Which side are you

•

1 like•170 views

This document discusses the differences between working in information security on the "light side" versus the "dark side". The light side involves legitimate security jobs like penetration testing, malware analysis, and security auditing. The dark side refers to illegal hacking activities like creating ransomware, spamming, or conducting large DDoS attacks. While dark side activities can be financially lucrative in the short term, they often involve serious legal risks since computer crime laws are strongly enforced. The document encourages pursuing an career in the growing field of information security through legal and ethical means.

Which side are you?
Dark side or Light side
By

Sumedt Jitpukdebodin

Security Consultant @ G-ABLE

$ whoami
• Name: Sumedt Jitpukdebodin

• Job: Security Consultant @ G-ABLE

• Interesting: Hacking, Malware Analysis, Forensic, Games,
Travel, etc.

• Social network: @materaj, fb.com/hackandsecbook

• Group: OWASP Thailand, 2600 Thailand

• Another: search me

Dark side or Light side
http://orig10.deviantart.net/90cd/f/2014/126/e/e/star_wars_dark_side___light_side_wallpaper_by_soulreaper919-d7hfqch.jpg

Wikipedia
“Information security, sometimes shortened to InfoSec, is the practice of preventing
unauthorized access, use, disclosure, disruption, modiﬁcation, inspection, recording or
destruction of information. It is a general term that can be used regardless of the form
the data may take (e.g. electronic, physical).[1] The chief area of concern for the ﬁeld of
information security is the balanced protection of the Conﬁdentiality, Integrity and
Availability of data, also known as the CIA Triad, while maintaining a focus on efﬁcient
policy implementation and no major hampering of organization productivity.[2] To
standardize this discipline, academics and professionals collaborate and seek to set
basic guidelines and policies on password, antivirus software, ﬁrewall, encryption
software, legal liability and user/administrator training standards.[3]”
https://en.wikipedia.org/wiki/Information_security

Why security is so
important?
• It’s everywhere

• It’s easy to learn

• It’s in demands

• It’s important.

Security are in everywhere
• Application

• IoT (Internet of Thing)

• Car

• Facility

• SCADA

• Daily Life

• etc.

How can I learn security?
• Take a security course

• Do the labs

• CTF(Capture The Flag)

• Read the books.

• etc.

https://www.youtube.com/playlist?list=PLUl4u3cNGP62K2DjQLRxDNRi0z2IRWnNh

Which one?
https://qzprod.ﬁles.wordpress.com/2015/11/google-starwars.jpg?quality=80&strip=all

Light Side
• Penetration Tester

• Malware Analyzer

• Digital Forensic

• IT Security Auditor

• Chief Information Security

• Oﬃcer (CISO)

• Bug Bounty Hunter

• etc.

http://internetsecurityacademy.org/wp-content/uploads/Information-Security-Career-Growth.png

Dark Side
• Spammer

• Hacker

• Cracker

• DDoSer

• Ransomware Inventor

• Script kiddy

• etc.

What is the biggest DDoS in
the history
• Victim: OVH - France Hosting

• When: 26 September 2016

• How: 1Tbps

• IoT (CCTV) was used to be the zombie.

• https://github.com/jgamblin/Mirai-Source-Code

Breach cost
https://www.ibm.com/security/infographics/data-breach/

What is difference between
Light side and Dark side
• Times

• Methods

• Scope

Bug Bounty Program
• bugcrowd

• hackerone

• zerodium

• etc.

And always remember “Computer Crime Act
Criminal Law” so strong

The growth of Internet connected devices is hard to comprehend. From health monitoring gadgets to Home Automation systems. The real world is getting Internet connected. Lots of these devices are built on 8-bit microcontrollers. Often they use unencrypted radio comms or networking, and default passwords. Do we care? Maybe they are too simple, too uninteresting to hack? Visit examples of hacking Things, why we should care and how to fix it. If you are building a Thing, using an internet connected Thing, or working with data from Things, come along to find out what you should know about securing them.

Take Back Your Online Privacy: Simple Computer Security

Kit O'Connell

Resist Doxing & Take Back Your Online Privacy

Kit O'Connell

Practical White Hat Hacker Training - Passive Information Gathering(OSINT)

PRISMA CSI

Conf 2019 - Workshop: Liam Glanfield - know your threat actor

TechExeter

Building An Information Security Awareness Program

Bill Gardner

Most organization’s Security Awareness Programs suck. They involved ‘canned’ video presentations or someone is HR explaining computer use policies. Others are extremely expensive and beyond the reach of the budgets of smaller organizations. This talk will show you how to build a Security Awareness Program from scratch for little or no money, and how to engage your users so that they get the most out of the program.

