Upload
michael-scheidell
View
442
Download
10
Tags:
Embed Size (px)
DESCRIPTION
Presented to NAF Students, May 14th, 2014. Outline career path in Information Security
Citation preview
Spy vs Spy: Protecting SecretsA Career in Information Security is a Career in Protecting Secrets
Michael Scheidell, CCISO, Security Privateers
http://slidesha.re/T00Kq7
Information Techology: Road to the Future
HardwareManagement.
Software
• Computer Research• Info Systems Managers• Hardware Engineers• Computer Programmers• Support Specialists• Systems Analysts• Data Base Administrator• Web Developers• Network Architechs
World Wide JobsExample text
Chief Information Security Officer
• MIS Degree• Internship• ISACA CSX Cert• Security Engineer• CISSP, CRISK• Sr. Security
Architech• MBA Degree• VP/Dir of IT
Security• CCISO Cert
Like Working with People?Look into Management
Started doing database programming Moved into Real time/Control Systems 1994, helped Government adjust to ‘the net’ Invented and Patented Security Appliance Traveled to Costa Rica, Panama, Jamaica, Canada Got to play with Trains (Risk Assessment, DHS contract) Invited to speak at security conferences, including Cairo Trained FBI agents, worked with Secret Service On TV and quoted by Sun Sentinel Get paid to break into banks!
Michael ScheidellChief Information Security Officer
Programming• Web Applications• E-Commerce Systems• Mobile Applications
Hardware Engineer• Computer Science• Firewalls• IDS/IPS/Patents
Security Architect• Design company’s network• Security is top priority• Privacy matters
Your own footer Your Logo
Bits and Bytes Your thing?
Top 10 jobs in Information Security1. Information Security Crime / Forensics Expert2. Web Application/ Penetration Testing3. Forensic Analyst4. Incident Responder5. Security Architect6. Malware Analyst7. Network Security Engineer8. Security Analyst9. Computer Crime Investigator10. Chief Information Security Officer/CISO/ISO/VP
Information Security Crime Investigator Investigation of computer crimes Driven by Curiosity Expert witness testimony in court Consulting firms, PwC, IBM Private Eye, Law Enforcement: FBI, Secret Service Knowledge of Pen Testing, Computer Forensics,
Reverse Engineering BS:CS, MS:LE, 3+ years, CEH, CPT 22% Growth, $50K to 100K (gvmt or private)
Web Application / Penetration Testing Computer Games: Red Team, Black Team Get paid to break into Banks Part of an IT Audit or Assessment Team Opportunity for Travel Consulting firms, PwC, IBM Direct Hire for Business or Government Stepping stone to IT Auditor BS/4+ years experience, CEH, CISSP Growth 15%, $55-88K a year
Forensic Analyst Information Systems Analyst Network Security Engineer Computer Forensics Consultant/Engineer Programming, Reverse Engineering Experience in Malware, APT, Windows, Linux Works with Law Enforcement MS/6+ years experience, CEH, CISSP $50K to 100K, Mgmt $200K
Incident Responder Prep for Forensic Analyst/ Investigator/ Manager On the Firing line Work in real time to stop and document attacks Knowledge of Networking, Firewalls Experience in Malware, APT, Windows, Linux BS/3+ $65k to 83K
Security Architect Prep for Forensic Analyst/ Investigator/ Manager On the Firing line Work in real time to stop and document attacks Knowledge of Networking, Firewalls Experience in Malware, APT, Windows, Linux BS/3+, Certs: CEH, CompTia Network, CPT, CISSP $55K to 90K
Malware Analyst Examine, identify, and understand viruses, worms,
Trojans, bots, rootkits Knowledge of reverse engineering and software
development Programming, C, Perl, PHP, assembler. Experience in Malware, APT, Windows, Linux Government, Business, AV companies BS/3+, Certs: CEH, CPT, CISSP $50 to 100K
Network Security Engineer Work with Security Architect Build, monitor and maintain secure network Knowledge of TCP/IP Understand IDS/Firewalls/DMZ/VPN’s Understand test and analysis tools (sniffers, snort) Some Programming or scripting (C, Perl, Java) BS/3+, Certs: CISSP, CCNA/CCIE $DOE: $70K to 130K (Sr, 5+years, MS Degree)
Security Analyst Planning and implementing security measures Stay up to date with latest intelligence Anticipate Security Breaches Prevent loss and service interruptions Perform Risk Assessments Install Firewalls, Data Encryption Security Awareness Training MS/5+, CISSP, CISM, CISA, CRISK $80K Average to $125K, 22% Job Growth
Computer Crime Investigator Recovery of hidden, encrypted or deleted files Investigates computer crime, fraud and hacking Gather evidence Reconstruct damaged computer systems Testify in court Train Law enforcement on computer related issues MS/4+, CISSP, CEH, CPT $50K to $100K (or more for consultants) 22% Growth
Chief Information Security Officer/CISO Top Dog in Information Security Knows Everything
forensics, pen testing, auditing, incident response, web app testing, programming, accounting, business
Speaking, Training, Mentoring Works with CEO/CIO/CTO/CFO/COO Only works half days (7am to 7pm) <10ys $125 to 150K, > 10yrs $180K to 225K
Fortune 100 companies, could be in millions MIS degree, MBA Degree
Certs: CISSP, CCISO, CISM, CISA, CRISK
Education: NAF: Academy of Information Technology (AOIT) Nova Southeast University Florida International University Florida Atlantic University Master of Science in Management Information Sys
tems (MMIS)
Master of Science in Information Systems (MSIS) with security focus
Master of Business Administration (MBA) CISO: Chief Information Security Officer
Certifications: ISACA: Cybersecurity Fundamentals
Students and Interns EC-Council: Certified Ethical Hacker (CEH) (ISC)2: Certified Information Systems Security
Professional (CISSP) 4 years professional experience + degree or 5 years Associate for Students without the required experience
ISACA: Certified Information Security Manager (CISM)
EC-Council: Certified Chief Information Security Officer (CCISO)
Self Study Free Trials, Amazon/Microsoft Azure Boot and Install Linux/FreeBSD Put a server together with VMWare/Zen Install and Learn Nessus, Snort, Wireshark
Practice penetration testing, detection, patching Attend local meetings
Information Systems Security Association (ISSA) Information Systems Audit and Control Association
(ISACA) International Information System Security Certification
Consortium(ISC)2