SlideShare une entreprise Scribd logo

Career In Information security

Télécharger en tant que PPTX, PDF
Anant Shrivastava
Anant Shrivastava

This Presentation tries to provide a insider view on various career opportunities for new budding talents in the field of information security.

Technologie
1  sur  38
Career in Information Security Anant Shrivastava http://anantshri.info
Agenda • What is Information and Security. • Industry Standards • Job Profiles • Certifications • Tips
What a person wants in life • Money  • Fame    • Nirvana  We will talk about first 2 
How to be wealthy ? Have Rich Parents Marry a Rich Spouse Win the Lottery Become a Successful Black Hat Hacker (Live life underground) Work as a White Hat (this presentation) YOU WILL MAKE YOUR OWN CAREER! Others may help, but it’s ALL ON YOU!
Do I have your attention now.
Why Information Security? • Increasing regulatory compliance • Requires organizations to adopt security standards and frameworks for long-term approach to mitigating risk • Evolving and emerging threats and attacks • Continual learning of new skills and techniques • Convergence of physical and information security • Accountability between information security professionals and management falls on several key executives to manage growing risk exposures
What Is Information? • Information is collection of useful DATA. • Information could be – Your personal details – Your corporate details. – Future plan’s
What is Information Security? 1) Access Controls 2) Telecommunications and Network Security 3) Information Security and Risk Management 4) Application Security 5) Cryptography 6) Security Architecture and Design 7) Operations Security 8) Business Continuity and Disaster Recovery Planning 9) Legal, Regulations, Compliance and Investigations 10) Physical (Environmental) Security
What Next
Explore : – Industry Standard • Knowledge – nothing beats core concept understanding • Certification – helps in proving your exposure as fresher.
Explore : Types of Info-Sec jobs • Ethical Hacker – Vulnerability Assessment – Penetration Tester • Forensic Investigator • Security Governance – Auditor • Security Administrator • Secure Developer
Explore : Type of certification • Security Analyst – CEH, ECSA, OSCP • Development – SCJP, MCSE • Server Security – RHCSS • Auditor – ISO 27000 lead auditor
Clarify : Information Security
Clarify : Information Security • keep the bad guys out • let the trusted guys in • give trusted guys access to what they are authorized to access
Clarify : Security Triad
Security Triad
Clarify : Secure Developer • A Developer who is aware about security issues. • Developers now are classified In 3 major category – Thick Client Developer – Thin Client Developer. – Kernel or driver developer. • If you can exploit it you need to patch it.
Clarify : Security Administrator • Server Administrator with background into Security. • Skills Required – Server Hardening. – Firewall configuration.
Clarify : Vulnerability Assessment • It is the process of finding possible exploitable situation in a given target. • Target could be Desktop/ Laptop, Network, Web Application, literally any device with a processor and motive to achieve  • Skill Set – understanding of target architecture. – Eye for details and thinking of an exploiter. – (Optional) Programming for nessus plugin.
Clarify : Penetration Testing • Next Step to vulnerability assessment. • Here the target is actually evaluated against a live attack. • Skills Required: – Programming : C / C++ , Python, Perl , Ruby – Understanding of an exploitation framework. • Metasploit • Core impact
Clarify : Forensic Expert • The post – mortem specialist for IT • Responsible for after incident evaluation of a target. • Skills – All that’s needed for VA/PT. – Understanding of forensic concepts not limited to data recovery, log evaluation etc.
Clarify : Auditor • Reviews the systems and networks and related security policies with regards to Industrial standards. • Skills Required – Understanding of compliance policies • HIPPA, ISO 27001, PCI DSS, SOX and many more. – Understanding of ethical hacking concepts and application.
Commit : How to gain Knowledge Spend first few years mastering fundamentals • Get involved in as many systems, apps, platforms, languages, etc. as you can • Key technologies and areas • Relevant security experience • Compliance/regulatory/risk management • Encryption • Firewalls • Policy • IDS/IPS • Programming and scripting
Commit : Technical Skills Required • LEARN the Operating System • LEARN the Coding Language • LEARN Assembler & Shell Coding • Learn Metasploit • Learn Nessus • Learn Writing exploit for Metasploit • Learn writing scanning plug-in for Nessus.
Commit : Soft Skills Required • Learn Presentation skills. • Learn business language. Management likes to hear that.
Commit : how to gain certificate • Attend Training • Learn, understand and apply the concepts in a controlled environment. • Take exam when you have confidence.
Commit : how to practice • Set up a lab at home. – Physical Lab (best) – Virtual Lab (second Best) • Keep yourself updated subscribe to Vulnerability DB. – Practice regularly on a secured home lab.
Commit : First job • Lower rungs of the tech ladder • Unpaid Overtime is Expected • When offered company training – take it • Expect to make Mistakes – Learn from them
THINGS TO REMEMBER
Things to Remember • Learn to Question Everything. • Keep yourself up-to-date. • Be expert in one field however, security specialist are more on advantage if they develop generalist skills. • Security is extension of business needs and should support it. • Form group of like minded people.
HACKER GOT HACKED • Keep your system and network secure first. • Avoid publicizing about being “HACKER” till you have practiced enough and feel confident. • Self proclaimers are not seen with good eyes in security communities. • Your work should speak and not your mouth.
Work and personal Life
CERTIFICATIONS
Why Certification is good • Nothing beats the first hand Job Exposure. However • When you hit roadblock, certifications helps
More on Certification • Passing a Certification exam says that: – You have the minimum knowledge to be considered for certification (at the time of the test) OR – You are very good at taking tests.
Industry Certifications • EC-Council – CEH, ECSA, CHFI ,ECSP and More • ISC2 – CISSP • Offensive Security – OSCP • ISACA – CISA and CISM
Any Questions

