Shrivastava
 
How to Pass the CISSP Exam For the First Time
byMercury Solutions Limited
 
A Career in Cybersecurity
bylfh663
 
Ceh vs Cissp difficulty, Salary, Job!
byMercury Solutions Limited
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
byEdureka!
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
byEdureka!
 
Ceh v11 all you need to know-converted
byredteamacademypromo
 
Career Guidance on Cybersecurity by Mohammed Adam
byMohammed Adam
 

What's hot

PDF
Physical Penetration Testing (RootedCON 2015)
byEduardo Arriols Nuñez
 
PPTX
Cybersecurity Career Information by Next Gen Cyber
byWilliam McBorrough
 
PDF
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
byEdureka!
 
PDF
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
byEdureka!
 
PPTX
Cybersecurity career options & Getting started
byBalaji Rajasekaran
 
PDF
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
byOWASP Delhi
 
PDF
2018 CISSP Mentor Program Session 2
byFRSecure
 
PPTX
Down The Rabbit Hole, From Networker to Security Professional
bySatria Ady Pradana
 
PDF
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
byEdureka!
 
PDF
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
byEdureka!
 
PDF
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
bySaraPia5
 
PDF
Certified Ethical Hacking (CEH V9) Course Details | EC-Council
byCRAW CYBER SECURITY PVT LTD
 
PPTX
WEB SECURITY
byMDERAMTALUKDER
 
PDF
Diploma In Information Security Training and Certification Details In Delhi
byCRAW CYBER SECURITY PVT LTD
 
PPTX
SOC Analyst Course
byredteamacademypromo
 
PDF
Experience Sharing on School Pentest Project (Updated)
byeLearning Consortium 電子學習聯盟
 
PPTX
Spy vs Spy: Protecting Secrets
byMichael Scheidell
 
PDF
Slides to the online event "Creating an effective cybersecurity strategy" by ...
byGo Global
 
PDF
Threat hunting 101 by Sandeep Singh
byOWASP Delhi
 
Physical Penetration Testing (RootedCON 2015)
byEduardo Arriols Nuñez
 
Cybersecurity Career Information by Next Gen Cyber
byWilliam McBorrough
 
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
byEdureka!
 
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | Edureka
byEdureka!
 
Cybersecurity career options & Getting started
byBalaji Rajasekaran
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
byOWASP Delhi
 
2018 CISSP Mentor Program Session 2
byFRSecure
 
Down The Rabbit Hole, From Networker to Security Professional
bySatria Ady Pradana
 
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...
byEdureka!
 
How to become a Cybersecurity Engineer? | Cybersecurity Salary | Cybersecurit...
byEdureka!
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
bySaraPia5
 
Certified Ethical Hacking (CEH V9) Course Details | EC-Council
byCRAW CYBER SECURITY PVT LTD
 
WEB SECURITY
byMDERAMTALUKDER
 
Diploma In Information Security Training and Certification Details In Delhi
byCRAW CYBER SECURITY PVT LTD
 
SOC Analyst Course
byredteamacademypromo
 
Experience Sharing on School Pentest Project (Updated)
byeLearning Consortium 電子學習聯盟
 
Spy vs Spy: Protecting Secrets
byMichael Scheidell
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
byGo Global
 
Threat hunting 101 by Sandeep Singh
byOWASP Delhi
 

Viewers also liked

PPT
Webinar 2 IT Security
bypcapicik
 
PPTX
Select your career path
byMD. IFTEKARUL ALAM
 
PPTX
Empowering Tech Writers with a Killer Career Path
bySalesforce Engineering
 
PPT
Careers in cyber security
byVaughan Olufemi ACIB, AICEN, ANIM
 
PDF
Cloud development and career path
byPraveen Hanchinal
 
PPT
Cyber Warrant & Engineer Slides
byidcsynchronization
 
PPTX
2015 KSU So You Want To Be in Cyber Security
byPhil Agcaoili
 
PPTX
The mobile health IT security challenge: way bigger than HIPAA?
byStephen Cobb
 
