skills for career in security
DESCRIPTION
I used to get questions on what it takes to have a career in Information Security. Here are my thoughts on building a career in Security touching points like skills, job titles, are certifications needed etcTRANSCRIPT
![Page 1: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/1.jpg)
Skills For A Career In Security
http://vprasanna.com
![Page 2: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/2.jpg)
“There is a difference between knowing the path and walking the
path”
http://vprasanna.com
![Page 3: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/3.jpg)
Agenda
Today’s Security trends
Why a Career in Information Security
Skills required
Profiles
Certifications. Are they required?
Q & A
http://vprasanna.com
![Page 4: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/4.jpg)
Today’s Security trendsThe information explosion caused by Internet has also shortened the geographical boundaries, and has brought about immense data for exploration and exploitation.
http://vprasanna.com
![Page 5: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/5.jpg)
'Man is a Social Animal' - Aristotle
http://vprasanna.com
![Page 6: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/6.jpg)
Terms like Cyber crime economy, corporate cyber espionage, Cyber Warfare have now come into vogue..Its a constant game of catch-up
6
Today’s Security trends (cont..)
Governments & Corporations are setting up Cyber Labs with specialized training for its workforce to tackle these….
![Page 7: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/7.jpg)
7
Today’s Security trends (cont..)
www.packetverify.com
Unlike the old times when hacking was for fun and to show off one’s ability, today the primary motivation is driven by Money.
![Page 8: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/8.jpg)
Today’s Security Trends (cont)
…Of-course some still do it for fun and more….
![Page 9: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/9.jpg)
Today’s Security Trends (cont)
Breaches still continue to happen due to user errors as well…
![Page 10: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/10.jpg)
What does this bring to picture?
Need of good folks….http://vprasanna.com
![Page 11: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/11.jpg)
So, who could be these good folks?
http://vprasanna.com
![Page 12: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/12.jpg)
Interesting?
Lets Explore…
http://vprasanna.com
![Page 13: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/13.jpg)
• Requires specialized Skills
• Opportunity for continuous learning• Challenging job prospectus
• Niche Area
• Currently there is a big shortage of skilled Information Security Professionals in line with Data exploration and exploitation.
http://vprasanna.com
Why a career in Security ?
![Page 14: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/14.jpg)
Why a career in Security ?(cont)
Courtesy: www.ecommercetimes.com
![Page 15: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/15.jpg)
http://vprasanna.com
Education Level of Professionals in Security
Statistics: Global Workforce Study www.isc2.org
Source:www.isc2.org
![Page 16: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/16.jpg)
Security Engineering
Field of work: Product design and development
Hardware programming
Application Testing
Hardware Testing
Review codes for vulnerabilities
Fix vulnerabilities through patching (some more coding)
Research and Development
Malware Analysis, Reverse Engineering
Application Security reviewhttp://vprasanna.com
![Page 17: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/17.jpg)
Security Engineering
Typical skills required:
Programming
Unix, C,C++, Shell, PERL,Python, Java, .NET & etc
Scripting
Databases
Cryptography
TCP/IP Stack, OSI Model
Software Development Life Cycle (SDLC)
Common Sense
http://vprasanna.com
![Page 18: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/18.jpg)
Certifications & Resources:
• Certified Secure Software Lifecycle Professional (CSSLP)
from ISC2
• SANS Secure Coding Certifications
– Java - Secure Coding - Developing Defensible Apps
– .NET - Secure Coding - Developing Defensible Apps
– C/C++ - Secure Coding - Developing Defensible Apps
– PCI - Secure Coding for PCI Compliance (DEV 536)
• Microsoft Security Development Lifecycle
• CMMI practises
• Many more…http://vprasanna.com
![Page 19: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/19.jpg)
Popular Job Titles include:
• Security Engineer
• Security Researcher
• Application Security Researcher
• Product Engineer
• Security Tester
http://vprasanna.com
![Page 20: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/20.jpg)
Security AdministrationField of Work:
System Security, OS hardening, patching,
Network Security, Firewall, IDS/IPS, SIEM,PKI
Vulnerability Assessment & Penetration Testing
Incident Response
Troubleshooting and fixing security issues
Awareness and Training
Identity and Access Management
IT Audits
http://vprasanna.com
![Page 21: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/21.jpg)
Security Administration
Typical Skills required:
Solid understanding of Operating Systems
OSI Model, TCP/IP Stack, DNS, Routing, Switching, HTTP,
SSL, LAN, WAN, DNS, DHCP, Routing, Wi-Fi, and VoIP.
