SlideShare une entreprise Scribd logo

Information Security Professional Career Paths

Ammar WK
Ammar WK

This document discusses information security professionals. It describes how some gain their knowledge through hacking as "natural born hackers" while others get formal education. It outlines the different types of hackers and professionals that work in information security like security officers, analysts, auditors, and engineers. Requirements for these roles include skills, experience, certification, and the ability to work independently or as part of a team. Maintaining the right attitude and continuing improvement are also important to avoid failure in these types of positions.

Technologie
1  sur  34
Télécharger pour lire hors ligne
Information Security Professional UIN - 16 Nov 2011 - @y3dips Wednesday, November 16, 11
y3dips • Freelance IT Security Consultant • More than 9 years in IT Security • Founder of “ECHO” one of Indonesian Hacker Community, established 2003 • Founder of IDSECCONF - Indonesia Security Conference @y3dips Wednesday, November 16, 11
InfoSec Means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction [1] [1]  h&p://wikipedia.org Wednesday, November 16, 11
Information Security • Information : Set or collection of data that has meaning • Level [2] • Non-Classified • Public Information • Personal Information • Routine Business Information • Classified • Confidential • Secret • Top Secret [2]  h&p://wikipedia.org Wednesday, November 16, 11
InfoSec Pro People Working in Information security Wednesday, November 16, 11
InfoSec Pro Background • Natural Born Hacker • Formal Education Wednesday, November 16, 11
Hackers Natural Born Hacker, Gain their InfoSec Knowledge by Hacking; Hack to Learn not Wednesday, November 16, 11
Hacker • Newbie • Script Kiddie • Develop Kiddie • Hacker • 1337 Wednesday, November 16, 11
Newbie A wanna be hacker Wednesday, November 16, 11
Script Kiddies Know the Tools, Able to use the tools; But, Not how the tool “really” works Wednesday, November 16, 11
Develop Kiddies Able to Create a Tools, Know how the tool “really” works But Still lack with attitude Wednesday, November 16, 11
Hacker Know Exactly What they’re Doin and How to Do it Wednesday, November 16, 11
1337 Nobody Know what They are Doing Wednesday, November 16, 11
Hacker [+] • Proven Skill and Exprerience • Able to do a proof of concept [-] • Lack of Metodhologies • Lack or Organizations/Managerial Wednesday, November 16, 11
!Professional • Bug Hunter • OS/App Developer • Botnet owner (DDOSer) • Fraudster Wednesday, November 16, 11
Wednesday, November 16, 11
Wednesday, November 16, 11
InfoSec Student Gain Information Security Knowledge from formal Education, Course, Certification Wednesday, November 16, 11
InfoSec Student [+] • Strong in Concept and Metodhologies [-] • Lack of Skill and Experience • Unable to do Proof Of concept Wednesday, November 16, 11
InfoSec Pro • IT Security Officer • IT Security Analyst • IT Security Auditor • IT Security Engineer Wednesday, November 16, 11
Security Officer • Security Contact Point for Organization • Principle Advisor for IT Security • Ensure Security Program Running ( Security Awareness course, etc) • Creating Security Policy, Procedures, Hardening guide Wednesday, November 16, 11
Security Analyst • Monitor all type of access to protect confidentiality and integrity • Provides Direct Support and Advise to the IT Security Manager • System Security Analyst, Network Security Analyst Wednesday, November 16, 11
Security Auditor • Auditing an Organizations Technology processess and security. • IT General Controls Reviews • Application Controls Reviews • Security Auditor, Penetration Tester Wednesday, November 16, 11
Security Engineer • Maintenance Computer Hardware and Software that comprises a computer Network • Doing a Security hardening and Configuration • System Security Engineer, Network Security Engineer Wednesday, November 16, 11
Requirements • Skill • Experience • Attitude • Able to work independent/group • Certification? Wednesday, November 16, 11
Skill • In depth knowledge of Operating System • In depth knowledge of Networking • In depth knowledge of Application • In defpth knowledge of Programming • Much more :) Wednesday, November 16, 11
Experience • How long you’ve been in that field • + the Security afterward. Wednesday, November 16, 11
Attitude With Great Power Comes Great Responsibilities Wednesday, November 16, 11
Work • Able to work Alone (individualist), • or a Team Player Wednesday, November 16, 11
Certification • In someway, its a [+] • Is it badly needed? Wednesday, November 16, 11
Limitation • Government Rule : UU ITE • Organization/company Rule: NDA Wednesday, November 16, 11
Failed • Always Take not Give • Lack of Attitude • Kiddies Minded • Lazy to Improve Wednesday, November 16, 11
Wednesday, November 16, 11
Information Security Professional UIN - 16 Nov 2011 - @y3dips Wednesday, November 16, 11

