1. Spy vs Spy:
Protecting Secrets
A Career in Information Security is a Career in Protecting Secrets
Michael Scheidell, CCISO, Security Privateers
http://slidesha.re/T00Kq7
2. Information Techology: Road to the Future
Hardware
Management
.
Software
• Computer Research
• Info Systems Managers
• Hardware Engineers
• Computer Programmers
• Support Specialists
• Systems Analysts
• Data Base Administrator
• Web Developers
• Network Architechs
World Wide Jobs
Example text
3.
4. Chief Information
Security Officer
• MIS Degree
• Internship
• ISACA CSX Cert
• Security Engineer
• CISSP, CRISK
• Sr. Security
Architech
• MBA Degree
• VP/Dir of IT
Security
• CCISO Cert
Like Working with People?
Look into Management
5. Started doing database programming
Moved into Real time/Control Systems
1994, helped Government adjust to ‘the net’
Invented and Patented Security Appliance
Traveled to Costa Rica, Panama, Jamaica, Canada
Got to play with Trains (Risk Assessment, DHS contract)
Invited to speak at security conferences, including Cairo
Trained FBI agents, worked with Secret Service
On TV and quoted by Sun Sentinel
Get paid to break into banks!
Michael Scheidell
Chief Information Security Officer
6. Programming
• Web Applications
• E-Commerce Systems
• Mobile Applications
Hardware Engineer
• Computer Science
• Firewalls
• IDS/IPS/Patents
Security Architect
• Design company’s network
• Security is top priority
• Privacy matters
Your own footer Your Logo
Bits and Bytes Your thing?
7. Top 10 jobs in Information Security
1. Information Security Crime / Forensics Expert
2. Web Application/ Penetration Testing
3. Forensic Analyst
4. Incident Responder
5. Security Architect
6. Malware Analyst
7. Network Security Engineer
8. Security Analyst
9. Computer Crime Investigator
10. Chief Information Security Officer/CISO/ISO/VP
8. Information Security Crime Investigator
Investigation of computer crimes
Driven by Curiosity
Expert witness testimony in court
Consulting firms, PwC, IBM
Private Eye, Law Enforcement: FBI, Secret Service
Knowledge of Pen Testing, Computer
Forensics, Reverse Engineering
BS:CS, MS:LE, 3+ years, CEH, CPT
22% Growth, $50K to 100K (gvmt or private)
9. Web Application / Penetration Testing
Computer Games: Red Team, Black Team
Get paid to break into Banks
Part of an IT Audit or Assessment Team
Opportunity for Travel
Consulting firms, PwC, IBM
Direct Hire for Business or Government
Stepping stone to IT Auditor
BS/4+ years experience, CEH, CISSP
Growth 15%, $55-88K a year
10. Forensic Analyst
Information Systems Analyst
Network Security Engineer
Computer Forensics Consultant/Engineer
Programming, Reverse Engineering
Experience in Malware, APT, Windows, Linux
Works with Law Enforcement
MS/6+ years experience, CEH, CISSP
$50K to 100K, Mgmt $200K
11. Incident Responder
Prep for Forensic Analyst/ Investigator/ Manager
On the Firing line
Work in real time to stop and document attacks
Knowledge of Networking, Firewalls
Experience in Malware, APT, Windows, Linux
BS/3+
$65k to 83K
12. Security Architect
Prep for Forensic Analyst/ Investigator/ Manager
On the Firing line
Work in real time to stop and document attacks
Knowledge of Networking, Firewalls
Experience in Malware, APT, Windows, Linux
BS/3+, Certs: CEH, CompTia Network, CPT, CISSP
$55K to 90K
13. Malware Analyst
Examine, identify, and understand
viruses, worms, Trojans, bots, rootkits
Knowledge of reverse engineering and software
development
Programming, C, Perl, PHP, assembler.
Experience in Malware, APT, Windows, Linux
Government, Business, AV companies
BS/3+, Certs: CEH, CPT, CISSP
$50 to 100K
14. Network Security Engineer
Work with Security Architect
Build, monitor and maintain secure network
Knowledge of TCP/IP
Understand IDS/Firewalls/DMZ/VPN’s
Understand test and analysis tools (sniffers, snort)
Some Programming or scripting (C, Perl, Java)
BS/3+, Certs: CISSP, CCNA/CCIE
$DOE: $70K to 130K (Sr, 5+years, MS Degree)
15. Security Analyst
Planning and implementing security measures
Stay up to date with latest intelligence
Anticipate Security Breaches
Prevent loss and service interruptions
Perform Risk Assessments
Install Firewalls, Data Encryption
Security Awareness Training
MS/5+, CISSP, CISM, CISA, CRISK
$80K Average to $125K, 22% Job Growth
16. Computer Crime Investigator
Recovery of hidden, encrypted or deleted files
Investigates computer crime, fraud and hacking
Gather evidence
Reconstruct damaged computer systems
Testify in court
Train Law enforcement on computer related issues
MS/4+, CISSP, CEH, CPT
$50K to $100K (or more for consultants)
22% Growth
17. Chief Information Security Officer/CISO
Top Dog in Information Security
Knows Everything
forensics, pen testing, auditing, incident response, web app
testing, programming, accounting, business
Speaking, Training, Mentoring
Works with CEO/CIO/CTO/CFO/COO
Only works half days (7am to 7pm)
<10ys $125 to 150K, > 10yrs $180K to 225K
Fortune 100 companies, could be in millions
MIS degree, MBA Degree
Certs: CISSP, CCISO, CISM, CISA, CRISK
18. Education:
NAF: Academy of Information Technology (AOIT)
Nova Southeast University
Florida International University
Florida Atlantic University
Master of Science in Management Information
Systems (MMIS)
Master of Science in Information Systems (MSIS)
with security focus
Master of Business Administration (MBA)
CISO: Chief Information Security Officer
19. Certifications:
ISACA: Cybersecurity Fundamentals
Students and Interns
EC-Council: Certified Ethical Hacker (CEH)
(ISC)2: Certified Information Systems Security
Professional (CISSP)
4 years professional experience + degree or 5 years
Associate for Students without the required experience
ISACA: Certified Information Security Manager
(CISM)
EC-Council: Certified Chief Information Security
Officer (CCISO)
20. Self Study
Free Trials, Amazon/Microsoft Azure
Boot and Install Linux/FreeBSD
Put a server together with VMWare/Zen
Install and Learn Nessus, Snort, Wireshark
Practice penetration testing, detection, patching
Attend local meetings
Information Systems Security Association (ISSA)
Information Systems Audit and Control Association
(ISACA)
International Information System Security Certification
Consortium(ISC)2