Recommandé

What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
Anant Shrivastava
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Edureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Adri Jovin
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
Benoit Callebaut
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 

Recommandé

What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
Edureka!
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
Anant Shrivastava
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...
Edureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Adri Jovin
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
Benoit Callebaut
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
Cyber security
Cyber security Cyber security
Cyber security
Sachith Lekamge
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
ankit sarode
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Career in cyber security
Career in cyber securityCareer in cyber security
Career in cyber security
Manjushree Mashal
 
Physical security
Physical securityPhysical security
Physical security
Tariq Mahmood
 
Information Security Career Day Presentation
Information Security Career Day PresentationInformation Security Career Day Presentation
Information Security Career Day Presentation
djglass
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
RSAArcher
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Anumadil1
 
Information security
Information securityInformation security
Information security
AlaaMahmoud108
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
PradeeshSAI
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
sommerville-videos
 
8. operations security
8. operations security8. operations security
8. operations security
7wounders
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Mohammad Affan
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
Ivo Depoorter
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
AbhishekDas794104
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
Enterprise Management Associates
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
Anant Shrivastava
 

Contenu connexe

Tendances

43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
PradeeshSAI
 
8. operations security
8. operations security8. operations security
8. operations security
7wounders
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
Enterprise Management Associates
 

Tendances (20)

Cyber security
Cyber security Cyber security
Cyber security
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Career in cyber security
Career in cyber securityCareer in cyber security
Career in cyber security
 
Physical security
Physical securityPhysical security
Physical security
 
Information Security Career Day Presentation
Information Security Career Day PresentationInformation Security Career Day Presentation
Information Security Career Day Presentation
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Information security
Information securityInformation security
Information security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
8. operations security
8. operations security8. operations security
8. operations security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
 

En vedette

Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners Session
Anant Shrivastava
 

En vedette (20)

Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
 
Web2.0 : an introduction
Web2.0 : an introductionWeb2.0 : an introduction
Web2.0 : an introduction
 
Raspberry pi Beginners Session
Raspberry pi Beginners SessionRaspberry pi Beginners Session
Raspberry pi Beginners Session
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
 
Avr introduction
Avr introductionAvr introduction
Avr introduction
 
Exploiting publically exposed Version Control System
Exploiting publically exposed Version Control SystemExploiting publically exposed Version Control System
Exploiting publically exposed Version Control System
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
 
Security Issues in Android Custom ROM
Security Issues in Android Custom ROMSecurity Issues in Android Custom ROM
Security Issues in Android Custom ROM
 
My tryst with sourcecode review
My tryst with sourcecode reviewMy tryst with sourcecode review
My tryst with sourcecode review
 
Android Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal PresentationAndroid Tamer BH USA 2016 : Arsenal Presentation
Android Tamer BH USA 2016 : Arsenal Presentation
 
