Title: Security Career Framework: A Life in the Fast Lane
1Security Career Framework A Life in the Fast
Lane
Don Ng CISSP, CFSO, CFSA, CCNA Manager, Strategy
and Solution
2The New Frontier
- The Internet
- ltDesigned for a kinder more trusting societygt
- Everyone is much closer together now
- One single street
- An interconnected network
- One globe, one network, one culture
-
3Digital Assets
- Crown Jewels
- Business Plans
- Pricing Structures
- Patents
- Sales figures, revenue figures
- Employee information
- Or your internet Connection
4Security 101
- The first Lesson
- C, I, A
- Confidentiality Authorised Access
- Integrity Authorised Modification
- Availability When you need it when you want it.
5Attack Sources
2003 CSI/FBI Survey, www.gocsi.com
6251 Firms- 360 million Lost
2003 CSI/FBI Survey, www.gocsi.com
1 USD 1.8 SGD
7Defensive Technologies
FRONT
TRANSPORT
BUSINESS LOGIC
Firewall
Authorization
Auditing
VPN
SSL
Applications
Tokens
DMZ
Intrusion Detection
Mail Servers
Firewall
Browser Security
Authentication
Proxies
VLAN
Policy Servers
Scanners
Risk Analysis
Smart Card
Biometrics
Security Agents
Anti-Virus
Backups
Desktop Security
Anti Virus
IPSEC
Content Filtering
Scanners
Applications
Perimeter
PKCS
PKI
LDAP
Vulnerabilities
8Security for the Masses by the few
- Digital security impacts everyone that has a
internet connection, both user and enterprise. - But only a select few are able to master the
arts and call themselves Security Professionals - PS I studied more intensively since starting my
job than in the universities I was in.
9What makes a Professional
- Motivation in the Real World The Art of Getting
Extra Effort from Everyone-Including Yourself ,
Saul W. Gellerman - Confidence that there is no BETTER way
- Opportunity to Practice
- Opportunity to Learn
10Building the Basics
- Duties System Engineer ( Mountain and Occeans)
- (Gains) knowledge
- Operating Systems
- Applications
- Anti Virus
- Firewall
- Employment
- All Sector
- Certification
- CCNA, MCSE
11Security Administrator
- Duties Administration of Security Devices
- Requires (Gains) in depth knowledge
- Advanced Firewalls
- IDS
- VPN
- Operating Systems
- Basic Networking Concepts
- Employment
- All Sector
- Certification
- MSCE, CCNA, Product Certifications
12Security Analyst
- Duties Analysis of data events.
- Requires in depth knowledge
- Advanced Firewalls, IDS, VPN, Operating Systems
- Advanced TCP/IP Knowledge
- Employment
- All Sectors
- Security Firms Consultancies
- Certification
- SSCP, GCFW, Advanced Product Certification
13Intrusion Analysts
- Duties Operation of IDS Systems
- Requires in depth knowledge
- Ability to correlate and determine true attacks
from normal or false positives. - To respond to Security Breaches
- Employment
- Large Organisations
- Managed Security Service Providers
- Certification
- GCIA, GCIH
14VP for Vulnerability Assessment
- Duties Coordination with Vendors for VA tests
- Requires in depth knowledge
- Vulnerability Assessment Tools
- In depth knowledge of Subject Material
- Meeting Regulatory Requirements
- Open Source Tools and Commercial
- Employment
- Large Banks
- Large Organisations
- Certification
- VA Tool Specific
15SOC Manager
- Duties Management of Security Operations Centre
- Requires Technical and People Skills
- Employment
- Large Organisations
- Certification
- Beyond the Stage for Certifications
- Known in the Industry
- Excellent Reputation
16Security Consultants
- Duties Consultancy and Business Development
- Employment
- Commercial Sector
- Certification
- None Required
- Hardworking Ethics
- Enjoys Challenges
17Variety of Security Experiences
- Firewalls
- VPN
- IDS
- Employee Internet Access
- Public Key Infrastructure
- Access Control
- Vulnerability Assessment
- Digital Certificates
- Anti Virus
- Content Management
- Security Assessment
