information security professional
DESCRIPTION
ITSec Pro - UIN JAKARTA IT Security SeminarTRANSCRIPT
Information SecurityProfessional
UIN - 16 Nov 2011 - @y3dips
Wednesday, November 16, 11
• Freelance IT Security Consultant
• More than 9 years in IT Security
• Founder of “ECHO” one of Indonesian Hacker Community, established 2003
• Founder of IDSECCONF - Indonesia Security Conference
@y3dips
y3dips
Wednesday, November 16, 11
InfoSec
Means protecting information and information systems from unauthorized
access, use, disclosure, disruption, modification, perusal, inspection,
recording or destruction [1]
[1] h&p://wikipedia.org
Wednesday, November 16, 11
Information Security• Information : Set or collection of data that has meaning
• Level [2]
• Non-Classified
• Public Information
• Personal Information
• Routine Business Information
• Classified
• Confidential
• Secret
• Top Secret
[2] h&p://wikipedia.org
Wednesday, November 16, 11
InfoSec Pro
People Working in Information security
Wednesday, November 16, 11
InfoSec Pro
Background• Natural Born Hacker
• Formal Education
Wednesday, November 16, 11
HackersNatural Born Hacker, Gain their InfoSec Knowledge by Hacking; Hack to Learn not
Wednesday, November 16, 11
Hacker
• Newbie
• Script Kiddie
• Develop Kiddie
• Hacker
• 1337
Wednesday, November 16, 11
Newbie
A wanna be hacker
Wednesday, November 16, 11
Script Kiddies
Know the Tools, Able to use the tools;
But, Not how the tool “really” works
Wednesday, November 16, 11
Develop Kiddies
Able to Create a Tools,
Know how the tool “really” works
But Still lack with attitude
Wednesday, November 16, 11
Hacker
Know Exactly What they’re Doin and
How to Do it
Wednesday, November 16, 11
1337
Nobody Know what They are Doing
Wednesday, November 16, 11
Hacker
[+]
• Proven Skill and Exprerience
• Able to do a proof of concept
[-]
• Lack of Metodhologies
• Lack or Organizations/Managerial
Wednesday, November 16, 11
!Professional
• Bug Hunter
• OS/App Developer
• Botnet owner (DDOSer)
• Fraudster
Wednesday, November 16, 11
Wednesday, November 16, 11
Wednesday, November 16, 11
InfoSec StudentGain Information Security Knowledge from formal Education, Course, Certification
Wednesday, November 16, 11
InfoSec Student
[+]
• Strong in Concept and Metodhologies
[-]
• Lack of Skill and Experience
• Unable to do Proof Of concept
Wednesday, November 16, 11
InfoSec Pro
• IT Security Officer
• IT Security Analyst
• IT Security Auditor
• IT Security Engineer
Wednesday, November 16, 11
Security Officer
• Security Contact Point for Organization
• Principle Advisor for IT Security
• Ensure Security Program Running ( Security Awareness course, etc)
• Creating Security Policy, Procedures, Hardening guide
Wednesday, November 16, 11
Security Analyst
• Monitor all type of access to protect confidentiality and integrity
• Provides Direct Support and Advise to the IT Security Manager
• System Security Analyst, Network Security Analyst
Wednesday, November 16, 11
Security Auditor
• Auditing an Organizations Technology processess and security.
• IT General Controls Reviews
• Application Controls Reviews
• Security Auditor, Penetration Tester
Wednesday, November 16, 11
Security Engineer
• Maintenance Computer Hardware and Software that comprises a computer Network
• Doing a Security hardening and Configuration
• System Security Engineer, Network Security Engineer
Wednesday, November 16, 11
Requirements
• Skill
• Experience
• Attitude
• Able to work independent/group
• Certification?
Wednesday, November 16, 11
Skill
• In depth knowledge of Operating System
• In depth knowledge of Networking
• In depth knowledge of Application
• In defpth knowledge of Programming
• Much more :)
Wednesday, November 16, 11
Experience
• How long you’ve been in that field
• + the Security afterward.
Wednesday, November 16, 11
Attitude
With Great Power Comes Great Responsibilities
Wednesday, November 16, 11
Work
• Able to work Alone (individualist),
• or a Team Player
Wednesday, November 16, 11
Certification
• In someway, its a [+]
• Is it badly needed?
Wednesday, November 16, 11
Limitation
• Government Rule : UU ITE
• Organization/company Rule: NDA
Wednesday, November 16, 11
Failed
• Always Take not Give
• Lack of Attitude
• Kiddies Minded
• Lazy to Improve
Wednesday, November 16, 11
Wednesday, November 16, 11
Information SecurityProfessional
UIN - 16 Nov 2011 - @y3dips
Wednesday, November 16, 11