Defending Enterprise IT - beating assymetricality

Claus Cramon Houmann

We are surrounding with technology. The more we surround and integrate with technology the more we will be in risk our privacy data/online/internet/cyber. Not only you are in risk, your family and friend alos in risk. If we think I am not important person then that would be your great mistake. You are important to someone in somewhere in this world. Mind it your daily life is watched by someone. So be conscious… remember Prevention is Better than cure.

how_to_get_into_infosec

Null Bhubaneswar

The state of web applications (in)security @ ITDays 2016

Tudor Damian

The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach, especially after some of last years' heavily publicized cyber breaches. Join this session for a high-level overview on the industry trends in the area of web application security, and find out why security is bound to become a hot topic in any organization developing or using web applications.

2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension

Data Privacy for Activists

Greg Stromire

Blue team reboot - HackFest

Haydn Johnson

Co Speaker: Cheryl Biswas Talk Description: How about this: a blue team talk given by red teamers. But here’s our rationale - your best defence right now is a strategic offence. The rules of the game have changed and we need to get defence up to speed. We’ll show you what the key elements are in a good defence strategy; what you can and need to be using to full advantage. We’ll talk about the new “buzzwords” and how they apply: visibility; patterns; big data. There’s a whole lotta data to wrangle, and you aren’t seeing the whole picture if you aren’t doing things right. Threat intel is about getting the big picture as it applies to you. You’ll learn the importance of context and prioritization so that you can manipulate intel feeds to do your bidding. And then we’ll take things further and talk about hunting the adversary, using an update on proven methodologies. We’ll show you how to understand your data, correlate threats and pin point attacks. Attendees will leave with a new understanding of the resources they have on hand, and how to leverage those into an Adaptive Proactive Defense Strategy.

ethics final project

Victoriya Poplavskaya

Keeping Secrets on the Internet of Things - Mobile Web Application Security

Kelly Robertson

Have you ever wondered why our web apps, and mobile web apps in particular, are hard to secure? Be sure to read the speakers notes in this presentation In this lengthy presentation, you will observe where researchers and hackers corrupt the developer's intentions...then, you will look at the Good, the Bad and the Ugly of Secure Software Development, WAF considerations, and Mobile Device Management...

CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...

PROIDEA

According to the very recent research by global technology company Nuix, most of the hackers (88%) can compromise the system in 12 hours and exfiltrate in another 12 hours (81% respondents). Is the situation really so bad? And what about Security Operation Centres, could not they make the bad guys stop? Let’s have a quick look into the hacker’s arsenal and examine SOC defences. Modern cyber warfare is really brilliant, introducing such weapons as gargantuan size DDoS attacks & infected smart devices, defences augmented with “next generation” security devices, Big Data Analytics and Threat Intelligence. Finally, the defenders have new soldier on the battlefield, the Space Marine of cybersecurity - Threat Hunter. What can possibly go wrong? Why are the breaches still happening? Is SOC really failing miserably this war? Let’s try to find the answers.

Cybersecurity fundamental

Sudipto Krishna Dutta

Developing A Cyber Security Incident Response Program

BGA Cyber Security

It hotspot shield newHamad201030515

Keynote at the Cyber Security Summit Prague 2015

Claus Cramon Houmann

Information security

Varshil Patel

Zero-Knowledge Proofs in Light of Digital Identity

Clare Nelson, CISSP, CIPP-E

This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers. After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities. Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.

Intro to INFOSEC

Sean Whalen

How to create your own hack environment

Sumedt Jitpukdebodin

Phishing

Sumedt Jitpukdebodin

Similar to Which side are you

Top tips for protecting your business online (updated) Feb 14

Vanguard Visions

2023 NCIT: Introduction to Intrusion Detection

APNIC

Presentation infra and_datacentrre_dialogue_v2

Claus Cramon Houmann

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...

APNIC

Users awarness programme for Online Privacy

Kazi Sarwar Hossain

how_to_get_into_infosec

Null Bhubaneswar

The state of web applications (in)security @ ITDays 2016

Tudor Damian

2014 Ultimate Buyers Guide to Endpoint Security SolutionsLumension

Data Privacy for Activists

Greg Stromire

Blue team reboot - HackFest

Haydn Johnson

ethics final project

Victoriya Poplavskaya

Keeping Secrets on the Internet of Things - Mobile Web Application Security

Kelly Robertson

CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...

PROIDEA

Cybersecurity fundamental

Sudipto Krishna Dutta

Developing A Cyber Security Incident Response Program

BGA Cyber Security

It hotspot shield newHamad201030515

Keynote at the Cyber Security Summit Prague 2015

Claus Cramon Houmann

Information security

Varshil Patel

Zero-Knowledge Proofs in Light of Digital Identity

Clare Nelson, CISSP, CIPP-E

Intro to INFOSEC

Sean Whalen

Similar to Which side are you (20)

Top tips for protecting your business online (updated) Feb 14

2023 NCIT: Introduction to Intrusion Detection

Presentation infra and_datacentrre_dialogue_v2

UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...

