20
Spy vs Spy: Protecting Secrets A Career in Information Security is a Career in Protecting Secrets Michael Scheidell, CCISO, Security Privateers http://slidesha.re/T00Kq7

Spy vs Spy: Protecting Secrets

Embed Size (px)

DESCRIPTION

Presented to NAF Students, May 14th, 2014. Outline career path in Information Security

Citation preview

Page 1: Spy vs Spy: Protecting Secrets

Spy vs Spy: Protecting SecretsA Career in Information Security is a Career in Protecting Secrets

Michael Scheidell, CCISO, Security Privateers

http://slidesha.re/T00Kq7

Page 2: Spy vs Spy: Protecting Secrets

Information Techology: Road to the Future

HardwareManagement.

Software

• Computer Research• Info Systems Managers• Hardware Engineers• Computer Programmers• Support Specialists• Systems Analysts• Data Base Administrator• Web Developers• Network Architechs

World Wide JobsExample text

Page 3: Spy vs Spy: Protecting Secrets
Page 4: Spy vs Spy: Protecting Secrets

Chief Information Security Officer

• MIS Degree• Internship• ISACA CSX Cert• Security Engineer• CISSP, CRISK• Sr. Security

Architech• MBA Degree• VP/Dir of IT

Security• CCISO Cert

Like Working with People?Look into Management

Page 5: Spy vs Spy: Protecting Secrets

Started doing database programming Moved into Real time/Control Systems 1994, helped Government adjust to ‘the net’ Invented and Patented Security Appliance Traveled to Costa Rica, Panama, Jamaica, Canada Got to play with Trains (Risk Assessment, DHS contract) Invited to speak at security conferences, including Cairo Trained FBI agents, worked with Secret Service On TV and quoted by Sun Sentinel Get paid to break into banks!

Michael ScheidellChief Information Security Officer

Page 6: Spy vs Spy: Protecting Secrets

Programming• Web Applications• E-Commerce Systems• Mobile Applications

Hardware Engineer• Computer Science• Firewalls• IDS/IPS/Patents

Security Architect• Design company’s network• Security is top priority• Privacy matters

Your own footer Your Logo

Bits and Bytes Your thing?

Page 7: Spy vs Spy: Protecting Secrets

Top 10 jobs in Information Security1. Information Security Crime / Forensics Expert2. Web Application/ Penetration Testing3. Forensic Analyst4. Incident Responder5. Security Architect6. Malware Analyst7. Network Security Engineer8. Security Analyst9. Computer Crime Investigator10. Chief Information Security Officer/CISO/ISO/VP

Page 8: Spy vs Spy: Protecting Secrets

Information Security Crime Investigator Investigation of computer crimes Driven by Curiosity Expert witness testimony in court Consulting firms, PwC, IBM Private Eye, Law Enforcement: FBI, Secret Service Knowledge of Pen Testing, Computer Forensics,

Reverse Engineering BS:CS, MS:LE, 3+ years, CEH, CPT 22% Growth, $50K to 100K (gvmt or private)

Page 9: Spy vs Spy: Protecting Secrets

Web Application / Penetration Testing Computer Games: Red Team, Black Team Get paid to break into Banks Part of an IT Audit or Assessment Team Opportunity for Travel Consulting firms, PwC, IBM Direct Hire for Business or Government Stepping stone to IT Auditor BS/4+ years experience, CEH, CISSP Growth 15%, $55-88K a year

Page 10: Spy vs Spy: Protecting Secrets

Forensic Analyst Information Systems Analyst Network Security Engineer Computer Forensics Consultant/Engineer Programming, Reverse Engineering Experience in Malware, APT, Windows, Linux Works with Law Enforcement MS/6+ years experience, CEH, CISSP $50K to 100K, Mgmt $200K

Page 11: Spy vs Spy: Protecting Secrets

Incident Responder Prep for Forensic Analyst/ Investigator/ Manager On the Firing line Work in real time to stop and document attacks Knowledge of Networking, Firewalls Experience in Malware, APT, Windows, Linux BS/3+ $65k to 83K

Page 12: Spy vs Spy: Protecting Secrets

Security Architect Prep for Forensic Analyst/ Investigator/ Manager On the Firing line Work in real time to stop and document attacks Knowledge of Networking, Firewalls Experience in Malware, APT, Windows, Linux BS/3+, Certs: CEH, CompTia Network, CPT, CISSP $55K to 90K

Page 13: Spy vs Spy: Protecting Secrets

Malware Analyst Examine, identify, and understand viruses, worms,

Trojans, bots, rootkits Knowledge of reverse engineering and software

development Programming, C, Perl, PHP, assembler. Experience in Malware, APT, Windows, Linux Government, Business, AV companies BS/3+, Certs: CEH, CPT, CISSP $50 to 100K

Page 14: Spy vs Spy: Protecting Secrets

Network Security Engineer Work with Security Architect Build, monitor and maintain secure network Knowledge of TCP/IP Understand IDS/Firewalls/DMZ/VPN’s Understand test and analysis tools (sniffers, snort) Some Programming or scripting (C, Perl, Java) BS/3+, Certs: CISSP, CCNA/CCIE $DOE: $70K to 130K (Sr, 5+years, MS Degree)

Page 15: Spy vs Spy: Protecting Secrets

Security Analyst Planning and implementing security measures Stay up to date with latest intelligence Anticipate Security Breaches Prevent loss and service interruptions Perform Risk Assessments Install Firewalls, Data Encryption Security Awareness Training MS/5+, CISSP, CISM, CISA, CRISK $80K Average to $125K, 22% Job Growth

Page 16: Spy vs Spy: Protecting Secrets

Computer Crime Investigator Recovery of hidden, encrypted or deleted files Investigates computer crime, fraud and hacking Gather evidence Reconstruct damaged computer systems Testify in court Train Law enforcement on computer related issues MS/4+, CISSP, CEH, CPT $50K to $100K (or more for consultants) 22% Growth

Page 17: Spy vs Spy: Protecting Secrets

Chief Information Security Officer/CISO Top Dog in Information Security Knows Everything

forensics, pen testing, auditing, incident response, web app testing, programming, accounting, business

Speaking, Training, Mentoring Works with CEO/CIO/CTO/CFO/COO Only works half days (7am to 7pm) <10ys $125 to 150K, > 10yrs $180K to 225K

Fortune 100 companies, could be in millions MIS degree, MBA Degree

Certs: CISSP, CCISO, CISM, CISA, CRISK

Page 19: Spy vs Spy: Protecting Secrets

Certifications: ISACA: Cybersecurity Fundamentals

Students and Interns EC-Council: Certified Ethical Hacker (CEH) (ISC)2: Certified Information Systems Security

Professional (CISSP) 4 years professional experience + degree or 5 years Associate for Students without the required experience

ISACA: Certified Information Security Manager (CISM)

EC-Council: Certified Chief Information Security Officer (CCISO)

Page 20: Spy vs Spy: Protecting Secrets

Self Study Free Trials, Amazon/Microsoft Azure Boot and Install Linux/FreeBSD Put a server together with VMWare/Zen Install and Learn Nessus, Snort, Wireshark

Practice penetration testing, detection, patching Attend local meetings

Information Systems Security Association (ISSA) Information Systems Audit and Control Association

(ISACA) International Information System Security Certification

Consortium(ISC)2