Cyber Education: Your Options & Resources Mapped Out
-
Upload
kelly-shortridge -
Category
Technology
-
view
1.259 -
download
1
description
Transcript of Cyber Education: Your Options & Resources Mapped Out
![Page 1: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/1.jpg)
Cyber Education:
Your Options & Resources Mapped Out
Kelly Shortridge October 18, 2014
![Page 2: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/2.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Agenda
Your burning questions:
What careers are there?
How do I learn more about the field?
How do I meet people / network?
How do I stay current on industry trends?
2
![Page 3: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/3.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Who am I?
Kelly Shortridge
Currently an Entrepreneur in Residence
Formerly advised InfoSec companies on M&A
and private capital raises
Absolutely no technical background
Built an InfoSec knowledge base & professional
network from scratch
3
![Page 4: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/4.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
At first…
4
![Page 5: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/5.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
And then…
5
![Page 6: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/6.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
But mostly…
6
![Page 7: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/7.jpg)
Toward a Career
![Page 8: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/8.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Very General Advice
No one can ever predict what they’ll be
doing 5 years from now, let alone the rest of
their lives
Learn the “basics” and cross-over skills…
…but make sure to learn about things you
find interesting, too
8
![Page 9: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/9.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Careers in InfoSec
9
Not just about hacking the mainframe.
![Page 10: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/10.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Careers in InfoSec
10
Also about hardening applications
![Page 11: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/11.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Careers in InfoSec
11
Also about developing security strategies
![Page 12: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/12.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Careers in InfoSec
12
Also about monitoring systems
![Page 13: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/13.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Careers in InfoSec
13
Also about responding to incidents
![Page 14: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/14.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Careers in InfoSec
14
As well as attack-centric R&D
![Page 15: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/15.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
InfoSec Jobs
A career in InfoSec offers many options:
Application Security
Compliance & Policy
Data Forensics & Incident Response
Network Security Engineer / Ops & Monitoring
Penetration Testing
Security Architecture
Vulnerability Research & Reverse Engineering
15
![Page 16: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/16.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
The “Basics”
16
Roles often overlap and blend together
Cover different aspects of the lifecycle of
security operations
Some areas of study are broadly applicable
Network & System Architecture
Math
Software Development
![Page 17: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/17.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
The Future!
17
![Page 18: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/18.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Skill Sets – Example #1
Network Security Engineer / Ops & Monitoring
Understand network design & architecture
Familiarity with security tech – IDS/IPS, SIEM,
firewalls, vulnerability detection & remediation
Develop custom tooling for security monitoring
Some knowledge on machine learning is a plus
18
![Page 19: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/19.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Skill Sets – Example #2
Vulnerability Research & Reverse Engineering
Analyze malicious code, shellcode, packed &
obfuscated code
Identify attacker methodology
Strong math abilities, particularly graph theory
Familiarity with IDA Pro and user & kernel-
mode debuggers
Languages: Assembly (x86 & x64), C/C++, Python
19
![Page 20: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/20.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Skill Sets – Example #3
Application Security
Audit applications for vulnerabilities (XSS, SQLI,
logic flaws, etc.)
Understanding of application architecture
Help development teams implement SDL
Build tooling to improve testing & auditing
Languages: Java, PHP, C / C++, Python, Ruby
20
![Page 21: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/21.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Potential Employers
Major hubs include DC, SF & NYC – each city has
its own “flavor” driven by employer base
Government Fortune 500 Industry
Defense Contractors
& Gov’t Agencies
Tech, Finance, Media,
eCommerce, etc.
Security Vendors &
Consultancies
21
![Page 22: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/22.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Guiding Your Education
Find a few areas of interest / passion
Determine what abilities are required
22
![Page 23: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/23.jpg)
Learning the Field
![Page 24: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/24.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Where to Start
24
When I first started exploring InfoSec, someone
told me Phrack was a leading industry publication.
So I read every issue…
Including the first 40, which are just about phones.
![Page 25: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/25.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Where to Start, continued
25
Diving in head-first actually isn’t a bad strategy;
there is some truth to learning by osmosis.
Luckily, there are both formal and informal
channels to help you live and breathe InfoSec.
