Career in Information Security

Career in Information Security

Career in Information SecurityNata Raju Gurrapuhttp://mycnis.weebly.comAgendaWhat is Information and Security.Industry StandardsJob ProfilesCertificationsTipsWhy Information Security?Increasing regulatory complianceRequires organizations to adopt security standards and frameworks for long-term approach to mitigating riskEvolving and emerging threats and attacksContinual learning of new skills and techniquesConvergence of physical and information securityAccountability between information security professionals and management falls on several key executives to manage growing risk exposuresWhat Is Information?Information is collection of useful DATA.Information could be Your personal detailsYour corporate details.Future plans

What is Information Security? Access Controls Telecommunications and Network Security Information Security and Risk Management Application Security Cryptography Security Architecture and Design Operations Security Business Continuity and Disaster Recovery Planning Legal, Regulations, Compliance and Investigations Physical (Environmental) Security What Next

Explore : Industry StandardKnowledge nothing beats core concept understandingCertification helps in proving your exposure as fresher.

Explore : Types of Info-Sec jobsEthical HackerVulnerability AssessmentPenetration TesterForensic InvestigatorSecurity GovernanceAuditorSecurity AdministratorSecure Developer

Explore : Type of certificationSecurity Analyst CEH, ECSA, OSCPDevelopment SCJP, MCSEServer Security RHCSSAuditor ISO 27000 lead auditorClarify : Information Security

Clarify : Information Securitykeep the bad guys outlet the trusted guys ingive trusted guys access to what they are authorized to access

Clarify : Security Triad

Security Triad

Clarify : Secure DeveloperA Developer who is aware about security issues.Developers now are classified In 3 major categoryThick Client DeveloperThin Client Developer.Kernel or driver developer.If you can exploit it you need to patch it.Clarify : Security AdministratorServer Administrator with background into Security.Skills RequiredServer Hardening.Firewall configuration.

Clarify : Vulnerability AssessmentIt is the process of finding possible exploitable situation in a given target.Target could be Desktop/ Laptop, Network, Web Application, literally any device with a processor and motive to achieve

Skill SetUnderstanding of target architecture.Eye for details and thinking of an exploiter.(Optional) Programming for nessus plugin.Clarify : Penetration TestingNext Step to vulnerability assessment.Here the target is actually evaluated against a live attack.

Skills Required:Programming : C / C++ , Python, Perl , RubyUnderstanding of an exploitation framework.MetasploitCore impactClarify : Forensic ExpertThe post mortem specialist for ITResponsible for after incident evaluation of a target.

SkillsAll thats needed for VA/PT.Understanding of forensic concepts not limited to data recovery, log evaluation etc.Clarify : AuditorReviews the systems and networks and related security policies with regards to Industrial standards.

Skills RequiredUnderstanding of compliance policiesHIPPA, ISO 27001, PCI DSS, SOX and many more.Understanding of ethical hacking concepts and application.Commit : How to gain KnowledgeSpend first few years mastering fundamentals Get involved in as many systems, apps, platforms, languages, etc. as you can Key technologies and areas Relevant security experience Compliance/regulatory/risk management Encryption Firewalls Policy IDS/IPS Programming and scripting

Commit : Technical Skills RequiredLEARN the Operating SystemLEARN the Coding LanguageLEARN Assembler & Shell CodingLearn MetasploitLearn NessusLearn Writing exploit for MetasploitLearn writing scanning plug-in for Nessus.

Commit : Soft Skills RequiredLearn Presentation skills.Learn business language. Management likes to hear that.

Commit : how to gain certificateAttend TrainingLearn, understand and apply the concepts in a controlled environment.Take exam when you have confidence.Commit : how to practiceSet up a lab at home.Physical Lab (best)Virtual Lab (second Best)Keep yourself updated subscribe to Vulnerability DB.Practice regularly on a secured home lab.Commit : First jobLower rungs of the tech ladderUnpaid Overtime is ExpectedWhen offered company training take itExpect to make MistakesLearn from them

Things to rememberThings to RememberLearn to Question Everything.Keep yourself up-to-date. Be expert in one field however, security specialist are more on advantage if they develop generalist skills.Security is extension of business needs and should support it.Form group of like minded people.

HACKER GOT HACKEDKeep your system and network secure first.Avoid publicizing about being HACKER till you have practiced enough and feel confident.Self proclaimers are not seen with good eyes in security communities.Your work should speak and not your mouth.CertificationsWhy Certification is goodNothing beats the first hand Job Exposure.However, When you hit roadblock, certifications helps

More on CertificationPassing a Certification exam says that:You have the minimum knowledge to be considered for certification (at the time of the test) ORYou are very good at taking tests.Industry CertificationsEC-CouncilCEH, ECSA, CHFI ,ECSP and MoreISC2CISSPOffensive SecurityOSCPISACACISA and CISM

All the very best from seniors