cheapskate free and excellent infosec career resources
play

Cheapskate! Free and Excellent Infosec Career Resources Nathan - PowerPoint PPT Presentation

May 14, 2023 •277 likes •777 views

Cheapskate! Free and Excellent Infosec Career Resources Nathan Chan, CISSP C|EH 2019 Oct 11 1 / 48 Who Am I Three careers Flight Simulation both trainers and engineering Software Tester Security Worked in defense,

  1. Cheapskate! Free and Excellent Infosec Career Resources Nathan Chan, CISSP C|EH 2019 Oct 11 1 / 48

  2. Who Am I ● Three careers – Flight Simulation – both trainers and engineering – Software Tester – Security ● Worked in defense, commerical software, consulting, security ● Got CISSP in 2011 and C|EH in 2012 2019 Oct 11 2 / 48

  3. Agenda ● How I see Cyber Security / Information Security ● Free info to get started and where to find it ● Local meetings to attend ● Security Certifications 2019 Oct 11 3 / 48

  4. How I See Cybersecurity ● When I look around at the careers and positions in cybersecurity, and to keep things organized in my mind, I see three broad categories: – Management – Infrastructure – Engineering ● There is overlap in these three categories, and where something may fit depends on how you see the position. 2019 Oct 11 4 / 48

  5. Management ● Management is the mostly non-technical support structure for organization security. – Policy – Procedures – Human Resources – Legal – Compliance – Training 2019 Oct 11 5 / 48

  6. Infrastructure ● Infrastructure is anything needed to get the organization’s work done. The infrastructure needs to be kept secure. – Network – Third-Party Applications – Cloud – Wireless 2019 Oct 11 6 / 48

  7. Engineering ● Engineering is anything the organization creates, sells or provides to customers. All these things need to be made in a secure manner so they will be difficult to hack. – Applications – Web Site – Services 2019 Oct 11 7 / 48

  8. These Classifications are not Precise ● There can be overlap or things fit in multiple classifications ● For example – how about Forensics? – Forensics is often a legal (managerial) requirement. – When actually executed, it is usually network or endpoint drives (infrastructure) that are imaged. 2019 Oct 11 8 / 48

  9. These Classifications are not Precise - Overlap ● Another example – how about Pen Testing? – Pen Testing is often a compliance (managerial) requirement. – When actually executed, it depends on the subject of the pen test. ● A physical pen test (getting into the building, getting information) is managerial. ● If the pen test is against the network, it is infrastructure. ● If an application, web service or web site is being 2019 Oct 11 9 / 48 pen tested, it is engineering.

  10. Free Stuff - NIST Notes ● A great free source for a lot of information is the National Institute for Standards and Technology (NIST) Computer Security Resource Center. ● https://csrc.nist.gov/publications/ ● NIST documents can be considered authoritative. ● However, NIST documents are extremely dry reading. 2019 Oct 11 10 / 48

  11. Free Stuff - Introduction ● Introduction to Information Security – NIST SP 800-12 Rev 1: “An Introduction to Information Security”, 2017, https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final – NIST SP 800-100: “Information Security Handbook: A Guide for Managers”, 2007, https://csrc.nist.gov/publications/detail/sp/800-100/final 2019 Oct 11 11 / 48

  12. Free Stuff - Introduction ● Introduction to Information Security (cont’d) – Cybersecurity is Everyone’s Job, NIST, 2018, https://www.nist.gov/news-events/news/2018/10/cybersecurity-everyones-job – The Infosec Handbook, Apress Open, 2014, https://link.springer.com/book/10.1007%2F978-1-4302-6383-8 – Navigating the Digital Age 1 st ed, Caxton Business and Legal, 2015, https://www.securityroundtable.org/wp-content/uploads/2015/09/Cybersecurity- 9780996498203-no_marks.pdf 2019 Oct 11 12 / 48