PPTX
Global threat landscape
byJynette Reed
 
PPT
HIPAA, Privacy, Security, and Good Business
byStephen Cobb
 
PPTX
The Year Ahead in Cyber Security: 2014 edition
byStephen Cobb
 
PPTX
Malware and the risks of weaponizing code
byStephen Cobb
 
PPTX
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
byStephen Cobb
 
PPTX
Cyber security
byHarsh verma
 
PPTX
Cybercrime and the Hidden Perils of Patient Data
byStephen Cobb
 
PPTX
Getting Started with Business Continuity
byStephen Cobb
 
PPTX
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
byStephen Cobb
 
PPSX
Cybersecuritycareers
byabsemlimited
 
PPTX
Enjoy Safer Technology and Defeat Cyber Criminals
byStephen Cobb
 
PPTX
Using Technology and People to Improve your Threat Resistance and Cyber Security
byStephen Cobb
 
Webinar 2 IT Security
bypcapicik
 
Select your career path
byMD. IFTEKARUL ALAM
 
Empowering Tech Writers with a Killer Career Path
bySalesforce Engineering
 
Careers in cyber security
byVaughan Olufemi ACIB, AICEN, ANIM
 
Cloud development and career path
byPraveen Hanchinal
 
Cyber Warrant & Engineer Slides
byidcsynchronization
 
2015 KSU So You Want To Be in Cyber Security
byPhil Agcaoili
 
The mobile health IT security challenge: way bigger than HIPAA?
byStephen Cobb
 
Global threat landscape
byJynette Reed
 
HIPAA, Privacy, Security, and Good Business
byStephen Cobb
 
The Year Ahead in Cyber Security: 2014 edition
byStephen Cobb
 
Malware and the risks of weaponizing code
byStephen Cobb
 
Using Technology and Techno-People to Improve your Threat Resistance and Cybe...
byStephen Cobb
 
Cyber security
byHarsh verma
 
Cybercrime and the Hidden Perils of Patient Data
byStephen Cobb
 
Getting Started with Business Continuity
byStephen Cobb
 
Malware is Called Malicious for a Reason: The Risks of Weaponizing Code
byStephen Cobb
 
Cybersecuritycareers
byabsemlimited
 
Enjoy Safer Technology and Defeat Cyber Criminals
byStephen Cobb
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
byStephen Cobb
 

Similar to Skills For Career In Security

PDF
Rothke stimulating your career as an information security professional
byBen Rothke
 
PPSX
William Diederich - Security Certifications: Are They Worth the Investment? A...
bycentralohioissa
 
PPTX
Starting your Career in Information Security
byAhmed Sayed-
 
PDF
Cyber security and demonstration of security tools
byVicky Fernandes
 
PDF
Secure Your Career Shift With Computer-Security Training
byCCI Training Center
 
PPTX
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
byITpreneurs
 
PPTX
Cyber Security Seminar.pptx
byDESTROYER39
 
PPTX
Cybersecurity Awareness Session by Adam
byMohammed Adam
 
PPTX
Secure Your Career Shift With Computer-Security Training
byCCI Training Center
 
PDF
Becoming a Pentester
byAdam Compton
 
PPTX
Hack the hustle!
byEve Adams
 
PPTX
High Paying Jobs in Cybersecurity 2025.pptx
byfanazeez4
 
PDF
Information Security Career Day Presentation
bydjglass
 
PDF
Top 10 Cybersecurity Career Options.pdfffff
bymanisha06650
 
PPTX
Ppt information security
byMultisoft Virtual Academy
 
PPTX
Should i study cyber security
byVishal Singh
 
PPTX
2021 BSides Tampa Cyber Security Careers
byScott Stanton
 
PPT
Information Security : A look
byDeepak Kumar (D3)
 
PPTX
2014 - KSU - So You Want to Be in Cyber Security?
byPhil Agcaoili
 
PPTX
Security and Personnel-Chapter 11 Presentation.pptx
bybernaleighsande88
 
Rothke stimulating your career as an information security professional
byBen Rothke
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
bycentralohioissa
 
Starting your Career in Information Security
byAhmed Sayed-
 
Cyber security and demonstration of security tools
byVicky Fernandes
 
Secure Your Career Shift With Computer-Security Training
byCCI Training Center
 
How Training and Consulting Companies Can Position CISSP, CISM and CRISC
byITpreneurs
 