Recommandé

Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embeddedantitree
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Censorship Detection Techniques
Censorship Detection TechniquesCensorship Detection Techniques
Censorship Detection TechniquesArturo Filastò
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Tor2web ESC2011
Tor2web ESC2011Tor2web ESC2011
Tor2web ESC2011Arturo Filastò
 
GloabLeaks ESC2011
GloabLeaks ESC2011GloabLeaks ESC2011
GloabLeaks ESC2011Arturo Filastò
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 

Recommandé

Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embeddedantitree
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Censorship Detection Techniques
Censorship Detection TechniquesCensorship Detection Techniques
Censorship Detection TechniquesArturo Filastò
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Tor2web ESC2011
Tor2web ESC2011Tor2web ESC2011
Tor2web ESC2011Arturo Filastò
 
GloabLeaks ESC2011
GloabLeaks ESC2011GloabLeaks ESC2011
GloabLeaks ESC2011Arturo Filastò
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016Justin Giles
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Remo presentatie v1
Remo presentatie v1Remo presentatie v1
Remo presentatie v1Onno Hansen-Staszyński
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive securityScott Behrens
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)mysociety
 
Ethicalhacking
Ethicalhacking Ethicalhacking
Ethicalhacking Irvin Costa
 
Ethicalhacking 130906120356-
Ethicalhacking 130906120356-Ethicalhacking 130906120356-
Ethicalhacking 130906120356-RAKESH SHARMA
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 
Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingAmmar WK
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Ammar WK
 
Network security
Network securityNetwork security
Network securityAmmar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkAmmar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 

Contenu connexe

Tendances

Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016Justin Giles
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive securityScott Behrens
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)mysociety
 
Ethicalhacking 130906120356-
Ethicalhacking 130906120356-Ethicalhacking 130906120356-
Ethicalhacking 130906120356-RAKESH SHARMA
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 

Tendances (13)

Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-about
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
 
Remo presentatie v1
Remo presentatie v1Remo presentatie v1
Remo presentatie v1
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive security
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-about
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within Agile
 
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
 
Ethicalhacking
Ethicalhacking Ethicalhacking
Ethicalhacking
 
Ethicalhacking 130906120356-
Ethicalhacking 130906120356-Ethicalhacking 130906120356-
Ethicalhacking 130906120356-
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
 

En vedette

Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingAmmar WK
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Ammar WK
 
Network security
Network securityNetwork security
Network securityAmmar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkAmmar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A HackerAmmar WK
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareAmmar WK
 
idsecconf2008
idsecconf2008idsecconf2008
idsecconf2008Ammar WK
 
behind the book
behind the bookbehind the book
behind the bookAmmar WK
 
webhacking
webhackingwebhacking
webhackingAmmar WK
 
Art of Thinking [Re-write]
Art of Thinking [Re-write]Art of Thinking [Re-write]
Art of Thinking [Re-write]Ammar WK
 
phpbb worm explanation
phpbb worm explanationphpbb worm explanation
phpbb worm explanationAmmar WK
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet SecurityAmmar WK
 
Attack the (Own) Network so You'll Survive
Attack the (Own) Network so You'll Survive Attack the (Own) Network so You'll Survive
Attack the (Own) Network so You'll SurviveAmmar WK
 

En vedette (20)

Burp suite
Burp suiteBurp suite
Burp suite
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008
 
Network security
Network securityNetwork security
Network security
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A Hacker
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
idsecconf2008
idsecconf2008idsecconf2008
idsecconf2008
 
behind the book
behind the bookbehind the book
behind the book
 
webhacking
webhackingwebhacking
webhacking
 
Art of Thinking [Re-write]
Art of Thinking [Re-write]Art of Thinking [Re-write]
Art of Thinking [Re-write]
 
phpbb worm explanation
phpbb worm explanationphpbb worm explanation
phpbb worm explanation
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Security
 