  13. Free Stuff - Introduction ● Introduction to Information Security (cont’d) – Navigating the Digital Age 2 st ed, Palo Alto Networks, 2018, (requires signup) https://www.securityroundtable.org/navigating-the-digital-age-2nd-edition/ – A CISO’s Guide to Bolstering Cybersecurity Posture, Center for Internet Security, 2018, (requires signup) https://www.cisecurity.org/white-papers/ebook-a-cisos-guide-to-bolstering-cyber security-posture/ – Defender’s Dilemma, RAND, 2015, https://www.rand.org/pubs/research_reports/RR1024.html 2019 Oct 11 13 / 48

  14. Free Stuff - Management ● Compliance – Two lists of compliance requirements can be found at Telos and TDCI sites https://www.telos.com/cyber-risk-management/xacta/compliance-standards/ https://www.tcdi.com/information-security-compliance-which-regulations/ – PCI DSS (Payment Card Industry Data Security Standard) https://www.pcisecuritystandards.org/document_library – GDPR – (General Data Protection Regulation EU) https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data- protection/2018-reform-eu-data-protection-rules_en 2019 Oct 11 14 / 48

  15. Free Stuff - Management ● Privacy – CCPA (California Consumer Privacy Act) https://www.oag.ca.gov/privacy/ccpa – CCPA Amendments (still in flux) https://www.infolawgroup.com/blog/2019/9/20/ccpa-act-ii-amendments-pass-cali fornia-legislature-head-to-governors-desk – IAPP (International Association of Privacy professionals) – some material is free, paid membership required for full access. https://iapp.org/resources/research/ 2019 Oct 11 15 / 48

  16. Free Stuff - Management ● Risk – DHS Cyber Risk Management Primer for CEOs https://www.dhs.gov/sites/default/files/publications/C3%20Voluntary%20Progra m%20-%20Cyber%20Risk%20Management%20Primer%20for%20CEOs%20_5.pdf – NIST Cybersecurity Framework https://www.nist.gov/cyberframework – CMU SEI Blog on Risk Management, 2018 https://insights.sei.cmu.edu/insider-threat/2018/02/7-considerations-for-cyber-ris k-management.html 2019 Oct 11 16 / 48

  17. Free Stuff - Management ● Training and Awareness – Cybersecurity and Information Systems Information Analysis Center (CSIAC) https://www.csiac.org/series/cyber-awareness-videos/ – Australian Defense Cybersense https://www.youtube.com/playlist?list=PLAA359AC9EEA14569 – EDUCAUSE Security Awareness https://library.educause.edu/topics/cybersecurity/security-awareness – DHS Stop. Think. Connect. Toolkit https://www.dhs.gov/stopthinkconnect-toolkit 2019 Oct 11 17 / 48

  18. Free Stuff - Management ● Checklists – NIST Manufacturing Extension Partnership (MEP) Cybersecurity Self-Assessment Handbook, 2017 https://nvlpubs.nist.gov/nistpubs/hb/2017/nist.hb.162.pdf – US Cyber Consequences Unit Cybersecurity Matrix Checklist, 2016 http://usccu.us/documents/US-CCU%20Cyber-Security%20Matrix%20(Draft%20Ve rsion%202).pdf 2019 Oct 11 18 / 48

  19. Free Stuff - Infrastructure ● Center for Internet Security (CIS) 20 Controls V7.1 (requires signup for download) https://www.cisecurity.org/controls/cis-controls-list/ ● SANS Posters of CIS Controls https://www.sans.org/critical-security-controls/ ● Mozilla Server Side TLS https://wiki.mozilla.org/Security/Server_Side_TLS ● OWASP TLS Cheat Sheet https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_S heet.html 2019 Oct 11 19 / 48

  20. Free Stuff - Infrastructure ● Better Crypto, https://bettercrypto.org/ ● IIS Crypto Free Tool by Nartac Software https://www.nartac.com/Products/IISCrypto ● Mozilla OpenSSH Recommendations https://infosec.mozilla.org/guidelines/openssh ● Cloud Security Alliance (CSA) Security Guidance V4 https://downloads.cloudsecurityalliance.org/assets/research/security-guidance/securi ty-guidance-v4-FINAL.pdf 2019 Oct 11 20 / 48