Firewalls, Intrusion Detection Systems (IDS), IPS, Routers,
Switches
Antivirus, Content filters
Databases
http://vprasanna.com
![Page 22: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/22.jpg)
Security Administration (cont..) Scripting (highly desirable & makes like easier): Unix,
PERL,Python, Windows Shell Scripting
Data mining
Protocol dissection
Exposure and knowledge of various security best practices
and standards like ISO 27001, PCI-DSS, Common Criteria,
PCI-DSS and etc
Good Documentation and Communications skills
Appetite for Learning
http://vprasanna.com
![Page 23: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/23.jpg)
Certifications & Resources:
• Certified Information Systems Security Professional
(CISSP) from ISC2
• SANS Global Information Assurance Certifications (GIAC)
• Security +
• Certified Ethical Hacker (CEH)
• ISO 27001Implementor /Internal Auditor / Lead Auditor
• Computer Hacking Forensic Investigator
• Vendor Certifications from Checkpoint, Symantec, Juniper,
Cisco and etc http://vprasanna.com
![Page 24: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/24.jpg)
Popular Job Titles include:
• IT Security Manager• Network Security Administrator• Security Analyst• Security Administrator
Involves hands on work generally and partly managerial as well.
http://vprasanna.com
![Page 25: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/25.jpg)
Security Management
Field of work:
More of Auditing, Compliance, Governance & Risk
Management
Compliance to standards like ISO27001, PCI-DSS, HIPAA,
Information Systems Audits
Security Awareness Trainings and evaluation
Business Continuity and Disaster Recovery.
Covers IT as well as Non-IT aspects of Security in an
Organization
http://vprasanna.com
![Page 26: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/26.jpg)
Security Management
Typical Skills:
Good understanding of Auditing standards, Networks, System level Security hardening mechanism Risk Assessment and mitigation strategies Standards & Compliances ISO27001, Common Criteria, COBIT,GLBA SOX Payment Card Industry Data Security Standards (PCI –DSS) IT Legal concepts Indian IT Act 2000 Data Privacy Laws & Regulations Good Documentation and Communications skills
http://vprasanna.com
![Page 27: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/27.jpg)
Certifications & Resources:
• Certified Information Systems Security Professional
(CISSP) from ISC2
• Certified Information Systems Auditor (CISA) from ISACA
• Certified Information Systems Manager(CISM) from ISACA
• ISO 27001Implementor /Internal Auditor / Lead Auditor
• Cyber Law
http://vprasanna.com
![Page 28: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/28.jpg)
Popular Job Titles include:
• Information Security Manager• IT Risk Manager• Chief Information Security Officer• Chief Privacy Officer • Chief Risk Officer
These positions involves more of managerial responsibilities and limited hands on as well
http://vprasanna.com
![Page 29: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/29.jpg)
• Certification compliments the skills and experience
• Give yourself sufficient time and experience to see catch up with the requirements
• Go for the certifications that are accredited by the recognized organizations
• Don’t get certified for the heck of it, rather the whole process from studying to certifying should be an enriching experience
NOTE: Nothing substitutes right skills & experience
http://vprasanna.com
Should I get Certified ?
![Page 30: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/30.jpg)
Does Certifying pay me more?
http://packetverify.com
Survey from ISC2 says, Yes.
Statistics: Global Workforce Study www.isc2.org
![Page 31: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/31.jpg)
Write-ups and Blogs on Security..
• NIST
• SANS Security Resources
• EFF
• Openwall
• Naked Security
• Bruce Schneier on Security
• Krebs on Security
• Open Web Application Security Project
• Open Source Security Testing Methodology Manual (OSSTMM)
• Google Summer Of Code
• Insecure.org Mailing lists
• CERTs http://vprasanna.com
![Page 32: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/32.jpg)
Hackers & Entertainment
• Wargames
• The Matrix
• Italian Job
• Swordfish
• Pirates of Silicon Valley
• Takedown
• & many more.......
http://vprasanna.com
![Page 33: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/33.jpg)
Background about this presentation
Please note that this is not a definitive guide about
starting or building a career in security. I used to get
questions on this subject and thought of skills that
helped me in my InfoSec Career. I have put these
here and believe it could help you in your InfoSec
career journey.
May The Force Be With You
http://vprasanna.com
![Page 34: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/34.jpg)
What I do?
I am a Information Security professional :)
http://vprasanna.com
![Page 35: Skills For Career In Security](https://reader033.vdocuments.net/reader033/viewer/2022051608/53ecc00d8d7f7289708b58dc/html5/thumbnails/35.jpg)
Thank You
@terminalfixvprasanna.com
Prasanna Venkatesh