Attack the (Own) Network so You'll Survive
Attack the (Own) Network so You'll Survive Attack the (Own) Network so You'll Survive
Attack the (Own) Network so You'll Survive
 

Similaire à Information Security Professional Career Paths

SplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunk
 
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011Gohsuke Takama
 
Building an OpenStack Security Group.pdf
Building an OpenStack Security Group.pdfBuilding an OpenStack Security Group.pdf
Building an OpenStack Security Group.pdfOpenStack Foundation
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthStephanie Bies
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthStephanie Bies
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunk
 
Open Source Software and Libraries
Open Source Software and LibrariesOpen Source Software and Libraries
Open Source Software and LibrariesEllyssa Kroski
 
Secure Communication
Secure CommunicationSecure Communication
Secure CommunicationKoen Van Impe
 
OWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfOWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfnetisBin
 
The art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringThe art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringSuraj Khetani
 
Belenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityBelenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityDefconRussia
 
Inforbix overview November 2011
Inforbix overview November 2011Inforbix overview November 2011
Inforbix overview November 2011Oleg Shilovitsky
 
Inforbix overview November 2011
Inforbix overview November 2011Inforbix overview November 2011
Inforbix overview November 2011inforbix
 
Baking-In Transparency
Baking-In TransparencyBaking-In Transparency
Baking-In TransparencyMatt Simmons
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Introduction to hacking
Introduction to hackingIntroduction to hacking
Introduction to hackingnitish mehta
 

Similaire à Information Security Professional Career Paths (20)

SplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - Baylor
 
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
 
Building an OpenStack Security Group.pdf
Building an OpenStack Security Group.pdfBuilding an OpenStack Security Group.pdf
Building an OpenStack Security Group.pdf
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
Open Source Software and Libraries
Open Source Software and LibrariesOpen Source Software and Libraries
Open Source Software and Libraries
 
Secure Communication
Secure CommunicationSecure Communication
Secure Communication
 
OWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfOWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdf
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
The art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringThe art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineering
 
Belenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityBelenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)security
 
Inforbix overview November 2011
Inforbix overview November 2011Inforbix overview November 2011
Inforbix overview November 2011
 
Inforbix overview November 2011
Inforbix overview November 2011Inforbix overview November 2011
Inforbix overview November 2011
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber Security
 
Kali linux
Kali linuxKali linux
Kali linux
 
Baking-In Transparency
Baking-In TransparencyBaking-In Transparency
Baking-In Transparency
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Introduction to hacking
Introduction to hackingIntroduction to hacking
Introduction to hacking
 

Plus de Ammar WK

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssnAmmar WK
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?Ammar WK
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0dayAmmar WK
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteAmmar WK
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationAmmar WK
 
Attacking Blackberry For Phun and Profit
Attacking Blackberry For Phun and ProfitAttacking Blackberry For Phun and Profit
Attacking Blackberry For Phun and ProfitAmmar WK
 
Art of Backdooring: Technique and Practice
Art of Backdooring: Technique and PracticeArt of Backdooring: Technique and Practice
Art of Backdooring: Technique and PracticeAmmar WK
 
Playin with Password
Playin with PasswordPlayin with Password
Playin with PasswordAmmar WK
 
from 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootfrom 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootAmmar WK
 

Plus de Ammar WK (13)

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssn
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0day
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or White
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigation
 
Attacking Blackberry For Phun and Profit
Attacking Blackberry For Phun and ProfitAttacking Blackberry For Phun and Profit
Attacking Blackberry For Phun and Profit
 
Art of Backdooring: Technique and Practice
Art of Backdooring: Technique and PracticeArt of Backdooring: Technique and Practice
Art of Backdooring: Technique and Practice
 
Playin with Password
Playin with PasswordPlayin with Password
Playin with Password
 
from 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootfrom 33 to 0 - A journey to be root
from 33 to 0 - A journey to be root
 

Dernier

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Dernier (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Information Security Professional Career Paths

