27
Getting Started in InfoSec HOW TO BREAK INTO THE INFORMATION SECURITY INDUSTRY

Getting Started in Information Security

Embed Size (px)

Citation preview

Page 1: Getting Started in Information Security

Getting Started in InfoSecHOW TO BREAK INTO THE INFORMATION SECURITY INDUSTRY

Page 2: Getting Started in Information Security

Dennis Maldonado

UH Alumni – Computer Information Systems

Security Consultant @ KLC Consulting

Twitter: @DennisMald

Houston Locksport Co-Founderhttp://www.meetup.com/Houston-Locksport/

Blog - http://kernelmeltdown.org/blog/

Page 3: Getting Started in Information Security

What is Information Security

Protecting information assets from unauthorized access, modification, disruption, or any other unwanted behavior

Becoming a bigger role in daily life

Applies to everyone

Page 4: Getting Started in Information Security

Categories of Information Security

Network Security Application Security

Web Thick-Client

Mobile Security Infrastructure Security Physical Security Social/People Security

Page 5: Getting Started in Information Security

High Level Roles

Defense (Blue Team) Intrusion Detection Incident Response Malware Analysis

Offense (Red Team) Penetration Testing Vulnerability Assessments Phishing Campaigns

Page 6: Getting Started in Information Security

Information Security Community

The people involved in Information Security Work for many different companies Collaborate Network Share information Educate

Page 7: Getting Started in Information Security

How do I get involved?MEDIA

Page 12: Getting Started in Information Security

Mailing Lists

SecLists.org Full Disclosure BugTraq Security Basics Penetration Testing Info Security News

Tools mailing lists Local groups

Page 13: Getting Started in Information Security

Twitter

Create a twitter account

Follow people in the industry

Participate in discussions

Page 14: Getting Started in Information Security

INTERACTION

Page 15: Getting Started in Information Security

Networking

Talk with people

Don’t be afraid to ask questions

Keep in touch

LinkedIn

Page 16: Getting Started in Information Security

Conferences

DEF CON

Security Bsides

Derbycon

Local Conferences

Houston Security Conference

InfoSec South West (ISSW)

In the works…

Page 17: Getting Started in Information Security

Meetups and Events

Houston InfoSec

Houston Locksport

AHA – Austin Hackers Anonymous

HAHA! – Houston Area Hackers Anonymous

Page 18: Getting Started in Information Security

Give Presentations

Give talks at conferences

Volunteer to hold workshops

Share information

Educate others

Page 19: Getting Started in Information Security

PERSONAL IMPROVEMENT

Page 20: Getting Started in Information Security

Personal Lab

Virtual Machines

Kali Linux

Old hardware

Raspberry Pi

Arduino

Page 21: Getting Started in Information Security

Capture the Flag (CTF)

Online CTFs Vulnhub EnigmaGroup Smash the Stack OverTheWire

Conference CTFs DEF CON Derbycon HouSecCon

Page 23: Getting Started in Information Security

Certifications

CompTIA A+ Network+ Security+

Offensive-Security OSCP/OSCE

SANS CISSP

Page 24: Getting Started in Information Security

Classes

Look into relevant electives

Take them seriously

Apply security to other classes

Page 25: Getting Started in Information Security

Passion and Enthusiasm

Start your own blog Write about what you

learn

Share the knowledge

Start your own meetups or clubs

Take people to conferences with you

Do what’s fun for you

Page 26: Getting Started in Information Security

Summary

News Blogs Podcasts Books Twitter Mailing Lists Networking Conferences

Meetups/Events Present Lab Capture the Flag Training Certifications

Passion!

Page 27: Getting Started in Information Security

Questions

[email protected]

Twitter - @DennisMald

IRC – Freenode.net #HoustonHackers

PS: Houston Security Conference