![Page 26: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/26.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Formal Education
Academia
Certifications
Helpful if no other means of vetting abilities
26
![Page 27: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/27.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Certifications
27
Provides professional certifications in InfoSec
Covers a wide breadth of security topics
$250 - $600 per examination
Variable years of experience required:
<1 year 1 year 2 years 4 years 5 years
Years of Experience
![Page 28: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/28.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Informal Education
Take advantage of valuable informal channels:
Visit conferences (or find talks posted online)
CTF competitions
Trainings (usually expensive)
Social events (usually exclusive)
Academic papers (contact authors)
28
![Page 29: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/29.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Conferences
Cons are often how people stay in touch
Check out talks, or find them online
Social events – great for networking
Parties requiring challenges (Caesar’s Challenge
at Blackhat/DEFCON)
29
![Page 30: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/30.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
CTFs
Test your skills & gain recognition
Industry – DEFCON, Ghost in the Shellcode
(Shmoocon), company-sponsored CTFs
Private – Smash the Stack, Over the Wire,
others hosted by hacker groups
Collegiate – CSAW CTF, NECCDC
Government – DARPA, semi-public or 100%
private IC-focused CTFs
30
![Page 31: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/31.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Trainings – Roles
Practical education for professional
security roles
Multi-week courses
Both on-demand & in-person
Expensive (typically $4,500 - $5,000)
Value depends widely on the teacher
31
![Page 32: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/32.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Trainings – Skills
Expensive ($2,000 - $4,000), but can substantially
improve your skills & teach you new techniques
32
Private Conferences
![Page 33: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/33.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Academic Papers
Helps you find emerging areas of research
IEEE
Microsoft – Security & Privacy Research
Reddit.com/r/NetSec
USENIX
ACM Digital Library (search by keywords, e.g.
malware)
33
![Page 34: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/34.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Academics
Don’t be shy about contacting authors!
They’ll most likely be flattered.
34
![Page 35: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/35.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
How to Break In
InfoSec is more open now than
ever on how to find people – they
just aren’t always welcoming…
35
![Page 36: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/36.jpg)
Meeting People & Networking
![Page 37: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/37.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014 37
![Page 38: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/38.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
The Social Network
InfoSec is a trust-based industry.
A strong social network is critical.
38
![Page 39: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/39.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Tl;dr on Networking
Get as many “at bats” as possible
Meet many people across various areas of
expertise, employers & career stages
Not everyone will respond, so need to maximize
your hit rate by reaching out to more people
Expand your network by asking new contacts
(politely) if they know anyone you should meet
39
![Page 40: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/40.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Persistence & Haters
Don’t let someone convince you that you won’t be
successful, or don’t belong
40
People like passion and
want to “back winners”
Persistence is key (true
of most things)
![Page 41: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/41.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Social Events
NYC – NYSec & iSec Open Forum
Look @ “CitySec Meetups” on Reddit NetSec
Non-Industry Events
NYC – Hack Nite @ NYU
Nationally, check out local OWASP events
Niche (e.g. hardware) meetups (meetup.com is
helpful)
41
![Page 42: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/42.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Maintaining the Network
Regularly follow-up, but be mindful of people’s
time
Coffees are generally quick & easy
Even starting out, consider how you can be helpful
Try to maintain a 50/50 ask to give ratio
Keeping an eye out for potential hires, making
introductions, etc.
42
![Page 43: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/43.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
On Randomness
43
Life is random – you never know
what opportunities will come from
your connections.
![Page 44: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/44.jpg)
Staying Up-to-Date
![Page 45: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/45.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Socializing
45
Staying in touch and meeting new people helps
enormously in knowing the “latest”
Not all research / projects are discussed online
Gossip and chatter can also inform you of career
opportunities or new, interesting companies
Fills in gaps in news you might have missed
![Page 46: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/46.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
News – A Word of Caution
46
News is important, but not always directly
beneficial to your learning & career development
Hard to weed out signal from noise in the media
Why???
![Page 47: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/47.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
News Sources
CyberWire – aggregates InfoSec news daily
Reddit NetSec – consistently updated content
Twitter – where the industry “chatter” happens
Plus individual sites:
47
![Page 48: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/48.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
InfoSec Treadmill
48
As a (relatively) nascent industry,
InfoSec evolves rapidly – exciting,
but with the potential for burnout.
![Page 49: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/49.jpg)
Conclusion
![Page 50: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/50.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Your Personal Brand
50
Consistently build your personal
portfolio of skills, experience and
industry connections.
![Page 51: Cyber Education: Your Options & Resources Mapped Out](https://reader031.fdocuments.in/reader031/viewer/2022020123/55941c761a28abf02b8b4775/html5/thumbnails/51.jpg)
Shortridge – Cyber Education NYU Poly Cyber Symposium 2014
Take It from This Guy
51
Work as hard and as much as you
want to on the things you like to do
the best. Don't think about what
you want to be, but what you want
to do.
– Richard P. Feynman