Snake bites : Python for Pentesters
Snake bites : Python for PentestersSnake bites : Python for Pentesters
Snake bites : Python for Pentesters
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014OWASP Bangalore : OWTF demo : 13 Dec 2014
OWASP Bangalore : OWTF demo : 13 Dec 2014
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) ProfessionalsAndroid Tamer: Virtual Machine for Android (Security) Professionals
Android Tamer: Virtual Machine for Android (Security) Professionals
 
Tale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learnedTale of Forgotten Disclosure and Lesson learned
Tale of Forgotten Disclosure and Lesson learned
 
Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basics
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 

Similaire à Career In Information security

Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
NetSPI
 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?
PECB
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
PECB
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 

Similaire à Career In Information security (20)

Mash f43
Mash f43Mash f43
Mash f43
 
2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security Careers2021 BSides Tampa Cyber Security Careers
2021 BSides Tampa Cyber Security Careers
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration Testing
 
What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?What Suppliers Don't Tell You About Security?
What Suppliers Don't Tell You About Security?
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
cybersecurity analyst.pptx
cybersecurity analyst.pptxcybersecurity analyst.pptx
cybersecurity analyst.pptx
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor ProgramSlide Deck – Class Session 1 – FRSecure CISSP Mentor Program
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
What Skills Does A Cybersecurity Analyst Need.pdf
What Skills Does A Cybersecurity Analyst Need.pdfWhat Skills Does A Cybersecurity Analyst Need.pdf
What Skills Does A Cybersecurity Analyst Need.pdf
 
Security Fundamentals and Threat Modelling
Security Fundamentals and Threat ModellingSecurity Fundamentals and Threat Modelling
Security Fundamentals and Threat Modelling
 

Plus de Anant Shrivastava

Plus de Anant Shrivastava (9)

Diverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec WorldDiverseccon keynote: My 2 Paisa's on Infosec World
Diverseccon keynote: My 2 Paisa's on Infosec World
 
WhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom romWhitePaper : Security issues in android custom rom
WhitePaper : Security issues in android custom rom
 
Web application finger printing - whitepaper
Web application finger printing - whitepaperWeb application finger printing - whitepaper
Web application finger printing - whitepaper
 
Battle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 WalkthroughBattle Underground NullCon 2011 Walkthrough
Battle Underground NullCon 2011 Walkthrough
 
Nullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk throughNullcon Hack IM 2011 walk through
Nullcon Hack IM 2011 walk through
 
Embedded Systems : introduction
Embedded Systems : introductionEmbedded Systems : introduction
Embedded Systems : introduction
 
introduction to Lamp Stack
introduction to Lamp Stackintroduction to Lamp Stack
introduction to Lamp Stack
 
Logic Families Electronics
Logic Families ElectronicsLogic Families Electronics
Logic Families Electronics
 
Filesystem
FilesystemFilesystem
Filesystem
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Career In Information security

