SlideShare ist ein Scribd-Unternehmen logo

Information Security Professional Career Paths

Ammar WK
Ammar WK

This document discusses information security professionals. It describes how some gain their knowledge through hacking as "natural born hackers" while others get formal education. It outlines the different types of hackers and professionals that work in information security like security officers, analysts, auditors, and engineers. Requirements for these roles include skills, experience, certification, and the ability to work independently or as part of a team. Maintaining the right attitude and continuing improvement are also important to avoid failure in these types of positions.

Technologie
1 von 34
Downloaden Sie, um offline zu lesen
Information Security Professional UIN - 16 Nov 2011 - @y3dips Wednesday, November 16, 11
y3dips • Freelance IT Security Consultant • More than 9 years in IT Security • Founder of “ECHO” one of Indonesian Hacker Community, established 2003 • Founder of IDSECCONF - Indonesia Security Conference @y3dips Wednesday, November 16, 11
InfoSec Means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction [1] [1]  h&p://wikipedia.org Wednesday, November 16, 11
Information Security • Information : Set or collection of data that has meaning • Level [2] • Non-Classified • Public Information • Personal Information • Routine Business Information • Classified • Confidential • Secret • Top Secret [2]  h&p://wikipedia.org Wednesday, November 16, 11
InfoSec Pro People Working in Information security Wednesday, November 16, 11
InfoSec Pro Background • Natural Born Hacker • Formal Education Wednesday, November 16, 11
Hackers Natural Born Hacker, Gain their InfoSec Knowledge by Hacking; Hack to Learn not Wednesday, November 16, 11
Hacker • Newbie • Script Kiddie • Develop Kiddie • Hacker • 1337 Wednesday, November 16, 11
Newbie A wanna be hacker Wednesday, November 16, 11
Script Kiddies Know the Tools, Able to use the tools; But, Not how the tool “really” works Wednesday, November 16, 11
Develop Kiddies Able to Create a Tools, Know how the tool “really” works But Still lack with attitude Wednesday, November 16, 11
Hacker Know Exactly What they’re Doin and How to Do it Wednesday, November 16, 11
1337 Nobody Know what They are Doing Wednesday, November 16, 11
Hacker [+] • Proven Skill and Exprerience • Able to do a proof of concept [-] • Lack of Metodhologies • Lack or Organizations/Managerial Wednesday, November 16, 11
!Professional • Bug Hunter • OS/App Developer • Botnet owner (DDOSer) • Fraudster Wednesday, November 16, 11
Wednesday, November 16, 11
Wednesday, November 16, 11
InfoSec Student Gain Information Security Knowledge from formal Education, Course, Certification Wednesday, November 16, 11
InfoSec Student [+] • Strong in Concept and Metodhologies [-] • Lack of Skill and Experience • Unable to do Proof Of concept Wednesday, November 16, 11
InfoSec Pro • IT Security Officer • IT Security Analyst • IT Security Auditor • IT Security Engineer Wednesday, November 16, 11
Security Officer • Security Contact Point for Organization • Principle Advisor for IT Security • Ensure Security Program Running ( Security Awareness course, etc) • Creating Security Policy, Procedures, Hardening guide Wednesday, November 16, 11
Security Analyst • Monitor all type of access to protect confidentiality and integrity • Provides Direct Support and Advise to the IT Security Manager • System Security Analyst, Network Security Analyst Wednesday, November 16, 11
Security Auditor • Auditing an Organizations Technology processess and security. • IT General Controls Reviews • Application Controls Reviews • Security Auditor, Penetration Tester Wednesday, November 16, 11
Security Engineer • Maintenance Computer Hardware and Software that comprises a computer Network • Doing a Security hardening and Configuration • System Security Engineer, Network Security Engineer Wednesday, November 16, 11
Requirements • Skill • Experience • Attitude • Able to work independent/group • Certification? Wednesday, November 16, 11
Skill • In depth knowledge of Operating System • In depth knowledge of Networking • In depth knowledge of Application • In defpth knowledge of Programming • Much more :) Wednesday, November 16, 11
Experience • How long you’ve been in that field • + the Security afterward. Wednesday, November 16, 11
Attitude With Great Power Comes Great Responsibilities Wednesday, November 16, 11
Work • Able to work Alone (individualist), • or a Team Player Wednesday, November 16, 11
Certification • In someway, its a [+] • Is it badly needed? Wednesday, November 16, 11
Limitation • Government Rule : UU ITE • Organization/company Rule: NDA Wednesday, November 16, 11
Failed • Always Take not Give • Lack of Attitude • Kiddies Minded • Lazy to Improve Wednesday, November 16, 11
Wednesday, November 16, 11
Information Security Professional UIN - 16 Nov 2011 - @y3dips Wednesday, November 16, 11