Cyber Security Seminar.pptx
byDESTROYER39
 
Cybersecurity Awareness Session by Adam
byMohammed Adam
 
Secure Your Career Shift With Computer-Security Training
byCCI Training Center
 
Becoming a Pentester
byAdam Compton
 
Hack the hustle!
byEve Adams
 
High Paying Jobs in Cybersecurity 2025.pptx
byfanazeez4
 
Information Security Career Day Presentation
bydjglass
 
Top 10 Cybersecurity Career Options.pdfffff
bymanisha06650
 
Ppt information security
byMultisoft Virtual Academy
 
Should i study cyber security
byVishal Singh
 
2021 BSides Tampa Cyber Security Careers
byScott Stanton
 
Information Security : A look
byDeepak Kumar (D3)
 
2014 - KSU - So You Want to Be in Cyber Security?
byPhil Agcaoili
 
Security and Personnel-Chapter 11 Presentation.pptx
bybernaleighsande88
 

Recently uploaded

PDF
Collazo, Angie - 2021-2025 B.S, Portfolio
byangiecollazo02
 
PDF
PMI - Talking to AI Prompt Engineering for Project Managers
byNeil Beyersdorf - MSES | CLSSMBB | Prosci OCM
 
PPTX
The Rule of 3: A Time Management System That Actually Works
bySemantic SEO BD
 
DOCX
PowellAustin_BrandAnalysisRevised.docx for portfolio
byaustinpow3ll
 
PDF
CMA Dubai: Your Pathway to Global Finance Careers
byEMERGE PRO
 
PDF
Office of the Director of National Intelligence: Randy Siwiec
byRandy Siwiec
 
PPTX
WiFi-7-Technical-Overview-and-Deployment
byBrindha639607
 
PPT
PPT 1.2_Postharvest Physiology.ppt principles of post-harvest physiology
byfarahan5
 
PPTX
Your Guide for a Winning Interview Feb 2026
byBruce Bennett
 
DOCX
Health Question for Practice , Class 8.docx
byKrishna Devkota, Mid-West University , Narayan Multiple Campus, Dailekh-Nepal
 
PPTX
national & International guidelines.pptx
bysruthijinoy1990
 
PDF
PMI - Introduction Certified Professional in Managing AI (PMI-CPMAI)™
byNeil Beyersdorf - MSES | CLSSMBB | Prosci OCM
 
PPTX
English eight _Quarter4_WEEK3 SY 2526_LESSON3.pptx
bygenelyn tallad
 
PPTX
Web Designing Course in Chennai – Career Guide, Skills & Placement Support | ...
bygilbertmanojrlogin36
 
PPTX
feeding of dog (1).pptx of animal science
bygudiadangi23
 
PPTX
GENERAL PHARMACOLOGY (ADME) PHARMACOKINETICS
byLaxmi Athbhaiya
 
PDF
Complete biodata of I Gusti Haris pradana or Muhamad Abdul Haris
byDolan Ijen Tour
 
PPTX
PM-KISAN VC_11.09.25.pptxcrddddddddddddd
byeepdya
 
PDF
ABAPConf 2024 - Key User and Developer Extensibility Options - Best Practices...
byssuserad0480
 
PPTX
475193802-246066917-Chromatographic-Methods-of-Analysis-pptx.pptx
bypatelzakariya366
 
Collazo, Angie - 2021-2025 B.S, Portfolio
byangiecollazo02
 
PMI - Talking to AI Prompt Engineering for Project Managers
byNeil Beyersdorf - MSES | CLSSMBB | Prosci OCM
 
The Rule of 3: A Time Management System That Actually Works
bySemantic SEO BD
 
PowellAustin_BrandAnalysisRevised.docx for portfolio
byaustinpow3ll
 
CMA Dubai: Your Pathway to Global Finance Careers
byEMERGE PRO
 
Office of the Director of National Intelligence: Randy Siwiec
byRandy Siwiec
 
WiFi-7-Technical-Overview-and-Deployment
byBrindha639607
 
PPT 1.2_Postharvest Physiology.ppt principles of post-harvest physiology
byfarahan5
 
Your Guide for a Winning Interview Feb 2026
byBruce Bennett
 
Health Question for Practice , Class 8.docx
byKrishna Devkota, Mid-West University , Narayan Multiple Campus, Dailekh-Nepal
 
national & International guidelines.pptx
bysruthijinoy1990
 
PMI - Introduction Certified Professional in Managing AI (PMI-CPMAI)™
byNeil Beyersdorf - MSES | CLSSMBB | Prosci OCM
 