Users awarness programme for Online Privacy

how_to_get_into_infosec

The state of web applications (in)security @ ITDays 2016

2014 Ultimate Buyers Guide to Endpoint Security Solutions

Data Privacy for Activists

Blue team reboot - HackFest

ethics final project

Keeping Secrets on the Internet of Things - Mobile Web Application Security

CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...

Cybersecurity fundamental

Developing A Cyber Security Incident Response Program

It hotspot shield new

Keynote at the Cyber Security Summit Prague 2015

Information security

Zero-Knowledge Proofs in Light of Digital Identity

Intro to INFOSEC

Recently uploaded

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Knowledge engineering: from people to machines and back

Elena Simperl

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Recently uploaded (20)

PCI PIN Basics Webinar from the Controlcase Team

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

UiPath Test Automation using UiPath Test Suite series, part 4

How world-class product teams are winning in the AI era by CEO and Founder, P...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Monitoring Java Application Security with JDK Tools and JFR Events

JMeter webinar - integration with InfluxDB and Grafana

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Epistemic Interaction - tuning interfaces to provide information for AI support

The Art of the Pitch: WordPress Relationships and Sales

GraphRAG is All You need? LLM & Knowledge Graph

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Knowledge engineering: from people to machines and back

Designing Great Products: The Power of Design and Leadership by Chief Designe...

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Essentials of Automations: Optimizing FME Workflows with Parameters

Which side are you

1. Which side are you? Dark side or Light side By Sumedt Jitpukdebodin Security Consultant @ G-ABLE

2. $ whoami • Name: Sumedt Jitpukdebodin • Job: Security Consultant @ G-ABLE • Interesting: Hacking, Malware Analysis, Forensic, Games, Travel, etc. • Social network: @materaj, fb.com/hackandsecbook • Group: OWASP Thailand, 2600 Thailand • Another: search me

3. Dark side or Light side http://orig10.deviantart.net/90cd/f/2014/126/e/e/star_wars_dark_side___light_side_wallpaper_by_soulreaper919-d7hfqch.jpg

4. Wikipedia “Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).[1] The chief area of concern for the field of information security is the balanced protection of the Confidentiality, Integrity and Availability of data, also known as the CIA Triad, while maintaining a focus on efficient policy implementation and no major hampering of organization productivity.[2] To standardize this discipline, academics and professionals collaborate and seek to set basic guidelines and policies on password, antivirus software, firewall, encryption software, legal liability and user/administrator training standards.[3]” https://en.wikipedia.org/wiki/Information_security

5. Why security is so important? • It’s everywhere • It’s easy to learn • It’s in demands • It’s important.

6. Security are in everywhere • Application • IoT (Internet of Thing) • Car • Facility • SCADA • Daily Life • etc.

7. How can I learn security? • Take a security course • Do the labs • CTF(Capture The Flag) • Read the books. • etc.

9. https://cybrary.it

10. https://www.youtube.com/playlist?list=PLUl4u3cNGP62K2DjQLRxDNRi0z2IRWnNh

11.

12. https://vulnhub.com

13. https://root-me.org

14. https://pentesterlab.com

15. https://game.rop.sh

16. https://ctftime.org

17.

18. Join the security community group

19. Which one? https://qzprod.ﬁles.wordpress.com/2015/11/google-starwars.jpg?quality=80&strip=all

20. Light Side • Penetration Tester • Malware Analyzer • Digital Forensic • IT Security Auditor • Chief Information Security • Oﬃcer (CISO) • Bug Bounty Hunter • etc.

21. http://internetsecurityacademy.org/wp-content/uploads/Information-Security-Career-Growth.png

22.

23.

24. Dark Side • Spammer • Hacker • Cracker • DDoSer • Ransomware Inventor • Script kiddy • etc.

25.

26.

27. DDoS Incident on 25/12/2015

28. What is the biggest DDoS in the history • Victim: OVH - France Hosting • When: 26 September 2016 • How: 1Tbps • IoT (CCTV) was used to be the zombie. • https://github.com/jgamblin/Mirai-Source-Code

29.

30.

31. https://shodan.io

32. Breach cost https://www.ibm.com/security/infographics/data-breach/

33. What is difference between Light side and Dark side • Times • Methods • Scope

34. IT Security Jobs salary

35. Bug Bounty Program • bugcrowd • hackerone • zerodium • etc.

36. But….

37. Ransomware Revenue

38. And but….

39. Hacker are always arrested

40. And always remember “Computer Crime Act Criminal Law” so strong