- Penetration Testing
- Reverse Engineering
- Cryptologist
- Secure Programming
- Code Verification
- Chief Hacking Officers
- Chief Security Officer
- Chief Technology Officer
- Security Manager
- Vulnerability Manager
- Security Vendor Manager
- Infrastructure Security
- Application Security
18Senior Security Consultants NCS
- SENIOR/CONSULTANTS - IT SecurityYou will be
responsible for systems implementation, pre-sales
activities, and installation of IT security
infrastructure. At least 2 years 'experience in
one or more of the following areas - Network security using a combination of firewall,
IDS, VPN, LDAP and PKI - Unix, WIN2K, NT and web server security such as
OS tightening, SSO and virus scanning - Vulnerability assessment, penetration testing and
risk assessment using various scanning and
penetration testing tools - Authentication technologies integration using a
combination of TCACS, radius, PDAP,2-factors,PAP,C
HAP,ARA,S 'Key and password file - Cryptographic systems such as SSL, SET, IKE and
PKI
http//www.ncs.com.sg/career/career1_current_posi
tions.asptop (December 2003)
19Cyber Intel Coordinator USA
- This role is responsible for maintaining the
company's vulnerability alert management process,
handle threat intelligence, coordinate the
Computer Security Incident Response Team
coordinate computer forensics related to incident
response. This role is split into 4 discrete
areas - INCIDENT RESPONSE Defining owning the computer
security incident response process , along with
other senior Security Operations Center and IT
staff, providing coordination intelligence
support as required. - VULNERABILITY MANAGEMENT Defining owning the
vulnerability alert management process operated
across the company engaging appropriate other IT
staff in the process. - THREAT INTELLIGENCE Defining owning the threat
intelligence collection, analysis notification
processes including external liaisons with
relevant agencies. - COMPUTER FORENSICS Defining owning the
computer forensics processes utilized in the
incident response process including evaluating
tools, conducting training for critical
incidents carrying out forensic examination
20How Fast
21Information Over Load
22Hours
23Desirable Certifications
- CISSP (Four Modules in total)
- CISA
- CCNA
- CCNP if you deal with a lot of networks
- GCFW, covers Firewalls and VPNs
- GCIA, Covers IDS
- GCIH.Incident Handling
- Firewall Certs
- CyberGuard, Checkpoint, Cisco
- MCSE, .NET
- RedHat, Unix
24Humanity Cannot live on Love
- The two most common questions.
- How much would I earn in three years after I
graduate - What is the career that has the hottest
prospects in the next 10 years
25Remember the Past
- 80s, Construction Boom Civil Engineers
- 90s Semi Conductor Boom IEEE Engineers
- 90s IT Boom IT Professionals
- 90s DOT COM BOOM Anything with a .com
- 2000s Security? Security Consultants
26Security Singapore Pay Scales
2003 ITtoolbox Salary Survey
27What are you aiming for? US Pay
- Security SysAdmin USD 73,000
- Senior Security Analyst USD 91,000
- Web Security Manager USD 99,000
- Manager USD 112,000
- VP/Director USD 132,000
- Conservative, VP of sales can earn up to
US400,000 yearly.
2003 Information Security Mag September
28Quality of Life
- Henry as a consultant commanded 220,000 a
year in his new position he earned 165,000. My
job became more of a standard of living and less
of a chase of dollars. -
- Abstract from September, Information Security
Magazine
2003 Information Security Mag September
29Life is a Journey, not a destination.
- When you are retired after making sure the
organisations survives with a successor in place. - Look into the mirror and ask yourself.
- Could I have lived my life differently?
30Conclusion
- Email Don_at_QuantiqInt.com
- Cell (65) 9003 5290
- Telephone (65) 6746 8696
- WebSite www.quantiqint.com