  21. Free Stuff - Infrastructure ● CSA Cloud Control Matrix V3.0.1, 2016 https://downloads.cloudsecurityalliance.org/assets/research/cloud-controls-matrix/CS A_CCM_v.3.0.1-10-06-2016.xlsx ● Cyber Kill Chain – Lockheed Martin https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html – Mitre ATT&CK https://attack.mitre.org/ ● Pen Testing Execution Standard http://www.pentest-standard.org/index.php/Main_Page 2019 Oct 11 21 / 48

  22. Free Stuff - Infrastructure ● Incident Response – CMU SEI Resources for Creating a Computer Security Incident Response Team (CSIRT) https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=485643 – CMU SEI Handbook for CSIRTs, 2003 https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=6305 2019 Oct 11 22 / 48

  23. Free Stuff - Infrastructure ● Incident Response – Centre for Research and Evidence on Security Threats (CREST, UK) Cyber Security Response Guide V1, 2014 https://www.crest-approved.org/wp-content/uploads/2014/11/CSIR-Procurement- Guide.pdf – US Dept of Justice Best Practices for Victim Response and Reporting of Cyber Incidents, 2015 https://www.justice.gov/sites/default/files/opa/speeches/attachments/2015/04/29 /criminal_division_guidance_on_best_practices_for_victim_response_and_reportin g_cyber_incidents2.pdf 2019 Oct 11 23 / 48

  24. Free Stuff - Engineering ● Software / Secure Development Lifecycle (SDLC) – OWASP Software Assurance Maturity Model (OpenSAMM) V1.5 https://www.owasp.org/index.php/OWASP_SAMM_Project – Building Security In Maturity Model (BSIMM) V10 – (download requires signup) https://www.bsimm.com/framework.html – BSIMM V9 download https://www.bsimm.com/content/dam/bsimm/reports/bsimm9.p df 2019 Oct 11 24 / 48

Recommend

Storytelli Storytelling ng in in Infosec Infosec (Draft aft of) a Pr Practical ctical Guide

Storytelli Storytelling ng in in Infosec Infosec (Draft aft of) a Pr Practical ctical Guide

Dr. med. Christina Czeschik www.serapion.de Storytelli Storytelling ng in in Infosec Infosec (Draft aft of) a Pr Practical ctical Guide ide BalCCon 2k17 Sept 16, 2017, Novi Sad How to Make Users Behave Safely? Explain things to them?

566 views • 52 slides
InfoSec Training and Awareness Program Training & Employee InfoSec Yearly In-person

InfoSec Training and Awareness Program Training & Employee InfoSec Yearly In-person

InfoSec Training and Awareness Program Training & Employee InfoSec Yearly In-person Whitepapers, InfoSec Spear Awareness Comms Intranet Site Security Security Brochures E-mailbox Phishing Awareness Awareness Exercises

389 views • 36 slides
RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen

RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen

RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen sented ed b by: Francis Brown & Rob Ragan Bishop Fox www.bishopfox.com Agenda O V E R V I E W Qu Quic ick k Over erview ew

853 views • 57 slides
InfoSec Ninjas Croissants Intrusion Detection and Prevention System (IDPS) InfoSec Ninjas Who

InfoSec Ninjas Croissants Intrusion Detection and Prevention System (IDPS) InfoSec Ninjas Who

InfoSec Ninjas Croissants Intrusion Detection and Prevention System (IDPS) InfoSec Ninjas Who am I? Samiux is an Information Security Enthusiast. - OSCE, OSCP, OSWP - Blogger - Linux user Hobbies : - Programming - Reading

261 views • 12 slides
Eco-Friendly Educational Hub. Excellent Campus with Academic Ambience

Eco-Friendly Educational Hub. Excellent Campus with Academic Ambience

Eco-Friendly Educational Hub. Excellent Campus with Academic Ambience Excellent Academic Results Free Branded Laptop and Cell Phone 24x7 Dedicated Internet Leased Line. Fully Air-conditioned Class Rooms for

431 views • 42 slides
STEM+Ag Career Pathway Curriculum and Activities Session Resources:

