Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Best & Worst of Cybersecurity

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Wird geladen in …3
×

Hier ansehen

1 von 27 Anzeige

Best & Worst of Cybersecurity

Herunterladen, um offline zu lesen

Let's see what is cybersecurity, why it matters, how it works and what hackers do on their free time and also how corporations are managing their cybersecurity teams.

Let's see what is cybersecurity, why it matters, how it works and what hackers do on their free time and also how corporations are managing their cybersecurity teams.

Anzeige
Anzeige

Weitere Verwandte Inhalte

Ähnlich wie Best & Worst of Cybersecurity (20)

Aktuellste (20)

Anzeige

Best & Worst of Cybersecurity

  1. 1. BEST & WORST OF CYBERSECURITY DAVID AMRANI HERNANDEZ | @davidmoremad
  2. 2. TOPICS 1. Basics 2. Fun 3. Agile
  3. 3. 1. Basics
  4. 4. F.A.Q. What is cybersecurity? Why cybersecurity matters? Most important thing about Cybersecurity? How to learn about Cybersecurity?
  5. 5. HOMES HAVE INTERNET ACCESS …in Europe on 2019. Any guess about 2021? 90 % USEFUL STATISTICS The average cost of a malware attack on a company is $2.6 million. The average cost in time of a malware attack is 50 days 80% of data breaches can be prevented with basic actions Hackers attack every 39 seconds, on average 2,244 times a day COMPANIES NEED INTERNET ACCESS …to continue their core business 84 %
  6. 6. TYPES OF HACKERS TEAMS OF HACKERS Black Hat Criminals. Attacks corps for personal purposes Grey Hat Hack corps to get hired or mentioned. White Hat Find vulns. and let the corps know about that. Red Team Run attacks against you to find your weakness. AS INDIVIDUALS AS WORKERS Purple Team Procedures and controls. Work between red and blue team Blue Team Defense role mitigating risks. Analysis, hardening & monitoring
  7. 7. 2. Fun
  8. 8. HACKING IS A GAME HACKING A CORP. TO GET YOUR MONEY BACK WEB HACKING HACKING ALL TRANSPORT NETWORKS IN SPAIN RED TEAM DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY CLOUD SECURITY HOW I GOT 65K FOLLOWERS IN ONE DAY SOCIAL NETWORKS WHEN MALWARE MEETS THE INTERNET RANSOMWARE
  9. 9. HOW I GOT 65K FOLLOWERS IN ONE DAY
  10. 10. HACKING IS A GAME HACKING A CORP. TO GET YOUR MONEY BACK WEB HACKING HACKING ALL TRANSPORT NETWORKS IN SPAIN RED TEAM DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY CLOUD SECURITY HOW I GOT 65K FOLLOWERS IN ONE DAY SOCIAL NETWORKS WHEN MALWARE MEETS THE INTERNET RANSOMWARE
  11. 11. DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY
  12. 12. HACKING IS A GAME HACKING A CORP. TO GET YOUR MONEY BACK WEB HACKING HACKING ALL TRANSPORT NETWORKS IN SPAIN RED TEAM DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY CLOUD SECURITY HOW I GOT 65K FOLLOWERS IN ONE DAY SOCIAL NETWORKS WHEN MALWARE MEETS THE INTERNET RANSOMWARE
  13. 13. WHEN MALWARE MEETS THE INTERNET + =
  14. 14. HACKING IS A GAME HACKING A CORP. TO GET YOUR MONEY BACK WEB HACKING HACKING ALL TRANSPORT NETWORKS IN SPAIN RED TEAM DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY CLOUD SECURITY HOW I GOT 65K FOLLOWERS IN ONE DAY SOCIAL NETWORKS WHEN MALWARE MEETS THE INTERNET RANSOMWARE
  15. 15. HACKING ALL TRANSPORT NETWORKS IN SPAIN
  16. 16. HACKING IS A GAME HACKING A CORP. TO GET YOUR MONEY BACK WEB HACKING HACKING ALL TRANSPORT NETWORKS IN SPAIN RED TEAM DENIAL OF WALLET: MAKE A CORPORATION LOSE MONEY CLOUD SECURITY HOW I GOT 65K FOLLOWERS IN ONE DAY SOCIAL NETWORKS WHEN MALWARE MEETS THE INTERNET RANSOMWARE
  17. 17. HACKING A CORP. TO GET YOUR MONEY BACK
  18. 18. 3. Approach
  19. 19. What’s SecDevOps? Philosophy that aims to improve productivity in the development of technological services and products. To this end, it involves the development, operations and security teams in a single process.
  20. 20. DEV QA OPS DEVOPS It’s good It’s scalable It’s automated OPS DEV SEC QA SECDEVOPS
  21. 21. 2 h 11 s 30 m
  22. 22. SEC TEST OPERATE SEC TEST DEPLOY SEC TEST BUILD SEC TEST CODE FEEDBACK FEEDBACK SECDEVOPS | AGILE CHALLENGE
  23. 23. Hardening ofoursystemsandinfra Anchore/IriusRisk/Bastille CODESEC INFRASEC Planification ofsecuritycontrolsbasedon new funciontalityonRoadmap Development ofacceptanceande2esecuritytests BDD Security/ Toolium Integration ofdifferentautomatedsecurity tests&services Kiuwan/Faast/RetireJS Security Audit ofthisfinalrelease Burp/Faast/Nessus Activemonitoring ofourinfraand services. Dome9/ Logs/Icinga/WAF Support tohavesafedeployments Vault/Terraform Checking abouthowsecureisourfinal infra Dome9/ Inspector/ Sentinel Verification aboutsecurityofourproducto onproduction Burp/Faast/Nessus
  24. 24. Análisis decalidad y seguridad decódigo Análisis dedependencias con vulnerabilidades conocidas Detección deamenazas y patrones sospechosos en aplicaciones móviles Frameworkdepruebas de seguridad medianteeluso de lenguaje natural Identificación deactivos y detección deamenazas Análisis deriesgos y definición de la postura deseguridad Controldeacceso asecretosy datos confidenciales Análisis delos estándaresde seguridad yvulnerabilidades en Docker Evaluación devulnerabilidades, activos expuestosydesviaciones de la postura adoptada Evaluación delcumplimiento delas reglas deseguridad definidas enla postura Detección continua deamenazas de seguridad
  25. 25. 😈 Bonus
  26. 26. Hackers, the worst tourists…
  27. 27. Thank you DAVID AMRANI HERNANDEZ | @davidmoremad

×