careers in information security angelo castigliola

15
Careers in Information Security Angelo Castigliola

Upload: leon-melton

Post on 11-Jan-2016

214 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: Careers in Information Security Angelo Castigliola

Careers in Information Security

Angelo Castigliola

Page 2: Careers in Information Security Angelo Castigliola

Angelo Castigliola

• Enterprise Information Security and Risk Management Systems Analyst for Unum.

• Application Security Architecture• Winner of DHS National Cybersecurity

Awareness Campaign Challenge 2010• Contributed to GNU open source project iWar

featured in “Hacking Exposed Linux, 3rd Edition.”

Page 3: Careers in Information Security Angelo Castigliola

Presentation Agenda

• Overview of careers in Information Security• Regulatory Laws and Compliance• Certifications• Professional Organizations • Q&A

Page 4: Careers in Information Security Angelo Castigliola

Three Tiers Of Security

• Prevention– Regulatory Laws and Compliance – Vulnerability/Risk Assessments– Patch Management

• Monitoring– Intrusion Detection– Viruses– Malicious Websites\Email

• Response– Data Forensics– Customer Inquires into IT Security Mechanisms– Lost or Stolen Sensitive Data

Page 5: Careers in Information Security Angelo Castigliola

Identity Management

• Governs user access to information systems and infrastructure.

• Create and manage policies which are compliant with regulatory laws.– System IDs– Emergency Access

• Architect solutions that automate the provisioning of user access.

Page 6: Careers in Information Security Angelo Castigliola

Intrusion Detection

• Monitors enterprise for security threats.– Antivirus– Wi-Fi Monitoring– Network Traffic Monitoring– Email

Page 7: Careers in Information Security Angelo Castigliola

Forensics

• Responds to internal and legal inquiries• Uses various forensics tools– BackTrack

Page 8: Careers in Information Security Angelo Castigliola

Regulatory Compliance

• Governs enterprise polices to ensure compliance with Local State and Federal laws.– Sarbanes-Oxley Act 2002– Gramm–Leach–Bliley Act 1999– Health Insurance Portability and Accountability

Act 1996• International Regulatory Laws– UK Data Protection Act 1998– EU's Data Protection Directive

Page 9: Careers in Information Security Angelo Castigliola

Industry Standards

• North American Electric Reliability Corporation

• Federal Energy Regulatory Commission• Federal Financial Institutions Examination

Council• ISO 17799• Information Technology Infrastructure Library

Page 10: Careers in Information Security Angelo Castigliola

Application Security Architecture

• Consulting– Work with application teams to design secure

systems.• Components– Architect solutions to standardized authentication

and authorization processes.• Compliance– Govern policies for secure application

development.

Page 11: Careers in Information Security Angelo Castigliola

Certifications

• (ISC2)– Certified Information Systems Security

Professional (CISSP)– Systems Security Certified Practitioner (SSCP)– Certified Secure Software Lifecycle Professional

(CSSLP)

Page 12: Careers in Information Security Angelo Castigliola

Professional Organizations

• TechMaine InfoSEC• Maine Bytes• ASIS

Page 13: Careers in Information Security Angelo Castigliola

Staying in Contact

• castigliola.com– Facebook– Twitter– LinkedIn– Blog

• Q&A

Page 14: Careers in Information Security Angelo Castigliola

My Original Job Posting• Launch your career at UnumProvident Corporation, an insurance industry Fortune 500 company positioned for strong future

growth. The company's leadership position and tremendous growth potential makes it a place of outstanding professional opportunity. UnumProvident people display a spirit of innovation as well as pride in the social value of the products and services we provide.

** Due to the considerable candidate response we have received ? please apply for this position ONLY if you meet ALL required skills. **

No Third Parties Please.

This Security Architect position will be focused on candidates with BOTH Mainframe and RACF Admin experience.

Responsibilities will include:

*Assist in the oversight of security access and administration under the control of the mainframe (RACF, DB2, IDMS, IMS and Teradata)*Provide security consulting to business partners regarding mainframe security related issues.*Perform regular reviews of security access privileges.*Generate ongoing security access review reports*Assist in the development of a Security Access Administration Program.

Principal Duties and Responsibilities

*Continually evaluate vendor's product strategies and future product statements and advice, which will be most appropriate to pursue.*Perform ongoing security audits to ensure that the security posture is not compromised. *Assist in the development of sound security policies and procedures. *Provide technical security assistance to other areas within UnumProvident.*Conduct security policy violation investigations. *Monitor for inappropriate Internet and Internet E-mail usage*Assess reported security threats and weaknesses.*May perform other duties as assigned

Page 15: Careers in Information Security Angelo Castigliola

My Original Job Posting Cont.• Job Specifications:

*Ability to work effectively in an ambiguous environment *Ability to work across geographical locations *BS or advanced degree in computer science or related discipline *Two or more years of information technology engineering, support or consulting experience, one of those years spent in system security or IT Audit related positions. *Basic understanding of UNIX, Windows NT/2000, OS/390 vulnerabilities *Basic understanding of threats and vulnerabilities associated with whole-site Intranet access and with broad access to the Internet and the World Wide Web. *Basic understanding of the principles of implementation and operation and experience with security technology such as firewalls, multi-level security implementation, Kerberos, smart cards, security assessment, monitoring and profiles tools (e.g., ISS), and password crackers. *Encryption techniques include key management *Strong oral and written communications skills *Strong analytical stills *CISSP a plus

Understanding of the following security areas desired:

*ACF, Top Secret, RACF *TCP/IP and X.25 *ISS Safesuite/Cisco Secure Solutions or equivalent products Internet Technologies (NNTP, Proxy, HTTP, HTTPS, HTLM, SSL, X.509) IPSEC *Unix security *Raptor & Checkpoint Firewall technologies *ACE Server/SecurID *MCI UUNET/PAL *Shiva/Radius *PGP & s/mime *Norton Anti-virus Cross suite *OS/390, NT, OS/2, Sun Solaris, AIX

UnumProvident Corporation, offers competitive pay, relocation assistance and excellent benefits. Come join us if you're interested in working in an exciting and challenging environment for a company that is on the move!

Please apply on-line

Equal Opportunity Employer

This position may be posted for multiple office locations, please be sure to indicate your location preference in your cover letter.