Nata Raju Gurrapu http://mycnis.weebly.com

greenbeansneedlesSoftware and s/w Development

Dec 13, 2013 (3 years and 9 months ago)

107 views

Nata Raju Gurrapu

http://mycnis.weebly.com

Agenda


What

is

Information

and

Security
.


Industry

Standards


Job

Profiles


Certifications


Tips

Why Information Security?


Increasing

regulatory

compliance


Requires

organizations

to

adopt

security

standards

and

frameworks

for

long
-
term

approach

to

mitigating

risk


Evolving

and

emerging

threats

and

attacks


Continual

learning

of

new

skills

and

techniques


Convergence

of

physical

and

information

security


Accountability

between

information

security

professionals

and

management

falls

on

several

key

executives

to

manage

growing

risk

exposures

What Is Information?


Information

is

collection

of

useful

DATA
.


Information

could

be



Your

personal

details


Your

corporate

details
.


Future

plan’s


What is Information Security?

1)

Access Controls

2)

Telecommunications and Network Security

3)

Information Security and Risk Management

4)

Application Security

5)

Cryptography

6)

Security Architecture and Design

7)

Operations Security

8)

Business Continuity and Disaster Recovery Planning

9)

Legal, Regulations, Compliance and Investigations

10)

Physical (Environmental) Security

What Next

Explore :


Industry Standard


Knowledge


nothing beats core concept
understanding


Certification


helps in proving your exposure as
fresher.


Explore : Types of Info
-
Sec jobs


Ethical

Hacker


Vulnerability

Assessment


Penetration

Tester


Forensic

Investigator


Security

Governance


Auditor


Security

Administrator


Secure

Developer



Explore : Type of certification


Security

Analyst



CEH,

ECSA,

OSCP


Development



SCJP,

MCSE


Server

Security



RHCSS


Auditor



ISO

27000

lead

auditor

C
larify :
Information

Security

Clarify : Information Security


keep

the

bad

guys

out


let

the

trusted

guys

in


give

trusted

guys

access

to

what

they

are

authorized

to

access



Clarify : Security Triad

Security Triad

Clarify : Secure Developer


A Developer who is aware about security issues.


Developers now are classified In 3 major category


Thick Client Developer


Thin Client Developer.


Kernel or driver developer.


If you can exploit it you need to patch it.

Clarify : Security Administrator


Server Administrator with background into Security.


Skills Required


Server Hardening.


Firewall configuration.


Clarify : Vulnerability Assessment


It

is

the

process

of

finding

possible

exploitable

situation

in

a

given

target
.


Target

could

be

Desktop/

Laptop,

Network,

Web

Application,

literally

any

device

with

a

processor

and

motive

to

achieve





Skill

Set


Understanding

of

target

architecture
.


Eye

for

details

and

thinking

of

an

exploiter
.


(Optional)

Programming

for

nessus

plugin
.

Clarify : Penetration Testing


Next Step to vulnerability assessment.


Here the target is actually evaluated against a live attack.



Skills Required:


Programming : C / C++ , Python, Perl , Ruby


Understanding of an exploitation framework.


Metasploit


Core impact

Clarify : Forensic Expert


The post


mortem specialist for IT


Responsible for after incident evaluation of a target.



Skills


All that’s needed for VA/PT.


Understanding of forensic concepts not limited to data
recovery, log evaluation etc.

Clarify : Auditor


Reviews the systems and networks and related security
policies with regards to Industrial standards.



Skills Required


Understanding of compliance policies


HIPPA, ISO 27001, PCI DSS, SOX and many more.


Understanding of ethical hacking concepts and application.

Commit : How to gain Knowledge

Spend

first

few

years

mastering

fundamentals



Get

involved

in

as

many

systems,

apps,

platforms,

languages,

etc
.

as

you

can



Key

technologies

and

areas



Relevant

security

experience



Compliance/regulatory/risk

management



Encryption



Firewalls



Policy



IDS/IPS



Programming

and

scripting


Commit : Technical Skills Required


LEARN the Operating System


LEARN the Coding Language


LEARN Assembler & Shell Coding


Learn Metasploit


Learn Nessus


Learn Writing exploit for Metasploit


Learn writing scanning plug
-
in for Nessus.



Commit : Soft Skills Required


Learn Presentation skills.


Learn business language.

Management likes to hear
that.


Commit : how to gain certificate


Attend Training


Learn, understand and apply the concepts in a
controlled environment.


Take exam when you have confidence.

Commit : how to practice


Set up a lab at home.


Physical Lab (best)


Virtual Lab (second Best)


Keep yourself updated subscribe to Vulnerability DB.


Practice regularly on a secured home lab.

Commit : First job


Lower rungs of the tech ladder


Unpaid Overtime is Expected


When offered company training


take it


Expect to make Mistakes


Learn from them


Things to Remember


Learn to Question Everything.


Keep yourself up
-
to
-
date.


Be expert in one field however, security specialist are more on
advantage if they develop generalist skills.


Security is extension of business needs and should support it.


Form group of like minded people.


HACKER GOT HACKED


Keep

your

system

and

network

secure

first
.


Avoid

publicizing

about

being

“HACKER”

till

you

have

practiced

enough

and

feel

confident
.


Self

proclaimers

are

not

seen

with

good

eyes

in

security

communities
.


Your

work

should

speak

and

not

your

mouth
.

Why Certification is good


Nothing beats the first hand Job Exposure.

However, When you hit roadblock, certifications helps


More on Certification


Passing

a

Certification

exam

says

that
:


You

have

the

minimum

knowledge

to

be

considered

for

certification

(at

the

time

of

the

test)


OR


You

are

very

good

at

taking

tests
.

Industry Certifications


EC
-
Council


CEH,

ECSA,

CHFI

,ECSP

and

More


ISC
2


CISSP


Offensive

Security


OSCP


ISACA


CISA

and

CISM

All the


very best

from seniors