STEM+Ag Career Pathway Curriculum and Activities Session Resources:

STEM+Ag Career Pathway Curriculum and Activities Session Resources: https://engineering.mnsu.edu/stemag-career-pathway-curriculum-conference-session-resources/ Melissa Huppert, Ph.D. Judy Barka Director of Program Development and Evaluation

476 views • 20 slides
STEM+Ag Career Pathway Curriculum and Activities Session Resources:

STEM+Ag Career Pathway Curriculum and Activities Session Resources:

STEM+Ag Career Pathway Curriculum and Activities Session Resources: https://engineering.mnsu.edu/stemag-career-pathway-curriculum-conference-session-resources/ Melissa Huppert, Ph.D. Judy Barka Director of Program Development and Evaluation

352 views • 33 slides
Flex your Flex your InfoSec InfoSec muscles! muscles! Zuzana Bitterova Zuzana Bitterova

Flex your Flex your InfoSec InfoSec muscles! muscles! Zuzana Bitterova Zuzana Bitterova

Flex your Flex your InfoSec InfoSec muscles! muscles! Zuzana Bitterova Zuzana Bitterova This presentation is about Passion This presentation is NOT about Embracing change how to become an expert in the information security area

975 views • 49 slides
NSF NSF CAREER CAREER Pr Program NSF 14 532 Why Apply Wh Apply fo for a CAREER? CAREER?

NSF NSF CAREER CAREER Pr Program NSF 14 532 Why Apply Wh Apply fo for a CAREER? CAREER?

5/14/2014 NSF NSF CAREER CAREER Pr Program NSF 14 532 Why Apply Wh Apply fo for a CAREER? CAREER? Prestigious research funding for early career investigators Provide support at a sufficient level/duration to allow for career

645 views • 21 slides
WEB-BASED CURRICULUM RESOURCES FOR CAREER ACADEMIES Erin Fender Career Academy Support Network,

WEB-BASED CURRICULUM RESOURCES FOR CAREER ACADEMIES Erin Fender Career Academy Support Network,

WEB-BASED CURRICULUM RESOURCES FOR CAREER ACADEMIES Erin Fender Career Academy Support Network, (CASN) UC Berkeley Graduate School of Education efender@berkeley.edu Donna Reed Casa Grande High School, Petaluma Sonoma State University

364 views • 17 slides
So basically same as a lot of us here: Wants to do cool InfoSec stuff, Wants to Stay out of Jail

So basically same as a lot of us here: Wants to do cool InfoSec stuff, Wants to Stay out of Jail

Changing Legal Landscape for Infosec Who I am: Elissa Shevinsky CEO of Jekudo Privacy Company @ElissaBeth and @Jekudo_Cat on Twitter Writer/Journalist Cautious Security Researcher So basically same as a lot of us here: Wants to do cool

472 views • 17 slides
Common Language 2012-06-11 State Resources Excellent

Common Language 2012-06-11 State Resources Excellent

Common Language 2012-06-11 State Resources Excellent Educators for New Jersey h@p://www.state.nj.us/educaFon/EE4NJ/ EE4NJ Goals Universal Vision Common

453 views • 26 slides
SITCH Inexpensive, coordinated GSM anomaly detection About Me 2000: Technology career started

SITCH Inexpensive, coordinated GSM anomaly detection About Me 2000: Technology career started

SITCH Inexpensive, coordinated GSM anomaly detection About Me 2000: Technology career started (I can get paid for this??) 2003: Started building with Linux Came to infosec through systems and network engineering, integration

1.1k views • 56 slides
free resources for finding people, 13th to 18th centuries Dr Gillian Draper

free resources for finding people, 13th to 18th centuries Dr Gillian Draper

Going back in time: free resources for finding people, 13th to 18th centuries Dr Gillian Draper development@balh.org.uk What I plan to cover or mention today Online catalogues Websites and downloadable resources Free printed

239 views • 19 slides
Career Day Diane Hamilton Mortgage Specialist Equity Resources, Inc.. Responsibilities of my

Career Day Diane Hamilton Mortgage Specialist Equity Resources, Inc.. Responsibilities of my