English eight _Quarter4_WEEK3 SY 2526_LESSON3.pptx
bygenelyn tallad
 
Web Designing Course in Chennai – Career Guide, Skills & Placement Support | ...
bygilbertmanojrlogin36
 
feeding of dog (1).pptx of animal science
bygudiadangi23
 
GENERAL PHARMACOLOGY (ADME) PHARMACOKINETICS
byLaxmi Athbhaiya
 
Complete biodata of I Gusti Haris pradana or Muhamad Abdul Haris
byDolan Ijen Tour
 
PM-KISAN VC_11.09.25.pptxcrddddddddddddd
byeepdya
 
ABAPConf 2024 - Key User and Developer Extensibility Options - Best Practices...
byssuserad0480
 
475193802-246066917-Chromatographic-Methods-of-Analysis-pptx.pptx
bypatelzakariya366
 

Skills For Career In Security

  • 1.
    Skills For ACareer In Security http://vprasanna.com
  • 2.
    “There is adifference between knowing the path and walking the path” http://vprasanna.com
  • 3.
    Agenda Today’s Security trends Whya Career in Information Security Skills required Profiles Certifications. Are they required? Q & A http://vprasanna.com
  • 4.
    Today’s Security trends Theinformation explosion caused by Internet has also shortened the geographical boundaries, and has brought about immense data for exploration and exploitation. http://vprasanna.com
  • 5.
    'Man is aSocial Animal' - Aristotle http://vprasanna.com
  • 6.
    Terms like Cybercrime economy, corporate cyber espionage, Cyber Warfare have now come into vogue..Its a constant game of catch- up 6 Today’s Security trends (cont..) Governments & Corporations are setting up Cyber Labs with specialized training for its workforce to tackle these….
  • 7.
    7 Today’s Security trends(cont..) www.packetverify.com Unlike the old times when hacking was for fun and to show off one’s ability, today the primary motivation is driven by Money.
  • 8.
    Today’s Security Trends(cont) …Of-course some still do it for fun and more….
  • 9.
    Today’s Security Trends(cont) Breaches still continue to happen due to user errors as well…
  • 10.
    What does thisbring to picture? Need of good folks…. http://vprasanna.com
  • 11.
    So, who couldbe these good folks? http://vprasanna.com
  • 12.
  • 13.
    • Requires specializedSkills • Opportunity for continuous learning • Challenging job prospectus • Niche Area • Currently there is a big shortage of skilled Information Security Professionals in line with Data exploration and exploitation. http://vprasanna.com Why a career in Security ?
  • 14.
    Why a careerin Security ?(cont) Courtesy: www.ecommercetimes.com
  • 15.
    http://vprasanna.com Education Level ofProfessionals in Security Statistics: Global Workforce Study www.isc2.org Source:www.isc2.org
  • 16.
    Security Engineering Field ofwork:  Product design and development  Hardware programming  Application Testing  Hardware Testing  Review codes for vulnerabilities  Fix vulnerabilities through patching (some more coding)  Research and Development  Malware Analysis, Reverse Engineering  Application Security review http://vprasanna.com
  • 17.
    Security Engineering Typical skillsrequired:  Programming  Unix, C,C++, Shell, PERL,Python, Java, .NET & etc  Scripting  Databases  Cryptography  TCP/IP Stack, OSI Model  Software Development Life Cycle (SDLC)  Common Sense http://vprasanna.com
  • 18.
    Certifications & Resources: •Certified Secure Software Lifecycle Professional (CSSLP) from ISC2 • SANS Secure Coding Certifications – Java - Secure Coding - Developing Defensible Apps – .NET - Secure Coding - Developing Defensible Apps – C/C++ - Secure Coding - Developing Defensible Apps – PCI - Secure Coding for PCI Compliance (DEV 536) • Microsoft Security Development Lifecycle • CMMI practises • Many more… http://vprasanna.com
  • 19.
    Popular Job Titlesinclude: • Security Engineer • Security Researcher • Application Security Researcher • Product Engineer • Security Tester http://vprasanna.com
  • 20.
    Security Administration Field ofWork:  System Security, OS hardening, patching,  Network Security, Firewall, IDS/IPS, SIEM,PKI  Vulnerability Assessment & Penetration Testing  Incident Response  Troubleshooting and fixing security issues  Awareness and Training  Identity and Access Management  IT Audits http://vprasanna.com
  • 21.