  • 1. Information Security Professional UIN - 16 Nov 2011 - @y3dips Wednesday, November 16, 11
  • 2. y3dips • Freelance IT Security Consultant • More than 9 years in IT Security • Founder of “ECHO” one of Indonesian Hacker Community, established 2003 • Founder of IDSECCONF - Indonesia Security Conference @y3dips Wednesday, November 16, 11
  • 3. InfoSec Means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction [1] [1]  h&p://wikipedia.org Wednesday, November 16, 11
  • 4. Information Security • Information : Set or collection of data that has meaning • Level [2] • Non-Classified • Public Information • Personal Information • Routine Business Information • Classified • Confidential • Secret • Top Secret [2]  h&p://wikipedia.org Wednesday, November 16, 11
  • 5. InfoSec Pro People Working in Information security Wednesday, November 16, 11
  • 6. InfoSec Pro Background • Natural Born Hacker • Formal Education Wednesday, November 16, 11
  • 7. Hackers Natural Born Hacker, Gain their InfoSec Knowledge by Hacking; Hack to Learn not Wednesday, November 16, 11
  • 8. Hacker • Newbie • Script Kiddie • Develop Kiddie • Hacker • 1337 Wednesday, November 16, 11
  • 9. Newbie A wanna be hacker Wednesday, November 16, 11
  • 10. Script Kiddies Know the Tools, Able to use the tools; But, Not how the tool “really” works Wednesday, November 16, 11
  • 11. Develop Kiddies Able to Create a Tools, Know how the tool “really” works But Still lack with attitude Wednesday, November 16, 11
  • 12. Hacker Know Exactly What they’re Doin and How to Do it Wednesday, November 16, 11
  • 13. 1337 Nobody Know what They are Doing Wednesday, November 16, 11
  • 14. Hacker [+] • Proven Skill and Exprerience • Able to do a proof of concept [-] • Lack of Metodhologies • Lack or Organizations/Managerial Wednesday, November 16, 11
  • 15. !Professional • Bug Hunter • OS/App Developer • Botnet owner (DDOSer) • Fraudster Wednesday, November 16, 11
  • 18. InfoSec Student Gain Information Security Knowledge from formal Education, Course, Certification Wednesday, November 16, 11
  • 19. InfoSec Student [+] • Strong in Concept and Metodhologies [-] • Lack of Skill and Experience • Unable to do Proof Of concept Wednesday, November 16, 11
  • 20. InfoSec Pro • IT Security Officer • IT Security Analyst • IT Security Auditor • IT Security Engineer Wednesday, November 16, 11
  • 21. Security Officer • Security Contact Point for Organization • Principle Advisor for IT Security • Ensure Security Program Running ( Security Awareness course, etc) • Creating Security Policy, Procedures, Hardening guide Wednesday, November 16, 11
  • 22. Security Analyst • Monitor all type of access to protect confidentiality and integrity • Provides Direct Support and Advise to the IT Security Manager • System Security Analyst, Network Security Analyst Wednesday, November 16, 11
  • 23. Security Auditor • Auditing an Organizations Technology processess and security. • IT General Controls Reviews • Application Controls Reviews • Security Auditor, Penetration Tester Wednesday, November 16, 11
  • 24. Security Engineer • Maintenance Computer Hardware and Software that comprises a computer Network • Doing a Security hardening and Configuration • System Security Engineer, Network Security Engineer Wednesday, November 16, 11
  • 25. Requirements • Skill • Experience • Attitude • Able to work independent/group • Certification? Wednesday, November 16, 11
  • 26. Skill • In depth knowledge of Operating System • In depth knowledge of Networking • In depth knowledge of Application • In defpth knowledge of Programming • Much more :) Wednesday, November 16, 11
  • 27. Experience • How long you’ve been in that field • + the Security afterward. Wednesday, November 16, 11
  • 28. Attitude With Great Power Comes Great Responsibilities Wednesday, November 16, 11
  • 29. Work • Able to work Alone (individualist), • or a Team Player Wednesday, November 16, 11
  • 30. Certification • In someway, its a [+] • Is it badly needed? Wednesday, November 16, 11
  • 31. Limitation • Government Rule : UU ITE • Organization/company Rule: NDA Wednesday, November 16, 11
  • 32. Failed • Always Take not Give • Lack of Attitude • Kiddies Minded • Lazy to Improve Wednesday, November 16, 11
  • 34. Information Security Professional UIN - 16 Nov 2011 - @y3dips Wednesday, November 16, 11