  • 1. Career in Information Security Anant Shrivastava http://anantshri.info
  • 2. Agenda • What is Information and Security. • Industry Standards • Job Profiles • Certifications • Tips
  • 3. What a person wants in life • Money  • Fame    • Nirvana  We will talk about first 2 
  • 4. How to be wealthy ? Have Rich Parents Marry a Rich Spouse Win the Lottery Become a Successful Black Hat Hacker (Live life underground) Work as a White Hat (this presentation) YOU WILL MAKE YOUR OWN CAREER! Others may help, but it’s ALL ON YOU!
  • 5. Do I have your attention now.
  • 6. Why Information Security? • Increasing regulatory compliance • Requires organizations to adopt security standards and frameworks for long-term approach to mitigating risk • Evolving and emerging threats and attacks • Continual learning of new skills and techniques • Convergence of physical and information security • Accountability between information security professionals and management falls on several key executives to manage growing risk exposures
  • 7. What Is Information? • Information is collection of useful DATA. • Information could be – Your personal details – Your corporate details. – Future plan’s
  • 8. What is Information Security? 1) Access Controls 2) Telecommunications and Network Security 3) Information Security and Risk Management 4) Application Security 5) Cryptography 6) Security Architecture and Design 7) Operations Security 8) Business Continuity and Disaster Recovery Planning 9) Legal, Regulations, Compliance and Investigations 10) Physical (Environmental) Security
  • 10. Explore : – Industry Standard • Knowledge – nothing beats core concept understanding • Certification – helps in proving your exposure as fresher.
  • 11. Explore : Types of Info-Sec jobs • Ethical Hacker – Vulnerability Assessment – Penetration Tester • Forensic Investigator • Security Governance – Auditor • Security Administrator • Secure Developer
  • 12. Explore : Type of certification • Security Analyst – CEH, ECSA, OSCP • Development – SCJP, MCSE • Server Security – RHCSS • Auditor – ISO 27000 lead auditor
  • 14. Clarify : Information Security • keep the bad guys out • let the trusted guys in • give trusted guys access to what they are authorized to access
  • 17. Clarify : Secure Developer • A Developer who is aware about security issues. • Developers now are classified In 3 major category – Thick Client Developer – Thin Client Developer. – Kernel or driver developer. • If you can exploit it you need to patch it.
  • 18. Clarify : Security Administrator • Server Administrator with background into Security. • Skills Required – Server Hardening. – Firewall configuration.
  • 19. Clarify : Vulnerability Assessment • It is the process of finding possible exploitable situation in a given target. • Target could be Desktop/ Laptop, Network, Web Application, literally any device with a processor and motive to achieve  • Skill Set – understanding of target architecture. – Eye for details and thinking of an exploiter. – (Optional) Programming for nessus plugin.
  • 20. Clarify : Penetration Testing • Next Step to vulnerability assessment. • Here the target is actually evaluated against a live attack. • Skills Required: – Programming : C / C++ , Python, Perl , Ruby – Understanding of an exploitation framework. • Metasploit • Core impact
  • 21. Clarify : Forensic Expert • The post – mortem specialist for IT • Responsible for after incident evaluation of a target. • Skills – All that’s needed for VA/PT. – Understanding of forensic concepts not limited to data recovery, log evaluation etc.
  • 22. Clarify : Auditor • Reviews the systems and networks and related security policies with regards to Industrial standards. • Skills Required – Understanding of compliance policies • HIPPA, ISO 27001, PCI DSS, SOX and many more. – Understanding of ethical hacking concepts and application.
  • 23. Commit : How to gain Knowledge Spend first few years mastering fundamentals • Get involved in as many systems, apps, platforms, languages, etc. as you can • Key technologies and areas • Relevant security experience • Compliance/regulatory/risk management • Encryption • Firewalls • Policy • IDS/IPS • Programming and scripting
  • 24. Commit : Technical Skills Required • LEARN the Operating System • LEARN the Coding Language • LEARN Assembler & Shell Coding • Learn Metasploit • Learn Nessus • Learn Writing exploit for Metasploit • Learn writing scanning plug-in for Nessus.
  • 25. Commit : Soft Skills Required • Learn Presentation skills. • Learn business language. Management likes to hear that.
  • 26. Commit : how to gain certificate • Attend Training • Learn, understand and apply the concepts in a controlled environment. • Take exam when you have confidence.
  • 27. Commit : how to practice • Set up a lab at home. – Physical Lab (best) – Virtual Lab (second Best) • Keep yourself updated subscribe to Vulnerability DB. – Practice regularly on a secured home lab.
  • 28. Commit : First job • Lower rungs of the tech ladder • Unpaid Overtime is Expected • When offered company training – take it • Expect to make Mistakes – Learn from them
  • 30. Things to Remember • Learn to Question Everything. • Keep yourself up-to-date. • Be expert in one field however, security specialist are more on advantage if they develop generalist skills. • Security is extension of business needs and should support it. • Form group of like minded people.
  • 31. HACKER GOT HACKED • Keep your system and network secure first. • Avoid publicizing about being “HACKER” till you have practiced enough and feel confident. • Self proclaimers are not seen with good eyes in security communities. • Your work should speak and not your mouth.
  • 34. Why Certification is good • Nothing beats the first hand Job Exposure. However • When you hit roadblock, certifications helps
  • 35. More on Certification • Passing a Certification exam says that: – You have the minimum knowledge to be considered for certification (at the time of the test) OR – You are very good at taking tests.
  • 36. Industry Certifications • EC-Council – CEH, ECSA, CHFI ,ECSP and More • ISC2 – CISSP • Offensive Security – OSCP • ISACA – CISA and CISM
  • 37.