This document discusses the differences between working in information security on the "light side" versus the "dark side". The light side involves legitimate security jobs like penetration testing, malware analysis, and security auditing. The dark side refers to illegal hacking activities like creating ransomware, spamming, or conducting large DDoS attacks. While dark side activities can be financially lucrative in the short term, they often involve serious legal risks since computer crime laws are strongly enforced. The document encourages pursuing an career in the growing field of information security through legal and ethical means.

1. Which side are you?
Dark side or Light side
By
Sumedt Jitpukdebodin
Security Consultant @ G-ABLE

2. $ whoami
• Name: Sumedt Jitpukdebodin
• Job: Security Consultant @ G-ABLE
• Interesting: Hacking, Malware Analysis, Forensic, Games,
Travel, etc.
• Social network: @materaj, fb.com/hackandsecbook
• Group: OWASP Thailand, 2600 Thailand
• Another: search me

3. Dark side or Light side
http://orig10.deviantart.net/90cd/f/2014/126/e/e/star_wars_dark_side___light_side_wallpaper_by_soulreaper919-d7hfqch.jpg

4. Wikipedia
“Information security, sometimes shortened to InfoSec, is the practice of preventing
unauthorized access, use, disclosure, disruption, modification, inspection, recording or
destruction of information. It is a general term that can be used regardless of the form
the data may take (e.g. electronic, physical).[1] The chief area of concern for the field of
information security is the balanced protection of the Confidentiality, Integrity and
Availability of data, also known as the CIA Triad, while maintaining a focus on efficient
policy implementation and no major hampering of organization productivity.[2] To
standardize this discipline, academics and professionals collaborate and seek to set
basic guidelines and policies on password, antivirus software, firewall, encryption
software, legal liability and user/administrator training standards.[3]”
https://en.wikipedia.org/wiki/Information_security

5. Why security is so
important?
• It’s everywhere
• It’s easy to learn
• It’s in demands
• It’s important.

6. Security are in everywhere
• Application
• IoT (Internet of Thing)
• Car
• Facility
• SCADA
• Daily Life
• etc.

7. How can I learn security?
• Take a security course
• Do the labs
• CTF(Capture The Flag)
• Read the books.
• etc.

9. https://cybrary.it

10. https://www.youtube.com/playlist?list=PLUl4u3cNGP62K2DjQLRxDNRi0z2IRWnNh

12. https://vulnhub.com

13. https://root-me.org

14. https://pentesterlab.com

15. https://game.rop.sh

16. https://ctftime.org

18. Join the security community
group

19. Which one?
https://qzprod.files.wordpress.com/2015/11/google-starwars.jpg?quality=80&strip=all

20. Light Side
• Penetration Tester
• Malware Analyzer
• Digital Forensic
• IT Security Auditor
• Chief Information Security
• Officer (CISO)
• Bug Bounty Hunter
• etc.

21. http://internetsecurityacademy.org/wp-content/uploads/Information-Security-Career-Growth.png

24. Dark Side
• Spammer
• Hacker
• Cracker
• DDoSer
• Ransomware Inventor
• Script kiddy
• etc.

27. DDoS Incident on
25/12/2015

28. What is the biggest DDoS in
the history
• Victim: OVH - France Hosting
• When: 26 September 2016
• How: 1Tbps
• IoT (CCTV) was used to be the zombie.
• https://github.com/jgamblin/Mirai-Source-Code

31. https://shodan.io

32. Breach cost
https://www.ibm.com/security/infographics/data-breach/

33. What is difference between
Light side and Dark side
• Times
• Methods
• Scope

34. IT Security Jobs salary

35. Bug Bounty Program
• bugcrowd
• hackerone
• zerodium
• etc.

36. But….

37. Ransomware Revenue

38. And but….

39. Hacker are always arrested

40. And always remember “Computer Crime Act
Criminal Law” so strong

41. Q & A

42. Thank you