Spy vs Spy: Protecting Secrets

Spy vs Spy: Protecting SecretsA Career in Information Security is a Career in Protecting Secrets

Michael Scheidell, CCISO, Security Privateers

http://slidesha.re/T00Kq7

Information Techology: Road to the Future

HardwareManagement.

Software

• Computer Research• Info Systems Managers• Hardware Engineers• Computer Programmers• Support Specialists• Systems Analysts• Data Base Administrator• Web Developers• Network Architechs

World Wide JobsExample text

Chief Information Security Officer

• MIS Degree• Internship• ISACA CSX Cert• Security Engineer• CISSP, CRISK• Sr. Security

Architech• MBA Degree• VP/Dir of IT

Security• CCISO Cert

Like Working with People?Look into Management

Started doing database programming Moved into Real time/Control Systems 1994, helped Government adjust to ‘the net’ Invented and Patented Security Appliance Traveled to Costa Rica, Panama, Jamaica, Canada Got to play with Trains (Risk Assessment, DHS contract) Invited to speak at security conferences, including Cairo Trained FBI agents, worked with Secret Service On TV and quoted by Sun Sentinel Get paid to break into banks!

Michael ScheidellChief Information Security Officer

Programming• Web Applications• E-Commerce Systems• Mobile Applications

Hardware Engineer• Computer Science• Firewalls• IDS/IPS/Patents

Security Architect• Design company’s network• Security is top priority• Privacy matters

Your own footer Your Logo

Bits and Bytes Your thing?

Top 10 jobs in Information Security1. Information Security Crime / Forensics Expert2. Web Application/ Penetration Testing3. Forensic Analyst4. Incident Responder5. Security Architect6. Malware Analyst7. Network Security Engineer8. Security Analyst9. Computer Crime Investigator10. Chief Information Security Officer/CISO/ISO/VP

Information Security Crime Investigator Investigation of computer crimes Driven by Curiosity Expert witness testimony in court Consulting firms, PwC, IBM Private Eye, Law Enforcement: FBI, Secret Service Knowledge of Pen Testing, Computer Forensics,

Reverse Engineering BS:CS, MS:LE, 3+ years, CEH, CPT 22% Growth, $50K to 100K (gvmt or private)

Web Application / Penetration Testing Computer Games: Red Team, Black Team Get paid to break into Banks Part of an IT Audit or Assessment Team Opportunity for Travel Consulting firms, PwC, IBM Direct Hire for Business or Government Stepping stone to IT Auditor BS/4+ years experience, CEH, CISSP Growth 15%, $55-88K a year

Forensic Analyst Information Systems Analyst Network Security Engineer Computer Forensics Consultant/Engineer Programming, Reverse Engineering Experience in Malware, APT, Windows, Linux Works with Law Enforcement MS/6+ years experience, CEH, CISSP $50K to 100K, Mgmt $200K

Incident Responder Prep for Forensic Analyst/ Investigator/ Manager On the Firing line Work in real time to stop and document attacks Knowledge of Networking, Firewalls Experience in Malware, APT, Windows, Linux BS/3+ $65k to 83K

Security Architect Prep for Forensic Analyst/ Investigator/ Manager On the Firing line Work in real time to stop and document attacks Knowledge of Networking, Firewalls Experience in Malware, APT, Windows, Linux BS/3+, Certs: CEH, CompTia Network, CPT, CISSP $55K to 90K

Malware Analyst Examine, identify, and understand viruses, worms,

Trojans, bots, rootkits Knowledge of reverse engineering and software

development Programming, C, Perl, PHP, assembler. Experience in Malware, APT, Windows, Linux Government, Business, AV companies BS/3+, Certs: CEH, CPT, CISSP $50 to 100K

Network Security Engineer Work with Security Architect Build, monitor and maintain secure network Knowledge of TCP/IP Understand IDS/Firewalls/DMZ/VPN’s Understand test and analysis tools (sniffers, snort) Some Programming or scripting (C, Perl, Java) BS/3+, Certs: CISSP, CCNA/CCIE $DOE: $70K to 130K (Sr, 5+years, MS Degree)

Security Analyst Planning and implementing security measures Stay up to date with latest intelligence Anticipate Security Breaches Prevent loss and service interruptions Perform Risk Assessments Install Firewalls, Data Encryption Security Awareness Training MS/5+, CISSP, CISM, CISA, CRISK $80K Average to $125K, 22% Job Growth

Computer Crime Investigator Recovery of hidden, encrypted or deleted files Investigates computer crime, fraud and hacking Gather evidence Reconstruct damaged computer systems Testify in court Train Law enforcement on computer related issues MS/4+, CISSP, CEH, CPT $50K to $100K (or more for consultants) 22% Growth

Chief Information Security Officer/CISO Top Dog in Information Security Knows Everything

forensics, pen testing, auditing, incident response, web app testing, programming, accounting, business

Speaking, Training, Mentoring Works with CEO/CIO/CTO/CFO/COO Only works half days (7am to 7pm) <10ys $125 to 150K, > 10yrs $180K to 225K

Fortune 100 companies, could be in millions MIS degree, MBA Degree

Certs: CISSP, CCISO, CISM, CISA, CRISK

Education: NAF: Academy of Information Technology (AOIT) Nova Southeast University Florida International University Florida Atlantic University Master of Science in Management Information Sys

tems (MMIS)

Master of Science in Information Systems (MSIS) with security focus

Master of Business Administration (MBA) CISO: Chief Information Security Officer

Certifications: ISACA: Cybersecurity Fundamentals

Students and Interns EC-Council: Certified Ethical Hacker (CEH) (ISC)2: Certified Information Systems Security

Professional (CISSP) 4 years professional experience + degree or 5 years Associate for Students without the required experience

ISACA: Certified Information Security Manager (CISM)

EC-Council: Certified Chief Information Security Officer (CCISO)

Self Study Free Trials, Amazon/Microsoft Azure Boot and Install Linux/FreeBSD Put a server together with VMWare/Zen Install and Learn Nessus, Snort, Wireshark

Practice penetration testing, detection, patching Attend local meetings

Information Systems Security Association (ISSA) Information Systems Audit and Control Association

(ISACA) International Information System Security Certification

Consortium(ISC)2