Career Day Diane Hamilton Mortgage Specialist Equity Resources, Inc.. Responsibilities of my Career 1. I need to make sure that I have the families best interest in mind at all times. 2. Complete understanding of the families money

409 views • 21 slides
Solid results and excellent free cash flow Next generation thinking | Sustainable delivery

Solid results and excellent free cash flow Next generation thinking | Sustainable delivery

2020 Q2 & HY Results Solid results and excellent free cash flow Next generation thinking | Sustainable delivery Audiocast, 28 July 2020 Peter Oosterveer (CEO) & Jurgen Pullens (Director IR) FIRST HALF YEAR RESULTS 2020 Disclaimer

581 views • 20 slides
HTTP/2 & InfoSec Anderson Dadario Topics HTTP Today Why HTTP/2 How it works

HTTP/2 & InfoSec Anderson Dadario Topics HTTP Today Why HTTP/2 How it works

HTTP/2 & InfoSec Anderson Dadario Topics HTTP Today Why HTTP/2 How it works What is relevant to your InfoSec job 2 HTTP Today Using HTTP 1.1 since 1997 / 1999 Connection: keep-alive Head of Line

376 views • 21 slides
1 This right here is a little bit of a snapshot of expertise and current career trajectory. So

1 This right here is a little bit of a snapshot of expertise and current career trajectory. So

MITOCW | 2. The Solar Resource The following content is provided under a Creative Commons license. Your support will help MIT OpenCourseWare continue to offer high quality educational resources for free. To make a donation or view additional

916 views • 37 slides
Y11: Using Careerpilot to make post 16 and career choices What is it? A free one-stop website

Y11: Using Careerpilot to make post 16 and career choices What is it? A free one-stop website

One place for all your careers information. Y11: Using Careerpilot to make post 16 and career choices What is it? A free one-stop website helping 13-19 year olds in the South of England plan their future study & work 350,000+ users in

545 views • 22 slides
Career Search Resources: Future Ready Iowa Website, Career Coach, and Occupational Projections

Career Search Resources: Future Ready Iowa Website, Career Coach, and Occupational Projections

11/2/2018 Career Search Resources: Future Ready Iowa Website, Career Coach, and Occupational Projections Iowa School Counselor Association Annual Conference November 5, 2018 In Partnership: Future Ready futurereadyiowa.gov Iowa Website

274 views • 5 slides
Like thinking outside the box Our Art & Design courses offer excellent routes to

Like thinking outside the box Our Art & Design courses offer excellent routes to

Like thinking outside the box Our Art & Design courses offer excellent routes to unleash your potential Set your creativity free with our specialist GCSE Fine Art and Art Textile courses. The Creative Industries are worth more than

1.19k views • 74 slides
CAREER AND TECH RESEARCH DELEGATE APRIL ROSE OCTOBER 2016 RESOURCES AND RESEARCH Principal

CAREER AND TECH RESEARCH DELEGATE APRIL ROSE OCTOBER 2016 RESOURCES AND RESEARCH Principal

CAREER AND TECH RESEARCH DELEGATE APRIL ROSE OCTOBER 2016 RESOURCES AND RESEARCH Principal Eccles Carroll County Career and Tech Center Site visit and discussion of what has been done to expand and possible future solutions Campus

171 views • 13 slides
Mrs. Janowski-Human Tucker Career & Technology Center February 2015 The Free Application

Mrs. Janowski-Human Tucker Career & Technology Center February 2015 The Free Application

Mrs. Janowski-Human Tucker Career & Technology Center February 2015 The Free Application for Federal Student Aid How you get grants and loans for college Many scholarships and institutional aid require a completed FAFSA 21 st

472 views • 23 slides
2021 Career Development Programs IFC Proposed Budget For Service Learning & Career

2021 Career Development Programs IFC Proposed Budget For Service Learning & Career

2021 Career Development Programs IFC Proposed Budget For Service Learning & Career Development Background Over the past 8 years, IFC has allocated towards career development programs Budget has been split between online resources and

750 views • 10 slides

More recommend