Escolar Documentos
Profissional Documentos
Cultura Documentos
DISCLAIMER
The thoughts, statements, and ideas
presented here are not representative of
or claimed by Motorola or any past
employer, ASU and their faculty, or anyone
else you might meet, and they are in no
way responsible or liable for them.
How to Be Wealthy
Have Rich Parents
Marry a Rich Spouse
Win the Lottery
Become a Successful Black Hat
Work as a White Hat (this presentation)
YOU WILL MAKE YOUR OWN CAREER!
Others may help, but its ALL ON YOU!
Access Controls
Telecommunications and Network Security
Information Security and Risk Management
Application Security
Cryptography
Security Architecture and Design
Operations Security
Business Continuity and Disaster Recovery
Planning
9) Legal, Regulations, Compliance and Investigations
10) Physical (Environmental) Security
www.safemode.org/files/zillion/shellcode/doc/
Writing_shellcode.html
401-K
at least to get the full company match
Problem Statement
Clear, Concise, and Why
2)
3)
4)
5)
But make sure you are solid on 1) & 2) above as you may
have to do 3)
Alternatively, if you are Totally Exceptional Technically, you may want to quit and hire
yourself out as an Independent Contractor. This pays VERY, VERY well, but you will be
paying the Full Cost of your Benefits Package including both sides of Social Security,
remember to save money to pay your Taxes.
But that rarely lasts two or three months, and then its 90% MGMT/10% TECH
Get over it, thats the way LIFE is!!! Learn all you can.
You have to put some personal distance between you and them
Thoughts on Certifications
Passing a Certification exam says that:
You have the minimum knowledge to be considered
for certification (at the time of the test) OR
You are very good at taking tests.
CISSP - www.isc2.org
A mile wide and two inches deep
SANS www.sans.org
MGMT & TECH Hands On Tech
CEH various
See Resource presentation at the end
Questions?
Resources
How to protect your privacy (11 slides)
IA Certifications should I get one?
Compare/Contrast CISSP & CEH
Used with permission of the author
So what do we do now? - 1
Surf the web with a proxy server
www.anonymizer.com
www.torproject.org
www.the-cloak.com
www.megaproxy.com/freesurf/
So what do we do now? - 2
Use encryption (your email & Hard Drive)
www.truecrypt.org
www.gnupg.org (Free PGP)
Anti-Virus (AVG)
free.avg.com/download-avg-anti-virus-free-edition
So what do we do now? - 3
Setup many email addresses
Dont use AOL or Hotmail
GMAIL is OK, but its a target
Use them for different purposes
Use a private email address for your close
contacts
Web Browsers
Turn off scripting or use Firefox with NoScript
So what do we do now? - 4
Keep all your software up to date!
Get Secunias Personal Software
Inspector (PSI) Its Free
http://secunia.com/vulnerability_scanning/personal/
Use IT!
What Do I Do?
All of the above plus:
Separate computers for work, play, & risky
One laptop is disposable and has a plug-in
wireless card that is only used for risky
When installing Windows, I use a fake name
and company
Otherwise I use Linux, which doesnt need it
I also use LiveCDs and Virtual Machines
Closing Thoughts - 1
In the 2006 Census, there were 225,633,342
people in the US whose age was 18 years or
older.
You will have your PII exposed
With luck, you wont lose any money
Closing Thoughts - 2
The odds of anyone trying to track you down are
low!
There are trillions of pieces of information stored in
the ISPs and search engines of the world, so your
stuff is not easy to find.
DISCLAMER: Some of the views and opinions expressed in this presentation are presenters alone, and may or may not reflect or align with
organizations policies, and certain sections of the material should not be viewed as an official enforcement by any organization or person. This
presentation used with the authors permission.
CISSP, CEH, CCNA, CCNP, CCSA, CCSE -> CBSA, AECDM, MCDMMM
Outline
Nothing matters but your resume
Certifications and different schools of thought
Not all certifications were created equal
Certified Information Systems Security Professional - (CISSP)
Certified Ethical Hacker - (CEH)
Certification value to you and your company
Where do you go from here?
or
Dice.com - 1050
Dice.com - 40
Monster.com - 1000
Monster.com - 40
vs. Certification?
CISSP, CEH, CISA, etc.
Industry Participation
Security professional community
Security professional community
Continuous Education
Knowledge can get stale
now what?
Concentration
Security Domain
Domain Segment
Technology Area
Industry Specific
Vendor Specific
Cisco, Microsoft, Nortel, RedHat, Solaris, etc.
Provider specific
ISC2, EC-Council, SANS, etc.
GIAC, CEH, CISSP, etc.
Method
Boot camp vs. Self study
Classroom vs. CBT
On-site, instructor led
If you plan to build a career in information security one of todays most visible
professions and if you have at least five full years of experience in information
security, then the CISSP credential should be your next career goal.
The CISSP was the first credential in the field of information security, accredited
by the ANSI (American National Standards Institute) to ISO (International
Organization for Standardization) Standard 17024:2003.
http://www.isc2.org
Myth #2: Once you get it, just sit back and relax
No. Once you pass the exam you need to earn CPE credits in order to keep your certification. If you don't then you'll need to resit the exam after 3 years to
keep the certification. Getting CPEs is fairly straightforward: if you publish papers, attend seminars, do some presentations, and basically remain active in
the IT security arena then you should have no problem here. But it takes a little work: this isn't a get-it and forget-it sort of certification.
http://windowsecurity.com/whitepapers/Getting-a-CISSP.html
The CEH certification will fortify the application knowledge of security officers, auditors, security professionals,
site administrators, and anyone who is concerned about the integrity of the network infrastructure.
A CEH is a skilled professional who understands and knows how to look for the weaknesses and
vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.
You:
Opportunity
Continuous Professional growth
Company:
Market specific training requirements
Mandatory certifications
DOD 8570 provides guidance and procedures for the training, certification, and management of all government employees who
conduct Information Assurance functions in assigned duty positions
DOD 8570 requires that anyone who has access to Information Technology system, must be certified with one of the
external certifications listed. This includes contractors and vendors by 2010
In conclusion...
Keep in mind