    Security Administration Typical Skillsrequired:  Solid understanding of Operating Systems  OSI Model, TCP/IP Stack, DNS, Routing, Switching, HTTP, SSL, LAN, WAN, DNS, DHCP, Routing, Wi-Fi, and VoIP.  Firewalls, Intrusion Detection Systems (IDS), IPS, Routers, Switches  Antivirus, Content filters  Databases http://vprasanna.com
  • 22.
    Security Administration (cont..)  Scripting(highly desirable & makes like easier): Unix, PERL,Python, Windows Shell Scripting  Data mining  Protocol dissection  Exposure and knowledge of various security best practices and standards like ISO 27001, PCI-DSS, Common Criteria, PCI-DSS and etc  Good Documentation and Communications skills  Appetite for Learning http://vprasanna.com
  • 23.
    Certifications & Resources: •Certified Information Systems Security Professional (CISSP) from ISC2 • SANS Global Information Assurance Certifications (GIAC) • Security + • Certified Ethical Hacker (CEH) • ISO 27001Implementor /Internal Auditor / Lead Auditor • Computer Hacking Forensic Investigator • Vendor Certifications from Checkpoint, Symantec, Juniper, Cisco and etc http://vprasanna.com
  • 24.
    Popular Job Titlesinclude: • IT Security Manager • Network Security Administrator • Security Analyst • Security Administrator Involves hands on work generally and partly managerial as well. http://vprasanna.com
  • 25.
    Security Management Field ofwork:  More of Auditing, Compliance, Governance & Risk Management  Compliance to standards like ISO27001, PCI-DSS, HIPAA,  Information Systems Audits  Security Awareness Trainings and evaluation  Business Continuity and Disaster Recovery.  Covers IT as well as Non-IT aspects of Security in an Organization http://vprasanna.com
  • 26.
    Security Management Typical Skills:  Goodunderstanding of Auditing standards,  Networks, System level Security hardening mechanism  Risk Assessment and mitigation strategies  Standards & Compliances  ISO27001, Common Criteria, COBIT,GLBA  SOX  Payment Card Industry Data Security Standards (PCI –DSS)  IT Legal concepts  Indian IT Act 2000  Data Privacy Laws & Regulations  Good Documentation and Communications skills http://vprasanna.com
  • 27.
    Certifications & Resources: •Certified Information Systems Security Professional (CISSP) from ISC2 • Certified Information Systems Auditor (CISA) from ISACA • Certified Information Systems Manager(CISM) from ISACA • ISO 27001Implementor /Internal Auditor / Lead Auditor • Cyber Law http://vprasanna.com
  • 28.
    Popular Job Titlesinclude: • Information Security Manager • IT Risk Manager • Chief Information Security Officer • Chief Privacy Officer • Chief Risk Officer These positions involves more of managerial responsibilities and limited hands on as well http://vprasanna.com
  • 29.
    • Certification complimentsthe skills and experience • Give yourself sufficient time and experience to see catch up with the requirements • Go for the certifications that are accredited by the recognized organizations • Don’t get certified for the heck of it, rather the whole process from studying to certifying should be an enriching experience NOTE: Nothing substitutes right skills & experience http://vprasanna.com Should I get Certified ?
  • 30.
    Does Certifying payme more? http://packetverify.com Survey from ISC2 says, Yes. Statistics: Global Workforce Study www.isc2.org
  • 31.
    Write-ups and Blogson Security.. • NIST • SANS Security Resources • EFF • Openwall • Naked Security • Bruce Schneier on Security • Krebs on Security • Open Web Application Security Project • Open Source Security Testing Methodology Manual (OSSTMM) • Google Summer Of Code • Insecure.org Mailing lists • CERTs http://vprasanna.com
  • 32.
    Hackers & Entertainment •Wargames • The Matrix • Italian Job • Swordfish • Pirates of Silicon Valley • Takedown • & many more....... http://vprasanna.com
  • 33.
    Background about thispresentation Please note that this is not a definitive guide about starting or building a career in security. I used to get questions on this subject and thought of skills that helped me in my InfoSec Career. I have put these here and believe it could help you in your InfoSec career journey. May The Force Be With You http://vprasanna.com
  • 34.
    What I do? Iam a Information Security professional :) http://vprasanna.com
  • 35.