Empfohlen

Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embeddedantitree
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Censorship Detection Techniques
Censorship Detection TechniquesCensorship Detection Techniques
Censorship Detection TechniquesArturo Filastò
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Tor2web ESC2011
Tor2web ESC2011Tor2web ESC2011
Tor2web ESC2011Arturo Filastò
 
GloabLeaks ESC2011
GloabLeaks ESC2011GloabLeaks ESC2011
GloabLeaks ESC2011Arturo Filastò
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 

Empfohlen

Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embeddedantitree
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
Censorship Detection Techniques
Censorship Detection TechniquesCensorship Detection Techniques
Censorship Detection TechniquesArturo Filastò
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Tor2web ESC2011
Tor2web ESC2011Tor2web ESC2011
Tor2web ESC2011Arturo Filastò
 
GloabLeaks ESC2011
GloabLeaks ESC2011GloabLeaks ESC2011
GloabLeaks ESC2011Arturo Filastò
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016Justin Giles
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Remo presentatie v1
Remo presentatie v1Remo presentatie v1
Remo presentatie v1Onno Hansen-Staszyński
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive securityScott Behrens
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)mysociety
 
Ethicalhacking
Ethicalhacking Ethicalhacking
Ethicalhacking Irvin Costa
 
Ethicalhacking 130906120356-
Ethicalhacking 130906120356-Ethicalhacking 130906120356-
Ethicalhacking 130906120356-RAKESH SHARMA
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 
Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingAmmar WK
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Ammar WK
 
Network security
Network securityNetwork security
Network securityAmmar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkAmmar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016Justin Giles
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat ReviewESET
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive securityScott Behrens
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutDavid Busby, CISSP
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)mysociety
 
Ethicalhacking 130906120356-
Ethicalhacking 130906120356-Ethicalhacking 130906120356-
Ethicalhacking 130906120356-RAKESH SHARMA
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 

Was ist angesagt? (13)

Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-about
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
 
Remo presentatie v1
Remo presentatie v1Remo presentatie v1
Remo presentatie v1
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive security
 
Security its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-aboutSecurity its-more-than-just-your-database-you-should-worry-about
Security its-more-than-just-your-database-you-should-worry-about
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within Agile
 
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
Impacts of Leak Sites - Masayuki Hatta (Surugadai University)
 
Ethicalhacking
Ethicalhacking Ethicalhacking
Ethicalhacking
 
Ethicalhacking 130906120356-
Ethicalhacking 130906120356-Ethicalhacking 130906120356-
Ethicalhacking 130906120356-
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
 

Andere mochten auch

Burp suite
Burp suiteBurp suite
Burp suiteAmmar WK
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?Ammar WK
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingAmmar WK
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Ammar WK
 
Network security
Network securityNetwork security
Network securityAmmar WK
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsAmmar WK
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkAmmar WK
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)Ammar WK
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)Ammar WK
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A HackerAmmar WK
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet AnalysisAmmar WK
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareAmmar WK
 
idsecconf2008
idsecconf2008idsecconf2008
idsecconf2008Ammar WK
 
behind the book
behind the bookbehind the book
behind the bookAmmar WK
 
webhacking
webhackingwebhacking
webhackingAmmar WK
 
Art of Thinking [Re-write]
Art of Thinking [Re-write]Art of Thinking [Re-write]
Art of Thinking [Re-write]Ammar WK
 
phpbb worm explanation
phpbb worm explanationphpbb worm explanation
phpbb worm explanationAmmar WK
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet SecurityAmmar WK
 
Attack the (Own) Network so You'll Survive
Attack the (Own) Network so You'll Survive Attack the (Own) Network so You'll Survive
Attack the (Own) Network so You'll SurviveAmmar WK
 

Andere mochten auch (20)

Burp suite
Burp suiteBurp suite
Burp suite
 
y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?y3dips - Who Own Your Sensitive Information?
y3dips - Who Own Your Sensitive Information?
 
Introduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration TestingIntroduction to IOS Application Penetration Testing
Introduction to IOS Application Penetration Testing
 
Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008Mastering Network HackingFU - idsecconf2008
Mastering Network HackingFU - idsecconf2008
 
Network security
Network securityNetwork security
Network security
 
Handout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dipsHandout infosec defense-mechanism-y3dips
Handout infosec defense-mechanism-y3dips
 
idsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 networkidsecconf2010-hacking priv8 network
idsecconf2010-hacking priv8 network
 
Packet analysis (Basic)
Packet analysis (Basic)Packet analysis (Basic)
Packet analysis (Basic)
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Web Hacking (basic)
Web Hacking (basic)Web Hacking (basic)
Web Hacking (basic)
 
How To Become A Hacker
How To Become A HackerHow To Become A Hacker
How To Become A Hacker
 
Network Packet Analysis
Network Packet AnalysisNetwork Packet Analysis
Network Packet Analysis
 
Mobile hacking, pentest, and malware
Mobile hacking, pentest, and malwareMobile hacking, pentest, and malware
Mobile hacking, pentest, and malware
 
idsecconf2008
idsecconf2008idsecconf2008
idsecconf2008
 
behind the book
behind the bookbehind the book
behind the book
 
webhacking
webhackingwebhacking
webhacking
 
Art of Thinking [Re-write]
Art of Thinking [Re-write]Art of Thinking [Re-write]
Art of Thinking [Re-write]
 
phpbb worm explanation
phpbb worm explanationphpbb worm explanation
phpbb worm explanation
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Security
 
Attack the (Own) Network so You'll Survive
Attack the (Own) Network so You'll Survive Attack the (Own) Network so You'll Survive
Attack the (Own) Network so You'll Survive
 

Ähnlich wie Information Security Professional Career Paths

SplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunk
 
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011Gohsuke Takama
 
Building an OpenStack Security Group.pdf
Building an OpenStack Security Group.pdfBuilding an OpenStack Security Group.pdf
Building an OpenStack Security Group.pdfOpenStack Foundation
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthStephanie Bies
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthStephanie Bies
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunk
 
Open Source Software and Libraries
Open Source Software and LibrariesOpen Source Software and Libraries
Open Source Software and LibrariesEllyssa Kroski
 
Secure Communication
Secure CommunicationSecure Communication
Secure CommunicationKoen Van Impe
 
OWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfOWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfnetisBin
 
The art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringThe art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringSuraj Khetani
 
Belenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityBelenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityDefconRussia
 
Inforbix overview November 2011
Inforbix overview November 2011Inforbix overview November 2011
Inforbix overview November 2011Oleg Shilovitsky
 
Inforbix overview November 2011
Inforbix overview November 2011Inforbix overview November 2011
Inforbix overview November 2011inforbix
 
Baking-In Transparency
Baking-In TransparencyBaking-In Transparency
Baking-In TransparencyMatt Simmons
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Introduction to hacking
Introduction to hackingIntroduction to hacking
Introduction to hackingnitish mehta
 

Ähnlich wie Information Security Professional Career Paths (20)

SplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - BaylorSplunkLive! Austin Customer Presentation - Baylor
SplunkLive! Austin Customer Presentation - Baylor
 
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
 
Building an OpenStack Security Group.pdf
Building an OpenStack Security Group.pdfBuilding an OpenStack Security Group.pdf
Building an OpenStack Security Group.pdf
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
Open Source Software and Libraries
Open Source Software and LibrariesOpen Source Software and Libraries
Open Source Software and Libraries
 
