careers in information security angelo castigliola

Careers in Information Security

Angelo Castigliola

Angelo Castigliola

• Enterprise Information Security and Risk Management Systems Analyst for Unum.

• Application Security Architecture• Winner of DHS National Cybersecurity

Awareness Campaign Challenge 2010• Contributed to GNU open source project iWar

featured in “Hacking Exposed Linux, 3rd Edition.”

Presentation Agenda

• Overview of careers in Information Security• Regulatory Laws and Compliance• Certifications• Professional Organizations • Q&A

Three Tiers Of Security

• Prevention– Regulatory Laws and Compliance – Vulnerability/Risk Assessments– Patch Management

• Monitoring– Intrusion Detection– Viruses– Malicious Websites\Email

• Response– Data Forensics– Customer Inquires into IT Security Mechanisms– Lost or Stolen Sensitive Data

Identity Management

• Governs user access to information systems and infrastructure.

• Create and manage policies which are compliant with regulatory laws.– System IDs– Emergency Access

• Architect solutions that automate the provisioning of user access.

Intrusion Detection

• Monitors enterprise for security threats.– Antivirus– Wi-Fi Monitoring– Network Traffic Monitoring– Email

Forensics

• Responds to internal and legal inquiries• Uses various forensics tools– BackTrack

Regulatory Compliance

• Governs enterprise polices to ensure compliance with Local State and Federal laws.– Sarbanes-Oxley Act 2002– Gramm–Leach–Bliley Act 1999– Health Insurance Portability and Accountability

Act 1996• International Regulatory Laws– UK Data Protection Act 1998– EU's Data Protection Directive

Industry Standards

• North American Electric Reliability Corporation

• Federal Energy Regulatory Commission• Federal Financial Institutions Examination

Council• ISO 17799• Information Technology Infrastructure Library

Application Security Architecture

• Consulting– Work with application teams to design secure

systems.• Components– Architect solutions to standardized authentication

and authorization processes.• Compliance– Govern policies for secure application

development.

Certifications

• (ISC2)– Certified Information Systems Security

Professional (CISSP)– Systems Security Certified Practitioner (SSCP)– Certified Secure Software Lifecycle Professional

(CSSLP)

Professional Organizations

• TechMaine InfoSEC• Maine Bytes• ASIS

Staying in Contact

• castigliola.com– Facebook– Twitter– LinkedIn– Blog

• Q&A

My Original Job Posting• Launch your career at UnumProvident Corporation, an insurance industry Fortune 500 company positioned for strong future

growth. The company's leadership position and tremendous growth potential makes it a place of outstanding professional opportunity. UnumProvident people display a spirit of innovation as well as pride in the social value of the products and services we provide.

** Due to the considerable candidate response we have received ? please apply for this position ONLY if you meet ALL required skills. **

No Third Parties Please.

This Security Architect position will be focused on candidates with BOTH Mainframe and RACF Admin experience.

Responsibilities will include:

*Assist in the oversight of security access and administration under the control of the mainframe (RACF, DB2, IDMS, IMS and Teradata)*Provide security consulting to business partners regarding mainframe security related issues.*Perform regular reviews of security access privileges.*Generate ongoing security access review reports*Assist in the development of a Security Access Administration Program.

Principal Duties and Responsibilities

*Continually evaluate vendor's product strategies and future product statements and advice, which will be most appropriate to pursue.*Perform ongoing security audits to ensure that the security posture is not compromised. *Assist in the development of sound security policies and procedures. *Provide technical security assistance to other areas within UnumProvident.*Conduct security policy violation investigations. *Monitor for inappropriate Internet and Internet E-mail usage*Assess reported security threats and weaknesses.*May perform other duties as assigned

My Original Job Posting Cont.• Job Specifications:

*Ability to work effectively in an ambiguous environment *Ability to work across geographical locations *BS or advanced degree in computer science or related discipline *Two or more years of information technology engineering, support or consulting experience, one of those years spent in system security or IT Audit related positions. *Basic understanding of UNIX, Windows NT/2000, OS/390 vulnerabilities *Basic understanding of threats and vulnerabilities associated with whole-site Intranet access and with broad access to the Internet and the World Wide Web. *Basic understanding of the principles of implementation and operation and experience with security technology such as firewalls, multi-level security implementation, Kerberos, smart cards, security assessment, monitoring and profiles tools (e.g., ISS), and password crackers. *Encryption techniques include key management *Strong oral and written communications skills *Strong analytical stills *CISSP a plus

Understanding of the following security areas desired:

*ACF, Top Secret, RACF *TCP/IP and X.25 *ISS Safesuite/Cisco Secure Solutions or equivalent products Internet Technologies (NNTP, Proxy, HTTP, HTTPS, HTLM, SSL, X.509) IPSEC *Unix security *Raptor & Checkpoint Firewall technologies *ACE Server/SecurID *MCI UUNET/PAL *Shiva/Radius *PGP & s/mime *Norton Anti-virus Cross suite *OS/390, NT, OS/2, Sun Solaris, AIX

UnumProvident Corporation, offers competitive pay, relocation assistance and excellent benefits. Come join us if you're interested in working in an exciting and challenging environment for a company that is on the move!

Please apply on-line

Equal Opportunity Employer

This position may be posted for multiple office locations, please be sure to indicate your location preference in your cover letter.