Secure Communication
Secure CommunicationSecure Communication
Secure Communication
 
OWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdfOWASP_OSINT_Presentation.pdf
OWASP_OSINT_Presentation.pdf
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
The art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineeringThe art of deceiving humans a.k.a social engineering
The art of deceiving humans a.k.a social engineering
 
Belenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)securityBelenko, sklyarov dark and bright sides of i cloud (in)security
Belenko, sklyarov dark and bright sides of i cloud (in)security
 
Inforbix overview November 2011
Inforbix overview November 2011Inforbix overview November 2011
Inforbix overview November 2011
 
Inforbix overview November 2011
Inforbix overview November 2011Inforbix overview November 2011
Inforbix overview November 2011
 
Berkarir di Cyber Security
Berkarir di Cyber SecurityBerkarir di Cyber Security
Berkarir di Cyber Security
 
Kali linux
Kali linuxKali linux
Kali linux
 
Baking-In Transparency
Baking-In TransparencyBaking-In Transparency
Baking-In Transparency
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Introduction to hacking
Introduction to hackingIntroduction to hacking
Introduction to hacking
 

Mehr von Ammar WK

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssnAmmar WK
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?Ammar WK
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsAmmar WK
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryAmmar WK
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0dayAmmar WK
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteAmmar WK
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationAmmar WK
 
Attacking Blackberry For Phun and Profit
Attacking Blackberry For Phun and ProfitAttacking Blackberry For Phun and Profit
Attacking Blackberry For Phun and ProfitAmmar WK
 
Art of Backdooring: Technique and Practice
Art of Backdooring: Technique and PracticeArt of Backdooring: Technique and Practice
Art of Backdooring: Technique and PracticeAmmar WK
 
Playin with Password
Playin with PasswordPlayin with Password
Playin with PasswordAmmar WK
 
from 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootfrom 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootAmmar WK
 

Mehr von Ammar WK (13)

Vvdp-fgd-bssn
Vvdp-fgd-bssnVvdp-fgd-bssn
Vvdp-fgd-bssn
 
Pen-testing is Dead?
Pen-testing is Dead?Pen-testing is Dead?
Pen-testing is Dead?
 
How To [relatively] Secure your Web Applications
How To [relatively] Secure your Web ApplicationsHow To [relatively] Secure your Web Applications
How To [relatively] Secure your Web Applications
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
Cybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industryCybercrime: A threat to Financial industry
Cybercrime: A threat to Financial industry
 
Bugbounty vs-0day
Bugbounty vs-0dayBugbounty vs-0day
Bugbounty vs-0day
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent Threat
 
Hacker? : it's not about Black or White
Hacker? : it's not about Black or WhiteHacker? : it's not about Black or White
Hacker? : it's not about Black or White
 
Layer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigationLayer 7 denial of services attack mitigation
Layer 7 denial of services attack mitigation
 
Attacking Blackberry For Phun and Profit
Attacking Blackberry For Phun and ProfitAttacking Blackberry For Phun and Profit
Attacking Blackberry For Phun and Profit
 
Art of Backdooring: Technique and Practice
Art of Backdooring: Technique and PracticeArt of Backdooring: Technique and Practice
Art of Backdooring: Technique and Practice
 
Playin with Password
Playin with PasswordPlayin with Password
Playin with Password
 
from 33 to 0 - A journey to be root
from 33 to 0 - A journey to be rootfrom 33 to 0 - A journey to be root
from 33 to 0 - A journey to be root
 

Kürzlich hochgeladen

Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 

Kürzlich hochgeladen (20)

Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 

Information Security Professional Career Paths

  • 1. Information Security Professional UIN - 16 Nov 2011 - @y3dips Wednesday, November 16, 11
  • 2. y3dips • Freelance IT Security Consultant • More than 9 years in IT Security • Founder of “ECHO” one of Indonesian Hacker Community, established 2003 • Founder of IDSECCONF - Indonesia Security Conference @y3dips Wednesday, November 16, 11
  • 3. InfoSec Means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction [1] [1]  h&p://wikipedia.org Wednesday, November 16, 11
  • 4. Information Security • Information : Set or collection of data that has meaning • Level [2] • Non-Classified • Public Information • Personal Information • Routine Business Information • Classified • Confidential • Secret • Top Secret [2]  h&p://wikipedia.org Wednesday, November 16, 11
  • 5. InfoSec Pro People Working in Information security Wednesday, November 16, 11
  • 6. InfoSec Pro Background • Natural Born Hacker • Formal Education Wednesday, November 16, 11
  • 7. Hackers Natural Born Hacker, Gain their InfoSec Knowledge by Hacking; Hack to Learn not Wednesday, November 16, 11
  • 8. Hacker • Newbie • Script Kiddie • Develop Kiddie • Hacker • 1337 Wednesday, November 16, 11
  • 9. Newbie A wanna be hacker Wednesday, November 16, 11
  • 10. Script Kiddies Know the Tools, Able to use the tools; But, Not how the tool “really” works Wednesday, November 16, 11
  • 11. Develop Kiddies Able to Create a Tools, Know how the tool “really” works But Still lack with attitude Wednesday, November 16, 11
  • 12. Hacker Know Exactly What they’re Doin and How to Do it Wednesday, November 16, 11
  • 13. 1337 Nobody Know what They are Doing Wednesday, November 16, 11
  • 14. Hacker [+] • Proven Skill and Exprerience • Able to do a proof of concept [-] • Lack of Metodhologies • Lack or Organizations/Managerial Wednesday, November 16, 11
  • 15. !Professional • Bug Hunter • OS/App Developer • Botnet owner (DDOSer) • Fraudster Wednesday, November 16, 11
  • 18. InfoSec Student Gain Information Security Knowledge from formal Education, Course, Certification Wednesday, November 16, 11
  • 19. InfoSec Student [+] • Strong in Concept and Metodhologies [-] • Lack of Skill and Experience • Unable to do Proof Of concept Wednesday, November 16, 11
  • 20. InfoSec Pro • IT Security Officer • IT Security Analyst • IT Security Auditor • IT Security Engineer Wednesday, November 16, 11
  • 21. Security Officer • Security Contact Point for Organization • Principle Advisor for IT Security • Ensure Security Program Running ( Security Awareness course, etc) • Creating Security Policy, Procedures, Hardening guide Wednesday, November 16, 11
  • 22. Security Analyst • Monitor all type of access to protect confidentiality and integrity • Provides Direct Support and Advise to the IT Security Manager • System Security Analyst, Network Security Analyst Wednesday, November 16, 11
  • 23. Security Auditor • Auditing an Organizations Technology processess and security. • IT General Controls Reviews • Application Controls Reviews • Security Auditor, Penetration Tester Wednesday, November 16, 11
  • 24. Security Engineer • Maintenance Computer Hardware and Software that comprises a computer Network • Doing a Security hardening and Configuration • System Security Engineer, Network Security Engineer Wednesday, November 16, 11
  • 25. Requirements • Skill • Experience • Attitude • Able to work independent/group • Certification? Wednesday, November 16, 11
  • 26. Skill • In depth knowledge of Operating System • In depth knowledge of Networking • In depth knowledge of Application • In defpth knowledge of Programming • Much more :) Wednesday, November 16, 11
  • 27. Experience • How long you’ve been in that field • + the Security afterward. Wednesday, November 16, 11
  • 28. Attitude With Great Power Comes Great Responsibilities Wednesday, November 16, 11
  • 29. Work • Able to work Alone (individualist), • or a Team Player Wednesday, November 16, 11
  • 30. Certification • In someway, its a [+] • Is it badly needed? Wednesday, November 16, 11
  • 31. Limitation • Government Rule : UU ITE • Organization/company Rule: NDA Wednesday, November 16, 11
  • 32. Failed • Always Take not Give • Lack of Attitude • Kiddies Minded • Lazy to Improve Wednesday, November 16, 11
  • 34. Information Security Professional UIN - 16 Nov 2011 - @y3dips Wednesday, November 16, 11